Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • Please log in to reply
11 replies to this topic

#1 whoaitslen2

whoaitslen2

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 18 September 2012 - 02:00 PM

Seems like my laptop has been infected with the Google Redirect Virus. Google search results lead me to random spam sites at random times. I have MSE and MBAM and both were unsuccessful at getting rid of the problem. Any help will be highly appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:16 AM

Posted 18 September 2012 - 02:25 PM

Welcome..

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use the Firefox or Chrome browser?




Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.




Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 whoaitslen2

whoaitslen2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 20 September 2012 - 11:33 AM

Yes I'm on a wireless router with one other computer on it but not sure if it has the same issue. I'm using Firefox.

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/20/2012 09:10:45 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\windows\SysWOW64\Rezip.exe (PID: 1944) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\Len\AppData\Local\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\ [ZA Dir]
* C:\Users\Len\AppData\Local\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\@ [ZA File]
* C:\Users\Len\AppData\Local\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\L\ [ZA Dir]
* C:\Users\Len\AppData\Local\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\U\ [ZA Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/20/2012 09:11:02 AM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)



09:14:01.0745 6408 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:14:02.0209 6408 ============================================================
09:14:02.0209 6408 Current date / time: 2012/09/20 09:14:02.0209
09:14:02.0209 6408 SystemInfo:
09:14:02.0209 6408
09:14:02.0209 6408 OS Version: 6.1.7601 ServicePack: 1.0
09:14:02.0209 6408 Product type: Workstation
09:14:02.0209 6408 ComputerName: BOOGIEMAN
09:14:02.0210 6408 UserName: Len
09:14:02.0210 6408 Windows directory: C:\windows
09:14:02.0210 6408 System windows directory: C:\windows
09:14:02.0210 6408 Running under WOW64
09:14:02.0210 6408 Processor architecture: Intel x64
09:14:02.0210 6408 Number of processors: 4
09:14:02.0210 6408 Page size: 0x1000
09:14:02.0210 6408 Boot type: Normal boot
09:14:02.0210 6408 ============================================================
09:14:03.0083 6408 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:14:03.0087 6408 ============================================================
09:14:03.0087 6408 \Device\Harddisk0\DR0:
09:14:03.0088 6408 MBR partitions:
09:14:03.0088 6408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
09:14:03.0088 6408 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xC800000
09:14:03.0088 6408 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE632800, BlocksNum 0x2BD52800
09:14:03.0088 6408 ============================================================
09:14:03.0120 6408 C: <-> \Device\Harddisk0\DR0\Partition2
09:14:03.0175 6408 D: <-> \Device\Harddisk0\DR0\Partition3
09:14:03.0175 6408 ============================================================
09:14:03.0175 6408 Initialize success
09:14:03.0175 6408 ============================================================
09:14:23.0821 0192 ============================================================
09:14:23.0821 0192 Scan started
09:14:23.0821 0192 Mode: Manual; TDLFS;
09:14:23.0821 0192 ============================================================
09:14:23.0949 0192 ================ Scan system memory ========================
09:14:23.0949 0192 System memory - ok
09:14:23.0950 0192 ================ Scan services =============================
09:14:24.0199 0192 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
09:14:24.0203 0192 1394ohci - ok
09:14:24.0269 0192 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
09:14:24.0272 0192 ACPI - ok
09:14:24.0307 0192 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
09:14:24.0308 0192 AcpiPmi - ok
09:14:24.0472 0192 [ C245E08EC469A52A622EFDC9787A0DCC ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
09:14:24.0476 0192 AdobeActiveFileMonitor10.0 - ok
09:14:24.0557 0192 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
09:14:24.0566 0192 adp94xx - ok
09:14:24.0594 0192 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
09:14:24.0600 0192 adpahci - ok
09:14:24.0623 0192 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
09:14:24.0626 0192 adpu320 - ok
09:14:24.0665 0192 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
09:14:24.0667 0192 AeLookupSvc - ok
09:14:24.0728 0192 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
09:14:24.0733 0192 AFD - ok
09:14:24.0806 0192 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
09:14:24.0807 0192 agp440 - ok
09:14:24.0825 0192 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
09:14:24.0827 0192 ALG - ok
09:14:24.0862 0192 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
09:14:24.0864 0192 aliide - ok
09:14:24.0884 0192 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
09:14:24.0885 0192 amdide - ok
09:14:24.0922 0192 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
09:14:24.0924 0192 AmdK8 - ok
09:14:24.0940 0192 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
09:14:24.0942 0192 AmdPPM - ok
09:14:24.0999 0192 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
09:14:25.0002 0192 amdsata - ok
09:14:25.0029 0192 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
09:14:25.0033 0192 amdsbs - ok
09:14:25.0048 0192 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
09:14:25.0049 0192 amdxata - ok
09:14:25.0106 0192 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
09:14:25.0108 0192 AppID - ok
09:14:25.0141 0192 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
09:14:25.0143 0192 AppIDSvc - ok
09:14:25.0178 0192 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
09:14:25.0180 0192 Appinfo - ok
09:14:25.0219 0192 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
09:14:25.0221 0192 arc - ok
09:14:25.0241 0192 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
09:14:25.0243 0192 arcsas - ok
09:14:25.0274 0192 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
09:14:25.0275 0192 AsyncMac - ok
09:14:25.0321 0192 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
09:14:25.0322 0192 atapi - ok
09:14:25.0399 0192 [ CCA705CDF038D5BC243203CE4416B345 ] athr C:\windows\system32\DRIVERS\athrx.sys
09:14:25.0421 0192 athr - ok
09:14:25.0482 0192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
09:14:25.0492 0192 AudioEndpointBuilder - ok
09:14:25.0505 0192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
09:14:25.0512 0192 AudioSrv - ok
09:14:25.0602 0192 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
09:14:25.0604 0192 AxInstSV - ok
09:14:25.0663 0192 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
09:14:25.0670 0192 b06bdrv - ok
09:14:25.0713 0192 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
09:14:25.0718 0192 b57nd60a - ok
09:14:25.0762 0192 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
09:14:25.0765 0192 BDESVC - ok
09:14:25.0777 0192 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
09:14:25.0778 0192 Beep - ok
09:14:25.0844 0192 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
09:14:25.0855 0192 BFE - ok
09:14:25.0905 0192 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
09:14:25.0915 0192 BITS - ok
09:14:25.0953 0192 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
09:14:25.0955 0192 blbdrive - ok
09:14:25.0997 0192 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
09:14:25.0999 0192 bowser - ok
09:14:26.0021 0192 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
09:14:26.0022 0192 BrFiltLo - ok
09:14:26.0049 0192 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
09:14:26.0051 0192 BrFiltUp - ok
09:14:26.0102 0192 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
09:14:26.0104 0192 Browser - ok
09:14:26.0148 0192 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
09:14:26.0153 0192 Brserid - ok
09:14:26.0174 0192 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
09:14:26.0176 0192 BrSerWdm - ok
09:14:26.0198 0192 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
09:14:26.0199 0192 BrUsbMdm - ok
09:14:26.0206 0192 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
09:14:26.0207 0192 BrUsbSer - ok
09:14:26.0259 0192 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
09:14:26.0261 0192 BthEnum - ok
09:14:26.0292 0192 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
09:14:26.0294 0192 BTHMODEM - ok
09:14:26.0328 0192 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
09:14:26.0331 0192 BthPan - ok
09:14:26.0400 0192 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
09:14:26.0405 0192 BTHPORT - ok
09:14:26.0448 0192 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
09:14:26.0451 0192 bthserv - ok
09:14:26.0482 0192 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
09:14:26.0484 0192 BTHUSB - ok
09:14:26.0537 0192 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\windows\system32\drivers\btusbflt.sys
09:14:26.0538 0192 btusbflt - ok
09:14:26.0557 0192 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
09:14:26.0560 0192 btwaudio - ok
09:14:26.0593 0192 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\windows\system32\drivers\btwavdt.sys
09:14:26.0596 0192 btwavdt - ok
09:14:26.0695 0192 [ DCF8D8F1F87743509D9C0207CB28637D ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:14:26.0708 0192 btwdins - ok
09:14:26.0747 0192 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
09:14:26.0749 0192 btwl2cap - ok
09:14:26.0756 0192 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
09:14:26.0758 0192 btwrchid - ok
09:14:26.0792 0192 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
09:14:26.0793 0192 cdfs - ok
09:14:26.0846 0192 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
09:14:26.0848 0192 cdrom - ok
09:14:26.0897 0192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
09:14:26.0899 0192 CertPropSvc - ok
09:14:26.0945 0192 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
09:14:26.0947 0192 circlass - ok
09:14:26.0981 0192 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
09:14:26.0987 0192 CLFS - ok
09:14:27.0067 0192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:14:27.0069 0192 clr_optimization_v2.0.50727_32 - ok
09:14:27.0123 0192 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:14:27.0126 0192 clr_optimization_v2.0.50727_64 - ok
09:14:27.0219 0192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:14:27.0222 0192 clr_optimization_v4.0.30319_32 - ok
09:14:27.0260 0192 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:14:27.0263 0192 clr_optimization_v4.0.30319_64 - ok
09:14:27.0305 0192 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
09:14:27.0306 0192 CmBatt - ok
09:14:27.0349 0192 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
09:14:27.0351 0192 cmdide - ok
09:14:27.0413 0192 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
09:14:27.0420 0192 CNG - ok
09:14:27.0457 0192 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
09:14:27.0458 0192 Compbatt - ok
09:14:27.0510 0192 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
09:14:27.0512 0192 CompositeBus - ok
09:14:27.0525 0192 COMSysApp - ok
09:14:27.0550 0192 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
09:14:27.0553 0192 crcdisk - ok
09:14:27.0654 0192 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
09:14:27.0656 0192 CryptSvc - ok
09:14:27.0705 0192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
09:14:27.0712 0192 DcomLaunch - ok
09:14:27.0772 0192 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
09:14:27.0777 0192 defragsvc - ok
09:14:27.0829 0192 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
09:14:27.0831 0192 DfsC - ok
09:14:27.0882 0192 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
09:14:27.0888 0192 Dhcp - ok
09:14:27.0912 0192 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
09:14:27.0913 0192 discache - ok
09:14:27.0964 0192 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
09:14:27.0965 0192 Disk - ok
09:14:28.0011 0192 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
09:14:28.0014 0192 Dnscache - ok
09:14:28.0049 0192 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
09:14:28.0054 0192 dot3svc - ok
09:14:28.0084 0192 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
09:14:28.0088 0192 DPS - ok
09:14:28.0107 0192 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
09:14:28.0107 0192 drmkaud - ok
09:14:28.0156 0192 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
09:14:28.0170 0192 DXGKrnl - ok
09:14:28.0211 0192 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
09:14:28.0214 0192 EapHost - ok
09:14:28.0302 0192 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
09:14:28.0345 0192 ebdrv - ok
09:14:28.0382 0192 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
09:14:28.0383 0192 EFS - ok
09:14:28.0462 0192 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
09:14:28.0472 0192 ehRecvr - ok
09:14:28.0492 0192 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
09:14:28.0495 0192 ehSched - ok
09:14:28.0549 0192 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
09:14:28.0557 0192 elxstor - ok
09:14:28.0587 0192 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
09:14:28.0588 0192 ErrDev - ok
09:14:28.0628 0192 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
09:14:28.0633 0192 EventSystem - ok
09:14:28.0676 0192 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
09:14:28.0680 0192 exfat - ok
09:14:28.0718 0192 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
09:14:28.0720 0192 fastfat - ok
09:14:28.0787 0192 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
09:14:28.0798 0192 Fax - ok
09:14:28.0814 0192 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
09:14:28.0815 0192 fdc - ok
09:14:28.0841 0192 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
09:14:28.0842 0192 fdPHost - ok
09:14:28.0859 0192 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
09:14:28.0861 0192 FDResPub - ok
09:14:28.0879 0192 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
09:14:28.0881 0192 FileInfo - ok
09:14:28.0892 0192 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
09:14:28.0893 0192 Filetrace - ok
09:14:28.0907 0192 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
09:14:28.0907 0192 flpydisk - ok
09:14:28.0940 0192 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
09:14:28.0942 0192 FltMgr - ok
09:14:29.0000 0192 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
09:14:29.0014 0192 FontCache - ok
09:14:29.0072 0192 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:14:29.0074 0192 FontCache3.0.0.0 - ok
09:14:29.0084 0192 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
09:14:29.0085 0192 FsDepends - ok
09:14:29.0150 0192 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
09:14:29.0151 0192 fssfltr - ok
09:14:29.0304 0192 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:14:29.0324 0192 fsssvc - ok
09:14:29.0356 0192 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
09:14:29.0357 0192 Fs_Rec - ok
09:14:29.0404 0192 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
09:14:29.0407 0192 fvevol - ok
09:14:29.0447 0192 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
09:14:29.0448 0192 gagp30kx - ok
09:14:29.0493 0192 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
09:14:29.0504 0192 gpsvc - ok
09:14:29.0520 0192 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
09:14:29.0521 0192 hcw85cir - ok
09:14:29.0586 0192 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
09:14:29.0592 0192 HdAudAddService - ok
09:14:29.0634 0192 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
09:14:29.0636 0192 HDAudBus - ok
09:14:29.0668 0192 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
09:14:29.0669 0192 HidBatt - ok
09:14:29.0689 0192 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
09:14:29.0692 0192 HidBth - ok
09:14:29.0724 0192 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
09:14:29.0726 0192 HidIr - ok
09:14:29.0754 0192 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
09:14:29.0756 0192 hidserv - ok
09:14:29.0824 0192 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
09:14:29.0825 0192 HidUsb - ok
09:14:29.0868 0192 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
09:14:29.0872 0192 hkmsvc - ok
09:14:29.0918 0192 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
09:14:29.0923 0192 HomeGroupListener - ok
09:14:29.0961 0192 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
09:14:29.0966 0192 HomeGroupProvider - ok
09:14:30.0004 0192 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
09:14:30.0006 0192 HpSAMD - ok
09:14:30.0069 0192 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
09:14:30.0076 0192 HTTP - ok
09:14:30.0098 0192 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
09:14:30.0099 0192 hwpolicy - ok
09:14:30.0150 0192 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
09:14:30.0151 0192 i8042prt - ok
09:14:30.0201 0192 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
09:14:30.0207 0192 iaStor - ok
09:14:30.0279 0192 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
09:14:30.0285 0192 iaStorV - ok
09:14:30.0359 0192 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:14:30.0371 0192 idsvc - ok
09:14:30.0536 0192 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
09:14:30.0659 0192 igfx - ok
09:14:30.0703 0192 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
09:14:30.0704 0192 iirsp - ok
09:14:30.0748 0192 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
09:14:30.0761 0192 IKEEXT - ok
09:14:30.0818 0192 [ 42AB9EB7A48B173F32743FBBB4B85626 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
09:14:30.0821 0192 Impcd - ok
09:14:30.0940 0192 [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
09:14:30.0969 0192 IntcAzAudAddService - ok
09:14:30.0986 0192 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
09:14:30.0987 0192 intelide - ok
09:14:31.0019 0192 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
09:14:31.0020 0192 intelppm - ok
09:14:31.0049 0192 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
09:14:31.0052 0192 IPBusEnum - ok
09:14:31.0099 0192 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
09:14:31.0099 0192 IpFilterDriver - ok
09:14:31.0155 0192 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
09:14:31.0164 0192 iphlpsvc - ok
09:14:31.0195 0192 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
09:14:31.0197 0192 IPMIDRV - ok
09:14:31.0244 0192 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
09:14:31.0246 0192 IPNAT - ok
09:14:31.0275 0192 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
09:14:31.0276 0192 IRENUM - ok
09:14:31.0315 0192 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
09:14:31.0315 0192 isapnp - ok
09:14:31.0334 0192 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
09:14:31.0339 0192 iScsiPrt - ok
09:14:31.0359 0192 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
09:14:31.0360 0192 kbdclass - ok
09:14:31.0388 0192 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
09:14:31.0389 0192 kbdhid - ok
09:14:31.0404 0192 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
09:14:31.0405 0192 KeyIso - ok
09:14:31.0444 0192 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
09:14:31.0445 0192 KSecDD - ok
09:14:31.0483 0192 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
09:14:31.0486 0192 KSecPkg - ok
09:14:31.0521 0192 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
09:14:31.0522 0192 ksthunk - ok
09:14:31.0555 0192 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
09:14:31.0561 0192 KtmRm - ok
09:14:31.0605 0192 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
09:14:31.0610 0192 LanmanServer - ok
09:14:31.0643 0192 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
09:14:31.0648 0192 LanmanWorkstation - ok
09:14:31.0739 0192 [ 797289607A5EBF31353AA5EAD141F872 ] LeapFrog-USBLAN C:\windows\system32\DRIVERS\btblan.sys
09:14:31.0741 0192 LeapFrog-USBLAN - ok
09:14:31.0782 0192 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
09:14:31.0784 0192 lltdio - ok
09:14:31.0829 0192 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
09:14:31.0835 0192 lltdsvc - ok
09:14:31.0855 0192 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
09:14:31.0858 0192 lmhosts - ok
09:14:31.0895 0192 lmyvlggd - ok
09:14:31.0926 0192 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
09:14:31.0929 0192 LSI_FC - ok
09:14:31.0944 0192 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
09:14:31.0947 0192 LSI_SAS - ok
09:14:31.0988 0192 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
09:14:31.0990 0192 LSI_SAS2 - ok
09:14:32.0012 0192 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
09:14:32.0015 0192 LSI_SCSI - ok
09:14:32.0034 0192 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
09:14:32.0037 0192 luafv - ok
09:14:32.0056 0192 McAfee SiteAdvisor Service - ok
09:14:32.0104 0192 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
09:14:32.0107 0192 Mcx2Svc - ok
09:14:32.0132 0192 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
09:14:32.0133 0192 megasas - ok
09:14:32.0154 0192 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
09:14:32.0160 0192 MegaSR - ok
09:14:32.0199 0192 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
09:14:32.0202 0192 MMCSS - ok
09:14:32.0225 0192 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
09:14:32.0226 0192 Modem - ok
09:14:32.0267 0192 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
09:14:32.0268 0192 monitor - ok
09:14:32.0326 0192 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
09:14:32.0327 0192 mouclass - ok
09:14:32.0354 0192 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
09:14:32.0355 0192 mouhid - ok
09:14:32.0392 0192 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
09:14:32.0393 0192 mountmgr - ok
09:14:32.0476 0192 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:14:32.0479 0192 MozillaMaintenance - ok
09:14:32.0560 0192 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
09:14:32.0564 0192 MpFilter - ok
09:14:32.0595 0192 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
09:14:32.0598 0192 mpio - ok
09:14:32.0635 0192 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
09:14:32.0638 0192 mpsdrv - ok
09:14:32.0721 0192 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
09:14:32.0734 0192 MpsSvc - ok
09:14:32.0767 0192 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
09:14:32.0769 0192 MRxDAV - ok
09:14:32.0807 0192 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
09:14:32.0809 0192 mrxsmb - ok
09:14:32.0834 0192 [ 2086D463BD371D8A37D153897430916D ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
09:14:32.0839 0192 mrxsmb10 - ok
09:14:32.0863 0192 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
09:14:32.0866 0192 mrxsmb20 - ok
09:14:32.0902 0192 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
09:14:32.0903 0192 msahci - ok
09:14:32.0930 0192 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
09:14:32.0934 0192 msdsm - ok
09:14:32.0951 0192 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
09:14:32.0956 0192 MSDTC - ok
09:14:32.0996 0192 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
09:14:32.0997 0192 Msfs - ok
09:14:33.0024 0192 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
09:14:33.0025 0192 mshidkmdf - ok
09:14:33.0038 0192 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
09:14:33.0040 0192 msisadrv - ok
09:14:33.0075 0192 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
09:14:33.0079 0192 MSiSCSI - ok
09:14:33.0085 0192 msiserver - ok
09:14:33.0123 0192 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
09:14:33.0124 0192 MSKSSRV - ok
09:14:33.0323 0192 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
09:14:33.0324 0192 MsMpSvc - ok
09:14:33.0338 0192 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
09:14:33.0339 0192 MSPCLOCK - ok
09:14:33.0370 0192 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
09:14:33.0370 0192 MSPQM - ok
09:14:33.0410 0192 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
09:14:33.0416 0192 MsRPC - ok
09:14:33.0453 0192 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
09:14:33.0454 0192 mssmbios - ok
09:14:33.0469 0192 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
09:14:33.0470 0192 MSTEE - ok
09:14:33.0494 0192 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
09:14:33.0496 0192 MTConfig - ok
09:14:33.0513 0192 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
09:14:33.0514 0192 Mup - ok
09:14:33.0562 0192 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
09:14:33.0571 0192 napagent - ok
09:14:33.0621 0192 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
09:14:33.0626 0192 NativeWifiP - ok
09:14:33.0687 0192 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
09:14:33.0696 0192 NDIS - ok
09:14:33.0721 0192 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
09:14:33.0722 0192 NdisCap - ok
09:14:33.0752 0192 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
09:14:33.0753 0192 NdisTapi - ok
09:14:33.0789 0192 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
09:14:33.0790 0192 Ndisuio - ok
09:14:33.0822 0192 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
09:14:33.0823 0192 NdisWan - ok
09:14:33.0858 0192 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
09:14:33.0859 0192 NDProxy - ok
09:14:33.0909 0192 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
09:14:33.0910 0192 NetBIOS - ok
09:14:33.0960 0192 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
09:14:33.0963 0192 NetBT - ok
09:14:33.0970 0192 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
09:14:33.0972 0192 Netlogon - ok
09:14:34.0012 0192 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
09:14:34.0016 0192 Netman - ok
09:14:34.0031 0192 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
09:14:34.0037 0192 netprofm - ok
09:14:34.0063 0192 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:14:34.0065 0192 NetTcpPortSharing - ok
09:14:34.0107 0192 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
09:14:34.0109 0192 nfrd960 - ok
09:14:34.0153 0192 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
09:14:34.0155 0192 NisDrv - ok
09:14:34.0221 0192 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
09:14:34.0226 0192 NisSrv - ok
09:14:34.0282 0192 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
09:14:34.0288 0192 NlaSvc - ok
09:14:34.0302 0192 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
09:14:34.0303 0192 Npfs - ok
09:14:34.0333 0192 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
09:14:34.0335 0192 nsi - ok
09:14:34.0366 0192 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
09:14:34.0367 0192 nsiproxy - ok
09:14:34.0432 0192 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
09:14:34.0442 0192 Ntfs - ok
09:14:34.0458 0192 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
09:14:34.0459 0192 Null - ok
09:14:34.0505 0192 [ CB599955CE2CE9694721562F9481CD84 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
09:14:34.0507 0192 NVHDA - ok
09:14:34.0765 0192 [ 1E5312E8DC483867EFB854935C7ACA65 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
09:14:34.0977 0192 nvlddmkm - ok
09:14:35.0018 0192 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
09:14:35.0020 0192 nvraid - ok
09:14:35.0035 0192 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
09:14:35.0038 0192 nvstor - ok
09:14:35.0100 0192 [ DEC39984871A20CC9CB3A340FF0919F2 ] nvsvc C:\windows\system32\nvvsvc.exe
09:14:35.0105 0192 nvsvc - ok
09:14:35.0162 0192 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
09:14:35.0164 0192 nv_agp - ok
09:14:35.0270 0192 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:14:35.0278 0192 odserv - ok
09:14:35.0315 0192 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
09:14:35.0317 0192 ohci1394 - ok
09:14:35.0372 0192 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:14:35.0375 0192 ose - ok
09:14:35.0415 0192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
09:14:35.0422 0192 p2pimsvc - ok
09:14:35.0452 0192 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
09:14:35.0460 0192 p2psvc - ok
09:14:35.0497 0192 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
09:14:35.0499 0192 Parport - ok
09:14:35.0532 0192 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
09:14:35.0533 0192 partmgr - ok
09:14:35.0569 0192 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
09:14:35.0575 0192 PcaSvc - ok
09:14:35.0619 0192 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
09:14:35.0621 0192 pci - ok
09:14:35.0636 0192 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
09:14:35.0638 0192 pciide - ok
09:14:35.0664 0192 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
09:14:35.0666 0192 pcmcia - ok
09:14:35.0682 0192 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
09:14:35.0684 0192 pcw - ok
09:14:35.0708 0192 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
09:14:35.0716 0192 PEAUTH - ok
09:14:35.0835 0192 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
09:14:35.0838 0192 PerfHost - ok
09:14:36.0020 0192 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
09:14:36.0041 0192 pla - ok
09:14:36.0108 0192 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
09:14:36.0116 0192 PlugPlay - ok
09:14:36.0142 0192 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
09:14:36.0145 0192 PNRPAutoReg - ok
09:14:36.0171 0192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
09:14:36.0176 0192 PNRPsvc - ok
09:14:36.0226 0192 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
09:14:36.0231 0192 PolicyAgent - ok
09:14:36.0262 0192 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
09:14:36.0268 0192 Power - ok
09:14:36.0356 0192 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
09:14:36.0358 0192 PptpMiniport - ok
09:14:36.0399 0192 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
09:14:36.0400 0192 Processor - ok
09:14:36.0438 0192 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
09:14:36.0443 0192 ProfSvc - ok
09:14:36.0481 0192 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
09:14:36.0482 0192 ProtectedStorage - ok
09:14:36.0534 0192 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
09:14:36.0536 0192 Psched - ok
09:14:36.0597 0192 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
09:14:36.0599 0192 PxHlpa64 - ok
09:14:36.0648 0192 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
09:14:36.0669 0192 ql2300 - ok
09:14:36.0693 0192 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
09:14:36.0695 0192 ql40xx - ok
09:14:36.0724 0192 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
09:14:36.0728 0192 QWAVE - ok
09:14:36.0740 0192 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
09:14:36.0741 0192 QWAVEdrv - ok
09:14:36.0759 0192 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
09:14:36.0760 0192 RasAcd - ok
09:14:36.0809 0192 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
09:14:36.0811 0192 RasAgileVpn - ok
09:14:36.0830 0192 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
09:14:36.0835 0192 RasAuto - ok
09:14:36.0869 0192 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
09:14:36.0871 0192 Rasl2tp - ok
09:14:36.0929 0192 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
09:14:36.0936 0192 RasMan - ok
09:14:36.0974 0192 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
09:14:36.0975 0192 RasPppoe - ok
09:14:36.0993 0192 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
09:14:36.0995 0192 RasSstp - ok
09:14:37.0034 0192 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
09:14:37.0037 0192 rdbss - ok
09:14:37.0054 0192 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
09:14:37.0055 0192 rdpbus - ok
09:14:37.0077 0192 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
09:14:37.0078 0192 RDPCDD - ok
09:14:37.0094 0192 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
09:14:37.0095 0192 RDPENCDD - ok
09:14:37.0111 0192 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
09:14:37.0112 0192 RDPREFMP - ok
09:14:37.0140 0192 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
09:14:37.0142 0192 RDPWD - ok
09:14:37.0184 0192 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
09:14:37.0187 0192 rdyboost - ok
09:14:37.0231 0192 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
09:14:37.0235 0192 RemoteAccess - ok
09:14:37.0268 0192 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
09:14:37.0272 0192 RemoteRegistry - ok
09:14:37.0407 0192 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\windows\SysWOW64\Rezip.exe
09:14:37.0412 0192 Rezip - ok
09:14:37.0604 0192 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
09:14:37.0607 0192 RFCOMM - ok
09:14:37.0756 0192 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
09:14:37.0760 0192 RichVideo - ok
09:14:37.0791 0192 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
09:14:37.0795 0192 RpcEptMapper - ok
09:14:37.0828 0192 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
09:14:37.0831 0192 RpcLocator - ok
09:14:37.0870 0192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
09:14:37.0877 0192 RpcSs - ok
09:14:37.0914 0192 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
09:14:37.0916 0192 rspndr - ok
09:14:37.0946 0192 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
09:14:37.0950 0192 RTL8167 - ok
09:14:37.0981 0192 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
09:14:37.0983 0192 SABI - ok
09:14:38.0025 0192 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
09:14:38.0027 0192 SamSs - ok
09:14:38.0067 0192 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
09:14:38.0070 0192 sbp2port - ok
09:14:38.0103 0192 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
09:14:38.0109 0192 SCardSvr - ok
09:14:38.0147 0192 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
09:14:38.0149 0192 scfilter - ok
09:14:38.0212 0192 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
09:14:38.0224 0192 Schedule - ok
09:14:38.0261 0192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
09:14:38.0262 0192 SCPolicySvc - ok
09:14:38.0306 0192 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
09:14:38.0311 0192 SDRSVC - ok
09:14:38.0352 0192 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
09:14:38.0354 0192 secdrv - ok
09:14:38.0394 0192 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
09:14:38.0398 0192 seclogon - ok
09:14:38.0447 0192 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
09:14:38.0451 0192 SENS - ok
09:14:38.0466 0192 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
09:14:38.0470 0192 SensrSvc - ok
09:14:38.0494 0192 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
09:14:38.0495 0192 Serenum - ok
09:14:38.0524 0192 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
09:14:38.0525 0192 Serial - ok
09:14:38.0555 0192 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
09:14:38.0557 0192 sermouse - ok
09:14:38.0605 0192 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
09:14:38.0610 0192 SessionEnv - ok
09:14:38.0648 0192 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
09:14:38.0649 0192 sffdisk - ok
09:14:38.0662 0192 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
09:14:38.0663 0192 sffp_mmc - ok
09:14:38.0677 0192 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
09:14:38.0678 0192 sffp_sd - ok
09:14:38.0705 0192 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
09:14:38.0706 0192 sfloppy - ok
09:14:38.0749 0192 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
09:14:38.0756 0192 SharedAccess - ok
09:14:38.0800 0192 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
09:14:38.0806 0192 ShellHWDetection - ok
09:14:38.0829 0192 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
09:14:38.0831 0192 SiSRaid2 - ok
09:14:38.0862 0192 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
09:14:38.0865 0192 SiSRaid4 - ok
09:14:38.0906 0192 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
09:14:38.0908 0192 Smb - ok
09:14:38.0975 0192 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
09:14:38.0978 0192 SNMPTRAP - ok
09:14:38.0990 0192 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
09:14:38.0992 0192 spldr - ok
09:14:39.0047 0192 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
09:14:39.0054 0192 Spooler - ok
09:14:39.0168 0192 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
09:14:39.0203 0192 sppsvc - ok
09:14:39.0237 0192 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
09:14:39.0239 0192 sppuinotify - ok
09:14:39.0283 0192 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
09:14:39.0285 0192 srv - ok
09:14:39.0302 0192 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
09:14:39.0306 0192 srv2 - ok
09:14:39.0321 0192 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
09:14:39.0323 0192 srvnet - ok
09:14:39.0354 0192 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
09:14:39.0356 0192 SSDPSRV - ok
09:14:39.0370 0192 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
09:14:39.0373 0192 SstpSvc - ok
09:14:39.0410 0192 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
09:14:39.0411 0192 stexstor - ok
09:14:39.0455 0192 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
09:14:39.0462 0192 stisvc - ok
09:14:39.0502 0192 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
09:14:39.0502 0192 swenum - ok
09:14:39.0548 0192 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
09:14:39.0558 0192 swprv - ok
09:14:39.0660 0192 [ 8DF6C536ECE3B538978B53C223AB905D ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
09:14:39.0679 0192 SynTP - ok
09:14:39.0743 0192 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
09:14:39.0769 0192 SysMain - ok
09:14:39.0809 0192 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
09:14:39.0813 0192 TabletInputService - ok
09:14:39.0837 0192 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
09:14:39.0842 0192 TapiSrv - ok
09:14:39.0869 0192 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
09:14:39.0874 0192 TBS - ok
09:14:39.0951 0192 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
09:14:39.0967 0192 Tcpip - ok
09:14:39.0994 0192 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
09:14:40.0003 0192 TCPIP6 - ok
09:14:40.0048 0192 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
09:14:40.0050 0192 tcpipreg - ok
09:14:40.0097 0192 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
09:14:40.0098 0192 TDPIPE - ok
09:14:40.0130 0192 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
09:14:40.0131 0192 TDTCP - ok
09:14:40.0166 0192 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
09:14:40.0168 0192 tdx - ok
09:14:40.0186 0192 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
09:14:40.0187 0192 TermDD - ok
09:14:40.0233 0192 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
09:14:40.0241 0192 TermService - ok
09:14:40.0271 0192 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
09:14:40.0274 0192 Themes - ok
09:14:40.0308 0192 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
09:14:40.0310 0192 THREADORDER - ok
09:14:40.0330 0192 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
09:14:40.0335 0192 TrkWks - ok
09:14:40.0402 0192 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
09:14:40.0405 0192 TrustedInstaller - ok
09:14:40.0439 0192 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
09:14:40.0440 0192 tssecsrv - ok
09:14:40.0503 0192 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
09:14:40.0505 0192 TsUsbFlt - ok
09:14:40.0572 0192 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
09:14:40.0575 0192 tunnel - ok
09:14:40.0606 0192 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
09:14:40.0608 0192 uagp35 - ok
09:14:40.0653 0192 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
09:14:40.0657 0192 udfs - ok
09:14:40.0690 0192 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
09:14:40.0693 0192 UI0Detect - ok
09:14:40.0739 0192 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
09:14:40.0741 0192 uliagpkx - ok
09:14:40.0794 0192 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
09:14:40.0796 0192 umbus - ok
09:14:40.0810 0192 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
09:14:40.0811 0192 UmPass - ok
09:14:40.0835 0192 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
09:14:40.0841 0192 upnphost - ok
09:14:40.0860 0192 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
09:14:40.0861 0192 usbccgp - ok
09:14:40.0894 0192 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
09:14:40.0897 0192 usbcir - ok
09:14:40.0922 0192 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
09:14:40.0923 0192 usbehci - ok
09:14:40.0960 0192 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
09:14:40.0964 0192 usbhub - ok
09:14:40.0984 0192 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
09:14:40.0986 0192 usbohci - ok
09:14:41.0021 0192 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
09:14:41.0022 0192 usbprint - ok
09:14:41.0071 0192 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
09:14:41.0073 0192 usbscan - ok
09:14:41.0099 0192 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
09:14:41.0101 0192 USBSTOR - ok
09:14:41.0123 0192 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
09:14:41.0124 0192 usbuhci - ok
09:14:41.0183 0192 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
09:14:41.0187 0192 usbvideo - ok
09:14:41.0217 0192 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
09:14:41.0220 0192 UxSms - ok
09:14:41.0235 0192 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
09:14:41.0237 0192 VaultSvc - ok
09:14:41.0272 0192 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
09:14:41.0274 0192 vdrvroot - ok
09:14:41.0321 0192 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
09:14:41.0331 0192 vds - ok
09:14:41.0356 0192 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
09:14:41.0358 0192 vga - ok
09:14:41.0392 0192 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
09:14:41.0393 0192 VgaSave - ok
09:14:41.0427 0192 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
09:14:41.0431 0192 vhdmp - ok
09:14:41.0463 0192 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
09:14:41.0465 0192 viaide - ok
09:14:41.0491 0192 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
09:14:41.0493 0192 volmgr - ok
09:14:41.0530 0192 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
09:14:41.0537 0192 volmgrx - ok
09:14:41.0569 0192 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
09:14:41.0573 0192 volsnap - ok
09:14:41.0603 0192 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
09:14:41.0607 0192 vsmraid - ok
09:14:41.0699 0192 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
09:14:41.0723 0192 VSS - ok
09:14:41.0764 0192 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
09:14:41.0765 0192 vwifibus - ok
09:14:41.0809 0192 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
09:14:41.0811 0192 vwififlt - ok
09:14:41.0856 0192 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
09:14:41.0857 0192 vwifimp - ok
09:14:41.0898 0192 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
09:14:41.0904 0192 W32Time - ok
09:14:41.0926 0192 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
09:14:41.0928 0192 WacomPen - ok
09:14:41.0978 0192 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
09:14:41.0979 0192 WANARP - ok
09:14:41.0985 0192 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
09:14:41.0986 0192 Wanarpv6 - ok
09:14:42.0066 0192 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
09:14:42.0083 0192 WatAdminSvc - ok
09:14:42.0144 0192 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
09:14:42.0163 0192 wbengine - ok
09:14:42.0196 0192 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
09:14:42.0200 0192 WbioSrvc - ok
09:14:42.0233 0192 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
09:14:42.0238 0192 wcncsvc - ok
09:14:42.0249 0192 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
09:14:42.0252 0192 WcsPlugInService - ok
09:14:42.0283 0192 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
09:14:42.0285 0192 Wd - ok
09:14:42.0315 0192 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
09:14:42.0323 0192 Wdf01000 - ok
09:14:42.0338 0192 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
09:14:42.0341 0192 WdiServiceHost - ok
09:14:42.0345 0192 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
09:14:42.0348 0192 WdiSystemHost - ok
09:14:42.0392 0192 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
09:14:42.0398 0192 WebClient - ok
09:14:42.0427 0192 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
09:14:42.0432 0192 Wecsvc - ok
09:14:42.0452 0192 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
09:14:42.0455 0192 wercplsupport - ok
09:14:42.0507 0192 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
09:14:42.0512 0192 WerSvc - ok
09:14:42.0564 0192 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
09:14:42.0565 0192 WfpLwf - ok
09:14:42.0584 0192 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
09:14:42.0587 0192 WIMMount - ok
09:14:42.0617 0192 WinDefend - ok
09:14:42.0624 0192 WinHttpAutoProxySvc - ok
09:14:42.0670 0192 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
09:14:42.0674 0192 Winmgmt - ok
09:14:42.0752 0192 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
09:14:42.0782 0192 WinRM - ok
09:14:42.0865 0192 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
09:14:42.0867 0192 WinUsb - ok
09:14:42.0915 0192 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
09:14:42.0929 0192 Wlansvc - ok
09:14:43.0056 0192 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:14:43.0058 0192 wlcrasvc - ok
09:14:43.0176 0192 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:14:43.0201 0192 wlidsvc - ok
09:14:43.0230 0192 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
09:14:43.0232 0192 WmiAcpi - ok
09:14:43.0276 0192 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
09:14:43.0279 0192 wmiApSrv - ok
09:14:43.0317 0192 WMPNetworkSvc - ok
09:14:43.0362 0192 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
09:14:43.0366 0192 WPCSvc - ok
09:14:43.0403 0192 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
09:14:43.0408 0192 WPDBusEnum - ok
09:14:43.0437 0192 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
09:14:43.0438 0192 ws2ifsl - ok
09:14:43.0477 0192 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
09:14:43.0481 0192 wscsvc - ok
09:14:43.0487 0192 WSearch - ok
09:14:43.0584 0192 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
09:14:43.0616 0192 wuauserv - ok
09:14:43.0648 0192 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
09:14:43.0651 0192 WudfPf - ok
09:14:43.0680 0192 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
09:14:43.0683 0192 WUDFRd - ok
09:14:43.0714 0192 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
09:14:43.0718 0192 wudfsvc - ok
09:14:43.0763 0192 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
09:14:43.0770 0192 WwanSvc - ok
09:14:43.0824 0192 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
09:14:43.0830 0192 yukonw7 - ok
09:14:43.0927 0192 [ 74983ADDCA2D9618512C088D856D6615 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
09:14:43.0930 0192 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
09:14:43.0931 0192 ================ Scan global ===============================
09:14:43.0961 0192 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
09:14:44.0000 0192 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
09:14:44.0015 0192 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
09:14:44.0046 0192 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
09:14:44.0097 0192 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
09:14:44.0102 0192 [Global] - ok
09:14:44.0103 0192 ================ Scan MBR ==================================
09:14:44.0121 0192 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
09:14:44.0609 0192 \Device\Harddisk0\DR0 - ok
09:14:44.0610 0192 ================ Scan VBR ==================================
09:14:44.0613 0192 [ 8D1C1D53413A9338BB83BD1792E3461D ] \Device\Harddisk0\DR0\Partition1
09:14:44.0616 0192 \Device\Harddisk0\DR0\Partition1 - ok
09:14:44.0628 0192 [ 320648E8C0B59BD797F01A6A1D235CF3 ] \Device\Harddisk0\DR0\Partition2
09:14:44.0630 0192 \Device\Harddisk0\DR0\Partition2 - ok
09:14:44.0653 0192 [ 68E42B6F8EE78EA5C2F6FDEA1216B2A0 ] \Device\Harddisk0\DR0\Partition3
09:14:44.0656 0192 \Device\Harddisk0\DR0\Partition3 - ok
09:14:44.0657 0192 ============================================================
09:14:44.0657 0192 Scan finished
09:14:44.0657 0192 ============================================================
09:14:44.0670 5272 Detected object count: 0
09:14:44.0670 5272 Actual detected object count: 0

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.20.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Len :: BOOGIEMAN [administrator]

9/20/2012 9:19:34 AM
mbam-log-2012-09-20 (09-19-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236520
Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 23-07-2012
Ran by Len (administrator) on 20-09-2012 at 09:29:35
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection 2" address=169.254.147.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : boogieman
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : san.rr.com

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : F6-7B-CB-03-E9-17
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : san.rr.com
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : F0-7B-CB-03-E9-17
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::582a:c58a:e1d:62e2%19(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.199(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 20, 2012 9:26:43 AM
Lease Expires . . . . . . . . . . : Friday, September 21, 2012 9:26:42 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 468745163
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-FA-9F-49-00-24-54-39-E8-3B
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-24-54-64-8A-1E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.san.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : san.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F9200632-B1E4-4E21-9F30-8E129991F94E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1022:96a:bda4:b2d(Preferred)
Link-local IPv6 Address . . . . . : fe80::1022:96a:bda4:b2d%25(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{8595CC34-384C-48A5-A944-5B7183E4EB3F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2001:4860:4007:800::1004
74.125.239.5
74.125.239.6
74.125.239.7
74.125.239.8
74.125.239.9
74.125.239.14
74.125.239.0
74.125.239.1
74.125.239.2
74.125.239.3
74.125.239.4


Pinging google.com [74.125.239.9] with 32 bytes of data:
Reply from 74.125.239.9: bytes=32 time=12ms TTL=55
Reply from 74.125.239.9: bytes=32 time=11ms TTL=55

Ping statistics for 74.125.239.9:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 12ms, Average = 11ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=466ms TTL=48
Reply from 98.139.183.24: bytes=32 time=501ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 466ms, Maximum = 501ms, Average = 483ms
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
24...f6 7b cb 03 e9 17 ......Microsoft Virtual WiFi Miniport Adapter
19...f0 7b cb 03 e9 17 ......Atheros AR9285 Wireless Network Adapter
12...00 24 54 64 8a 1e ......Marvell Yukon 88E8059 Family PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
25...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.199 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.199 281
192.168.0.199 255.255.255.255 On-link 192.168.0.199 281
192.168.0.255 255.255.255.255 On-link 192.168.0.199 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.199 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.199 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
25 58 ::/0 On-link
1 306 ::1/128 On-link
25 58 2001::/32 On-link
25 306 2001:0:4137:9e76:1022:96a:bda4:b2d/128
On-link
19 281 fe80::/64 On-link
25 306 fe80::/64 On-link
25 306 fe80::1022:96a:bda4:b2d/128
On-link
19 281 fe80::582a:c58a:e1d:62e2/128
On-link
1 306 ff00::/8 On-link
25 306 ff00::/8 On-link
19 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/17/2012 09:15:43 PM) (Source: Application Hang) (User: )
Description: The program WINWORD.EXE version 12.0.6661.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17cc

Start Time: 01cd95540bfbdd05

Termination Time: 15

Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

Report Id: 6c01831a-0147-11e2-b580-002454648a1e

Error: (09/13/2012 07:48:55 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (09/05/2012 11:23:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version: 11.3.300.265, time stamp: 0x4febd5ac
Faulting module name: NPSWF32_11_3_300_265.dll, version: 11.3.300.265, time stamp: 0x4febd798
Exception code: 0xc0000005
Fault offset: 0x000d6da0
Faulting process id: 0xf60
Faulting application start time: 0xFlashPlayerPlugin_11_3_300_265.exe0
Faulting application path: FlashPlayerPlugin_11_3_300_265.exe1
Faulting module path: FlashPlayerPlugin_11_3_300_265.exe2
Report Id: FlashPlayerPlugin_11_3_300_265.exe3

Error: (08/30/2012 02:29:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version: 11.3.300.265, time stamp: 0x4febd5ac
Faulting module name: NPSWF32_11_3_300_265.dll, version: 11.3.300.265, time stamp: 0x4febd798
Exception code: 0xc0000005
Fault offset: 0x0016b5b0
Faulting process id: 0x19a4
Faulting application start time: 0xFlashPlayerPlugin_11_3_300_265.exe0
Faulting application path: FlashPlayerPlugin_11_3_300_265.exe1
Faulting module path: FlashPlayerPlugin_11_3_300_265.exe2
Report Id: FlashPlayerPlugin_11_3_300_265.exe3

Error: (08/20/2012 10:14:25 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {3d2bf90b-9da2-43fc-a35b-5d32b80121ab}

Error: (08/17/2012 11:36:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version: 11.3.300.265, time stamp: 0x4febd5ac
Faulting module name: NPSWF32_11_3_300_265.dll, version: 11.3.300.265, time stamp: 0x4febd798
Exception code: 0xc0000005
Fault offset: 0x004923d1
Faulting process id: 0x107c
Faulting application start time: 0xFlashPlayerPlugin_11_3_300_265.exe0
Faulting application path: FlashPlayerPlugin_11_3_300_265.exe1
Faulting module path: FlashPlayerPlugin_11_3_300_265.exe2
Report Id: FlashPlayerPlugin_11_3_300_265.exe3

Error: (08/16/2012 11:50:44 AM) (Source: Application Hang) (User: )
Description: The program PhotoshopElementsEditor.exe version 10.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11f4

Start Time: 01cd7bdf04fbe6a9

Termination Time: 18

Application Path: C:\Program Files (x86)\Adobe\Photoshop Elements 10\PhotoshopElementsEditor.exe

Report Id: 42fb7e04-e7d3-11e1-a035-002454648a1e

Error: (08/16/2012 09:16:52 AM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog

Error: (08/16/2012 09:12:39 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (08/14/2012 09:07:57 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.


System errors:
=============
Error: (09/20/2012 09:26:40 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (09/20/2012 09:10:47 AM) (Source: Service Control Manager) (User: )
Description: The Rezip service terminated unexpectedly. It has done this 1 time(s).

Error: (09/19/2012 03:22:55 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (09/18/2012 00:21:58 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (09/18/2012 11:44:28 AM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service failed to start due to the following error:
%%2

Error: (09/18/2012 11:40:56 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/18/2012 11:40:56 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/18/2012 11:40:38 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/18/2012 11:40:38 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/18/2012 11:38:52 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 2.6.0.19140)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Photoshop Elements 10 (Version: 10.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Reader 9.5.2 (Version: 9.5.2)
AnyPC Client (Version: 1.0.0.25)
Atheros Client Installation Program (Version: 1.0.2.1119)
BatteryLifeExtender (Version: 1.0.1)
ChargeableUSB (Version: 1.0.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CyberLink Blu-ray Disc Suite (Version: 6.0.3226)
CyberLink LabelPrint (Version: 2.5.2511)
CyberLink Power2Go (Version: 6.0.3604b)
CyberLink PowerDirector (Version: 7.0.3227)
CyberLink PowerDVD 8 (Version: 8.0.3228e)
CyberLink PowerProducer (Version: 5.0.2.2429)
CyberLink YouCam (Version: 2.0.3304)
D3DX10 (Version: 15.4.2368.0902)
Download Updater (AOL LLC)
Easy Display Manager (Version: 3.0)
Easy Network Manager (Version: 4.2.8)
Easy SpeedUp Manager (Version: 3.0.0.5)
EasyBatteryManager (Version: 4.0.0.3)
Elements 10 Organizer (Version: 10.0)
Intel® Rapid Storage Technology (Version: 9.5.4.1001)
Intel® Turbo Boost Technology Driver (Version: 01.00.01.1003)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Marvell Miniport Driver (Version: 11.22.3.3)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
NVIDIA Drivers (Version: 1.4)
Octoshape add-in for Adobe Flash Player
PSE10 STI Installer (Version: 10.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6003)
REALTEK Wireless LAN Software (Version: 1.01.0088)
Samsung R-Series (Version: 1.0)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.1.0)
Samsung Update Plus (Version: 2.0)
Synaptics Pointing Device Driver (Version: 15.2.20.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User Guide (Version: 1.0)
WIDCOMM Bluetooth Software (Version: 6.2.1.800)
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 3956.55 MB
Available physical RAM: 2813.77 MB
Total Pagefile: 7911.29 MB
Available Pagefile: 6711.03 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.51 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:100 GB) (Free:56.14 GB) NTFS
2 Drive d: () (Fixed) (Total:350.66 GB) (Free:275.57 GB) NTFS

========================= Users: ========================================

User accounts for \\BOOGIEMAN

Administrator Guest Len


**** End of log ****

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:16 AM

Posted 20 September 2012 - 01:20 PM

Found A rootkit but its not removed.
So run these next....

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Now I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 whoaitslen2

whoaitslen2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 20 September 2012 - 11:47 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-20 19:27:29
-----------------------------
19:27:29.004 OS Version: Windows x64 6.1.7601 Service Pack 1
19:27:29.004 Number of processors: 4 586 0x2502
19:27:29.004 ComputerName: BOOGIEMAN UserName: Len
19:27:29.550 Initialize success
19:27:53.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:27:53.712 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
19:27:53.712 Disk 0 MBR read successfully
19:27:53.728 Disk 0 MBR scan
19:27:53.728 Disk 0 unknown MBR code
19:27:53.728 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
19:27:53.744 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
19:27:53.759 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 102400 MB offset 31664128
19:27:53.790 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 359077 MB offset 241379328
19:27:53.822 Disk 0 scanning C:\windows\system32\drivers
19:28:01.435 Service scanning
19:28:18.392 Modules scanning
19:28:18.392 Disk 0 trace - called modules:
19:28:18.423 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:28:18.423 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0b060]
19:28:18.423 3 CLASSPNP.SYS[fffff88001b6843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004922050]
19:28:18.439 Scan finished successfully
19:28:35.287 Disk 0 MBR has been saved successfully to "C:\Users\Len\Desktop\MBR.dat"
19:28:35.302 The log file has been saved successfully to "C:\Users\Len\Desktop\aswMBR log.txt"

C:\Users\Len\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\58007f34-3a2fbdf0 multiple threats deleted - quarantined
D:\BOOGIEMAN\Backup Set 2012-01-17 095644\Backup Files 2012-01-17 114115\Backup files 1.zip multiple threats deleted - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:16 AM

Posted 21 September 2012 - 10:03 AM

Ok Are you still redirecting?? if so what browser(s) are running?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 whoaitslen2

whoaitslen2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 22 September 2012 - 12:44 PM

Yup, just did a few searches and after a few links I got redirected again. I'm using Firefox.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:16 AM

Posted 22 September 2012 - 09:05 PM

In FireFox it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 whoaitslen2

whoaitslen2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 25 September 2012 - 06:07 PM

I think you got it. Started with the first plug-in on the list which was Adobe Acrobat 9.5.2.295. Ever since disabling that I have had no redirects at least so far. Have done several dozen searches and clicked on many well known links I can think of with success. Before I'd get a redirect within half a dozen clicks.

Edited by whoaitslen2, 25 September 2012 - 06:08 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:16 AM

Posted 25 September 2012 - 08:04 PM

That may be all it was. I see Reader is outdated.
Adobe Reader 9.5.2 (Version: 9.5.2)
Uninstall that one.....

Update to Adobe Reader X (10.1.4)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional


You also may have to disable the Add On again.

Edited by boopme, 25 September 2012 - 08:05 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 whoaitslen2

whoaitslen2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 26 September 2012 - 06:20 PM

Cool thanks a bunch for the help. I updated to 10.1.4. Immediately went to search and got redirected on the first link. Disabled it and the redirects stopped.

Should I keep the rkill, tdsskiller, etc. or am I ok to delete them?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:16 AM

Posted 26 September 2012 - 08:07 PM

Delete them as if it becomes necessary to use them you will need to download the latest as it is updated almost everyday,

Mow you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:

Thanks for visiting us!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users