Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sneaky Virus Infection


  • Please log in to reply
15 replies to this topic

#1 Thwart1

Thwart1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 11 August 2012 - 06:24 PM

Hi, I believe my windows 7 system is compromised with a virus. The system appears to act normal and shows no signs of infection, but if I open task manager there are 2 rogue instances of internet explorer running that are un-killable. Any attempt to end the processes are unsuccessful. This is very suspicious because I don't use Internet Explorer and never have. After rebooting the system the instances are gone, but if I open firefox they re-appear and are un-killable again.
There are also 4 instances of rundll32.exe running that are suspicious.

I've ran several virus removal programs:

Rkill
Malwarebytes Anti-Malware
TDSSKiller
Spybot S&D
ESET Online Scanner

The only program that found anything was eset and it claimed to have cleaned and removed 11 trojans, but the rogue iexplore.exe process remains.

Posted Image

Thanks in Advance.

Edited by Thwart1, 11 August 2012 - 06:50 PM.
Moved from Windows 7 to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:15 AM

Posted 11 August 2012 - 06:55 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Thwart1

Thwart1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 11 August 2012 - 10:18 PM

Here are the scan logs you requested:

>>TDSSKiller<<

17:50:23.0772 4732 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:50:23.0834 4732 ============================================================
17:50:23.0834 4732 Current date / time: 2012/08/11 17:50:23.0834
17:50:23.0834 4732 SystemInfo:
17:50:23.0834 4732
17:50:23.0834 4732 OS Version: 6.1.7601 ServicePack: 1.0
17:50:23.0834 4732 Product type: Workstation
17:50:23.0834 4732 ComputerName: SYSTEM4
17:50:23.0834 4732 UserName: AF-Branden
17:50:23.0834 4732 Windows directory: C:\windows
17:50:23.0834 4732 System windows directory: C:\windows
17:50:23.0834 4732 Running under WOW64
17:50:23.0834 4732 Processor architecture: Intel x64
17:50:23.0834 4732 Number of processors: 2
17:50:23.0834 4732 Page size: 0x1000
17:50:23.0834 4732 Boot type: Normal boot
17:50:23.0834 4732 ============================================================
17:50:25.0441 4732 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:50:25.0456 4732 ============================================================
17:50:25.0456 4732 \Device\Harddisk0\DR0:
17:50:25.0456 4732 MBR partitions:
17:50:25.0456 4732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CE000
17:50:25.0456 4732 ============================================================
17:50:25.0472 4732 C: <-> \Device\Harddisk0\DR0\Partition0
17:50:25.0472 4732 ============================================================
17:50:25.0472 4732 Initialize success
17:50:25.0472 4732 ============================================================
17:51:11.0907 3720 ============================================================
17:51:11.0907 3720 Scan started
17:51:11.0907 3720 Mode: Manual; TDLFS;
17:51:11.0907 3720 ============================================================
17:51:13.0217 3720 1394hub - ok
17:51:13.0295 3720 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
17:51:13.0311 3720 1394ohci - ok
17:51:13.0342 3720 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
17:51:13.0342 3720 ACPI - ok
17:51:13.0373 3720 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
17:51:13.0373 3720 AcpiPmi - ok
17:51:13.0467 3720 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
17:51:13.0482 3720 adp94xx - ok
17:51:13.0545 3720 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
17:51:13.0560 3720 adpahci - ok
17:51:13.0576 3720 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
17:51:13.0576 3720 adpu320 - ok
17:51:13.0623 3720 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
17:51:13.0623 3720 AeLookupSvc - ok
17:51:13.0685 3720 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
17:51:13.0701 3720 AFD - ok
17:51:13.0748 3720 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
17:51:13.0748 3720 agp440 - ok
17:51:13.0794 3720 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
17:51:13.0794 3720 ALG - ok
17:51:13.0826 3720 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
17:51:13.0826 3720 aliide - ok
17:51:13.0888 3720 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe
17:51:13.0904 3720 AMD External Events Utility - ok
17:51:13.0919 3720 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
17:51:13.0919 3720 amdide - ok
17:51:13.0950 3720 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
17:51:13.0950 3720 AmdK8 - ok
17:51:14.0621 3720 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys
17:51:14.0824 3720 amdkmdag - ok
17:51:14.0996 3720 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys
17:51:14.0996 3720 amdkmdap - ok
17:51:15.0042 3720 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
17:51:15.0042 3720 AmdPPM - ok
17:51:15.0074 3720 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
17:51:15.0074 3720 amdsata - ok
17:51:15.0105 3720 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
17:51:15.0120 3720 amdsbs - ok
17:51:15.0136 3720 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
17:51:15.0136 3720 amdxata - ok
17:51:15.0167 3720 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
17:51:15.0167 3720 amd_sata - ok
17:51:15.0198 3720 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
17:51:15.0198 3720 amd_xata - ok
17:51:15.0230 3720 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
17:51:15.0245 3720 AppID - ok
17:51:15.0276 3720 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
17:51:15.0276 3720 AppIDSvc - ok
17:51:15.0308 3720 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
17:51:15.0308 3720 Appinfo - ok
17:51:15.0354 3720 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
17:51:15.0354 3720 arc - ok
17:51:15.0370 3720 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
17:51:15.0370 3720 arcsas - ok
17:51:15.0401 3720 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
17:51:15.0401 3720 AsyncMac - ok
17:51:15.0432 3720 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
17:51:15.0432 3720 atapi - ok
17:51:15.0604 3720 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys
17:51:15.0651 3720 athr - ok
17:51:15.0838 3720 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
17:51:15.0854 3720 AudioEndpointBuilder - ok
17:51:15.0869 3720 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
17:51:15.0869 3720 AudioSrv - ok
17:51:15.0916 3720 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
17:51:15.0916 3720 AxInstSV - ok
17:51:16.0041 3720 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
17:51:16.0056 3720 b06bdrv - ok
17:51:16.0119 3720 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
17:51:16.0119 3720 b57nd60a - ok
17:51:16.0197 3720 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
17:51:16.0197 3720 BDESVC - ok
17:51:16.0228 3720 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
17:51:16.0228 3720 Beep - ok
17:51:16.0306 3720 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
17:51:16.0322 3720 BFE - ok
17:51:16.0415 3720 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
17:51:16.0431 3720 BITS - ok
17:51:16.0509 3720 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
17:51:16.0509 3720 blbdrive - ok
17:51:16.0556 3720 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
17:51:16.0556 3720 bowser - ok
17:51:16.0587 3720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
17:51:16.0587 3720 BrFiltLo - ok
17:51:16.0602 3720 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
17:51:16.0634 3720 BrFiltUp - ok
17:51:16.0665 3720 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
17:51:16.0665 3720 Browser - ok
17:51:16.0712 3720 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
17:51:16.0712 3720 Brserid - ok
17:51:16.0743 3720 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
17:51:16.0743 3720 BrSerWdm - ok
17:51:16.0774 3720 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
17:51:16.0774 3720 BrUsbMdm - ok
17:51:16.0790 3720 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
17:51:16.0790 3720 BrUsbSer - ok
17:51:16.0836 3720 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys
17:51:16.0836 3720 BtFilter - ok
17:51:16.0868 3720 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
17:51:16.0868 3720 BTHMODEM - ok
17:51:16.0914 3720 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
17:51:16.0914 3720 bthserv - ok
17:51:16.0946 3720 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
17:51:16.0946 3720 cdfs - ok
17:51:17.0008 3720 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
17:51:17.0008 3720 cdrom - ok
17:51:17.0055 3720 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
17:51:17.0070 3720 CertPropSvc - ok
17:51:17.0117 3720 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
17:51:17.0117 3720 circlass - ok
17:51:17.0164 3720 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
17:51:17.0180 3720 CLFS - ok
17:51:17.0258 3720 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:51:17.0258 3720 clr_optimization_v2.0.50727_32 - ok
17:51:17.0304 3720 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:51:17.0320 3720 clr_optimization_v2.0.50727_64 - ok
17:51:17.0336 3720 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
17:51:17.0336 3720 CmBatt - ok
17:51:17.0367 3720 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
17:51:17.0367 3720 cmdide - ok
17:51:17.0429 3720 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
17:51:17.0445 3720 CNG - ok
17:51:17.0601 3720 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
17:51:17.0616 3720 CnxtHdAudService - ok
17:51:17.0788 3720 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
17:51:17.0788 3720 Compbatt - ok
17:51:17.0819 3720 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
17:51:17.0819 3720 CompositeBus - ok
17:51:17.0835 3720 COMSysApp - ok
17:51:17.0866 3720 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
17:51:17.0866 3720 crcdisk - ok
17:51:17.0913 3720 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
17:51:17.0928 3720 CryptSvc - ok
17:51:18.0084 3720 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:51:18.0100 3720 cvhsvc - ok
17:51:18.0178 3720 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
17:51:18.0194 3720 DcomLaunch - ok
17:51:18.0240 3720 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
17:51:18.0256 3720 defragsvc - ok
17:51:18.0318 3720 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
17:51:18.0318 3720 DfsC - ok
17:51:18.0381 3720 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
17:51:18.0381 3720 Dhcp - ok
17:51:18.0412 3720 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
17:51:18.0412 3720 discache - ok
17:51:18.0459 3720 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
17:51:18.0459 3720 Disk - ok
17:51:18.0506 3720 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
17:51:18.0506 3720 Dnscache - ok
17:51:18.0537 3720 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
17:51:18.0552 3720 dot3svc - ok
17:51:18.0584 3720 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
17:51:18.0584 3720 DPS - ok
17:51:18.0615 3720 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
17:51:18.0615 3720 drmkaud - ok
17:51:18.0677 3720 dump_wmimmc - ok
17:51:18.0818 3720 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
17:51:18.0833 3720 DXGKrnl - ok
17:51:18.0849 3720 EagleX64 - ok
17:51:18.0911 3720 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
17:51:18.0911 3720 EapHost - ok
17:51:19.0176 3720 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
17:51:19.0254 3720 ebdrv - ok
17:51:19.0364 3720 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\System32\lsass.exe
17:51:19.0379 3720 EFS - ok
17:51:19.0473 3720 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
17:51:19.0488 3720 ehRecvr - ok
17:51:19.0535 3720 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
17:51:19.0535 3720 ehSched - ok
17:51:19.0629 3720 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\windows\system32\Drivers\ElbyCDIO.sys
17:51:19.0644 3720 ElbyCDIO - ok
17:51:19.0738 3720 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
17:51:19.0738 3720 elxstor - ok
17:51:19.0754 3720 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
17:51:19.0754 3720 ErrDev - ok
17:51:19.0832 3720 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
17:51:19.0832 3720 ETD - ok
17:51:19.0878 3720 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
17:51:19.0878 3720 EventSystem - ok
17:51:19.0956 3720 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
17:51:19.0956 3720 exfat - ok
17:51:20.0003 3720 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
17:51:20.0003 3720 fastfat - ok
17:51:20.0097 3720 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
17:51:20.0097 3720 Fax - ok
17:51:20.0128 3720 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
17:51:20.0128 3720 fdc - ok
17:51:20.0175 3720 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
17:51:20.0175 3720 fdPHost - ok
17:51:20.0206 3720 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
17:51:20.0206 3720 FDResPub - ok
17:51:20.0253 3720 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
17:51:20.0253 3720 FileInfo - ok
17:51:20.0284 3720 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
17:51:20.0284 3720 Filetrace - ok
17:51:20.0315 3720 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
17:51:20.0331 3720 flpydisk - ok
17:51:20.0362 3720 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
17:51:20.0378 3720 FltMgr - ok
17:51:20.0549 3720 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
17:51:20.0580 3720 FontCache - ok
17:51:20.0643 3720 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:51:20.0643 3720 FontCache3.0.0.0 - ok
17:51:20.0705 3720 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
17:51:20.0721 3720 FsDepends - ok
17:51:20.0752 3720 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
17:51:20.0752 3720 Fs_Rec - ok
17:51:20.0846 3720 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
17:51:20.0846 3720 fvevol - ok
17:51:20.0877 3720 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
17:51:20.0877 3720 FwLnk - ok
17:51:20.0939 3720 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
17:51:20.0939 3720 gagp30kx - ok
17:51:21.0033 3720 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:51:21.0048 3720 GamesAppService - ok
17:51:21.0220 3720 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
17:51:21.0236 3720 gpsvc - ok
17:51:21.0282 3720 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
17:51:21.0282 3720 hcw85cir - ok
17:51:21.0345 3720 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
17:51:21.0360 3720 HdAudAddService - ok
17:51:21.0392 3720 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
17:51:21.0392 3720 HDAudBus - ok
17:51:21.0407 3720 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
17:51:21.0407 3720 HidBatt - ok
17:51:21.0438 3720 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
17:51:21.0438 3720 HidBth - ok
17:51:21.0454 3720 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
17:51:21.0454 3720 HidIr - ok
17:51:21.0485 3720 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
17:51:21.0501 3720 hidserv - ok
17:51:21.0532 3720 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
17:51:21.0532 3720 HidUsb - ok
17:51:21.0563 3720 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
17:51:21.0563 3720 hkmsvc - ok
17:51:21.0594 3720 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
17:51:21.0610 3720 HomeGroupListener - ok
17:51:21.0641 3720 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
17:51:21.0641 3720 HomeGroupProvider - ok
17:51:21.0672 3720 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
17:51:21.0672 3720 HpSAMD - ok
17:51:21.0750 3720 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
17:51:21.0750 3720 HTTP - ok
17:51:21.0797 3720 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
17:51:21.0797 3720 hwpolicy - ok
17:51:21.0828 3720 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
17:51:21.0844 3720 i8042prt - ok
17:51:21.0906 3720 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
17:51:21.0922 3720 iaStorV - ok
17:51:22.0047 3720 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:51:22.0062 3720 idsvc - ok
17:51:22.0109 3720 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
17:51:22.0109 3720 iirsp - ok
17:51:22.0203 3720 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
17:51:22.0218 3720 IKEEXT - ok
17:51:22.0234 3720 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
17:51:22.0234 3720 intelide - ok
17:51:22.0265 3720 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
17:51:22.0265 3720 intelppm - ok
17:51:22.0296 3720 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
17:51:22.0296 3720 IPBusEnum - ok
17:51:22.0328 3720 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:51:22.0343 3720 IpFilterDriver - ok
17:51:22.0608 3720 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
17:51:22.0624 3720 iphlpsvc - ok
17:51:22.0671 3720 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
17:51:22.0671 3720 IPMIDRV - ok
17:51:22.0702 3720 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
17:51:22.0702 3720 IPNAT - ok
17:51:22.0749 3720 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
17:51:22.0764 3720 IRENUM - ok
17:51:22.0764 3720 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
17:51:22.0764 3720 isapnp - ok
17:51:22.0842 3720 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
17:51:22.0858 3720 iScsiPrt - ok
17:51:22.0889 3720 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
17:51:22.0889 3720 kbdclass - ok
17:51:22.0920 3720 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
17:51:22.0936 3720 kbdhid - ok
17:51:22.0967 3720 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
17:51:22.0983 3720 KeyIso - ok
17:51:22.0998 3720 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
17:51:22.0998 3720 KSecDD - ok
17:51:23.0030 3720 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
17:51:23.0045 3720 KSecPkg - ok
17:51:23.0076 3720 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
17:51:23.0076 3720 ksthunk - ok
17:51:23.0123 3720 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
17:51:23.0123 3720 KtmRm - ok
17:51:23.0170 3720 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
17:51:23.0170 3720 L1C - ok
17:51:23.0232 3720 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
17:51:23.0232 3720 LanmanServer - ok
17:51:23.0310 3720 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
17:51:23.0326 3720 LanmanWorkstation - ok
17:51:23.0435 3720 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
17:51:23.0435 3720 lltdio - ok
17:51:23.0591 3720 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
17:51:23.0607 3720 lltdsvc - ok
17:51:23.0638 3720 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
17:51:23.0638 3720 lmhosts - ok
17:51:23.0685 3720 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
17:51:23.0685 3720 LSI_FC - ok
17:51:23.0716 3720 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
17:51:23.0732 3720 LSI_SAS - ok
17:51:23.0763 3720 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
17:51:23.0763 3720 LSI_SAS2 - ok
17:51:23.0794 3720 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
17:51:23.0794 3720 LSI_SCSI - ok
17:51:23.0825 3720 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
17:51:23.0825 3720 luafv - ok
17:51:23.0872 3720 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
17:51:23.0888 3720 Mcx2Svc - ok
17:51:23.0903 3720 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
17:51:23.0903 3720 megasas - ok
17:51:23.0950 3720 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
17:51:23.0950 3720 MegaSR - ok
17:51:23.0981 3720 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
17:51:23.0981 3720 MMCSS - ok
17:51:24.0012 3720 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
17:51:24.0012 3720 Modem - ok
17:51:24.0044 3720 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
17:51:24.0059 3720 monitor - ok
17:51:24.0106 3720 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
17:51:24.0106 3720 mouclass - ok
17:51:24.0137 3720 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
17:51:24.0137 3720 mouhid - ok
17:51:24.0168 3720 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
17:51:24.0168 3720 mountmgr - ok
17:51:24.0200 3720 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
17:51:24.0200 3720 mpio - ok
17:51:24.0246 3720 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
17:51:24.0246 3720 mpsdrv - ok
17:51:24.0324 3720 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
17:51:24.0340 3720 MpsSvc - ok
17:51:24.0387 3720 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
17:51:24.0387 3720 MRxDAV - ok
17:51:24.0418 3720 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
17:51:24.0434 3720 mrxsmb - ok
17:51:24.0465 3720 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:51:24.0465 3720 mrxsmb10 - ok
17:51:24.0496 3720 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:51:24.0496 3720 mrxsmb20 - ok
17:51:24.0527 3720 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
17:51:24.0527 3720 msahci - ok
17:51:24.0574 3720 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
17:51:24.0574 3720 msdsm - ok
17:51:24.0621 3720 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
17:51:24.0621 3720 MSDTC - ok
17:51:24.0652 3720 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
17:51:24.0652 3720 Msfs - ok
17:51:24.0683 3720 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
17:51:24.0683 3720 mshidkmdf - ok
17:51:24.0714 3720 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
17:51:24.0714 3720 msisadrv - ok
17:51:24.0792 3720 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
17:51:24.0792 3720 MSiSCSI - ok
17:51:24.0792 3720 msiserver - ok
17:51:24.0839 3720 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
17:51:24.0839 3720 MSKSSRV - ok
17:51:24.0855 3720 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
17:51:24.0855 3720 MSPCLOCK - ok
17:51:24.0902 3720 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
17:51:24.0902 3720 MSPQM - ok
17:51:24.0948 3720 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
17:51:24.0948 3720 MsRPC - ok
17:51:24.0980 3720 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
17:51:24.0980 3720 mssmbios - ok
17:51:25.0011 3720 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
17:51:25.0011 3720 MSTEE - ok
17:51:25.0042 3720 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
17:51:25.0058 3720 MTConfig - ok
17:51:25.0073 3720 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
17:51:25.0073 3720 Mup - ok
17:51:25.0151 3720 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
17:51:25.0167 3720 napagent - ok
17:51:25.0229 3720 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
17:51:25.0245 3720 NativeWifiP - ok
17:51:25.0354 3720 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
17:51:25.0370 3720 NDIS - ok
17:51:25.0401 3720 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
17:51:25.0401 3720 NdisCap - ok
17:51:25.0432 3720 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
17:51:25.0432 3720 NdisTapi - ok
17:51:25.0463 3720 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
17:51:25.0463 3720 Ndisuio - ok
17:51:25.0510 3720 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
17:51:25.0510 3720 NdisWan - ok
17:51:25.0541 3720 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
17:51:25.0541 3720 NDProxy - ok
17:51:25.0572 3720 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
17:51:25.0588 3720 NetBIOS - ok
17:51:25.0619 3720 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
17:51:25.0619 3720 NetBT - ok
17:51:25.0650 3720 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
17:51:25.0650 3720 Netlogon - ok
17:51:25.0728 3720 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
17:51:25.0744 3720 Netman - ok
17:51:25.0791 3720 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
17:51:25.0806 3720 netprofm - ok
17:51:25.0853 3720 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:51:25.0869 3720 NetTcpPortSharing - ok
17:51:25.0916 3720 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
17:51:25.0916 3720 nfrd960 - ok
17:51:26.0009 3720 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
17:51:26.0009 3720 NlaSvc - ok
17:51:26.0040 3720 Norton PC Checkup Application Launcher - ok
17:51:26.0072 3720 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
17:51:26.0072 3720 Npfs - ok
17:51:26.0118 3720 npggsvc - ok
17:51:26.0134 3720 NPPTNT2 - ok
17:51:26.0165 3720 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
17:51:26.0165 3720 nsi - ok
17:51:26.0196 3720 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
17:51:26.0196 3720 nsiproxy - ok
17:51:26.0337 3720 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
17:51:26.0352 3720 Ntfs - ok
17:51:26.0508 3720 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
17:51:26.0508 3720 Null - ok
17:51:26.0633 3720 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
17:51:26.0633 3720 nvraid - ok
17:51:26.0664 3720 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
17:51:26.0664 3720 nvstor - ok
17:51:26.0727 3720 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
17:51:26.0727 3720 nv_agp - ok
17:51:26.0774 3720 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
17:51:26.0774 3720 ohci1394 - ok
17:51:26.0961 3720 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:51:26.0976 3720 ose - ok
17:51:27.0382 3720 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:51:27.0554 3720 osppsvc - ok
17:51:27.0678 3720 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
17:51:27.0694 3720 p2pimsvc - ok
17:51:27.0741 3720 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
17:51:27.0756 3720 p2psvc - ok
17:51:27.0803 3720 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
17:51:27.0803 3720 Parport - ok
17:51:27.0834 3720 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
17:51:27.0834 3720 partmgr - ok
17:51:27.0881 3720 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
17:51:27.0881 3720 PcaSvc - ok
17:51:27.0912 3720 PCCUJobMgr - ok
17:51:27.0959 3720 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
17:51:27.0959 3720 pci - ok
17:51:27.0990 3720 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
17:51:27.0990 3720 pciide - ok
17:51:28.0022 3720 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
17:51:28.0022 3720 pcmcia - ok
17:51:28.0053 3720 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
17:51:28.0053 3720 pcw - ok
17:51:28.0131 3720 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
17:51:28.0146 3720 PEAUTH - ok
17:51:28.0240 3720 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
17:51:28.0240 3720 PerfHost - ok
17:51:28.0318 3720 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
17:51:28.0318 3720 PGEffect - ok
17:51:28.0474 3720 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
17:51:28.0490 3720 pla - ok
17:51:28.0568 3720 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
17:51:28.0568 3720 PlugPlay - ok
17:51:28.0599 3720 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
17:51:28.0614 3720 PNRPAutoReg - ok
17:51:28.0646 3720 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
17:51:28.0661 3720 PNRPsvc - ok
17:51:28.0770 3720 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
17:51:28.0786 3720 PolicyAgent - ok
17:51:28.0848 3720 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
17:51:28.0864 3720 Power - ok
17:51:28.0942 3720 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
17:51:28.0942 3720 PptpMiniport - ok
17:51:28.0989 3720 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
17:51:28.0989 3720 Processor - ok
17:51:29.0036 3720 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
17:51:29.0051 3720 ProfSvc - ok
17:51:29.0067 3720 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
17:51:29.0082 3720 ProtectedStorage - ok
17:51:29.0114 3720 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
17:51:29.0114 3720 Psched - ok
17:51:29.0254 3720 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
17:51:29.0270 3720 ql2300 - ok
17:51:29.0426 3720 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
17:51:29.0426 3720 ql40xx - ok
17:51:29.0488 3720 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
17:51:29.0488 3720 QWAVE - ok
17:51:29.0519 3720 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
17:51:29.0519 3720 QWAVEdrv - ok
17:51:29.0535 3720 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
17:51:29.0550 3720 RasAcd - ok
17:51:29.0597 3720 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
17:51:29.0597 3720 RasAgileVpn - ok
17:51:29.0628 3720 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
17:51:29.0628 3720 RasAuto - ok
17:51:29.0675 3720 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
17:51:29.0675 3720 Rasl2tp - ok
17:51:29.0722 3720 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
17:51:29.0722 3720 RasMan - ok
17:51:29.0769 3720 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
17:51:29.0769 3720 RasPppoe - ok
17:51:29.0800 3720 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
17:51:29.0800 3720 RasSstp - ok
17:51:29.0831 3720 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
17:51:29.0831 3720 rdbss - ok
17:51:29.0862 3720 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
17:51:29.0862 3720 rdpbus - ok
17:51:29.0894 3720 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
17:51:29.0894 3720 RDPCDD - ok
17:51:29.0925 3720 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
17:51:29.0925 3720 RDPENCDD - ok
17:51:29.0940 3720 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
17:51:29.0940 3720 RDPREFMP - ok
17:51:29.0972 3720 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
17:51:29.0987 3720 RDPWD - ok
17:51:30.0018 3720 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
17:51:30.0018 3720 rdyboost - ok
17:51:30.0065 3720 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
17:51:30.0065 3720 RemoteAccess - ok
17:51:30.0112 3720 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
17:51:30.0112 3720 RemoteRegistry - ok
17:51:30.0143 3720 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
17:51:30.0143 3720 RpcEptMapper - ok
17:51:30.0174 3720 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
17:51:30.0190 3720 RpcLocator - ok
17:51:30.0237 3720 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
17:51:30.0237 3720 RpcSs - ok
17:51:30.0299 3720 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
17:51:30.0299 3720 rspndr - ok
17:51:30.0362 3720 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
17:51:30.0362 3720 RSUSBSTOR - ok
17:51:30.0377 3720 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
17:51:30.0393 3720 SamSs - ok
17:51:30.0424 3720 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
17:51:30.0424 3720 sbp2port - ok
17:51:30.0471 3720 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
17:51:30.0486 3720 SCardSvr - ok
17:51:30.0502 3720 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
17:51:30.0502 3720 scfilter - ok
17:51:30.0642 3720 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
17:51:30.0658 3720 Schedule - ok
17:51:30.0689 3720 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
17:51:30.0705 3720 SCPolicySvc - ok
17:51:30.0752 3720 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
17:51:30.0752 3720 SDRSVC - ok
17:51:30.0830 3720 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
17:51:30.0830 3720 secdrv - ok
17:51:30.0861 3720 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
17:51:30.0861 3720 seclogon - ok
17:51:30.0892 3720 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
17:51:30.0892 3720 SENS - ok
17:51:30.0923 3720 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
17:51:30.0939 3720 SensrSvc - ok
17:51:30.0954 3720 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
17:51:30.0970 3720 Serenum - ok
17:51:31.0017 3720 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
17:51:31.0017 3720 Serial - ok
17:51:31.0032 3720 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
17:51:31.0032 3720 sermouse - ok
17:51:31.0079 3720 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
17:51:31.0079 3720 SessionEnv - ok
17:51:31.0095 3720 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
17:51:31.0095 3720 sffdisk - ok
17:51:31.0095 3720 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
17:51:31.0110 3720 sffp_mmc - ok
17:51:31.0110 3720 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
17:51:31.0110 3720 sffp_sd - ok
17:51:31.0126 3720 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
17:51:31.0126 3720 sfloppy - ok
17:51:31.0220 3720 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\windows\system32\DRIVERS\Sftfslh.sys
17:51:31.0235 3720 Sftfs - ok
17:51:31.0344 3720 sftlist (bfdb58616ff5ea540a5f58301d50641e) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:51:31.0344 3720 sftlist - ok
17:51:31.0391 3720 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\windows\system32\DRIVERS\Sftplaylh.sys
17:51:31.0407 3720 Sftplay - ok
17:51:31.0422 3720 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\windows\system32\DRIVERS\Sftredirlh.sys
17:51:31.0422 3720 Sftredir - ok
17:51:31.0438 3720 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\windows\system32\DRIVERS\Sftvollh.sys
17:51:31.0438 3720 Sftvol - ok
17:51:31.0485 3720 sftvsa (b94c3c4dca2093243c76ca218ede2a97) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:51:31.0500 3720 sftvsa - ok
17:51:31.0547 3720 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
17:51:31.0547 3720 SharedAccess - ok
17:51:31.0610 3720 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
17:51:31.0625 3720 ShellHWDetection - ok
17:51:31.0672 3720 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
17:51:31.0672 3720 SiSRaid2 - ok
17:51:31.0688 3720 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
17:51:31.0688 3720 SiSRaid4 - ok
17:51:31.0719 3720 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
17:51:31.0719 3720 Smb - ok
17:51:31.0766 3720 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
17:51:31.0766 3720 SNMPTRAP - ok
17:51:31.0781 3720 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
17:51:31.0781 3720 spldr - ok
17:51:31.0844 3720 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
17:51:31.0859 3720 Spooler - ok
17:51:32.0124 3720 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
17:51:32.0171 3720 sppsvc - ok
17:51:32.0312 3720 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
17:51:32.0312 3720 sppuinotify - ok
17:51:32.0452 3720 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\windows\System32\Drivers\sptd.sys
17:51:32.0452 3720 Suspicious file (NoAccess): C:\windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
17:51:32.0452 3720 sptd ( LockedFile.Multi.Generic ) - warning
17:51:32.0452 3720 sptd - detected LockedFile.Multi.Generic (1)
17:51:32.0530 3720 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
17:51:32.0530 3720 srv - ok
17:51:32.0577 3720 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
17:51:32.0592 3720 srv2 - ok
17:51:32.0624 3720 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
17:51:32.0624 3720 srvnet - ok
17:51:32.0670 3720 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
17:51:32.0670 3720 SSDPSRV - ok
17:51:32.0702 3720 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
17:51:32.0702 3720 SstpSvc - ok
17:51:32.0748 3720 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
17:51:32.0748 3720 stexstor - ok
17:51:32.0873 3720 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
17:51:32.0889 3720 stisvc - ok
17:51:32.0920 3720 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
17:51:32.0920 3720 swenum - ok
17:51:32.0982 3720 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
17:51:32.0998 3720 swprv - ok
17:51:33.0138 3720 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
17:51:33.0170 3720 SysMain - ok
17:51:33.0310 3720 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
17:51:33.0310 3720 TabletInputService - ok
17:51:33.0357 3720 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
17:51:33.0372 3720 TapiSrv - ok
17:51:33.0404 3720 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
17:51:33.0404 3720 TBS - ok
17:51:33.0591 3720 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\drivers\tcpip.sys
17:51:33.0622 3720 Tcpip - ok
17:51:33.0903 3720 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\DRIVERS\tcpip.sys
17:51:33.0918 3720 TCPIP6 - ok
17:51:34.0074 3720 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
17:51:34.0074 3720 tcpipreg - ok
17:51:34.0121 3720 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
17:51:34.0121 3720 tdcmdpst - ok
17:51:34.0152 3720 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
17:51:34.0152 3720 TDPIPE - ok
17:51:34.0168 3720 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
17:51:34.0168 3720 TDTCP - ok
17:51:34.0215 3720 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
17:51:34.0230 3720 tdx - ok
17:51:34.0246 3720 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
17:51:34.0246 3720 TermDD - ok
17:51:34.0324 3720 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
17:51:34.0340 3720 TermService - ok
17:51:34.0371 3720 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
17:51:34.0371 3720 Themes - ok
17:51:34.0402 3720 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
17:51:34.0402 3720 THREADORDER - ok
17:51:34.0511 3720 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:51:34.0511 3720 TMachInfo - ok
17:51:34.0558 3720 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
17:51:34.0558 3720 TODDSrv - ok
17:51:34.0667 3720 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:51:34.0667 3720 TosCoSrv - ok
17:51:34.0776 3720 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
17:51:34.0776 3720 TOSHIBA HDD SSD Alert Service - ok
17:51:34.0823 3720 Tosrfcom - ok
17:51:34.0886 3720 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
17:51:34.0886 3720 tosrfec - ok
17:51:34.0917 3720 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys
17:51:34.0932 3720 Tosrfusb - ok
17:51:34.0979 3720 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
17:51:34.0979 3720 TrkWks - ok
17:51:35.0042 3720 truecrypt (370a6907ddf79532a39319492b1fa38a) C:\windows\system32\drivers\truecrypt.sys
17:51:35.0042 3720 truecrypt - ok
17:51:35.0120 3720 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
17:51:35.0135 3720 TrustedInstaller - ok
17:51:35.0166 3720 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
17:51:35.0166 3720 tssecsrv - ok
17:51:35.0213 3720 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
17:51:35.0213 3720 TsUsbFlt - ok
17:51:35.0229 3720 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
17:51:35.0229 3720 TsUsbGD - ok
17:51:35.0291 3720 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
17:51:35.0291 3720 tunnel - ok
17:51:35.0338 3720 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:51:35.0338 3720 TVALZ - ok
17:51:35.0369 3720 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
17:51:35.0369 3720 uagp35 - ok
17:51:35.0416 3720 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
17:51:35.0432 3720 udfs - ok
17:51:35.0478 3720 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
17:51:35.0478 3720 UI0Detect - ok
17:51:35.0510 3720 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
17:51:35.0510 3720 uliagpkx - ok
17:51:35.0541 3720 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
17:51:35.0541 3720 umbus - ok
17:51:35.0556 3720 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
17:51:35.0556 3720 UmPass - ok
17:51:35.0603 3720 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
17:51:35.0619 3720 upnphost - ok
17:51:35.0650 3720 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
17:51:35.0650 3720 usbccgp - ok
17:51:35.0681 3720 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
17:51:35.0697 3720 usbcir - ok
17:51:35.0712 3720 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
17:51:35.0712 3720 usbehci - ok
17:51:35.0790 3720 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
17:51:35.0790 3720 usbhub - ok
17:51:35.0822 3720 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
17:51:35.0837 3720 usbohci - ok
17:51:35.0853 3720 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
17:51:35.0853 3720 usbprint - ok
17:51:35.0868 3720 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:51:35.0884 3720 USBSTOR - ok
17:51:35.0884 3720 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
17:51:35.0884 3720 usbuhci - ok
17:51:35.0931 3720 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
17:51:35.0946 3720 usbvideo - ok
17:51:35.0962 3720 usj - ok
17:51:35.0993 3720 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
17:51:35.0993 3720 UxSms - ok
17:51:36.0024 3720 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
17:51:36.0024 3720 VaultSvc - ok
17:51:36.0056 3720 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\windows\system32\DRIVERS\VClone.sys
17:51:36.0056 3720 VClone - ok
17:51:36.0087 3720 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
17:51:36.0102 3720 vdrvroot - ok
17:51:36.0165 3720 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
17:51:36.0180 3720 vds - ok
17:51:36.0212 3720 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
17:51:36.0212 3720 vga - ok
17:51:36.0243 3720 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
17:51:36.0243 3720 VgaSave - ok
17:51:36.0258 3720 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
17:51:36.0274 3720 vhdmp - ok
17:51:36.0274 3720 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
17:51:36.0290 3720 viaide - ok
17:51:36.0305 3720 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
17:51:36.0305 3720 volmgr - ok
17:51:36.0352 3720 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
17:51:36.0368 3720 volmgrx - ok
17:51:36.0399 3720 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
17:51:36.0414 3720 volsnap - ok
17:51:36.0477 3720 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
17:51:36.0477 3720 vsmraid - ok
17:51:36.0633 3720 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
17:51:36.0664 3720 VSS - ok
17:51:36.0851 3720 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
17:51:36.0851 3720 vwifibus - ok
17:51:36.0898 3720 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
17:51:36.0898 3720 vwififlt - ok
17:51:36.0976 3720 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
17:51:36.0992 3720 W32Time - ok
17:51:37.0023 3720 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
17:51:37.0023 3720 WacomPen - ok
17:51:37.0070 3720 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:51:37.0070 3720 WANARP - ok
17:51:37.0070 3720 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:51:37.0070 3720 Wanarpv6 - ok
17:51:37.0194 3720 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
17:51:37.0210 3720 wbengine - ok
17:51:37.0366 3720 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
17:51:37.0366 3720 WbioSrvc - ok
17:51:37.0413 3720 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
17:51:37.0413 3720 wcncsvc - ok
17:51:37.0444 3720 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
17:51:37.0444 3720 WcsPlugInService - ok
17:51:37.0506 3720 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
17:51:37.0506 3720 Wd - ok
17:51:37.0584 3720 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
17:51:37.0584 3720 Wdf01000 - ok
17:51:37.0647 3720 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
17:51:37.0647 3720 WdiServiceHost - ok
17:51:37.0662 3720 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
17:51:37.0662 3720 WdiSystemHost - ok
17:51:37.0694 3720 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
17:51:37.0709 3720 WebClient - ok
17:51:37.0756 3720 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
17:51:37.0756 3720 Wecsvc - ok
17:51:37.0787 3720 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
17:51:37.0803 3720 wercplsupport - ok
17:51:37.0834 3720 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
17:51:37.0834 3720 WerSvc - ok
17:51:37.0896 3720 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
17:51:37.0896 3720 WfpLwf - ok
17:51:37.0928 3720 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
17:51:37.0928 3720 WIMMount - ok
17:51:37.0959 3720 WinDefend - ok
17:51:37.0974 3720 WinHttpAutoProxySvc - ok
17:51:38.0052 3720 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
17:51:38.0068 3720 Winmgmt - ok
17:51:38.0240 3720 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
17:51:38.0271 3720 WinRM - ok
17:51:38.0474 3720 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
17:51:38.0474 3720 WinUsb - ok
17:51:38.0583 3720 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
17:51:38.0598 3720 Wlansvc - ok
17:51:38.0661 3720 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:51:38.0661 3720 wlcrasvc - ok
17:51:38.0895 3720 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:51:38.0926 3720 wlidsvc - ok
17:51:39.0051 3720 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
17:51:39.0066 3720 WmiAcpi - ok
17:51:39.0144 3720 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
17:51:39.0160 3720 wmiApSrv - ok
17:51:39.0207 3720 WMPNetworkSvc - ok
17:51:39.0269 3720 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
17:51:39.0269 3720 WPCSvc - ok
17:51:39.0300 3720 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
17:51:39.0316 3720 WPDBusEnum - ok
17:51:39.0347 3720 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
17:51:39.0363 3720 ws2ifsl - ok
17:51:39.0394 3720 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
17:51:39.0394 3720 wscsvc - ok
17:51:39.0394 3720 WSearch - ok
17:51:39.0581 3720 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
17:51:39.0628 3720 wuauserv - ok
17:51:39.0768 3720 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
17:51:39.0784 3720 WudfPf - ok
17:51:39.0815 3720 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
17:51:39.0831 3720 WUDFRd - ok
17:51:39.0862 3720 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
17:51:39.0862 3720 wudfsvc - ok
17:51:39.0893 3720 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
17:51:39.0909 3720 WwanSvc - ok
17:51:40.0034 3720 X6va006 - ok
17:51:40.0143 3720 X6va008 - ok
17:51:40.0190 3720 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
17:51:41.0406 3720 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:51:41.0406 3720 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:51:41.0438 3720 Boot (0x1200) (de8590baa713dfec22a1b646ac041426) \Device\Harddisk0\DR0\Partition0
17:51:41.0453 3720 \Device\Harddisk0\DR0\Partition0 - ok
17:51:41.0453 3720 ============================================================
17:51:41.0453 3720 Scan finished
17:51:41.0453 3720 ============================================================
17:51:41.0484 0292 Detected object count: 2
17:51:41.0484 0292 Actual detected object count: 2
17:51:57.0849 0292 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:51:57.0849 0292 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:51:57.0849 0292 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:51:57.0849 0292 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:52:41.0602 4724 Deinitialize success





>>aswMBR<<

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 17:54:08
-----------------------------
17:54:08.098 OS Version: Windows x64 6.1.7601 Service Pack 1
17:54:08.098 Number of processors: 2 586 0x100
17:54:08.098 ComputerName: SYSTEM4 UserName:
17:54:09.814 Initialize success
17:55:20.088 AVAST engine defs: 12081101
17:55:38.262 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070
17:55:38.278 Disk 0 Vendor: TOSHIBA_ GT00 Size: 305245MB BusType: 11
17:55:38.293 Disk 0 MBR read successfully
17:55:38.293 Disk 0 MBR scan
17:55:38.309 Disk 0 Windows VISTA default MBR code
17:55:38.356 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
17:55:38.387 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291228 MB offset 3074048
17:55:38.434 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12516 MB offset 599508992
17:55:38.543 Disk 0 scanning C:\windows\system32\drivers
17:56:00.523 Service scanning
17:56:40.038 Modules scanning
17:56:40.054 Disk 0 trace - called modules:
17:56:40.085 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80029252c0]<<sptd.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
17:56:40.101 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800303f730]
17:56:40.101 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8002f0bac0]
17:56:40.116 \Driver\amd_xata[0xfffffa80029f69f0] -> IRP_MJ_CREATE -> 0xfffffa80029252c0
17:56:40.132 5 amd_xata.sys[fffff88000dcf8b4] -> nt!IofCallDriver -> \Device\00000070[0xfffffa8002f05770]
17:56:40.132 \Driver\amd_sata[0xfffffa80029f5630] -> IRP_MJ_CREATE -> 0xfffffa80029232c0
17:56:43.361 AVAST engine scan C:\windows
17:56:53.454 AVAST engine scan C:\windows\system32
18:00:04.149 AVAST engine scan C:\windows\system32\drivers
18:00:18.548 AVAST engine scan C:\Users\AF-Branden
18:02:11.227 File: C:\Users\AF-Branden\AppData\Local\{f26d87d5-f720-fbcd-43ba-c146d51f3e60}\U\00000001.@ **INFECTED** Win32:Malware-gen
18:02:11.320 File: C:\Users\AF-Branden\AppData\Local\{f26d87d5-f720-fbcd-43ba-c146d51f3e60}\U\80000000.@ **INFECTED** Win32:Malware-gen
18:02:11.383 File: C:\Users\AF-Branden\AppData\Local\{f26d87d5-f720-fbcd-43ba-c146d51f3e60}\U\800000cb.@ **INFECTED** Win32:Trojan-gen
18:07:09.905 AVAST engine scan C:\ProgramData
18:07:48.047 Scan finished successfully
18:08:47.218 Disk 0 MBR has been saved successfully to "C:\Users\AF-Branden\Desktop\MBR.dat"
18:08:47.233 The log file has been saved successfully to "C:\Users\AF-Branden\Desktop\aswMBR.txt"




>>ESET Online Scanner<<

C:\Users\AF-Branden\AppData\Local\{f26d87d5-f720-fbcd-43ba-c146d51f3e60}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:15 AM

Posted 12 August 2012 - 04:25 AM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{f26d87d5-f720-fbcd-43ba-c146d51f3e60}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 12 August 2012 - 04:26 AM.


#5 Thwart1

Thwart1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 12 August 2012 - 03:44 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 11:42 on 12/08/2012 by AF-Branden
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{f26d87d5-f720-fbcd-43ba-c146d51f3e60}"
C:\Users\AF-Branden\AppData\Local\{f26d87d5-f720-fbcd-43ba-c146d51f3e60} d--hs-- [03:23 21/11/2010]

-= EOF =-





MiniToolBox by Farbar Version: 23-07-2012
Ran by AF-Branden (administrator) on 12-08-2012 at 19:34:25
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 livejasmin.com
127.0.0.1 www.facebook.com
127.0.0.1 login.facebook.com
127.0.0.1 blog.facebook.com
127.0.0.1 aus3.mozilla.org
127.0.0.1 d3.zedo.com
127.0.0.1 twitter.com
127.0.0.1 www.socialsexnetwork.net
127.0.0.1 socialsexnetwork.net
127.0.0.1 s.social-sex-network.com
127.0.0.1 www.livejasmin.com
127.0.0.1 livejasmin.com

========================= IP Configuration: ================================

Atheros AR9002WB-1NG Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : system4
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 00-26-6C-E0-A1-1B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter
Physical Address. . . . . . . . . : 74-DE-2B-4D-DF-ED
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1197:35f1:9066:280a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 12, 2012 7:31:16 PM
Lease Expires . . . . . . . . . . : Monday, August 13, 2012 7:31:21 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 242540075
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-21-98-AE-74-DE-2B-4D-DF-ED
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c8e:132b:bc48:1be6(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c8e:132b:bc48:1be6%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:400a:800::1000
173.194.33.39
173.194.33.37
173.194.33.34
173.194.33.40
173.194.33.41
173.194.33.32
173.194.33.46
173.194.33.35
173.194.33.33
173.194.33.36
173.194.33.38


Pinging google.com [173.194.33.32] with 32 bytes of data:
Reply from 173.194.33.32: bytes=32 time=13ms TTL=55
Reply from 173.194.33.32: bytes=32 time=13ms TTL=55

Ping statistics for 173.194.33.32:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 13ms, Average = 13ms
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=162ms TTL=46
Reply from 98.139.183.24: bytes=32 time=137ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 137ms, Maximum = 162ms, Average = 149ms
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 26 6c e0 a1 1b ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
11...74 de 2b 4d df ed ......Atheros AR9002WB-1NG Wireless Network Adapter
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.104 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.104 281
192.168.1.104 255.255.255.255 On-link 192.168.1.104 281
192.168.1.255 255.255.255.255 On-link 192.168.1.104 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.104 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.104 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:1c8e:132b:bc48:1be6/128
On-link
11 281 fe80::/64 On-link
14 306 fe80::/64 On-link
11 281 fe80::1197:35f1:9066:280a/128
On-link
14 306 fe80::1c8e:132b:bc48:1be6/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/12/2012 07:32:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 01:40:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 01:31:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 00:44:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 11:42:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2012 08:03:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/11/2012 06:09:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/11/2012 06:09:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/11/2012 06:09:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/11/2012 06:09:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (08/12/2012 07:31:16 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2

Error: (08/12/2012 01:46:56 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/12/2012 01:38:34 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2

Error: (08/12/2012 01:37:41 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/12/2012 01:29:59 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2

Error: (08/12/2012 01:29:05 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/12/2012 00:42:34 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2

Error: (08/12/2012 00:41:40 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (08/12/2012 11:40:52 AM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2

Error: (08/11/2012 09:15:07 PM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/12/2012 07:32:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 01:40:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 01:31:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 00:44:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2012 11:42:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2012 08:03:02 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/11/2012 06:09:43 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\AF-Branden\Desktop\esetsmartinstaller_enu.exe

Error: (08/11/2012 06:09:39 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\AF-Branden\Desktop\esetsmartinstaller_enu.exe

Error: (08/11/2012 06:09:39 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\AF-Branden\Desktop\esetsmartinstaller_enu.exe

Error: (08/11/2012 06:09:34 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\AF-Branden\Desktop\esetsmartinstaller_enu.exe


=========================== Installed Programs ============================

??????? ?????@Mail.Ru (Version: 2.225)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
AMD Media Foundation Decoders (Version: 1.0.60607.2201)
AMD VISION Engine Control Center (Version: 2011.0607.2212.38019)
Atheros Bluetooth Filter Driver Package (Version: 1.00.007)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
Atheros Driver Installation Program (Version: 9.2)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Bejeweled 3 (Version: 2.2.0.97)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0607.2212.38019)
Catalyst Control Center InstallProxy (Version: 2011.0607.2212.38019)
Catalyst Control Center Localization All (Version: 2011.0607.2212.38019)
ccc-utility64 (Version: 2011.0607.2212.38019)
CCC Help Chinese Standard (Version: 2011.0607.2211.38019)
CCC Help Chinese Traditional (Version: 2011.0607.2211.38019)
CCC Help Czech (Version: 2011.0607.2211.38019)
CCC Help Danish (Version: 2011.0607.2211.38019)
CCC Help Dutch (Version: 2011.0607.2211.38019)
CCC Help English (Version: 2011.0607.2211.38019)
CCC Help Finnish (Version: 2011.0607.2211.38019)
CCC Help French (Version: 2011.0607.2211.38019)
CCC Help German (Version: 2011.0607.2211.38019)
CCC Help Greek (Version: 2011.0607.2211.38019)
CCC Help Hungarian (Version: 2011.0607.2211.38019)
CCC Help Italian (Version: 2011.0607.2211.38019)
CCC Help Japanese (Version: 2011.0607.2211.38019)
CCC Help Korean (Version: 2011.0607.2211.38019)
CCC Help Norwegian (Version: 2011.0607.2211.38019)
CCC Help Polish (Version: 2011.0607.2211.38019)
CCC Help Portuguese (Version: 2011.0607.2211.38019)
CCC Help Russian (Version: 2011.0607.2211.38019)
CCC Help Spanish (Version: 2011.0607.2211.38019)
CCC Help Swedish (Version: 2011.0607.2211.38019)
CCC Help Thai (Version: 2011.0607.2211.38019)
CCC Help Turkish (Version: 2011.0607.2211.38019)
Chuzzle Deluxe (Version: 2.2.0.95)
Conexant HD Audio (Version: 8.54.1.0)
Convert (Version: 4.10)
D3DX10 (Version: 15.4.2368.0902)
ETDWare PS/2-X64 8.0.8.0_R01 (Version: 8.0.8.0)
FATE - The Traitor Soul (Version: 2.2.0.95)
Fishdom ™ 2 (Version: 2.2.0.98)
inSSIDer (Version: 2.1.1)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Junk Mail filter update (Version: 15.4.3502.0922)
Knightage (Version: 18.90)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.4763.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Need For Speed™ World (Version: 1.0.0.857)
NVIDIA PhysX (Version: 9.10.0129)
OpenAL
Pando Media Booster (Version: 2.6.0.7)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.97)
Project64 1.6 (Version: 1.6)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124)
Recuva (Version: 1.42)
Tom Clancy's Splinter Cell (Version: 2.2.0.97)
TOSHIBA Application Installer (Version: 9.0.1.2)
TOSHIBA Assist (Version: 4.2.3.0)
TOSHIBA Bulletin Board (Version: 1.6.10.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA Hardware Setup (Version: 2.1.0.3)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
TOSHIBA Media Controller (Version: 1.0.87.4)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.5.5109a)
TOSHIBA Service Station (Version: 2.2.12)
TOSHIBA Supervisor Password (Version: 2.1.0.2)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA Web Camera Application (Version: 2.0.3.3)
TOSHIBARegistration (Version: 1.0.6)
TrueCrypt (Version: 7.1a)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers (Version: 2.2.0.97)
VirtualCloneDrive
WarBirds III FPA
Warface
WildTangent Games (Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (Version: 4.0.5.14)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
Zuma's Revenge (Version: 2.2.0.97)

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 2662.87 MB
Available physical RAM: 1766.44 MB
Total Pagefile: 5323.93 MB
Available Pagefile: 4129.01 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.53 MB

========================= Partitions: =====================================

1 Drive c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:247.38 GB) NTFS

========================= Users: ========================================

User accounts for \\SYSTEM4

Administrator AF-Branden Guest


**** End of log ****


Farbar Service Scanner Version: 06-08-2012
Ran by AF-Branden (administrator) on 12-08-2012 at 13:35:15
Running from "C:\Users\AF-Branden\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****





# AdwCleaner v1.800 - Logfile created 08/12/2012 at 13:36:55
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : AF-Branden - SYSTEM4
# Running from : C:\Users\AF-Branden\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
[x64] Key Deleted : HKLM\SOFTWARE\Software

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\AF-Branden\AppData\Roaming\Mozilla\Firefox\Profiles\aq6wwhsx.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [868 octets] - [12/08/2012 13:36:55]

########## EOF - C:\AdwCleaner[S1].txt - [995 octets] ##########

//////////////////////////////////////////////////////////////////////////////////////////////////////////

Thanks for the help, but I must note that the virus seems to be getting worse, I've done everything you suggested and now there are 4 un-killable iexplore.exe processes running.

Also, the objects in my hosts file are websites that I have chosen to block.

>>>>Accidently put partial log of mini-toolbox I've edited post and included full version<<<<

Edited by Thwart1, 12 August 2012 - 09:42 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:15 AM

Posted 12 August 2012 - 09:57 PM

Still need the MBAM log?

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\AF-Branden\AppData\Local\{f26d87d5-f720-fbcd-43ba-c146d51f3e60}

delete the folder

Post the new system look log

#7 Thwart1

Thwart1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 12 August 2012 - 10:16 PM

Done, here are the logs.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
AF-Branden :: SYSTEM4 [administrator]

8/12/2012 12:06:54 PM
mbam-log-2012-08-12 (12-06-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280536
Time elapsed: 33 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\AF-Branden\AppData\Local\{f26d87d5-f720-fbcd-43ba-c146d51f3e60}\U\00000001.@ (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)



SystemLook 30.07.11 by jpshortstuff
Log created at 20:14 on 12/08/2012 by AF-Branden
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{f26d87d5-f720-fbcd-43ba-c146d51f3e60}"
No folders found.

-= EOF =-


The number of Iexplore.exe instances keeps increasing, in my processes there are like 6 now.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:15 AM

Posted 12 August 2012 - 10:19 PM

Restart the PC and run ESET online scanner again

#9 Thwart1

Thwart1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 12 August 2012 - 11:15 PM

Ok i'll do that now.

I also ran this diagnostic tool, here is a picture of what it found:

Posted Image

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:15 AM

Posted 12 August 2012 - 11:28 PM

Download

List parts

Launch it click on SCAN,post the generated log

#11 Thwart1

Thwart1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 13 August 2012 - 01:00 AM

ESET found nothing.

Here is the ListParts64 log:

ListParts by Farbar Version: 10-08-2012
Ran by AF-Branden (administrator) on 12-08-2012 at 22:58:05
Windows 7 (X64)
Running From: C:\Users\AF-Branden\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 40%
Total physical RAM: 2662.87 MB
Available physical RAM: 1588.6 MB
Total Pagefile: 5323.93 MB
Available Pagefile: 3893.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:247.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 284 GB 1501 MB
Partition 3 Primary 12 GB 285 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C TI106232W0C NTFS Partition 284 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

****** End Of Log ******

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:15 AM

Posted 13 August 2012 - 01:07 AM

MBR looks good.Nothing to worry.One detected by bootkit remover is a false positive

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 Thwart1

Thwart1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 13 August 2012 - 01:58 AM

Done all of the above. Thanks for your help and patience. I still can't figure out how to end these though:

Posted Image



and my icons re-arrange themselves whenenever I try to move them.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:15 AM

Posted 13 August 2012 - 02:24 AM

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#15 Thwart1

Thwart1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 13 August 2012 - 04:07 AM

Thank you very much for your help, I managed to solve the problem. There were 2 rogue .dll files that were calling upon IE to run. I disabled all services in msconfig.exe and then I manually removed them. All is good now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users