Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect/Squid/Rootkit nightmare


  • Please log in to reply
9 replies to this topic

#1 seantcarr

seantcarr

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 19 August 2012 - 08:45 AM

I believe my computer has been rooted. It started with a bogus "Virus detection" which I used Microsoft Security Essentials to remove. Now when I use a search engine I am often redirected to junk or malware sites, where more malware is loaded, which I then remove, and the cycle repeats. NETSTAT consistently shows a bunch of https, http, and other sessions which I haven't inititated. Believe I'm current with Java updates etc. Any help you can give very much appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 PM

Posted 19 August 2012 - 08:54 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 seantcarr

seantcarr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 25 August 2012 - 02:04 PM

Here are the logs - thank you narenxp.



TDSSkiller:

04:00:31.0979 3840 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
04:00:32.0275 3840 ============================================================
04:00:32.0275 3840 Current date / time: 2012/08/22 04:00:32.0275
04:00:32.0275 3840 SystemInfo:
04:00:32.0275 3840
04:00:32.0275 3840 OS Version: 6.1.7601 ServicePack: 1.0
04:00:32.0275 3840 Product type: Workstation
04:00:32.0275 3840 ComputerName: JJSCARR
04:00:32.0275 3840 UserName: Sean
04:00:32.0275 3840 Windows directory: C:\Windows
04:00:32.0275 3840 System windows directory: C:\Windows
04:00:32.0275 3840 Running under WOW64
04:00:32.0275 3840 Processor architecture: Intel x64
04:00:32.0275 3840 Number of processors: 1
04:00:32.0275 3840 Page size: 0x1000
04:00:32.0275 3840 Boot type: Normal boot
04:00:32.0275 3840 ============================================================
04:00:34.0459 3840 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:00:34.0599 3840 Drive \Device\Harddisk1\DR1 - Size: 0xF5D00000 (3.84 Gb), SectorSize: 0x200, Cylinders: 0x1F5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:00:34.0599 3840 ============================================================
04:00:34.0599 3840 \Device\Harddisk0\DR0:
04:00:34.0599 3840 MBR partitions:
04:00:34.0599 3840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
04:00:34.0599 3840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x10CB96B0
04:00:34.0599 3840 \Device\Harddisk1\DR1:
04:00:34.0599 3840 MBR partitions:
04:00:34.0599 3840 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x7AC800
04:00:34.0599 3840 ============================================================
04:00:34.0631 3840 C: <-> \Device\Harddisk0\DR0\Partition2
04:00:34.0631 3840 ============================================================
04:00:34.0631 3840 Initialize success
04:00:34.0631 3840 ============================================================
04:01:04.0068 4160 ============================================================
04:01:04.0068 4160 Scan started
04:01:04.0068 4160 Mode: Manual; TDLFS;
04:01:04.0068 4160 ============================================================
04:01:04.0239 4160 ================ Scan system memory ========================
04:01:04.0239 4160 System memory - ok
04:01:04.0239 4160 ================ Scan services =============================
04:01:04.0458 4160 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
04:01:04.0458 4160 1394ohci - ok
04:01:04.0536 4160 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
04:01:04.0536 4160 ACPI - ok
04:01:04.0598 4160 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
04:01:04.0598 4160 AcpiPmi - ok
04:01:04.0770 4160 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:01:04.0770 4160 AdobeFlashPlayerUpdateSvc - ok
04:01:04.0848 4160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
04:01:04.0848 4160 adp94xx - ok
04:01:04.0910 4160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
04:01:04.0910 4160 adpahci - ok
04:01:04.0973 4160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
04:01:04.0988 4160 adpu320 - ok
04:01:05.0019 4160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
04:01:05.0035 4160 AeLookupSvc - ok
04:01:05.0129 4160 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
04:01:05.0129 4160 AFD - ok
04:01:05.0222 4160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
04:01:05.0222 4160 agp440 - ok
04:01:05.0269 4160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
04:01:05.0269 4160 ALG - ok
04:01:05.0316 4160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
04:01:05.0316 4160 aliide - ok
04:01:05.0331 4160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
04:01:05.0331 4160 amdide - ok
04:01:05.0394 4160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
04:01:05.0394 4160 AmdK8 - ok
04:01:05.0425 4160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
04:01:05.0425 4160 AmdPPM - ok
04:01:05.0487 4160 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
04:01:05.0487 4160 amdsata - ok
04:01:05.0550 4160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
04:01:05.0550 4160 amdsbs - ok
04:01:05.0612 4160 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
04:01:05.0612 4160 amdxata - ok
04:01:05.0675 4160 [ 98449A2957778A6F025C418438A380F4 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
04:01:05.0675 4160 ApfiltrService - ok
04:01:05.0753 4160 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
04:01:05.0768 4160 AppID - ok
04:01:05.0799 4160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
04:01:05.0799 4160 AppIDSvc - ok
04:01:05.0862 4160 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
04:01:05.0862 4160 Appinfo - ok
04:01:05.0893 4160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
04:01:05.0987 4160 arc - ok
04:01:06.0018 4160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
04:01:06.0018 4160 arcsas - ok
04:01:06.0065 4160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
04:01:06.0080 4160 AsyncMac - ok
04:01:06.0158 4160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
04:01:06.0158 4160 atapi - ok
04:01:06.0236 4160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:01:06.0252 4160 AudioEndpointBuilder - ok
04:01:06.0267 4160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
04:01:06.0267 4160 AudioSrv - ok
04:01:06.0345 4160 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
04:01:06.0345 4160 AxInstSV - ok
04:01:06.0423 4160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
04:01:06.0423 4160 b06bdrv - ok
04:01:06.0470 4160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
04:01:06.0486 4160 b57nd60a - ok
04:01:06.0533 4160 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
04:01:06.0548 4160 BCM42RLY - ok
04:01:06.0642 4160 [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
04:01:06.0657 4160 BCM43XX - ok
04:01:06.0751 4160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
04:01:06.0751 4160 BDESVC - ok
04:01:06.0813 4160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
04:01:06.0813 4160 Beep - ok
04:01:06.0891 4160 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
04:01:06.0891 4160 BFE - ok
04:01:06.0938 4160 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
04:01:06.0954 4160 BITS - ok
04:01:06.0985 4160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
04:01:06.0985 4160 blbdrive - ok
04:01:07.0047 4160 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
04:01:07.0047 4160 bowser - ok
04:01:07.0094 4160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:01:07.0094 4160 BrFiltLo - ok
04:01:07.0125 4160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:01:07.0125 4160 BrFiltUp - ok
04:01:07.0172 4160 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
04:01:07.0172 4160 Browser - ok
04:01:07.0203 4160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
04:01:07.0219 4160 Brserid - ok
04:01:07.0250 4160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
04:01:07.0250 4160 BrSerWdm - ok
04:01:07.0281 4160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
04:01:07.0281 4160 BrUsbMdm - ok
04:01:07.0297 4160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
04:01:07.0297 4160 BrUsbSer - ok
04:01:07.0344 4160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
04:01:07.0344 4160 BTHMODEM - ok
04:01:07.0391 4160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
04:01:07.0391 4160 bthserv - ok
04:01:07.0437 4160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
04:01:07.0437 4160 cdfs - ok
04:01:07.0515 4160 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
04:01:07.0515 4160 cdrom - ok
04:01:07.0578 4160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
04:01:07.0578 4160 CertPropSvc - ok
04:01:07.0625 4160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
04:01:07.0625 4160 circlass - ok
04:01:07.0671 4160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
04:01:07.0671 4160 CLFS - ok
04:01:07.0765 4160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:01:07.0765 4160 clr_optimization_v2.0.50727_32 - ok
04:01:07.0843 4160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:01:07.0843 4160 clr_optimization_v2.0.50727_64 - ok
04:01:07.0952 4160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:01:07.0968 4160 clr_optimization_v4.0.30319_32 - ok
04:01:08.0015 4160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:01:08.0015 4160 clr_optimization_v4.0.30319_64 - ok
04:01:08.0046 4160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
04:01:08.0046 4160 CmBatt - ok
04:01:08.0077 4160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
04:01:08.0077 4160 cmdide - ok
04:01:08.0139 4160 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
04:01:08.0139 4160 CNG - ok
04:01:08.0202 4160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
04:01:08.0202 4160 Compbatt - ok
04:01:08.0264 4160 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
04:01:08.0264 4160 CompositeBus - ok
04:01:08.0295 4160 COMSysApp - ok
04:01:08.0327 4160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
04:01:08.0342 4160 crcdisk - ok
04:01:08.0420 4160 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
04:01:08.0420 4160 CryptSvc - ok
04:01:08.0483 4160 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
04:01:08.0483 4160 CtClsFlt - ok
04:01:08.0545 4160 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
04:01:08.0545 4160 ctxusbm - ok
04:01:08.0623 4160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
04:01:08.0639 4160 DcomLaunch - ok
04:01:08.0670 4160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
04:01:08.0670 4160 defragsvc - ok
04:01:08.0732 4160 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
04:01:08.0732 4160 DfsC - ok
04:01:08.0795 4160 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
04:01:08.0810 4160 Dhcp - ok
04:01:08.0841 4160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
04:01:08.0841 4160 discache - ok
04:01:08.0857 4160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
04:01:08.0857 4160 Disk - ok
04:01:08.0919 4160 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
04:01:08.0919 4160 Dnscache - ok
04:01:09.0029 4160 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
04:01:09.0029 4160 DockLoginService - ok
04:01:09.0107 4160 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
04:01:09.0107 4160 dot3svc - ok
04:01:09.0153 4160 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
04:01:09.0169 4160 DPS - ok
04:01:09.0200 4160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
04:01:09.0231 4160 drmkaud - ok
04:01:09.0309 4160 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
04:01:09.0309 4160 dsNcAdpt - ok
04:01:09.0450 4160 [ 3C2971DEE117DA4D4C147B6737B3463E ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
04:01:09.0465 4160 dsNcService - ok
04:01:09.0543 4160 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
04:01:09.0559 4160 DXGKrnl - ok
04:01:09.0590 4160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
04:01:09.0606 4160 EapHost - ok
04:01:09.0715 4160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
04:01:09.0793 4160 ebdrv - ok
04:01:09.0840 4160 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
04:01:09.0840 4160 EFS - ok
04:01:09.0933 4160 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
04:01:09.0933 4160 ehRecvr - ok
04:01:09.0965 4160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
04:01:09.0980 4160 ehSched - ok
04:01:10.0011 4160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
04:01:10.0027 4160 elxstor - ok
04:01:10.0074 4160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
04:01:10.0074 4160 ErrDev - ok
04:01:10.0136 4160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
04:01:10.0136 4160 EventSystem - ok
04:01:10.0167 4160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
04:01:10.0167 4160 exfat - ok
04:01:10.0199 4160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
04:01:10.0199 4160 fastfat - ok
04:01:10.0308 4160 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
04:01:10.0323 4160 Fax - ok
04:01:10.0370 4160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
04:01:10.0370 4160 fdc - ok
04:01:10.0401 4160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
04:01:10.0401 4160 fdPHost - ok
04:01:10.0433 4160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
04:01:10.0433 4160 FDResPub - ok
04:01:10.0464 4160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
04:01:10.0464 4160 FileInfo - ok
04:01:10.0495 4160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
04:01:10.0495 4160 Filetrace - ok
04:01:10.0635 4160 [ B8602C90D3C427D8A86CE60437615CF5 ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
04:01:10.0635 4160 FlipShare Service - ok
04:01:10.0713 4160 [ AC5FB7094F31534594CAE48306972CBD ] FlipShareServer C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
04:01:11.0010 4160 FlipShareServer - ok
04:01:11.0025 4160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
04:01:11.0025 4160 flpydisk - ok
04:01:11.0103 4160 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
04:01:11.0103 4160 FltMgr - ok
04:01:11.0181 4160 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
04:01:11.0197 4160 FontCache - ok
04:01:11.0259 4160 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:01:11.0275 4160 FontCache3.0.0.0 - ok
04:01:11.0306 4160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
04:01:11.0306 4160 FsDepends - ok
04:01:11.0337 4160 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
04:01:11.0337 4160 Fs_Rec - ok
04:01:11.0400 4160 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
04:01:11.0400 4160 fvevol - ok
04:01:11.0447 4160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
04:01:11.0447 4160 gagp30kx - ok
04:01:11.0540 4160 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
04:01:11.0540 4160 GameConsoleService - ok
04:01:11.0556 4160 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
04:01:11.0571 4160 GoToAssist - ok
04:01:11.0634 4160 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
04:01:11.0649 4160 gpsvc - ok
04:01:11.0696 4160 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
04:01:11.0696 4160 grmnusb - ok
04:01:11.0821 4160 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:01:11.0821 4160 gupdate - ok
04:01:11.0852 4160 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:01:11.0852 4160 gupdatem - ok
04:01:11.0899 4160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
04:01:11.0899 4160 hcw85cir - ok
04:01:11.0946 4160 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
04:01:11.0946 4160 HDAudBus - ok
04:01:11.0961 4160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
04:01:11.0961 4160 HidBatt - ok
04:01:11.0993 4160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
04:01:12.0008 4160 HidBth - ok
04:01:12.0024 4160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
04:01:12.0024 4160 HidIr - ok
04:01:12.0071 4160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
04:01:12.0071 4160 hidserv - ok
04:01:12.0149 4160 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
04:01:12.0149 4160 HidUsb - ok
04:01:12.0211 4160 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
04:01:12.0211 4160 hkmsvc - ok
04:01:12.0258 4160 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:01:12.0258 4160 HomeGroupListener - ok
04:01:12.0305 4160 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:01:12.0305 4160 HomeGroupProvider - ok
04:01:12.0383 4160 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
04:01:12.0383 4160 HpSAMD - ok
04:01:12.0461 4160 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
04:01:12.0476 4160 HTTP - ok
04:01:12.0523 4160 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
04:01:12.0523 4160 hwpolicy - ok
04:01:12.0570 4160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
04:01:12.0570 4160 i8042prt - ok
04:01:12.0632 4160 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
04:01:12.0632 4160 IAANTMON - ok
04:01:12.0695 4160 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
04:01:12.0695 4160 iaStor - ok
04:01:12.0757 4160 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
04:01:12.0773 4160 iaStorV - ok
04:01:12.0851 4160 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:01:12.0866 4160 idsvc - ok
04:01:13.0053 4160 [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
04:01:13.0225 4160 igfx - ok
04:01:13.0256 4160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
04:01:13.0256 4160 iirsp - ok
04:01:13.0334 4160 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
04:01:13.0334 4160 IKEEXT - ok
04:01:13.0397 4160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
04:01:13.0397 4160 intelide - ok
04:01:13.0443 4160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
04:01:13.0443 4160 intelppm - ok
04:01:13.0490 4160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
04:01:13.0490 4160 IPBusEnum - ok
04:01:13.0553 4160 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:01:13.0553 4160 IpFilterDriver - ok
04:01:13.0584 4160 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
04:01:13.0599 4160 iphlpsvc - ok
04:01:13.0646 4160 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
04:01:13.0646 4160 IPMIDRV - ok
04:01:13.0709 4160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
04:01:13.0709 4160 IPNAT - ok
04:01:13.0740 4160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
04:01:13.0740 4160 IRENUM - ok
04:01:13.0787 4160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
04:01:13.0787 4160 isapnp - ok
04:01:13.0833 4160 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
04:01:13.0849 4160 iScsiPrt - ok
04:01:13.0896 4160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
04:01:13.0896 4160 kbdclass - ok
04:01:13.0958 4160 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
04:01:13.0958 4160 kbdhid - ok
04:01:13.0974 4160 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
04:01:13.0974 4160 KeyIso - ok
04:01:14.0021 4160 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
04:01:14.0021 4160 KSecDD - ok
04:01:14.0083 4160 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
04:01:14.0083 4160 KSecPkg - ok
04:01:14.0130 4160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
04:01:14.0130 4160 ksthunk - ok
04:01:14.0177 4160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
04:01:14.0192 4160 KtmRm - ok
04:01:14.0255 4160 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
04:01:14.0255 4160 LanmanServer - ok
04:01:14.0317 4160 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:01:14.0317 4160 LanmanWorkstation - ok
04:01:14.0379 4160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
04:01:14.0379 4160 lltdio - ok
04:01:14.0426 4160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
04:01:14.0442 4160 lltdsvc - ok
04:01:14.0457 4160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
04:01:14.0457 4160 lmhosts - ok
04:01:14.0504 4160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
04:01:14.0520 4160 LSI_FC - ok
04:01:14.0551 4160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
04:01:14.0551 4160 LSI_SAS - ok
04:01:14.0598 4160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:01:14.0598 4160 LSI_SAS2 - ok
04:01:14.0613 4160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:01:14.0629 4160 LSI_SCSI - ok
04:01:14.0660 4160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
04:01:14.0660 4160 luafv - ok
04:01:14.0707 4160 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
04:01:14.0723 4160 Mcx2Svc - ok
04:01:14.0769 4160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
04:01:14.0769 4160 megasas - ok
04:01:14.0801 4160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
04:01:14.0801 4160 MegaSR - ok
04:01:14.0847 4160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
04:01:14.0847 4160 MMCSS - ok
04:01:14.0879 4160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
04:01:14.0879 4160 Modem - ok
04:01:14.0925 4160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
04:01:14.0941 4160 monitor - ok
04:01:15.0019 4160 [ 36AC4DECEAE4226A5B5DD038C49658E1 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
04:01:15.0019 4160 MotoHelper - ok
04:01:15.0081 4160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
04:01:15.0081 4160 mouclass - ok
04:01:15.0113 4160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
04:01:15.0113 4160 mouhid - ok
04:01:15.0175 4160 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
04:01:15.0175 4160 mountmgr - ok
04:01:15.0253 4160 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
04:01:15.0253 4160 MpFilter - ok
04:01:15.0315 4160 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
04:01:15.0315 4160 mpio - ok
04:01:15.0347 4160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
04:01:15.0347 4160 mpsdrv - ok
04:01:15.0409 4160 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
04:01:15.0425 4160 MpsSvc - ok
04:01:15.0471 4160 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
04:01:15.0471 4160 MRxDAV - ok
04:01:15.0518 4160 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
04:01:15.0518 4160 mrxsmb - ok
04:01:15.0581 4160 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:01:15.0581 4160 mrxsmb10 - ok
04:01:15.0643 4160 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:01:15.0643 4160 mrxsmb20 - ok
04:01:15.0674 4160 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
04:01:15.0674 4160 msahci - ok
04:01:15.0721 4160 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
04:01:15.0721 4160 msdsm - ok
04:01:15.0737 4160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
04:01:15.0752 4160 MSDTC - ok
04:01:15.0783 4160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
04:01:15.0799 4160 Msfs - ok
04:01:15.0830 4160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
04:01:15.0846 4160 mshidkmdf - ok
04:01:15.0893 4160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
04:01:15.0893 4160 msisadrv - ok
04:01:15.0939 4160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
04:01:15.0939 4160 MSiSCSI - ok
04:01:15.0955 4160 msiserver - ok
04:01:16.0002 4160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
04:01:16.0002 4160 MSKSSRV - ok
04:01:16.0095 4160 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
04:01:16.0095 4160 MsMpSvc - ok
04:01:16.0127 4160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
04:01:16.0142 4160 MSPCLOCK - ok
04:01:16.0173 4160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
04:01:16.0173 4160 MSPQM - ok
04:01:16.0220 4160 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
04:01:16.0236 4160 MsRPC - ok
04:01:16.0298 4160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
04:01:16.0298 4160 mssmbios - ok
04:01:16.0345 4160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
04:01:16.0345 4160 MSTEE - ok
04:01:16.0376 4160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
04:01:16.0376 4160 MTConfig - ok
04:01:16.0423 4160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
04:01:16.0423 4160 Mup - ok
04:01:16.0485 4160 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
04:01:16.0485 4160 napagent - ok
04:01:16.0548 4160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
04:01:16.0548 4160 NativeWifiP - ok
04:01:16.0626 4160 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
04:01:16.0641 4160 NDIS - ok
04:01:16.0673 4160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
04:01:16.0688 4160 NdisCap - ok
04:01:16.0704 4160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
04:01:16.0704 4160 NdisTapi - ok
04:01:16.0782 4160 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
04:01:16.0782 4160 Ndisuio - ok
04:01:16.0829 4160 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
04:01:16.0829 4160 NdisWan - ok
04:01:16.0875 4160 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
04:01:16.0891 4160 NDProxy - ok
04:01:16.0938 4160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
04:01:16.0938 4160 NetBIOS - ok
04:01:17.0000 4160 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
04:01:17.0000 4160 NetBT - ok
04:01:17.0016 4160 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
04:01:17.0016 4160 Netlogon - ok
04:01:17.0063 4160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
04:01:17.0078 4160 Netman - ok
04:01:17.0109 4160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
04:01:17.0109 4160 netprofm - ok
04:01:17.0141 4160 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:01:17.0141 4160 NetTcpPortSharing - ok
04:01:17.0203 4160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
04:01:17.0203 4160 nfrd960 - ok
04:01:17.0265 4160 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:01:17.0265 4160 NisDrv - ok
04:01:17.0343 4160 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
04:01:17.0343 4160 NisSrv - ok
04:01:17.0421 4160 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
04:01:17.0421 4160 NlaSvc - ok
04:01:17.0453 4160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
04:01:17.0453 4160 Npfs - ok
04:01:17.0484 4160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
04:01:17.0484 4160 nsi - ok
04:01:17.0515 4160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
04:01:17.0515 4160 nsiproxy - ok
04:01:17.0609 4160 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
04:01:17.0624 4160 Ntfs - ok
04:01:17.0671 4160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
04:01:17.0671 4160 Null - ok
04:01:17.0718 4160 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
04:01:17.0718 4160 nvraid - ok
04:01:17.0765 4160 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
04:01:17.0765 4160 nvstor - ok
04:01:17.0827 4160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
04:01:17.0827 4160 nv_agp - ok
04:01:17.0936 4160 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:01:17.0967 4160 odserv - ok
04:01:18.0014 4160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
04:01:18.0014 4160 ohci1394 - ok
04:01:18.0077 4160 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:01:18.0077 4160 ose - ok
04:01:18.0108 4160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
04:01:18.0123 4160 p2pimsvc - ok
04:01:18.0155 4160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
04:01:18.0170 4160 p2psvc - ok
04:01:18.0201 4160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
04:01:18.0201 4160 Parport - ok
04:01:18.0248 4160 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
04:01:18.0248 4160 partmgr - ok
04:01:18.0279 4160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
04:01:18.0279 4160 PcaSvc - ok
04:01:18.0342 4160 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
04:01:18.0342 4160 pci - ok
04:01:18.0389 4160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
04:01:18.0389 4160 pciide - ok
04:01:18.0435 4160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
04:01:18.0435 4160 pcmcia - ok
04:01:18.0467 4160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
04:01:18.0467 4160 pcw - ok
04:01:18.0513 4160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
04:01:18.0513 4160 PEAUTH - ok
04:01:18.0591 4160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
04:01:18.0591 4160 PerfHost - ok
04:01:18.0685 4160 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
04:01:18.0701 4160 pla - ok
04:01:18.0779 4160 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
04:01:18.0794 4160 PlugPlay - ok
04:01:18.0810 4160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
04:01:18.0810 4160 PNRPAutoReg - ok
04:01:18.0857 4160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
04:01:18.0857 4160 PNRPsvc - ok
04:01:18.0935 4160 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
04:01:18.0935 4160 Point64 - ok
04:01:18.0981 4160 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
04:01:18.0981 4160 PolicyAgent - ok
04:01:19.0028 4160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
04:01:19.0028 4160 Power - ok
04:01:19.0075 4160 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
04:01:19.0091 4160 PptpMiniport - ok
04:01:19.0137 4160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
04:01:19.0137 4160 Processor - ok
04:01:19.0200 4160 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
04:01:19.0200 4160 ProfSvc - ok
04:01:19.0247 4160 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
04:01:19.0247 4160 ProtectedStorage - ok
04:01:19.0340 4160 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
04:01:19.0340 4160 Psched - ok
04:01:19.0403 4160 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
04:01:19.0403 4160 PxHlpa64 - ok
04:01:19.0449 4160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
04:01:19.0481 4160 ql2300 - ok
04:01:19.0512 4160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
04:01:19.0512 4160 ql40xx - ok
04:01:19.0574 4160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
04:01:19.0574 4160 QWAVE - ok
04:01:19.0605 4160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
04:01:19.0605 4160 QWAVEdrv - ok
04:01:19.0621 4160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
04:01:19.0621 4160 RasAcd - ok
04:01:19.0668 4160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
04:01:19.0683 4160 RasAgileVpn - ok
04:01:19.0715 4160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
04:01:19.0715 4160 RasAuto - ok
04:01:19.0793 4160 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
04:01:19.0793 4160 Rasl2tp - ok
04:01:19.0839 4160 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
04:01:19.0839 4160 RasMan - ok
04:01:19.0886 4160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
04:01:19.0886 4160 RasPppoe - ok
04:01:19.0902 4160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
04:01:19.0902 4160 RasSstp - ok
04:01:19.0964 4160 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
04:01:19.0964 4160 rdbss - ok
04:01:19.0995 4160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
04:01:19.0995 4160 rdpbus - ok
04:01:20.0011 4160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
04:01:20.0011 4160 RDPCDD - ok
04:01:20.0058 4160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
04:01:20.0058 4160 RDPENCDD - ok
04:01:20.0073 4160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
04:01:20.0073 4160 RDPREFMP - ok
04:01:20.0136 4160 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
04:01:20.0151 4160 RDPWD - ok
04:01:20.0214 4160 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
04:01:20.0229 4160 rdyboost - ok
04:01:20.0261 4160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
04:01:20.0261 4160 RemoteAccess - ok
04:01:20.0307 4160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
04:01:20.0323 4160 RemoteRegistry - ok
04:01:20.0385 4160 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
04:01:20.0385 4160 RimUsb - ok
04:01:20.0448 4160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
04:01:20.0448 4160 RpcEptMapper - ok
04:01:20.0479 4160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
04:01:20.0479 4160 RpcLocator - ok
04:01:20.0541 4160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
04:01:20.0557 4160 RpcSs - ok
04:01:20.0588 4160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
04:01:20.0588 4160 rspndr - ok
04:01:20.0635 4160 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
04:01:20.0635 4160 RSUSBSTOR - ok
04:01:20.0651 4160 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
04:01:20.0651 4160 SamSs - ok
04:01:20.0713 4160 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
04:01:20.0713 4160 sbp2port - ok
04:01:20.0760 4160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
04:01:20.0760 4160 SCardSvr - ok
04:01:20.0807 4160 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
04:01:20.0807 4160 scfilter - ok
04:01:20.0885 4160 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
04:01:20.0885 4160 Schedule - ok
04:01:20.0947 4160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
04:01:20.0947 4160 SCPolicySvc - ok
04:01:20.0994 4160 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
04:01:20.0994 4160 SDRSVC - ok
04:01:21.0041 4160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
04:01:21.0041 4160 secdrv - ok
04:01:21.0103 4160 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
04:01:21.0103 4160 seclogon - ok
04:01:21.0150 4160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
04:01:21.0150 4160 SENS - ok
04:01:21.0181 4160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
04:01:21.0181 4160 SensrSvc - ok
04:01:21.0212 4160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
04:01:21.0243 4160 Serenum - ok
04:01:21.0290 4160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
04:01:21.0290 4160 Serial - ok
04:01:21.0353 4160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
04:01:21.0353 4160 sermouse - ok
04:01:21.0415 4160 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
04:01:21.0415 4160 SessionEnv - ok
04:01:21.0462 4160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
04:01:21.0462 4160 sffdisk - ok
04:01:21.0509 4160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
04:01:21.0509 4160 sffp_mmc - ok
04:01:21.0524 4160 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
04:01:21.0524 4160 sffp_sd - ok
04:01:21.0571 4160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
04:01:21.0571 4160 sfloppy - ok
04:01:21.0618 4160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
04:01:21.0618 4160 SharedAccess - ok
04:01:21.0680 4160 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:01:21.0680 4160 ShellHWDetection - ok
04:01:21.0711 4160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:01:21.0711 4160 SiSRaid2 - ok
04:01:21.0758 4160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
04:01:21.0758 4160 SiSRaid4 - ok
04:01:21.0867 4160 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
04:01:22.0179 4160 SkypeUpdate - ok
04:01:22.0226 4160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
04:01:22.0226 4160 Smb - ok
04:01:22.0273 4160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
04:01:22.0273 4160 SNMPTRAP - ok
04:01:22.0320 4160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
04:01:22.0320 4160 spldr - ok
04:01:22.0382 4160 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
04:01:22.0382 4160 Spooler - ok
04:01:22.0507 4160 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
04:01:22.0569 4160 sppsvc - ok
04:01:22.0616 4160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
04:01:22.0616 4160 sppuinotify - ok
04:01:22.0694 4160 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
04:01:22.0694 4160 sprtsvc_DellSupportCenter - ok
04:01:22.0757 4160 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
04:01:22.0757 4160 srv - ok
04:01:22.0819 4160 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
04:01:22.0819 4160 srv2 - ok
04:01:22.0881 4160 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
04:01:22.0881 4160 srvnet - ok
04:01:22.0944 4160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
04:01:22.0944 4160 SSDPSRV - ok
04:01:22.0959 4160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
04:01:22.0959 4160 SstpSvc - ok
04:01:23.0069 4160 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
04:01:23.0084 4160 STacSV - ok
04:01:23.0115 4160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
04:01:23.0115 4160 stexstor - ok
04:01:23.0162 4160 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
04:01:23.0162 4160 STHDA - ok
04:01:23.0225 4160 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
04:01:23.0240 4160 stisvc - ok
04:01:23.0287 4160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
04:01:23.0287 4160 swenum - ok
04:01:23.0349 4160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
04:01:23.0349 4160 swprv - ok
04:01:23.0443 4160 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
04:01:23.0459 4160 SysMain - ok
04:01:23.0505 4160 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:01:23.0521 4160 TabletInputService - ok
04:01:23.0552 4160 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
04:01:23.0552 4160 TapiSrv - ok
04:01:23.0583 4160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
04:01:23.0599 4160 TBS - ok
04:01:23.0677 4160 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
04:01:23.0708 4160 Tcpip - ok
04:01:23.0771 4160 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
04:01:23.0786 4160 TCPIP6 - ok
04:01:23.0833 4160 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
04:01:23.0833 4160 tcpipreg - ok
04:01:23.0880 4160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
04:01:23.0880 4160 TDPIPE - ok
04:01:23.0942 4160 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
04:01:23.0942 4160 TDTCP - ok
04:01:24.0005 4160 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
04:01:24.0005 4160 tdx - ok
04:01:24.0051 4160 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
04:01:24.0051 4160 TermDD - ok
04:01:24.0114 4160 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
04:01:24.0114 4160 TermService - ok
04:01:24.0161 4160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
04:01:24.0161 4160 Themes - ok
04:01:24.0192 4160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
04:01:24.0192 4160 THREADORDER - ok
04:01:24.0254 4160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
04:01:24.0254 4160 TrkWks - ok
04:01:24.0317 4160 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:01:24.0317 4160 TrustedInstaller - ok
04:01:24.0379 4160 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
04:01:24.0379 4160 tssecsrv - ok
04:01:24.0426 4160 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
04:01:24.0426 4160 TsUsbFlt - ok
04:01:24.0504 4160 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
04:01:24.0504 4160 tunnel - ok
04:01:24.0551 4160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
04:01:24.0551 4160 uagp35 - ok
04:01:24.0597 4160 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
04:01:24.0597 4160 udfs - ok
04:01:24.0660 4160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
04:01:24.0660 4160 UI0Detect - ok
04:01:24.0707 4160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
04:01:24.0707 4160 uliagpkx - ok
04:01:24.0769 4160 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
04:01:24.0769 4160 umbus - ok
04:01:24.0816 4160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
04:01:24.0816 4160 UmPass - ok
04:01:24.0863 4160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
04:01:24.0863 4160 upnphost - ok
04:01:24.0909 4160 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
04:01:24.0925 4160 usbccgp - ok
04:01:24.0987 4160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
04:01:24.0987 4160 usbcir - ok
04:01:25.0019 4160 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
04:01:25.0019 4160 usbehci - ok
04:01:25.0065 4160 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
04:01:25.0081 4160 usbhub - ok
04:01:25.0112 4160 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
04:01:25.0112 4160 usbohci - ok
04:01:25.0159 4160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
04:01:25.0159 4160 usbprint - ok
04:01:25.0206 4160 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:01:25.0206 4160 USBSTOR - ok
04:01:25.0237 4160 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
04:01:25.0237 4160 usbuhci - ok
04:01:25.0299 4160 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
04:01:25.0299 4160 usbvideo - ok
04:01:25.0331 4160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
04:01:25.0346 4160 UxSms - ok
04:01:25.0346 4160 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
04:01:25.0362 4160 VaultSvc - ok
04:01:25.0424 4160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
04:01:25.0424 4160 vdrvroot - ok
04:01:25.0487 4160 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
04:01:25.0487 4160 vds - ok
04:01:25.0533 4160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
04:01:25.0565 4160 vga - ok
04:01:25.0596 4160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
04:01:25.0611 4160 VgaSave - ok
04:01:25.0658 4160 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
04:01:25.0674 4160 vhdmp - ok
04:01:25.0705 4160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
04:01:25.0705 4160 viaide - ok
04:01:25.0752 4160 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
04:01:25.0752 4160 volmgr - ok
04:01:25.0814 4160 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
04:01:25.0814 4160 volmgrx - ok
04:01:25.0861 4160 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
04:01:25.0877 4160 volsnap - ok
04:01:25.0923 4160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
04:01:25.0923 4160 vsmraid - ok
04:01:26.0001 4160 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
04:01:26.0017 4160 VSS - ok
04:01:26.0048 4160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
04:01:26.0048 4160 vwifibus - ok
04:01:26.0079 4160 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
04:01:26.0079 4160 vwififlt - ok
04:01:26.0142 4160 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
04:01:26.0142 4160 vwifimp - ok
04:01:26.0173 4160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
04:01:26.0189 4160 W32Time - ok
04:01:26.0220 4160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
04:01:26.0220 4160 WacomPen - ok
04:01:26.0298 4160 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
04:01:26.0298 4160 WANARP - ok
04:01:26.0313 4160 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
04:01:26.0313 4160 Wanarpv6 - ok
04:01:26.0423 4160 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
04:01:26.0438 4160 WatAdminSvc - ok
04:01:26.0501 4160 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
04:01:26.0516 4160 wbengine - ok
04:01:26.0563 4160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
04:01:26.0563 4160 WbioSrvc - ok
04:01:26.0625 4160 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
04:01:26.0641 4160 wcncsvc - ok
04:01:26.0657 4160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:01:26.0657 4160 WcsPlugInService - ok
04:01:26.0703 4160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
04:01:26.0719 4160 Wd - ok
04:01:26.0766 4160 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
04:01:26.0766 4160 Wdf01000 - ok
04:01:26.0781 4160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
04:01:26.0781 4160 WdiServiceHost - ok
04:01:26.0797 4160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
04:01:26.0797 4160 WdiSystemHost - ok
04:01:26.0859 4160 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
04:01:26.0859 4160 WebClient - ok
04:01:26.0891 4160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
04:01:26.0891 4160 Wecsvc - ok
04:01:26.0922 4160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
04:01:26.0922 4160 wercplsupport - ok
04:01:26.0969 4160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
04:01:26.0984 4160 WerSvc - ok
04:01:27.0015 4160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
04:01:27.0015 4160 WfpLwf - ok
04:01:27.0062 4160 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
04:01:27.0078 4160 WimFltr - ok
04:01:27.0109 4160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
04:01:27.0109 4160 WIMMount - ok
04:01:27.0140 4160 WinDefend - ok
04:01:27.0156 4160 WinHttpAutoProxySvc - ok
04:01:27.0218 4160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
04:01:27.0218 4160 Winmgmt - ok
04:01:27.0312 4160 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
04:01:27.0343 4160 WinRM - ok
04:01:27.0421 4160 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
04:01:27.0421 4160 WinUsb - ok
04:01:27.0483 4160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
04:01:27.0499 4160 Wlansvc - ok
04:01:27.0546 4160 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
04:01:27.0593 4160 wltrysvc - ok
04:01:27.0655 4160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
04:01:27.0655 4160 WmiAcpi - ok
04:01:27.0702 4160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
04:01:27.0702 4160 wmiApSrv - ok
04:01:27.0749 4160 WMPNetworkSvc - ok
04:01:27.0780 4160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
04:01:27.0780 4160 WPCSvc - ok
04:01:27.0827 4160 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
04:01:27.0827 4160 WPDBusEnum - ok
04:01:27.0858 4160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
04:01:27.0858 4160 ws2ifsl - ok
04:01:27.0889 4160 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
04:01:27.0905 4160 wscsvc - ok
04:01:27.0905 4160 WSearch - ok
04:01:28.0029 4160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
04:01:28.0045 4160 wuauserv - ok
04:01:28.0076 4160 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
04:01:28.0076 4160 WudfPf - ok
04:01:28.0123 4160 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
04:01:28.0123 4160 WUDFRd - ok
04:01:28.0170 4160 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
04:01:28.0185 4160 wudfsvc - ok
04:01:28.0217 4160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
04:01:28.0217 4160 WwanSvc - ok
04:01:28.0295 4160 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
04:01:28.0295 4160 yukonw7 - ok
04:01:28.0373 4160 ================ Scan global ===============================
04:01:28.0404 4160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
04:01:28.0451 4160 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
04:01:28.0466 4160 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
04:01:28.0497 4160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
04:01:28.0529 4160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
04:01:28.0544 4160 [Global] - ok
04:01:28.0544 4160 ================ Scan MBR ==================================
04:01:28.0560 4160 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
04:01:29.0636 4160 \Device\Harddisk0\DR0 - ok
04:01:29.0652 4160 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
04:01:29.0948 4160 \Device\Harddisk1\DR1 - ok
04:01:29.0948 4160 ================ Scan VBR ==================================
04:01:29.0979 4160 [ CE1660B4A78827026EAB557BE1BFE095 ] \Device\Harddisk0\DR0\Partition1
04:01:29.0995 4160 \Device\Harddisk0\DR0\Partition1 - ok
04:01:30.0011 4160 [ BEE0AB2A4C715C56AFFA7B8AF6CA8BD9 ] \Device\Harddisk0\DR0\Partition2
04:01:30.0011 4160 \Device\Harddisk0\DR0\Partition2 - ok
04:01:30.0026 4160 [ BCF78CBB8964D5B80414CEA451A95F1F ] \Device\Harddisk1\DR1\Partition1
04:01:30.0026 4160 \Device\Harddisk1\DR1\Partition1 - ok
04:01:30.0026 4160 ============================================================
04:01:30.0026 4160 Scan finished
04:01:30.0026 4160 ============================================================
04:01:30.0042 4900 Detected object count: 0
04:01:30.0042 4900 Actual detected object count: 0
04:02:24.0720 0236 Deinitialize success


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-22 04:22:13
-----------------------------
04:22:13.617 OS Version: Windows x64 6.1.7601 Service Pack 1
04:22:13.617 Number of processors: 1 586 0x170A
04:22:13.617 ComputerName: JJSCARR UserName: Sean
04:22:17.876 Initialize success
04:22:30.606 AVAST engine defs: 12082100
04:22:37.430 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:22:37.430 Disk 0 Vendor: TOSHIBA_ FG01 Size: 152627MB BusType: 3
04:22:37.500 Disk 0 MBR read successfully
04:22:37.500 Disk 0 MBR scan
04:22:37.550 Disk 0 Windows VISTA default MBR code
04:22:37.570 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
04:22:37.610 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
04:22:37.740 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 137586 MB offset 30801920
04:22:37.800 Disk 0 scanning C:\Windows\system32\drivers
04:23:06.500 Service scanning
04:24:18.977 Modules scanning
04:24:18.977 Disk 0 trace - called modules:
04:24:19.017 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
04:24:19.347 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80026dc060]
04:24:19.347 3 CLASSPNP.SYS[fffff88001bbf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002260050]
04:24:21.561 AVAST engine scan C:\Windows
04:24:25.487 AVAST engine scan C:\Windows\system32
04:29:59.783 AVAST engine scan C:\Windows\system32\drivers
04:30:21.993 AVAST engine scan C:\Users\Sean
04:44:43.770 Disk 0 MBR has been saved successfully to "C:\Users\Sean\Documents\BleepingComp\MBR.dat"
04:44:43.810 The log file has been saved successfully to "C:\Users\Sean\Documents\BleepingComp\aswMBR.txt"
04:57:30.207 AVAST engine scan C:\ProgramData
05:05:32.869 Scan finished successfully
17:36:55.176 Disk 0 MBR has been saved successfully to "C:\Users\Sean\Documents\BleepingComp\MBR.dat"
17:36:55.186 The log file has been saved successfully to "C:\Users\Sean\Documents\BleepingComp\aswMBR.txt"


ESET: No threats found

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 PM

Posted 25 August 2012 - 02:10 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

post the generated log

#5 seantcarr

seantcarr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 26 August 2012 - 01:05 PM

narenxp,

Here are the logs. BTW I have not executed a web search since first posting on Bleeping Computer.

Thanks again,

Sean



MBAM:

Nothing found before or after reboot.

Minitoolbox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Sean (administrator) on 26-08-2012 at 13:47:07
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JJSCarr
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 70-1A-04-8B-B0-C4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::925:50a3:cda3:1d4f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 26, 2012 11:57:02 AM
Lease Expires . . . . . . . . . . : Monday, August 27, 2012 11:57:02 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 225450500
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-A1-31-FD-00-25-64-78-09-68
DNS Servers . . . . . . . . . . . : 192.168.1.1
71.252.0.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ad.spirentcom.com
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-25-64-78-09-68
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physical Address. . . . . . . . . : 00-FF-B0-9B-C7-03
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3c06:2213:93e3:afde(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c06:2213:93e3:afde%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:803::100e
74.125.228.110
74.125.228.105
74.125.228.96
74.125.228.102
74.125.228.101
74.125.228.98
74.125.228.99
74.125.228.103
74.125.228.104
74.125.228.100
74.125.228.97


Pinging google.com [74.125.228.105] with 32 bytes of data:
Reply from 74.125.228.105: bytes=32 time=12ms TTL=252
Reply from 74.125.228.105: bytes=32 time=10ms TTL=252

Ping statistics for 74.125.228.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 12ms, Average = 11ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=227ms TTL=50
Reply from 98.139.183.24: bytes=32 time=134ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 134ms, Maximum = 227ms, Average = 180ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=6ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 6ms, Average = 4ms
===========================================================================
Interface List
11...70 1a 04 8b b0 c4 ......Dell Wireless 1397 WLAN Mini-Card
10...00 25 64 78 09 68 ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
15...00 ff b0 9b c7 03 ......Juniper Network Connect Virtual Adapter
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:953c:3c06:2213:93e3:afde/128
On-link
11 281 fe80::/64 On-link
13 306 fe80::/64 On-link
11 281 fe80::925:50a3:cda3:1d4f/128
On-link
13 306 fe80::3c06:2213:93e3:afde/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/26/2012 01:31:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/26/2012 01:31:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/26/2012 09:53:06 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {eba30179-a552-4e17-878a-24ea6adc8494}

Error: (08/22/2012 08:18:22 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/22/2012 08:18:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/22/2012 05:39:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/22/2012 05:39:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/22/2012 05:39:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/22/2012 05:23:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/22/2012 05:23:55 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (08/26/2012 11:56:37 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (08/26/2012 11:47:26 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (08/26/2012 09:54:17 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2339.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/26/2012 09:54:17 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2339.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/26/2012 09:54:17 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2339.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/26/2012 09:54:17 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2339.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/26/2012 09:54:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.133.384.0).

Error: (08/26/2012 09:53:57 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2339.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/26/2012 09:53:21 AM) (Source: Microsoft Antimalware) (User: )
Description: %JJSCarr60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2339.0

Update Source: %JJSCarr51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %JJSCarr602

Update Type: %JJSCarr604

User: JJSCarr\Sean

Current Engine Version: %JJSCarr605

Previous Engine Version: %JJSCarr606

Error code: %JJSCarr607

Error description: %JJSCarr608

Error: (08/26/2012 09:53:21 AM) (Source: Microsoft Antimalware) (User: )
Description: %JJSCarr60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2339.0

Update Source: %JJSCarr51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %JJSCarr602

Update Type: %JJSCarr604

User: JJSCarr\Sean

Current Engine Version: %JJSCarr605

Previous Engine Version: %JJSCarr606

Error code: %JJSCarr607

Error description: %JJSCarr608


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader 9.5.2 (Version: 9.5.2)
Advanced Audio FX Engine (Version: 1.12.05)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Boson Exam Environment (Version: 2.0.2)
Canon MP800
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Citrix online plug-in - web (Version: 12.0.0.6410)
Citrix online plug-in (DV) (Version: 12.0.0.6410)
Citrix online plug-in (HDX) (Version: 12.0.0.6410)
Citrix online plug-in (USB) (Version: 12.0.0.6410)
Citrix online plug-in (Web) (Version: 12.0.0.6410)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Touchpad (Version: 7.1107.115.102)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
ESET Online Scanner v3
FlipShare (Version: 5.12.3.0)
Garmin BaseCamp (Version: 3.3.3)
Garmin MapInstall (Version: 4.0.1)
Garmin TOPO U.S. 24K Southeast v2 (Version: 2.0.0.0)
Garmin WebUpdater (Version: 2.5.5)
Google Chrome (Version: 21.0.1180.83)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
GoToAssist 8.0.0.514
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
Java™ 7 Update 5 (Version: 7.0.50)
Juniper Networks Network Connect 7.0.0 (Version: 7.0.0.16007)
Juniper Networks Setup Client (Version: 2.2.1.7797)
Junk Mail filter update (Version: 14.0.8089.726)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
LoJack Factory Installer (Version: 1.0.0.5)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoHelper 2.0.24 Driver 4.7.1 (Version: 2.0.24)
MotoHelper MergeModules (Version: 1.0.0)
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nike+ Connect (Version: 2.0)
Polar WebLink 2.4.11 (Version: 02.49.0002)
PowerDVD DX (Version: 8.3.5424)
Quicken 2011 (Version: 20.1.8.6)
Quickset64 (Version: 9.6.6)
Roxio Burn (Version: 1.0)
Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.10 (Version: 5.10.116)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
ViewSonic Monitor Drivers
WildTangent Games (Version: 1.0.0.71)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 71%
Total physical RAM: 2008.36 MB
Available physical RAM: 566.7 MB
Total Pagefile: 4016.73 MB
Available Pagefile: 2148.92 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.31 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:43.71 GB) NTFS
3 Drive e: () (Removable) (Total:3.83 GB) (Free:3.83 GB) FAT32

========================= Users: ========================================

User accounts for \\JJSCARR

Administrator Guest Jeanne
Sean


**** End of log ****


FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Sean (administrator) on 26-08-2012 at 13:50:13
Running from "C:\Users\Sean\Documents\BleepingComp\Round_2"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

adwcleaner:

# AdwCleaner v1.801 - Logfile created 08/26/2012 at 13:51:37
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Sean - JJSCARR
# Boot Mode : Normal
# Running from : C:\Users\Sean\Documents\BleepingComp\Round_2\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [768 octets] - [26/08/2012 13:51:38]

########## EOF - C:\AdwCleaner[S1].txt - [895 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 PM

Posted 26 August 2012 - 01:09 PM

I want you check if you're still redirected.

Let me know which browser cause redirects

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 seantcarr

seantcarr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 26 August 2012 - 08:09 PM

I tried several searches and followed resulting links.

Chrome/Google - no redirects, it was redirecting before.
IE/Bing - no redirects, it was redirecting before.

My apologies for going off script but I added netstats for before and after searches at the end of the rkill log. Several https sessions that I didn't initiate.

Thanks,

Sean


Rkill:

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/26/2012 08:56:04 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Sean\Desktop\rkill\rkill-08-26-2012-08-56-10.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* AppMgmt [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/26/2012 08:56:23 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)


Before searches:

C:\Users\Sean>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:4573 JJSCarr:49158 ESTABLISHED
TCP 127.0.0.1:49158 JJSCarr:4573 ESTABLISHED
TCP 192.168.1.4:50500 157.55.56.143:40041 ESTABLISHED
TCP 192.168.1.4:50503 78.141.179.15:12350 ESTABLISHED
TCP 192.168.1.4:50505 baymsg1020316:https ESTABLISHED
TCP 192.168.1.4:50531 Sean:microsoft-ds SYN_SENT

After searches:

C:\Users\Sean>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:4573 JJSCarr:49158 ESTABLISHED
TCP 127.0.0.1:49158 JJSCarr:4573 ESTABLISHED
TCP 192.168.1.4:50500 157.55.56.143:40041 ESTABLISHED
TCP 192.168.1.4:50503 78.141.179.15:12350 ESTABLISHED
TCP 192.168.1.4:50505 baymsg1020316:https ESTABLISHED
TCP 192.168.1.4:51443 a23-62-236-147:http ESTABLISHED
TCP 192.168.1.4:51444 a23-62-236-147:http ESTABLISHED
TCP 192.168.1.4:51446 a23-62-236-170:http ESTABLISHED
TCP 192.168.1.4:51450 a23-62-236-147:http ESTABLISHED
TCP 192.168.1.4:51451 a23-62-236-147:http ESTABLISHED
TCP 192.168.1.4:51452 www-slb-10-12-prn1:http ESTABLISHED
TCP 192.168.1.4:51455 65.55.239.146:http TIME_WAIT
TCP 192.168.1.4:51457 65.55.239.146:http TIME_WAIT
TCP 192.168.1.4:51462 api-slb-11-12-prn1:https ESTABLISHED
TCP 192.168.1.4:51463 api-slb-11-12-prn1:https ESTABLISHED
TCP 192.168.1.4:51464 a23-62-236-147:http ESTABLISHED
TCP 192.168.1.4:51465 a23-62-236-147:http ESTABLISHED
TCP 192.168.1.4:51474 iad23s06-in-f1:http ESTABLISHED
TCP 192.168.1.4:51475 iad23s06-in-f1:http TIME_WAIT
TCP 192.168.1.4:51485 iad23s06-in-f6:http TIME_WAIT
TCP 192.168.1.4:51497 iad23s08-in-f4:https TIME_WAIT
TCP 192.168.1.4:51506 iad23s05-in-f26:https TIME_WAIT
TCP 192.168.1.4:51509 iad23s05-in-f13:https TIME_WAIT
TCP 192.168.1.4:51514 a23-62-236-170:http ESTABLISHED
TCP 192.168.1.4:51535 track:http TIME_WAIT
TCP 192.168.1.4:51537 track:http TIME_WAIT
TCP 192.168.1.4:51538 qc-in-f121:http TIME_WAIT
TCP 192.168.1.4:51542 qc-in-f141:http TIME_WAIT
TCP 192.168.1.4:51544 a23-1-57-170:http TIME_WAIT
TCP 192.168.1.4:51547 a23-1-57-170:http TIME_WAIT
TCP 192.168.1.4:51549 a23-1-49-38:http TIME_WAIT
TCP 192.168.1.4:51559 OCSP:http TIME_WAIT
TCP 192.168.1.4:51560 OCSP:http TIME_WAIT
TCP 192.168.1.4:51566 OCSP:http TIME_WAIT
TCP 192.168.1.4:51567 208.89.14.135:http ESTABLISHED
TCP 192.168.1.4:51571 ocsp:http TIME_WAIT
TCP 192.168.1.4:51576 a23-62-236-73:http ESTABLISHED
TCP 192.168.1.4:51588 a23-62-236-73:http ESTABLISHED
TCP 192.168.1.4:51589 a23-62-236-73:http ESTABLISHED
TCP 192.168.1.4:51590 a23-62-236-73:http ESTABLISHED
TCP 192.168.1.4:51591 a23-62-236-73:http ESTABLISHED
TCP 192.168.1.4:51592 a23-62-236-73:http ESTABLISHED
TCP 192.168.1.4:51595 a23-66-230-163:http ESTABLISHED
TCP 192.168.1.4:51602 a23-66-230-98:http ESTABLISHED
TCP 192.168.1.4:51607 216.38.170.89:http ESTABLISHED
TCP 192.168.1.4:51608 69.43.132.198:http ESTABLISHED
TCP 192.168.1.4:51609 69.43.132.198:http ESTABLISHED
TCP 192.168.1.4:51614 server-216-137-33-2:http ESTABLISHED
TCP 192.168.1.4:51617 208.89.14.162:http ESTABLISHED
TCP 192.168.1.4:51618 a184-28-144-223:http ESTABLISHED
TCP 192.168.1.4:51621 a23-62-236-82:http ESTABLISHED
TCP 192.168.1.4:51623 a23-62-236-99:http ESTABLISHED
TCP 192.168.1.4:51624 a23-62-236-99:http ESTABLISHED
TCP 192.168.1.4:51625 a23-62-236-99:http ESTABLISHED
TCP 192.168.1.4:51626 a23-62-236-99:http ESTABLISHED
TCP 192.168.1.4:51627 a23-62-236-99:http ESTABLISHED
TCP 192.168.1.4:51628 a23-62-236-99:http ESTABLISHED
TCP 192.168.1.4:51630 a23-66-230-153:http ESTABLISHED
TCP 192.168.1.4:51632 a23-66-230-163:http ESTABLISHED
TCP 192.168.1.4:51633 vb-in-f147:http TIME_WAIT
TCP 192.168.1.4:51634 vb-in-f147:http TIME_WAIT
TCP 192.168.1.4:51635 a23-62-236-89:http ESTABLISHED
TCP 192.168.1.4:51637 a23-62-236-83:http ESTABLISHED
TCP 192.168.1.4:51638 a23-62-236-83:http ESTABLISHED
TCP 192.168.1.4:51639 a23-62-236-83:http ESTABLISHED
TCP 192.168.1.4:51640 a23-62-236-83:http ESTABLISHED
TCP 192.168.1.4:51641 a23-62-236-83:http ESTABLISHED
TCP 192.168.1.4:51642 a23-62-236-83:http ESTABLISHED
TCP 192.168.1.4:51643 ec2-75-101-147-252:http TIME_WAIT
TCP 192.168.1.4:51648 iad23s05-in-f28:http ESTABLISHED
TCP 192.168.1.4:51652 a23-66-230-99:http ESTABLISHED
TCP 192.168.1.4:51653 a23-66-230-99:http ESTABLISHED
TCP 192.168.1.4:51654 a96-6-28-20:http ESTABLISHED
TCP 192.168.1.4:51656 a23-66-230-128:http ESTABLISHED
TCP 192.168.1.4:51657 a23-66-230-128:http ESTABLISHED
TCP 192.168.1.4:51658 server-216-137-33-62:http ESTABLISHED
TCP 192.168.1.4:51659 server-216-137-33-62:http ESTABLISHED
TCP 192.168.1.4:51660 a23-66-230-128:http ESTABLISHED
TCP 192.168.1.4:51661 a23-66-230-128:http ESTABLISHED
TCP 192.168.1.4:51662 a23-66-230-128:http ESTABLISHED
TCP 192.168.1.4:51663 a23-66-230-128:http ESTABLISHED
TCP 192.168.1.4:51664 a23-66-230-128:http ESTABLISHED
TCP 192.168.1.4:51667 server-216-137-33-62:http ESTABLISHED
TCP 192.168.1.4:51668 server-216-137-33-62:http ESTABLISHED
TCP 192.168.1.4:51669 server-216-137-33-62:http ESTABLISHED
TCP 192.168.1.4:51670 a23-66-230-128:http ESTABLISHED
TCP 192.168.1.4:51671 a23-66-230-128:http ESTABLISHED
TCP 192.168.1.4:51672 server-216-137-33-62:http ESTABLISHED
TCP 192.168.1.4:51673 a23-66-230-128:http ESTABLISHED
TCP 192.168.1.4:51674 a23-66-230-99:http ESTABLISHED
TCP 192.168.1.4:51675 a23-66-230-99:http ESTABLISHED
TCP 192.168.1.4:51676 a23-66-230-99:http ESTABLISHED
TCP 192.168.1.4:51677 a23-66-230-99:http ESTABLISHED
TCP 192.168.1.4:51678 a23-66-230-99:http ESTABLISHED
TCP 192.168.1.4:51679 a23-66-230-99:http ESTABLISHED
TCP 192.168.1.4:51680 a23-15-9-18:http ESTABLISHED
TCP 192.168.1.4:51681 a23-15-9-18:http CLOSE_WAIT
TCP 192.168.1.4:51682 a23-15-9-18:http CLOSE_WAIT
TCP 192.168.1.4:51683 a23-15-9-18:http ESTABLISHED
TCP 192.168.1.4:51684 a23-15-9-18:http ESTABLISHED
TCP 192.168.1.4:51685 a23-66-230-128:http ESTABLISHED
TCP 192.168.1.4:51686 iad23s06-in-f1:http ESTABLISHED
TCP 192.168.1.4:51687 iad23s06-in-f1:http ESTABLISHED
TCP 192.168.1.4:51688 a23-62-231-25:http ESTABLISHED
TCP 192.168.1.4:51689 a23-62-231-25:http CLOSE_WAIT
TCP 192.168.1.4:51690 a23-66-230-138:http ESTABLISHED
TCP 192.168.1.4:51691 a23-66-230-138:http CLOSE_WAIT
TCP 192.168.1.4:51692 a23-66-230-99:http ESTABLISHED
TCP 192.168.1.4:51693 ec2-75-101-130-100:http TIME_WAIT
TCP 192.168.1.4:51698 a23-1-52-26:http ESTABLISHED
TCP 192.168.1.4:51699 a23-1-52-26:http ESTABLISHED
TCP 192.168.1.4:51700 a23-1-52-26:http ESTABLISHED
TCP 192.168.1.4:51701 a23-1-52-26:http ESTABLISHED
TCP 192.168.1.4:51702 a23-1-52-26:http ESTABLISHED
TCP 192.168.1.4:51703 a23-1-52-26:http ESTABLISHED
TCP 192.168.1.4:51704 vb-in-f147:https ESTABLISHED
TCP 192.168.1.4:51705 iad23s06-in-f6:https ESTABLISHED
TCP 192.168.1.4:51706 vb-in-f147:https ESTABLISHED
TCP 192.168.1.4:51707 iad23s06-in-f6:https ESTABLISHED
TCP 192.168.1.4:51708 a23-1-63-204:http ESTABLISHED
TCP 192.168.1.4:51709 a23-1-63-204:http ESTABLISHED
TCP 192.168.1.4:51710 a23-1-63-204:http ESTABLISHED
TCP 192.168.1.4:51711 a23-1-63-204:http ESTABLISHED
TCP 192.168.1.4:51712 a23-1-63-204:http ESTABLISHED
TCP 192.168.1.4:51713 a23-1-63-204:http ESTABLISHED
TCP 192.168.1.4:51714 OCSP:http TIME_WAIT
TCP 192.168.1.4:51715 OCSP:http TIME_WAIT
TCP 192.168.1.4:51716 204:http ESTABLISHED
TCP 192.168.1.4:51717 204:http ESTABLISHED
TCP 192.168.1.4:51718 a23-1-52-26:http ESTABLISHED
TCP 192.168.1.4:51720 72.21.194.1:http ESTABLISHED
TCP 192.168.1.4:51721 server-216-137-33-31:http ESTABLISHED
TCP 192.168.1.4:51722 server-216-137-33-31:http CLOSE_WAIT
TCP 192.168.1.4:51723 72.21.202.183:http ESTABLISHED
TCP 192.168.1.4:51724 72.21.202.183:http ESTABLISHED
TCP 192.168.1.4:51726 a23-66-230-162:http CLOSE_WAIT
TCP 192.168.1.4:51727 72.21.203.13:http ESTABLISHED
TCP 192.168.1.4:51728 72.21.203.13:http ESTABLISHED
TCP 192.168.1.4:51731 Sean:microsoft-ds SYN_SENT

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 PM

Posted 26 August 2012 - 08:34 PM

Most of them are valid,some of them are communicating with microsoft servers

DO you use akamai net session?

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#9 seantcarr

seantcarr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 27 August 2012 - 04:02 AM

I do not use akamai net session.

Thanks narenxp,

Sean

Autorun:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "Broadcom Wireless Manager UI" "Dell Wireless WLAN Card Wireless Network Tray Applet" "Dell Inc." "c:\program files\dell\dell wireless wlan card\wltray.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickSet" "QuickSet" "Dell Inc." "c:\program files\dell\quickset\quickset.exe"
+ "SunJavaUpdateSched" "" "" "File not found: C:\Program Files\Java\jre7\bin\jusched.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "ConnectionCenter" "Citrix online plug-in Connection Center" "Citrix Systems, Inc." "c:\program files (x86)\citrix\ica client\concentr.exe"
+ "Dell Webcam Central" "WebcamDell2.exe" "Creative Technology Ltd" "c:\program files (x86)\dell webcam\dell webcam central\webcamdell2.exe"
+ "DellSupportCenter" "Dell Support Center Updates" "SupportSoft, Inc." "c:\program files (x86)\dell support center\bin\sprtcmd.exe"
+ "Desktop Disc Tool" "Roxio Burn Launcher" "" "c:\program files (x86)\roxio\roxio burn\roxioburnlauncher.exe"
+ "Malwarebytes' Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe"
+ "Nike+ Connect" "Nike+ Connect Daemon" "Nike" "c:\program files (x86)\nike\nike+ connect\nike+ connect daemon.exe"
+ "PDVDDXSrv" "CyberLink PowerDVD Resident Program" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe"
"C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dell Dock.lnk" "Dell Dock" "Stardock Corporation" "c:\program files\dell\delldock\delldock.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\sean\appdata\local\google\update\googleupdate.exe"
+ "msnmsgr" "Windows Live Messenger" "Microsoft Corporation" "c:\program files (x86)\windows live\messenger\msnmsgr.exe"
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Toolbar Helper" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files (x86)\windows live\toolbar\wltcore.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "&Windows Live Toolbar" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files (x86)\windows live\toolbar\wltcore.dll"
"Task Scheduler" "" "" ""
+ "\GoogleUpdateTaskUserS-1-5-21-581053272-2057316771-1781120001-1002Core" "Google Installer" "Google Inc." "c:\users\sean\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-581053272-2057316771-1781120001-1002UA" "Google Installer" "Google Inc." "c:\users\sean\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "\{43A471CB-8CD0-4D79-9680-08C5E44383D5}" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
+ "\{4543AB37-0BED-447C-995B-B2DD2A7E4F5A}" "SSH, Telnet and Rlogin client" "Simon Tatham" "c:\users\sean\desktop\putty.exe"
+ "\{B2901B0B-466F-4894-A269-DD1F14E7ACAB}" "SSH, Telnet and Rlogin client" "Simon Tatham" "c:\users\sean\desktop\putty.exe"
+ "\{FA10A87E-01D4-4703-9376-C23AE5473363}" "SSH, Telnet and Rlogin client" "Simon Tatham" "c:\users\sean\desktop\putty.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "DockLoginService" "Dock Login Service" "Stardock Corporation" "c:\program files\dell\delldock\docklogin.exe"
+ "dsNcService" "Manages secure network connections" "Juniper Networks" "c:\program files (x86)\juniper networks\common files\dsncservice.exe"
+ "FlipShare Service" "FlipShare Service" "" "c:\program files (x86)\flip video\flipshare\flipshareservice.exe"
+ "FlipShareServer" "Server responsible for enabling you to share Flip Media" "" "c:\program files (x86)\flip video\flipshareserver\flipshareserver.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files (x86)\wildtangent\dell games\dell game console\gameconsoleservice.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files (x86)\citrix\gotoassist\514\g2aservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files (x86)\intel\intel matrix storage manager\iaantmon.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MotoHelper" "MotoHelper Service" "" "c:\program files (x86)\motorola\motohelper\motohelperservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "sprtsvc_DellSupportCenter" "SupportSoft Sprocket Service (DellSupportCenter)" "SupportSoft, Inc." "c:\program files (x86)\dell support center\bin\sprtsvc.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wltrysvc" "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant." "" "c:\program files\dell\dell wireless wlan card\wltrysvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BCM42RLY" "Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm42rly.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl664.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CtClsFlt" "Video Class Upper Filter Driver (64-bit)" "Creative Technology Ltd." "c:\windows\system32\drivers\ctclsflt.sys"
+ "ctxusbm" "Citrix USB Filter Driver" "Citrix Systems, Inc." "c:\windows\system32\drivers\ctxusbm.sys"
+ "dsNcAdpt" "dsNcAdapter" "Juniper Networks" "c:\windows\system32\drivers\dsncadpt.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "grmnusb" "grmnusb.sys" "GARMIN Corp." "c:\windows\system32\drivers\grmnusb.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb_amd64.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "yukonw7" "" "" "c:\windows\system32\drivers\yk62x64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Creative MJPEG Decoder 2" "Decoder" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\ctmjpgdec2.ax"
+ "Creative Video Processing Filter" "Creative Video Processing Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\vidprocu.ax"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\cltzan.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Flip Video Decoder" "FlipDSVideoDecoder" "MyCompanyName" "c:\program files (x86)\flip video\flipshare\flipdsvideodecoder.ax"
+ "Flip Video Decoder Mpeg4" "FlipDSVideoDecoder" "MyCompanyName" "c:\program files (x86)\flip video\flipshare\flipdsmpeg4decoder.ax"
+ "PDFrameGrabFilter" "FrameGrabFilter" "" "c:\program files (x86)\flip video\flipshare\framegrabfilter.ax"
+ "PDT IPP AAC Encoder" "" "" "c:\program files (x86)\flip video\flipshare\ipp6_0_aacencoder.ax"
+ "PDT IPP H264 Encoder" "IPPH264Encoder" "" "c:\program files (x86)\flip video\flipshare\ipph264encoder.ax"
+ "PDT IPP MP4 Muxer" "IPPMP4Muxer" "" "c:\program files (x86)\flip video\flipshare\ippmp4muxer.ax"
+ "PDT IPP MP4 Splitter" "IPPMp4Splitter" "" "c:\program files (x86)\flip video\flipshare\ippmp4splitter.ax"
+ "PDT IPP MPEG Audio Decoder" "IPPMPEGAudioDecoder" "" "c:\program files (x86)\flip video\flipshare\ippmpegaudiodecoder.ax"
+ "PDT Resize and Letterbox Filter" "PurpleComposite" "" "c:\program files (x86)\flip video\flipshare\purplecomposite.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers" "" "" ""
+ "dsNcCredentialProvider" "Network Connect Credential Provider" "Juniper Networks" "c:\windows\system32\dsnccredprov.dll"
+ "dsNcSmartCardProvider" "Network Connect Smart Card Credential Provider" "Juniper Networks" "c:\windows\system32\dsncsmartcardprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "GoToAssist" "" "" "File not found: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Canon BJ Language Monitor MP800" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm7m.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "Dell Wireless WLAN Card Logon Provider" "Dell Inc." "c:\windows\system32\bcmlogon.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:07 PM

Posted 27 August 2012 - 08:26 AM

I dont find anything suspicious with the result and autorun entries




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users