Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect


  • Please log in to reply
8 replies to this topic

#1 nineteenstars

nineteenstars

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 17 August 2012 - 09:13 AM

I was getting pop-ups about trojan.zeroaccess and 80000000.@ and 00000001.@, but those have since stopped (or may not be appearing because I've stopped using the computer). However the google redirect issue is definitely still there so I can only imagine my computer is still infected. I have Windows 7 64 bit. If you guys could help me out, I would greatly appreciate it.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:14 AM

Posted 17 August 2012 - 09:21 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 nineteenstars

nineteenstars
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 18 August 2012 - 11:40 AM

TDSSkiller log:

08:07:06.0699 3244 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
08:07:07.0635 3244 ============================================================
08:07:07.0635 3244 Current date / time: 2012/08/18 08:07:07.0635
08:07:07.0635 3244 SystemInfo:
08:07:07.0635 3244
08:07:07.0635 3244 OS Version: 6.1.7601 ServicePack: 1.0
08:07:07.0635 3244 Product type: Workstation
08:07:07.0635 3244 ComputerName: ALGERNON
08:07:07.0635 3244 UserName: Breanna
08:07:07.0635 3244 Windows directory: C:\Windows
08:07:07.0635 3244 System windows directory: C:\Windows
08:07:07.0635 3244 Running under WOW64
08:07:07.0635 3244 Processor architecture: Intel x64
08:07:07.0635 3244 Number of processors: 2
08:07:07.0635 3244 Page size: 0x1000
08:07:07.0635 3244 Boot type: Normal boot
08:07:07.0635 3244 ============================================================
08:07:08.0696 3244 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:07:08.0696 3244 ============================================================
08:07:08.0696 3244 \Device\Harddisk0\DR0:
08:07:08.0696 3244 MBR partitions:
08:07:08.0696 3244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
08:07:08.0696 3244 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
08:07:08.0696 3244 ============================================================
08:07:08.0743 3244 C: <-> \Device\Harddisk0\DR0\Partition2
08:07:08.0743 3244 ============================================================
08:07:08.0743 3244 Initialize success
08:07:08.0743 3244 ============================================================
08:07:49.0287 1412 ============================================================
08:07:49.0287 1412 Scan started
08:07:49.0287 1412 Mode: Manual; TDLFS;
08:07:49.0287 1412 ============================================================
08:07:49.0615 1412 ================ Scan services =============================
08:07:49.0864 1412 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:07:49.0880 1412 1394ohci - ok
08:07:49.0958 1412 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:07:49.0958 1412 ACPI - ok
08:07:49.0989 1412 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:07:50.0020 1412 AcpiPmi - ok
08:07:50.0176 1412 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:07:50.0176 1412 AdobeFlashPlayerUpdateSvc - ok
08:07:50.0239 1412 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:07:50.0285 1412 adp94xx - ok
08:07:50.0332 1412 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:07:50.0363 1412 adpahci - ok
08:07:50.0410 1412 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:07:50.0441 1412 adpu320 - ok
08:07:50.0488 1412 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:07:50.0488 1412 AeLookupSvc - ok
08:07:50.0551 1412 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:07:50.0566 1412 AFD - ok
08:07:50.0613 1412 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:07:50.0629 1412 agp440 - ok
08:07:50.0644 1412 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
08:07:50.0660 1412 ALG - ok
08:07:50.0722 1412 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:07:50.0738 1412 aliide - ok
08:07:50.0769 1412 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
08:07:50.0785 1412 amdide - ok
08:07:50.0847 1412 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:07:50.0847 1412 AmdK8 - ok
08:07:50.0878 1412 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:07:50.0894 1412 AmdPPM - ok
08:07:50.0925 1412 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:07:50.0941 1412 amdsata - ok
08:07:50.0987 1412 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:07:51.0003 1412 amdsbs - ok
08:07:51.0034 1412 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:07:51.0034 1412 amdxata - ok
08:07:51.0081 1412 [ 1412e9a88fe1f7e35ce6058a2ef03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
08:07:51.0081 1412 ApfiltrService - ok
08:07:51.0159 1412 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
08:07:51.0175 1412 AppID - ok
08:07:51.0221 1412 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:07:51.0237 1412 AppIDSvc - ok
08:07:51.0284 1412 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:07:51.0284 1412 Appinfo - ok
08:07:51.0346 1412 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
08:07:51.0362 1412 arc - ok
08:07:51.0393 1412 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:07:51.0409 1412 arcsas - ok
08:07:51.0580 1412 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:07:51.0627 1412 aspnet_state - ok
08:07:51.0658 1412 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:07:51.0674 1412 AsyncMac - ok
08:07:51.0705 1412 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
08:07:51.0721 1412 atapi - ok
08:07:51.0783 1412 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:07:51.0799 1412 AudioEndpointBuilder - ok
08:07:51.0814 1412 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:07:51.0830 1412 AudioSrv - ok
08:07:51.0892 1412 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:07:51.0908 1412 AxInstSV - ok
08:07:51.0970 1412 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:07:52.0001 1412 b06bdrv - ok
08:07:52.0079 1412 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:07:52.0095 1412 b57nd60a - ok
08:07:52.0204 1412 [ 825f81a6f7dd073509db101f0ba6dc59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:07:52.0267 1412 BBSvc - ok
08:07:52.0298 1412 [ e001dd475a7c27ebe5a0db45c11bad71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
08:07:52.0298 1412 BCM42RLY - ok
08:07:52.0407 1412 [ 37394d3553e220fb732c21e217e1bd8b ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
08:07:52.0423 1412 BCM43XX - ok
08:07:52.0485 1412 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:07:52.0485 1412 BDESVC - ok
08:07:52.0532 1412 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:07:52.0532 1412 Beep - ok
08:07:52.0610 1412 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
08:07:52.0625 1412 BFE - ok
08:07:52.0672 1412 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\system32\qmgr.dll
08:07:52.0703 1412 BITS - ok
08:07:52.0750 1412 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:07:52.0750 1412 blbdrive - ok
08:07:52.0781 1412 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:07:52.0781 1412 bowser - ok
08:07:52.0813 1412 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:07:52.0828 1412 BrFiltLo - ok
08:07:52.0828 1412 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:07:52.0844 1412 BrFiltUp - ok
08:07:52.0937 1412 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:07:52.0937 1412 BridgeMP - ok
08:07:52.0984 1412 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
08:07:52.0984 1412 Browser - ok
08:07:53.0015 1412 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:07:53.0031 1412 Brserid - ok
08:07:53.0062 1412 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:07:53.0062 1412 BrSerWdm - ok
08:07:53.0109 1412 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:07:53.0125 1412 BrUsbMdm - ok
08:07:53.0125 1412 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:07:53.0140 1412 BrUsbSer - ok
08:07:53.0171 1412 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:07:53.0187 1412 BTHMODEM - ok
08:07:53.0265 1412 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
08:07:53.0281 1412 bthserv - ok
08:07:53.0312 1412 catchme - ok
08:07:53.0421 1412 [ 27d036fb3d22ca8a6662fe960d1a937d ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
08:07:53.0421 1412 ccEvtMgr - ok
08:07:53.0437 1412 [ 27d036fb3d22ca8a6662fe960d1a937d ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
08:07:53.0437 1412 ccSetMgr - ok
08:07:53.0483 1412 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:07:53.0499 1412 cdfs - ok
08:07:53.0561 1412 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:07:53.0561 1412 cdrom - ok
08:07:53.0608 1412 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
08:07:53.0624 1412 CertPropSvc - ok
08:07:53.0671 1412 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:07:53.0686 1412 circlass - ok
08:07:53.0733 1412 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
08:07:53.0733 1412 CLFS - ok
08:07:53.0827 1412 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:07:53.0873 1412 clr_optimization_v2.0.50727_32 - ok
08:07:53.0936 1412 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:07:53.0936 1412 clr_optimization_v2.0.50727_64 - ok
08:07:54.0045 1412 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:07:54.0092 1412 clr_optimization_v4.0.30319_32 - ok
08:07:54.0139 1412 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:07:54.0154 1412 clr_optimization_v4.0.30319_64 - ok
08:07:54.0201 1412 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:07:54.0201 1412 CmBatt - ok
08:07:54.0232 1412 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:07:54.0248 1412 cmdide - ok
08:07:54.0295 1412 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
08:07:54.0295 1412 CNG - ok
08:07:54.0357 1412 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:07:54.0357 1412 Compbatt - ok
08:07:54.0388 1412 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:07:54.0388 1412 CompositeBus - ok
08:07:54.0404 1412 COMSysApp - ok
08:07:54.0435 1412 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:07:54.0466 1412 crcdisk - ok
08:07:54.0513 1412 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:07:54.0513 1412 CryptSvc - ok
08:07:54.0560 1412 [ ed5cf92396a62f4c15110dcdb5e854d9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
08:07:54.0575 1412 CtClsFlt - ok
08:07:54.0622 1412 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:07:54.0638 1412 DcomLaunch - ok
08:07:54.0700 1412 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
08:07:54.0731 1412 defragsvc - ok
08:07:54.0778 1412 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:07:54.0778 1412 DfsC - ok
08:07:54.0841 1412 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
08:07:54.0841 1412 Dhcp - ok
08:07:54.0887 1412 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
08:07:54.0887 1412 discache - ok
08:07:54.0934 1412 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:07:54.0934 1412 Disk - ok
08:07:54.0981 1412 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:07:54.0981 1412 Dnscache - ok
08:07:55.0106 1412 [ 0840abbbdf438691ee65a20040635cbe ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
08:07:55.0121 1412 DockLoginService - ok
08:07:55.0168 1412 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:07:55.0184 1412 dot3svc - ok
08:07:55.0215 1412 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
08:07:55.0215 1412 DPS - ok
08:07:55.0277 1412 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:07:55.0277 1412 drmkaud - ok
08:07:55.0340 1412 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:07:55.0355 1412 DXGKrnl - ok
08:07:55.0402 1412 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:07:55.0402 1412 EapHost - ok
08:07:55.0511 1412 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:07:55.0636 1412 ebdrv - ok
08:07:55.0683 1412 [ 4353ff94d47a0a9d52b89eccf0cdb013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:07:55.0699 1412 eeCtrl - ok
08:07:55.0730 1412 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
08:07:55.0730 1412 EFS - ok
08:07:55.0823 1412 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:07:55.0901 1412 ehRecvr - ok
08:07:55.0933 1412 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
08:07:55.0948 1412 ehSched - ok
08:07:55.0995 1412 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:07:56.0042 1412 elxstor - ok
08:07:56.0151 1412 [ c5bccb378d0a896304a3e71be7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:07:56.0151 1412 EraserUtilRebootDrv - ok
08:07:56.0167 1412 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:07:56.0182 1412 ErrDev - ok
08:07:56.0260 1412 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
08:07:56.0276 1412 EventSystem - ok
08:07:56.0291 1412 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
08:07:56.0323 1412 exfat - ok
08:07:56.0369 1412 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:07:56.0369 1412 fastfat - ok
08:07:56.0416 1412 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
08:07:56.0447 1412 Fax - ok
08:07:56.0463 1412 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:07:56.0463 1412 fdc - ok
08:07:56.0479 1412 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:07:56.0479 1412 fdPHost - ok
08:07:56.0494 1412 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:07:56.0510 1412 FDResPub - ok
08:07:56.0510 1412 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:07:56.0510 1412 FileInfo - ok
08:07:56.0525 1412 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:07:56.0541 1412 Filetrace - ok
08:07:56.0557 1412 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:07:56.0557 1412 flpydisk - ok
08:07:56.0619 1412 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:07:56.0619 1412 FltMgr - ok
08:07:56.0681 1412 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
08:07:56.0713 1412 FontCache - ok
08:07:56.0791 1412 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:07:56.0806 1412 FontCache3.0.0.0 - ok
08:07:56.0837 1412 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:07:56.0853 1412 FsDepends - ok
08:07:56.0884 1412 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:07:56.0884 1412 Fs_Rec - ok
08:07:56.0947 1412 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:07:56.0947 1412 fvevol - ok
08:07:56.0993 1412 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:07:57.0009 1412 gagp30kx - ok
08:07:57.0103 1412 [ c1bbce4b30b45410178ee674c818d10c ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
08:07:57.0134 1412 GameConsoleService - ok
08:07:57.0181 1412 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
08:07:57.0196 1412 GoToAssist - ok
08:07:57.0259 1412 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
08:07:57.0290 1412 gpsvc - ok
08:07:57.0399 1412 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:07:57.0415 1412 gupdate - ok
08:07:57.0430 1412 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:07:57.0430 1412 gupdatem - ok
08:07:57.0461 1412 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:07:57.0477 1412 hcw85cir - ok
08:07:57.0555 1412 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:07:57.0555 1412 HDAudBus - ok
08:07:57.0586 1412 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:07:57.0586 1412 HidBatt - ok
08:07:57.0617 1412 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:07:57.0633 1412 HidBth - ok
08:07:57.0649 1412 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:07:57.0664 1412 HidIr - ok
08:07:57.0695 1412 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
08:07:57.0695 1412 hidserv - ok
08:07:57.0727 1412 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:07:57.0742 1412 HidUsb - ok
08:07:57.0773 1412 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:07:57.0789 1412 hkmsvc - ok
08:07:57.0820 1412 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:07:57.0836 1412 HomeGroupListener - ok
08:07:57.0883 1412 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:07:57.0883 1412 HomeGroupProvider - ok
08:07:57.0914 1412 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:07:57.0929 1412 HpSAMD - ok
08:07:57.0976 1412 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:07:58.0007 1412 HTTP - ok
08:07:58.0039 1412 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:07:58.0039 1412 hwpolicy - ok
08:07:58.0085 1412 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:07:58.0085 1412 i8042prt - ok
08:07:58.0163 1412 [ 7548066df68a8a1a56b043359f915f37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
08:07:58.0163 1412 IAANTMON - ok
08:07:58.0210 1412 [ 1d004cb1da6323b1f55caef7f94b61d9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:07:58.0210 1412 iaStor - ok
08:07:58.0241 1412 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:07:58.0257 1412 iaStorV - ok
08:07:58.0382 1412 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:07:58.0397 1412 IDriverT - ok
08:07:58.0491 1412 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:07:58.0553 1412 idsvc - ok
08:07:58.0772 1412 [ babd5f9b2bcc82ce556a0baf1ae208a7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:07:58.0959 1412 igfx - ok
08:07:59.0021 1412 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:07:59.0037 1412 iirsp - ok
08:07:59.0115 1412 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
08:07:59.0146 1412 IKEEXT - ok
08:07:59.0177 1412 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
08:07:59.0193 1412 intelide - ok
08:07:59.0224 1412 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:07:59.0224 1412 intelppm - ok
08:07:59.0255 1412 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:07:59.0271 1412 IPBusEnum - ok
08:07:59.0318 1412 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:07:59.0333 1412 IpFilterDriver - ok
08:07:59.0411 1412 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:07:59.0427 1412 iphlpsvc - ok
08:07:59.0474 1412 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:07:59.0489 1412 IPMIDRV - ok
08:07:59.0505 1412 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:07:59.0521 1412 IPNAT - ok
08:07:59.0552 1412 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:07:59.0567 1412 IRENUM - ok
08:07:59.0599 1412 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:07:59.0599 1412 isapnp - ok
08:07:59.0645 1412 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:07:59.0661 1412 iScsiPrt - ok
08:07:59.0692 1412 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:07:59.0692 1412 kbdclass - ok
08:07:59.0739 1412 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:07:59.0755 1412 kbdhid - ok
08:07:59.0770 1412 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
08:07:59.0786 1412 KeyIso - ok
08:07:59.0817 1412 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:07:59.0817 1412 KSecDD - ok
08:07:59.0848 1412 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:07:59.0848 1412 KSecPkg - ok
08:07:59.0879 1412 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:07:59.0879 1412 ksthunk - ok
08:07:59.0911 1412 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
08:07:59.0957 1412 KtmRm - ok
08:08:00.0004 1412 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:08:00.0020 1412 LanmanServer - ok
08:08:00.0051 1412 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:08:00.0067 1412 LanmanWorkstation - ok
08:08:00.0223 1412 [ e34152d03caaaaa81dd66d803f392522 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
08:08:00.0254 1412 LiveUpdate - ok
08:08:00.0301 1412 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:08:00.0301 1412 lltdio - ok
08:08:00.0347 1412 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:08:00.0379 1412 lltdsvc - ok
08:08:00.0394 1412 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:08:00.0394 1412 lmhosts - ok
08:08:00.0457 1412 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:08:00.0472 1412 LSI_FC - ok
08:08:00.0488 1412 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:08:00.0503 1412 LSI_SAS - ok
08:08:00.0550 1412 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:08:00.0566 1412 LSI_SAS2 - ok
08:08:00.0581 1412 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:08:00.0613 1412 LSI_SCSI - ok
08:08:00.0644 1412 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
08:08:00.0644 1412 luafv - ok
08:08:00.0691 1412 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:08:00.0706 1412 Mcx2Svc - ok
08:08:00.0722 1412 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:08:00.0737 1412 megasas - ok
08:08:00.0769 1412 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:08:00.0800 1412 MegaSR - ok
08:08:00.0847 1412 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
08:08:00.0847 1412 MMCSS - ok
08:08:00.0847 1412 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:08:00.0862 1412 Modem - ok
08:08:00.0909 1412 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:08:00.0909 1412 monitor - ok
08:08:00.0956 1412 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:08:00.0956 1412 mouclass - ok
08:08:00.0987 1412 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:08:01.0003 1412 mouhid - ok
08:08:01.0049 1412 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:08:01.0049 1412 mountmgr - ok
08:08:01.0143 1412 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:08:01.0205 1412 MozillaMaintenance - ok
08:08:01.0252 1412 [ dfed96e61756c67533bae6b7d5f8cca3 ] MPFP C:\Windows\system32\Drivers\Mpfp.sys
08:08:01.0252 1412 MPFP - ok
08:08:01.0299 1412 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:08:01.0315 1412 mpio - ok
08:08:01.0330 1412 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:08:01.0330 1412 mpsdrv - ok
08:08:01.0393 1412 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:08:01.0408 1412 MpsSvc - ok
08:08:01.0455 1412 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:08:01.0471 1412 MRxDAV - ok
08:08:01.0517 1412 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:08:01.0517 1412 mrxsmb - ok
08:08:01.0564 1412 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:08:01.0580 1412 mrxsmb10 - ok
08:08:01.0595 1412 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:08:01.0595 1412 mrxsmb20 - ok
08:08:01.0642 1412 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:08:01.0658 1412 msahci - ok
08:08:01.0673 1412 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:08:01.0689 1412 msdsm - ok
08:08:01.0720 1412 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
08:08:01.0736 1412 MSDTC - ok
08:08:01.0783 1412 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:08:01.0783 1412 Msfs - ok
08:08:01.0798 1412 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:08:01.0814 1412 mshidkmdf - ok
08:08:01.0845 1412 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:08:01.0845 1412 msisadrv - ok
08:08:01.0892 1412 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:08:01.0907 1412 MSiSCSI - ok
08:08:01.0923 1412 msiserver - ok
08:08:01.0954 1412 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:08:01.0954 1412 MSKSSRV - ok
08:08:02.0001 1412 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:08:02.0017 1412 MSPCLOCK - ok
08:08:02.0017 1412 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:08:02.0032 1412 MSPQM - ok
08:08:02.0079 1412 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:08:02.0079 1412 MsRPC - ok
08:08:02.0110 1412 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:08:02.0110 1412 mssmbios - ok
08:08:02.0126 1412 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:08:02.0141 1412 MSTEE - ok
08:08:02.0141 1412 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:08:02.0157 1412 MTConfig - ok
08:08:02.0188 1412 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:08:02.0188 1412 Mup - ok
08:08:02.0251 1412 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
08:08:02.0266 1412 napagent - ok
08:08:02.0297 1412 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:08:02.0313 1412 NativeWifiP - ok
08:08:02.0500 1412 [ 8043d41f881d6ace40b854ad6e32217f ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120815.002\ENG64.SYS
08:08:02.0500 1412 NAVENG - ok
08:08:02.0594 1412 [ 9a9ab2fc45d701daed465d14980f1305 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120815.002\EX64.SYS
08:08:02.0625 1412 NAVEX15 - ok
08:08:02.0656 1412 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys
08:08:02.0687 1412 NDIS - ok
08:08:02.0719 1412 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:08:02.0734 1412 NdisCap - ok
08:08:02.0765 1412 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:08:02.0765 1412 NdisTapi - ok
08:08:02.0812 1412 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:08:02.0812 1412 Ndisuio - ok
08:08:02.0843 1412 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:08:02.0843 1412 NdisWan - ok
08:08:02.0890 1412 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:08:02.0890 1412 NDProxy - ok
08:08:02.0921 1412 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:08:02.0921 1412 NetBIOS - ok
08:08:02.0968 1412 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:08:02.0984 1412 NetBT - ok
08:08:02.0999 1412 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
08:08:02.0999 1412 Netlogon - ok
08:08:03.0062 1412 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
08:08:03.0062 1412 Netman - ok
08:08:03.0140 1412 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:08:03.0171 1412 NetMsmqActivator - ok
08:08:03.0187 1412 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:08:03.0187 1412 NetPipeActivator - ok
08:08:03.0233 1412 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
08:08:03.0233 1412 netprofm - ok
08:08:03.0280 1412 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:08:03.0280 1412 NetTcpActivator - ok
08:08:03.0280 1412 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:08:03.0280 1412 NetTcpPortSharing - ok
08:08:03.0311 1412 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:08:03.0327 1412 nfrd960 - ok
08:08:03.0374 1412 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:08:03.0389 1412 NlaSvc - ok
08:08:03.0405 1412 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:08:03.0405 1412 Npfs - ok
08:08:03.0436 1412 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:08:03.0436 1412 nsi - ok
08:08:03.0467 1412 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:08:03.0467 1412 nsiproxy - ok
08:08:03.0545 1412 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:08:03.0592 1412 Ntfs - ok
08:08:03.0608 1412 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
08:08:03.0608 1412 Null - ok
08:08:03.0655 1412 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:08:03.0670 1412 nvraid - ok
08:08:03.0701 1412 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:08:03.0717 1412 nvstor - ok
08:08:03.0733 1412 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:08:03.0748 1412 nv_agp - ok
08:08:03.0826 1412 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:08:03.0889 1412 odserv - ok
08:08:03.0935 1412 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:08:03.0935 1412 ohci1394 - ok
08:08:03.0998 1412 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:08:04.0091 1412 ose - ok
08:08:04.0138 1412 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:08:04.0138 1412 p2pimsvc - ok
08:08:04.0185 1412 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:08:04.0201 1412 p2psvc - ok
08:08:04.0247 1412 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:08:04.0263 1412 Parport - ok
08:08:04.0294 1412 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:08:04.0294 1412 partmgr - ok
08:08:04.0341 1412 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:08:04.0341 1412 PcaSvc - ok
08:08:04.0357 1412 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
08:08:04.0372 1412 pci - ok
08:08:04.0403 1412 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
08:08:04.0419 1412 pciide - ok
08:08:04.0450 1412 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:08:04.0481 1412 pcmcia - ok
08:08:04.0513 1412 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:08:04.0513 1412 pcw - ok
08:08:04.0544 1412 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:08:04.0559 1412 PEAUTH - ok
08:08:04.0700 1412 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:08:04.0715 1412 PerfHost - ok
08:08:04.0809 1412 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
08:08:04.0918 1412 pla - ok
08:08:04.0981 1412 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:08:04.0981 1412 PlugPlay - ok
08:08:05.0012 1412 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:08:05.0027 1412 PNRPAutoReg - ok
08:08:05.0059 1412 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:08:05.0059 1412 PNRPsvc - ok
08:08:05.0090 1412 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:08:05.0121 1412 PolicyAgent - ok
08:08:05.0168 1412 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
08:08:05.0168 1412 Power - ok
08:08:05.0230 1412 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:08:05.0230 1412 PptpMiniport - ok
08:08:05.0246 1412 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:08:05.0261 1412 Processor - ok
08:08:05.0308 1412 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:08:05.0308 1412 ProfSvc - ok
08:08:05.0324 1412 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:08:05.0324 1412 ProtectedStorage - ok
08:08:05.0371 1412 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:08:05.0386 1412 Psched - ok
08:08:05.0433 1412 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
08:08:05.0433 1412 PxHlpa64 - ok
08:08:05.0495 1412 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:08:05.0573 1412 ql2300 - ok
08:08:05.0589 1412 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:08:05.0605 1412 ql40xx - ok
08:08:05.0636 1412 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
08:08:05.0651 1412 QWAVE - ok
08:08:05.0667 1412 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:08:05.0683 1412 QWAVEdrv - ok
08:08:05.0698 1412 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:08:05.0729 1412 RasAcd - ok
08:08:05.0776 1412 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:08:05.0776 1412 RasAgileVpn - ok
08:08:05.0792 1412 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
08:08:05.0807 1412 RasAuto - ok
08:08:05.0839 1412 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:08:05.0839 1412 Rasl2tp - ok
08:08:05.0885 1412 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
08:08:05.0901 1412 RasMan - ok
08:08:05.0917 1412 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:08:05.0917 1412 RasPppoe - ok
08:08:05.0963 1412 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:08:05.0963 1412 RasSstp - ok
08:08:06.0010 1412 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:08:06.0010 1412 rdbss - ok
08:08:06.0041 1412 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:08:06.0057 1412 rdpbus - ok
08:08:06.0073 1412 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:08:06.0073 1412 RDPCDD - ok
08:08:06.0104 1412 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:08:06.0104 1412 RDPENCDD - ok
08:08:06.0135 1412 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:08:06.0135 1412 RDPREFMP - ok
08:08:06.0166 1412 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:08:06.0182 1412 RDPWD - ok
08:08:06.0229 1412 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:08:06.0229 1412 rdyboost - ok
08:08:06.0275 1412 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:08:06.0291 1412 RemoteAccess - ok
08:08:06.0338 1412 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:08:06.0353 1412 RemoteRegistry - ok
08:08:06.0400 1412 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:08:06.0400 1412 RpcEptMapper - ok
08:08:06.0431 1412 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
08:08:06.0447 1412 RpcLocator - ok
08:08:06.0494 1412 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\System32\rpcss.dll
08:08:06.0509 1412 RpcSs - ok
08:08:06.0525 1412 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:08:06.0525 1412 rspndr - ok
08:08:06.0572 1412 [ 4a25dc970c58104602ed274dacafd784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
08:08:06.0587 1412 RSUSBSTOR - ok
08:08:06.0603 1412 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
08:08:06.0603 1412 SamSs - ok
08:08:06.0650 1412 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:08:06.0665 1412 sbp2port - ok
08:08:06.0681 1412 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:08:06.0712 1412 SCardSvr - ok
08:08:06.0743 1412 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:08:06.0759 1412 scfilter - ok
08:08:06.0821 1412 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
08:08:06.0868 1412 Schedule - ok
08:08:06.0899 1412 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
08:08:06.0899 1412 SCPolicySvc - ok
08:08:06.0931 1412 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:08:06.0962 1412 SDRSVC - ok
08:08:07.0071 1412 [ cc781378e7eda615d2cdca3b17829fa4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:08:07.0071 1412 SeaPort - ok
08:08:07.0118 1412 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:08:07.0118 1412 secdrv - ok
08:08:07.0165 1412 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
08:08:07.0165 1412 seclogon - ok
08:08:07.0211 1412 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
08:08:07.0211 1412 SENS - ok
08:08:07.0227 1412 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:08:07.0243 1412 SensrSvc - ok
08:08:07.0243 1412 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:08:07.0258 1412 Serenum - ok
08:08:07.0305 1412 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:08:07.0321 1412 Serial - ok
08:08:07.0336 1412 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:08:07.0352 1412 sermouse - ok
08:08:07.0414 1412 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:08:07.0430 1412 SessionEnv - ok
08:08:07.0461 1412 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:08:07.0477 1412 sffdisk - ok
08:08:07.0492 1412 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:08:07.0508 1412 sffp_mmc - ok
08:08:07.0508 1412 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:08:07.0523 1412 sffp_sd - ok
08:08:07.0539 1412 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:08:07.0555 1412 sfloppy - ok
08:08:07.0617 1412 [ 21d48d7c9bdef13af16fdcbc5719fc3b ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
08:08:07.0633 1412 SftService - ok
08:08:07.0679 1412 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:08:07.0679 1412 SharedAccess - ok
08:08:07.0726 1412 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:08:07.0742 1412 ShellHWDetection - ok
08:08:07.0773 1412 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:08:07.0789 1412 SiSRaid2 - ok
08:08:07.0804 1412 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:08:07.0820 1412 SiSRaid4 - ok
08:08:07.0867 1412 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:08:07.0882 1412 Smb - ok
08:08:08.0038 1412 [ ad97b711074cf27da0c00f2c26e1a62c ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
08:08:08.0069 1412 SmcService - ok
08:08:08.0132 1412 [ 91bd8e268d93aaf5f59aac9de84a25bb ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
08:08:08.0163 1412 SNAC - ok
08:08:08.0210 1412 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:08:08.0210 1412 SNMPTRAP - ok
08:08:08.0225 1412 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:08:08.0225 1412 spldr - ok
08:08:08.0288 1412 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:08:08.0288 1412 Spooler - ok
08:08:08.0428 1412 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
08:08:08.0459 1412 sppsvc - ok
08:08:08.0491 1412 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:08:08.0491 1412 sppuinotify - ok
08:08:08.0569 1412 [ d630b6f2e8379b6f10dc16e82a426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
08:08:08.0584 1412 sprtsvc_DellSupportCenter - ok
08:08:08.0631 1412 [ 32900ac9cfdc578531279886ca16a4df ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
08:08:08.0631 1412 SRTSP - ok
08:08:08.0662 1412 [ 8929566d1f14685fd78eaf25bee3ecc7 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
08:08:08.0709 1412 SRTSPL - ok
08:08:08.0725 1412 [ cb2fdf47ee67f8cca5362ed9b94fe955 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
08:08:08.0725 1412 SRTSPX - ok
08:08:08.0787 1412 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
08:08:08.0787 1412 srv - ok
08:08:08.0818 1412 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:08:08.0818 1412 srv2 - ok
08:08:08.0849 1412 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:08:08.0849 1412 srvnet - ok
08:08:08.0896 1412 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:08:08.0912 1412 SSDPSRV - ok
08:08:08.0927 1412 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:08:08.0943 1412 SstpSvc - ok
08:08:09.0099 1412 [ 444109453a2b87e6c16bcda5953e81a9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
08:08:09.0099 1412 STacSV - ok
08:08:09.0130 1412 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:08:09.0146 1412 stexstor - ok
08:08:09.0177 1412 [ 02e784fa49032f84964db90a3ed81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
08:08:09.0208 1412 STHDA - ok
08:08:09.0239 1412 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
08:08:09.0271 1412 stisvc - ok
08:08:09.0302 1412 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:08:09.0302 1412 swenum - ok
08:08:09.0427 1412 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:08:09.0458 1412 SwitchBoard - ok
08:08:09.0505 1412 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
08:08:09.0551 1412 swprv - ok
08:08:09.0645 1412 [ ba2fb8f8ab24d0279caa98a4c118150e ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
08:08:09.0676 1412 Symantec AntiVirus - ok
08:08:09.0707 1412 [ 7e4d281982e19abd06728c7ee9ac40a8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
08:08:09.0723 1412 SymEvent - ok
08:08:09.0801 1412 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
08:08:09.0863 1412 SysMain - ok
08:08:09.0941 1412 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:08:09.0957 1412 TabletInputService - ok
08:08:10.0004 1412 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:08:10.0019 1412 TapiSrv - ok
08:08:10.0066 1412 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
08:08:10.0066 1412 TBS - ok
08:08:10.0160 1412 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:08:10.0175 1412 Tcpip - ok
08:08:10.0253 1412 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:08:10.0269 1412 TCPIP6 - ok
08:08:10.0316 1412 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:08:10.0316 1412 tcpipreg - ok
08:08:10.0378 1412 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:08:10.0394 1412 TDPIPE - ok
08:08:10.0425 1412 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:08:10.0441 1412 TDTCP - ok
08:08:10.0487 1412 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:08:10.0487 1412 tdx - ok
08:08:10.0550 1412 [ 13657dc475de564247745bf4da23207c ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
08:08:10.0550 1412 Teefer2 - ok
08:08:10.0581 1412 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:08:10.0581 1412 TermDD - ok
08:08:10.0628 1412 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
08:08:10.0659 1412 TermService - ok
08:08:10.0690 1412 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
08:08:10.0690 1412 Themes - ok
08:08:10.0721 1412 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
08:08:10.0737 1412 THREADORDER - ok
08:08:10.0753 1412 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
08:08:10.0753 1412 TrkWks - ok
08:08:10.0831 1412 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:08:10.0831 1412 TrustedInstaller - ok
08:08:10.0862 1412 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:08:10.0877 1412 tssecsrv - ok
08:08:10.0940 1412 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:08:10.0955 1412 TsUsbFlt - ok
08:08:11.0018 1412 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:08:11.0018 1412 tunnel - ok
08:08:11.0065 1412 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:08:11.0080 1412 uagp35 - ok
08:08:11.0127 1412 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:08:11.0143 1412 udfs - ok
08:08:11.0205 1412 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:08:11.0205 1412 UI0Detect - ok
08:08:11.0252 1412 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:08:11.0267 1412 uliagpkx - ok
08:08:11.0314 1412 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\drivers\umbus.sys
08:08:11.0314 1412 umbus - ok
08:08:11.0330 1412 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:08:11.0345 1412 UmPass - ok
08:08:11.0377 1412 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
08:08:11.0392 1412 upnphost - ok
08:08:11.0392 1412 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:08:11.0408 1412 usbccgp - ok
08:08:11.0470 1412 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:08:11.0486 1412 usbcir - ok
08:08:11.0486 1412 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:08:11.0486 1412 usbehci - ok
08:08:11.0548 1412 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:08:11.0548 1412 usbhub - ok
08:08:11.0564 1412 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:08:11.0579 1412 usbohci - ok
08:08:11.0626 1412 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:08:11.0642 1412 usbprint - ok
08:08:11.0673 1412 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:08:11.0689 1412 usbscan - ok
08:08:11.0704 1412 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:08:11.0720 1412 USBSTOR - ok
08:08:11.0751 1412 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:08:11.0751 1412 usbuhci - ok
08:08:11.0798 1412 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
08:08:11.0798 1412 usbvideo - ok
08:08:11.0845 1412 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
08:08:11.0845 1412 UxSms - ok
08:08:11.0876 1412 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
08:08:11.0876 1412 VaultSvc - ok
08:08:11.0907 1412 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:08:11.0907 1412 vdrvroot - ok
08:08:11.0969 1412 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
08:08:11.0985 1412 vds - ok
08:08:12.0016 1412 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:08:12.0032 1412 vga - ok
08:08:12.0063 1412 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
08:08:12.0063 1412 VgaSave - ok
08:08:12.0094 1412 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:08:12.0110 1412 vhdmp - ok
08:08:12.0141 1412 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:08:12.0157 1412 viaide - ok
08:08:12.0172 1412 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:08:12.0172 1412 volmgr - ok
08:08:12.0235 1412 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:08:12.0235 1412 volmgrx - ok
08:08:12.0250 1412 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:08:12.0266 1412 volsnap - ok
08:08:12.0297 1412 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:08:12.0328 1412 vsmraid - ok
08:08:12.0406 1412 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
08:08:12.0469 1412 VSS - ok
08:08:12.0484 1412 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:08:12.0484 1412 vwifibus - ok
08:08:12.0531 1412 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:08:12.0531 1412 vwififlt - ok
08:08:12.0578 1412 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
08:08:12.0656 1412 W32Time - ok
08:08:12.0671 1412 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:08:12.0687 1412 WacomPen - ok
08:08:12.0749 1412 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:08:12.0749 1412 WANARP - ok
08:08:12.0781 1412 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:08:12.0781 1412 Wanarpv6 - ok
08:08:12.0859 1412 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:08:12.0921 1412 WatAdminSvc - ok
08:08:12.0999 1412 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
08:08:13.0077 1412 wbengine - ok
08:08:13.0124 1412 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:08:13.0155 1412 WbioSrvc - ok
08:08:13.0202 1412 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:08:13.0233 1412 wcncsvc - ok
08:08:13.0249 1412 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:08:13.0264 1412 WcsPlugInService - ok
08:08:13.0311 1412 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:08:13.0327 1412 Wd - ok
08:08:13.0358 1412 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:08:13.0373 1412 Wdf01000 - ok
08:08:13.0405 1412 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:08:13.0405 1412 WdiServiceHost - ok
08:08:13.0405 1412 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:08:13.0420 1412 WdiSystemHost - ok
08:08:13.0467 1412 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:08:13.0514 1412 WebClient - ok
08:08:13.0529 1412 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:08:13.0545 1412 Wecsvc - ok
08:08:13.0561 1412 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:08:13.0576 1412 wercplsupport - ok
08:08:13.0623 1412 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:08:13.0639 1412 WerSvc - ok
08:08:13.0670 1412 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:08:13.0670 1412 WfpLwf - ok
08:08:13.0748 1412 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
08:08:13.0763 1412 WimFltr - ok
08:08:13.0763 1412 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:08:13.0779 1412 WIMMount - ok
08:08:13.0810 1412 WinDefend - ok
08:08:13.0841 1412 WinHttpAutoProxySvc - ok
08:08:13.0919 1412 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:08:13.0919 1412 Winmgmt - ok
08:08:13.0997 1412 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
08:08:14.0107 1412 WinRM - ok
08:08:14.0169 1412 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
08:08:14.0200 1412 Wlansvc - ok
08:08:14.0387 1412 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:08:14.0434 1412 wlidsvc - ok
08:08:14.0481 1412 [ 13b0a570e1ae451c92da550085d72cf3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
08:08:14.0481 1412 wltrysvc - ok
08:08:14.0497 1412 wltrysvc32 - ok
08:08:14.0543 1412 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:08:14.0543 1412 WmiAcpi - ok
08:08:14.0575 1412 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:08:14.0606 1412 wmiApSrv - ok
08:08:14.0668 1412 WMPNetworkSvc - ok
08:08:14.0715 1412 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:08:14.0731 1412 WPCSvc - ok
08:08:14.0762 1412 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:08:14.0762 1412 WPDBusEnum - ok
08:08:14.0809 1412 [ 6cab753b203f39b4ce05ff10013de2ef ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
08:08:14.0809 1412 WPS - ok
08:08:14.0840 1412 [ d9b5a13804b7d97770c42da484a9d86e ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
08:08:14.0855 1412 WpsHelper - ok
08:08:14.0887 1412 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:08:14.0887 1412 ws2ifsl - ok
08:08:14.0902 1412 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
08:08:14.0902 1412 wscsvc - ok
08:08:14.0918 1412 WSearch - ok
08:08:15.0011 1412 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:08:15.0089 1412 wuauserv - ok
08:08:15.0105 1412 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:08:15.0105 1412 WudfPf - ok
08:08:15.0152 1412 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:08:15.0167 1412 WUDFRd - ok
08:08:15.0214 1412 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:08:15.0214 1412 wudfsvc - ok
08:08:15.0261 1412 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
08:08:15.0292 1412 WwanSvc - ok
08:08:15.0355 1412 [ 79d9ce9614c955dd31aa2556b4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
08:08:15.0355 1412 yukonw7 - ok
08:08:15.0370 1412 ================ Scan global ===============================
08:08:15.0401 1412 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
08:08:15.0433 1412 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
08:08:15.0464 1412 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
08:08:15.0511 1412 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
08:08:15.0557 1412 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
08:08:15.0557 1412 [Global] - ok
08:08:15.0557 1412 ================ Scan MBR ==================================
08:08:15.0573 1412 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
08:08:15.0947 1412 \Device\Harddisk0\DR0 - ok
08:08:15.0947 1412 ================ Scan VBR ==================================
08:08:15.0947 1412 Boot (0x1200) (aba911cc44f1d1796625f94942edbc80) \Device\Harddisk0\DR0\Partition1
08:08:15.0947 1412 \Device\Harddisk0\DR0\Partition1 - ok
08:08:15.0993 1412 Boot (0x1200) (99019fe082da145cd6af6bb4ade2023c) \Device\Harddisk0\DR0\Partition2
08:08:15.0995 1412 \Device\Harddisk0\DR0\Partition2 - ok
08:08:15.0995 1412 ============================================================
08:08:15.0995 1412 Scan finished
08:08:15.0995 1412 ============================================================
08:08:16.0008 3244 Detected object count: 0
08:08:16.0008 3244 Actual detected object count: 0

aswMBR log:
08:13:58.874 OS Version: Windows x64 6.1.7601 Service Pack 1
08:13:58.874 Number of processors: 2 586 0x170A
08:13:58.875 ComputerName: ALGERNON UserName: Breanna
08:14:04.879 Initialize success
08:18:58.132 AVAST engine defs: 12081800
08:19:36.733 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:19:36.737 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
08:19:36.760 Disk 0 MBR read successfully
08:19:36.765 Disk 0 MBR scan
08:19:36.774 Disk 0 Windows VISTA default MBR code
08:19:36.780 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
08:19:36.804 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
08:19:36.830 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
08:19:36.864 Disk 0 scanning C:\Windows\system32\drivers
08:19:53.011 Service scanning
08:20:27.432 Modules scanning
08:20:27.446 Disk 0 trace - called modules:
08:20:27.499 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:20:27.509 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004242630]
08:20:27.518 3 CLASSPNP.SYS[fffff880015ba43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040f7050]
08:20:28.875 AVAST engine scan C:\Windows
08:20:34.345 AVAST engine scan C:\Windows\system32
08:26:08.999 AVAST engine scan C:\Windows\system32\drivers
08:26:30.291 AVAST engine scan C:\Users\Breanna
08:28:47.343 Disk 0 MBR has been saved successfully to "C:\Users\Breanna\Documents\MBR.dat"
08:28:47.359 The log file has been saved successfully to "C:\Users\Breanna\Documents\aswMBR.txt"

ESET online scanner:
C:\FRST\Quarantine\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\FRST\Quarantine\tofitugikloq.exe a variant of Win32/Kryptik.AJKU trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\A390.tmp.dat a variant of Win32/Kryptik.AIYZ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Breanna\AppData\Roaming\aptdr.dll.vir a variant of Win32/Medfos.AR trojan cleaned by deleting - quarantined
C:\Users\Breanna\AppData\Local\{9D34D16F-CD26-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Users\Breanna\Downloads\DownloadSetup.exe Win32/InstallMate application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:14 AM

Posted 18 August 2012 - 11:43 AM

Not sure who guided you to run FRST and combofix.They have to be run under expert guidance

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Create a restore point before trying this

Download

adware cleaner

Launch it click on Delete

post the generated log

DOwnload

Rkill

Run the scan,post the contents of RKILL log located on the desktop

#5 nineteenstars

nineteenstars
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 19 August 2012 - 04:26 PM

EDIT: Finally got a clean log on MBAM by turning off the wifi. Going to run the rest now.

Edited by nineteenstars, 19 August 2012 - 07:22 PM.


#6 nineteenstars

nineteenstars
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 19 August 2012 - 08:39 PM

MiniToolBox:
Ran by Breanna (administrator) on 19-08-2012 at 18:42:15
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Algernon
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 70-F1-A1-1D-84-26
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3869:64f8:7a2b:fc28%93(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 19, 2012 6:40:28 PM
Lease Expires . . . . . . . . . . : Sunday, August 19, 2012 7:40:28 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 1785786785
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-20-B1-CF-A4-BA-DB-AA-48-40
DNS Servers . . . . . . . . . . . : 75.75.76.76
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : A4-BA-DB-AA-48-40
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{82A77148-8427-4A61-8A6B-C11510556273}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E4FE8C43-3F82-4515-BC9C-DD039A049C5A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 73:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3ca7:1a73:3f57:fff9(Preferred)
Link-local IPv6 Address . . . . . : fe80::3ca7:1a73:3f57:fff9%91(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: google.com
Addresses: 2607:f8b0:400a:801::1001
173.194.33.35
173.194.33.33
173.194.33.39
173.194.33.40
173.194.33.38
173.194.33.32
173.194.33.34
173.194.33.36
173.194.33.46
173.194.33.41
173.194.33.37


Pinging google.com [173.194.33.1] with 32 bytes of data:
Reply from 173.194.33.1: bytes=32 time=95ms TTL=55
Reply from 173.194.33.1: bytes=32 time=67ms TTL=55

Ping statistics for 173.194.33.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 67ms, Maximum = 95ms, Average = 81ms
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=137ms TTL=50
Reply from 98.139.183.24: bytes=32 time=120ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 120ms, Maximum = 137ms, Average = 128ms
Server: cdns02.comcast.net
Address: 75.75.76.76

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=9ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 9ms, Average = 6ms
===========================================================================
Interface List
93...70 f1 a1 1d 84 26 ......Dell Wireless 1397 WLAN Mini-Card
89...a4 ba db aa 48 40 ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
101...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
100...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
91...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.6 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.6 281
192.168.0.6 255.255.255.255 On-link 192.168.0.6 281
192.168.0.255 255.255.255.255 On-link 192.168.0.6 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.6 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.6 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
91 58 ::/0 On-link
1 306 ::1/128 On-link
91 58 2001::/32 On-link
91 306 2001:0:4137:9e76:3ca7:1a73:3f57:fff9/128
On-link
93 281 fe80::/64 On-link
91 306 fe80::/64 On-link
93 281 fe80::3869:64f8:7a2b:fc28/128
On-link
91 306 fe80::3ca7:1a73:3f57:fff9/128
On-link
1 306 ff00::/8 On-link
91 306 ff00::/8 On-link
93 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/19/2012 05:03:26 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (08/19/2012 03:12:05 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (08/19/2012 08:51:43 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan.Maljava!gen23 in File: C:\Users\Breanna\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5df1df1d-55b73df4 by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/18/2012 10:39:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/18/2012 08:31:07 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/18/2012 08:30:54 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/18/2012 08:21:28 AM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan.Gen.2 in File: C:\Users\Breanna\AppData\Local\Temp\_avast4_\unp94329691.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (08/18/2012 08:00:25 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (08/17/2012 03:22:23 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
at System.Net.HttpWebRequest.GetRequestStream()
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (08/17/2012 09:59:30 AM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.


System errors:
=============
Error: (08/19/2012 05:06:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/19/2012 05:06:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (08/19/2012 03:16:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (08/19/2012 03:15:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/19/2012 03:14:36 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/19/2012 03:14:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/14/2012 03:16:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/13/2012 00:58:37 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (08/10/2012 10:47:02 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.131.1768.0).

Error: (08/10/2012 10:46:38 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe AIR (Version: 3.2.0.2070)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader 9.2 (Version: 9.2.0)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Advanced Audio FX Engine (Version: 1.12.05)
Akamai NetSession Interface Service
Amazon Kindle
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
Banctec Service Agreement (Version: 2.0.0)
Big Fish Games: Game Manager (Version: 2.0.0.5)
Bing Bar (Version: 7.0.609.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Coupon Printer for Windows (Version: 5.0.0.0)
Cozi (Version: 1.0.4323.24051)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 2.34)
Dell DataSafe Local Backup (Version: 9.3.94)
Dell DataSafe Online (Version: 1.2.0009)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Touchpad (Version: 7.104.115.102)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Diner Dash 5: Boom
ESET Online Scanner v3
Google Chrome (Version: 21.0.1180.79)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
GoToAssist 8.0.0.514
Grand Fantasia
HP Deskjet 1000 J110 series Basic Device Software (Version: 21.0.952.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.63.63)
HP Deskjet 1000 J110 series Product Improvement Study (Version: 21.0.952.0)
HP Update (Version: 5.002.005.003)
InstallIQ Updater (Version: 1.4.3.0)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 17 (64-bit) (Version: 6.0.170)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MP3 Rocket
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
NSIS vgif
Origin (Version: 8.3.1.9)
PDF Settings CS5 (Version: 10.0)
PowerDVD DX (Version: 8.3.5424)
QMC
Quickset64 (Version: 9.6.6)
QuickTime (Version: 7.69.80.9)
RedShark 4.10 (Version: 4.10)
Roxio Burn (Version: 1.01)
Search Toolbar (Version: 1.2)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.169)
Spotify (Version: 0.8.4.107.g4fa0003f)
swMSM (Version: 12.0.0.1)
Symantec Endpoint Protection (Version: 11.0.5002.333)
System Requirements Lab for Intel (Version: 4.5.3.0)
The Sims Medieval (Version: 1.0.0)
The Sims™ 3 (Version: 1.26.89)
The Sims™ 3 Ambitions (Version: 4.10.1)
The Sims™ 3 Pets (Version: 10.0.96)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vegas Pro 9.0 (64-bit) (Version: 9.0.895)
Veoh Video Compass (Version: 1.5.2)
Video to GIF Converter 5.20
VideoBuzz (Version: 1.0.0)
VitalSource Bookshelf (Version: 5.04.0014)
WildTangent Games (Version: 1.0.0.71)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
Zoo Tycoon 2 - Zookeeper Collection (Version: 1.00.0000)

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 4056.36 MB
Available physical RAM: 1832.73 MB
Total Pagefile: 8110.92 MB
Available Pagefile: 5825.26 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.88 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:169.54 GB) NTFS

========================= Users: ========================================

User accounts for \\ALGERNON

Administrator Breanna Guest


**** End of log ****

FSS:
Ran by Breanna (administrator) on 19-08-2012 at 18:45:08
Running from "C:\Users\Breanna\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Adware:
# AdwCleaner v1.801 - Logfile created 08/19/2012 at 19:29:27
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Breanna - ALGERNON
# Boot Mode : Normal
# Running from : C:\Users\Breanna\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\ProgramData\Premium

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Freeze.com
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Breanna\AppData\Roaming\Mozilla\Firefox\Profiles\uuqtnbzw.default\prefs.js

Deleted : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Deleted : user_pref("browser.search.selectedEngine", "Swag Bucks Customized Web Search");

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Breanna\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [2398 octets] - [19/08/2012 19:29:27]

########## EOF - C:\AdwCleaner[S1].txt - [2526 octets] ##########

Rkill
Rkill 2.2.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/19/2012 07:36:25 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Windows\System32\jusched.exe (PID: 4720) [FI]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]
* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:
* No issues found.

Program finished at: 08/19/2012 07:36:43 PM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:14 AM

Posted 19 August 2012 - 09:59 PM

Do you still have redirects? which browser?

#8 nineteenstars

nineteenstars
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 20 August 2012 - 02:47 PM

So far no redirects in any of the browsers.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:14 AM

Posted 20 August 2012 - 08:58 PM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users