Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM Message


  • This topic is locked This topic is locked
33 replies to this topic

#1 joshuals

joshuals

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:11:12 PM

Posted 27 September 2012 - 04:08 PM

I am a Sophomore in the BC Training Progam and am currently working with etavares on Exercise #2.

Yesterday, while visiting a Canadian TV Network Website, MBAM (running in background) gave me the following message:

2012/09/26 04:33:38 -0700 TRISTAR149 <User Name> IP-BLOCK 89.248.169.55 (Type: outgoing, Port: 50728, Process: iexplore.exe)
2012/09/26 04:33:39 -0700 TRISTAR149 <User Name> IP-BLOCK 89.248.169.55 (Type: outgoing, Port: 50729, Process: iexplore.exe)

Note: <User Name> is my substitution.

Since the above event I have run scans with MBAM, Norton360, and Spybot S&D. All are negative.

We have been having trouble with our Internet connection in all eight residences where I am currently renting. The service seems to come and go, showing "No Internet Access" in the Task Bar and then eventually returns to normal. I'm not sure if this is related to the intrusion I experienced yesterday.

At the moment the Internet service is back up, but attempts to log on to BC result in "Internet Explorer Cannot Display Webpage." Most other websites I visit seem to operate normally. If perchance I do get connected to BC, often times the Internet connection will break once logged on.

I have advised my instructor of the problem via PM. I am typing this in Notepad, hoping I can get it pasted in without breaking the connection.

Thank you for your help.

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 27 September 2012 - 04:50 PM

Hello, joshuals.

I just figured I'd respond here. Please run TDSS Killer to start. We'll also run an online scan. We are limited what we can run in this forum.

Step 1

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • For now, please SKIP any detections when presented with a choice. We will need to move this thread to the malware removal forum if it does detect a rootkit.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply



Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:11:12 PM

Posted 27 September 2012 - 05:44 PM

Hi etavares

Here is the TDSSkiller log. Note I did not disable my antivirus/antispyware when I ran this scan.

15:18:54.0430 5752 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:18:55.0196 5752 ============================================================
15:18:55.0196 5752 Current date / time: 2012/09/27 15:18:55.0196
15:18:55.0196 5752 SystemInfo:
15:18:55.0196 5752
15:18:55.0196 5752 OS Version: 6.1.7601 ServicePack: 1.0
15:18:55.0196 5752 Product type: Workstation
15:18:55.0196 5752 ComputerName: TRISTAR149
15:18:55.0197 5752 UserName: Admin
15:18:55.0197 5752 Windows directory: C:\Windows
15:18:55.0197 5752 System windows directory: C:\Windows
15:18:55.0197 5752 Running under WOW64
15:18:55.0197 5752 Processor architecture: Intel x64
15:18:55.0197 5752 Number of processors: 4
15:18:55.0197 5752 Page size: 0x1000
15:18:55.0197 5752 Boot type: Normal boot
15:18:55.0197 5752 ============================================================
15:18:55.0779 5752 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder:

0xFF, Type 'K0', Flags 0x00000040
15:18:55.0796 5752 ============================================================
15:18:55.0796 5752 \Device\Harddisk0\DR0:
15:18:55.0797 5752 MBR partitions:
15:18:55.0797 5752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
15:18:55.0797 5752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x557C76F0
15:18:55.0797 5752 ============================================================
15:18:55.0826 5752 C: <-> \Device\Harddisk0\DR0\Partition2
15:18:55.0826 5752 ============================================================
15:18:55.0826 5752 Initialize success
15:18:55.0826 5752 ============================================================
15:21:26.0852 5260 ============================================================
15:21:26.0852 5260 Scan started
15:21:26.0852 5260 Mode: Manual;
15:21:26.0852 5260 ============================================================
15:21:27.0811 5260 ================ Scan system memory ========================
15:21:27.0811 5260 System memory - ok
15:21:27.0812 5260 ================ Scan services =============================
15:21:27.0958 5260 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:21:27.0964 5260 1394ohci - ok
15:21:27.0983 5260 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:21:27.0989 5260 ACPI - ok
15:21:28.0000 5260 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:21:28.0002 5260 AcpiPmi - ok
15:21:28.0110 5260 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:21:28.0112 5260 AdobeARMservice - ok
15:21:28.0151 5260 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:21:28.0161 5260 adp94xx - ok
15:21:28.0187 5260 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:21:28.0193 5260 adpahci - ok
15:21:28.0209 5260 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:21:28.0213 5260 adpu320 - ok
15:21:28.0236 5260 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:21:28.0237 5260 AeLookupSvc - ok
15:21:28.0302 5260 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
15:21:28.0304 5260 AESTFilters - ok
15:21:28.0345 5260 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:21:28.0355 5260 AFD - ok
15:21:28.0377 5260 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:21:28.0379 5260 agp440 - ok
15:21:28.0396 5260 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:21:28.0398 5260 ALG - ok
15:21:28.0412 5260 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:21:28.0414 5260 aliide - ok
15:21:28.0429 5260 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:21:28.0431 5260 amdide - ok
15:21:28.0455 5260 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:21:28.0457 5260 AmdK8 - ok
15:21:28.0476 5260 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:21:28.0479 5260 AmdPPM - ok
15:21:28.0501 5260 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:21:28.0504 5260 amdsata - ok
15:21:28.0524 5260 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:21:28.0529 5260 amdsbs - ok
15:21:28.0540 5260 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:21:28.0541 5260 amdxata - ok
15:21:28.0559 5260 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:21:28.0561 5260 AppID - ok
15:21:28.0575 5260 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:21:28.0577 5260 AppIDSvc - ok
15:21:28.0603 5260 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:21:28.0606 5260 Appinfo - ok
15:21:28.0651 5260 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
15:21:28.0653 5260 Apple Mobile Device - ok
15:21:28.0696 5260 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:21:28.0699 5260 arc - ok
15:21:28.0712 5260 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:21:28.0714 5260 arcsas - ok
15:21:28.0792 5260 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:21:28.0795 5260 aspnet_state - ok
15:21:28.0816 5260 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:21:28.0819 5260 AsyncMac - ok
15:21:28.0848 5260 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:21:28.0849 5260 atapi - ok
15:21:28.0892 5260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:21:28.0906 5260 AudioEndpointBuilder - ok
15:21:28.0919 5260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:21:28.0922 5260 AudioSrv - ok
15:21:28.0965 5260 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:21:28.0968 5260 AxInstSV - ok
15:21:29.0003 5260 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:21:29.0012 5260 b06bdrv - ok
15:21:29.0029 5260 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:21:29.0035 5260 b57nd60a - ok
15:21:29.0054 5260 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:21:29.0057 5260 BDESVC - ok
15:21:29.0070 5260 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:21:29.0072 5260 Beep - ok
15:21:29.0115 5260 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:21:29.0128 5260 BFE - ok
15:21:29.0285 5260 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions

\BASHDefs\20120919.001\BHDrvx64.sys
15:21:29.0310 5260 BHDrvx64 - ok
15:21:29.0358 5260 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:21:29.0383 5260 BITS - ok
15:21:29.0412 5260 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:21:29.0415 5260 blbdrive - ok
15:21:29.0460 5260 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:21:29.0465 5260 Bonjour Service - ok
15:21:29.0488 5260 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:21:29.0491 5260 bowser - ok
15:21:29.0516 5260 [ 86A4289EE7663E0A51F1A523F8466EA2 ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
15:21:29.0519 5260 bpenum - ok
15:21:29.0535 5260 [ CFADDB7733E91214F04641BCA3CC1D06 ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
15:21:29.0540 5260 bpmp - ok
15:21:29.0559 5260 [ 24884464FCE06814158752AF782A0B18 ] bpusb C:\Windows\system32\Drivers\bpusb.sys
15:21:29.0561 5260 bpusb - ok
15:21:29.0576 5260 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:21:29.0578 5260 BrFiltLo - ok
15:21:29.0590 5260 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:21:29.0592 5260 BrFiltUp - ok
15:21:29.0639 5260 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:21:29.0642 5260 BridgeMP - ok
15:21:29.0664 5260 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:21:29.0668 5260 Browser - ok
15:21:29.0683 5260 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:21:29.0688 5260 Brserid - ok
15:21:29.0703 5260 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:21:29.0706 5260 BrSerWdm - ok
15:21:29.0715 5260 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:21:29.0716 5260 BrUsbMdm - ok
15:21:29.0728 5260 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:21:29.0730 5260 BrUsbSer - ok
15:21:29.0763 5260 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:21:29.0766 5260 BthEnum - ok
15:21:29.0781 5260 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:21:29.0784 5260 BTHMODEM - ok
15:21:29.0795 5260 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:21:29.0798 5260 BthPan - ok
15:21:29.0819 5260 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:21:29.0829 5260 BTHPORT - ok
15:21:29.0856 5260 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:21:29.0859 5260 bthserv - ok
15:21:29.0875 5260 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:21:29.0878 5260 BTHUSB - ok
15:21:29.0893 5260 [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
15:21:29.0896 5260 btusbflt - ok
15:21:29.0912 5260 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:21:29.0914 5260 btwaudio - ok
15:21:29.0927 5260 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
15:21:29.0931 5260 btwavdt - ok
15:21:29.0996 5260 [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:21:30.0009 5260 btwdins - ok
15:21:30.0029 5260 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:21:30.0032 5260 btwl2cap - ok
15:21:30.0052 5260 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:21:30.0054 5260 btwrchid - ok
15:21:30.0127 5260 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1401010.002\ccSetx64.sys
15:21:30.0132 5260 ccSet_N360 - ok
15:21:30.0142 5260 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:21:30.0146 5260 cdfs - ok
15:21:30.0172 5260 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:21:30.0176 5260 cdrom - ok
15:21:30.0199 5260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:21:30.0202 5260 CertPropSvc - ok
15:21:30.0236 5260 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:21:30.0238 5260 circlass - ok
15:21:30.0269 5260 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:21:30.0276 5260 CLFS - ok
15:21:30.0320 5260 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:21:30.0323 5260 clr_optimization_v2.0.50727_32 - ok
15:21:30.0355 5260 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:21:30.0358 5260 clr_optimization_v2.0.50727_64 - ok
15:21:30.0427 5260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:21:30.0430 5260 clr_optimization_v4.0.30319_32 - ok
15:21:30.0452 5260 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:21:30.0456 5260 clr_optimization_v4.0.30319_64 - ok
15:21:30.0481 5260 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:21:30.0483 5260 CmBatt - ok
15:21:30.0494 5260 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:21:30.0495 5260 cmdide - ok
15:21:30.0528 5260 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:21:30.0535 5260 CNG - ok
15:21:30.0552 5260 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:21:30.0553 5260 Compbatt - ok
15:21:30.0585 5260 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:21:30.0587 5260 CompositeBus - ok
15:21:30.0601 5260 COMSysApp - ok
15:21:30.0616 5260 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:21:30.0618 5260 crcdisk - ok
15:21:30.0653 5260 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:21:30.0657 5260 CryptSvc - ok
15:21:30.0692 5260 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:21:30.0697 5260 CtClsFlt - ok
15:21:30.0732 5260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:21:30.0741 5260 DcomLaunch - ok
15:21:30.0773 5260 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:21:30.0779 5260 defragsvc - ok
15:21:30.0805 5260 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:21:30.0808 5260 DfsC - ok
15:21:30.0829 5260 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:21:30.0835 5260 Dhcp - ok
15:21:30.0857 5260 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:21:30.0858 5260 discache - ok
15:21:30.0875 5260 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:21:30.0877 5260 Disk - ok
15:21:30.0937 5260 [ 982D487E4D2D1FCC48A97B102055ECE0 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
15:21:30.0947 5260 DMAgent - ok
15:21:30.0972 5260 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:21:30.0977 5260 Dnscache - ok
15:21:31.0034 5260 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
15:21:31.0039 5260 DockLoginService - ok
15:21:31.0066 5260 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:21:31.0072 5260 dot3svc - ok
15:21:31.0088 5260 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:21:31.0093 5260 DPS - ok
15:21:31.0113 5260 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:21:31.0115 5260 drmkaud - ok
15:21:31.0155 5260 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:21:31.0180 5260 DXGKrnl - ok
15:21:31.0206 5260 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:21:31.0210 5260 EapHost - ok
15:21:31.0286 5260 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:21:31.0350 5260 ebdrv - ok
15:21:31.0399 5260 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:21:31.0406 5260 eeCtrl - ok
15:21:31.0427 5260 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:21:31.0430 5260 EFS - ok
15:21:31.0475 5260 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:21:31.0488 5260 ehRecvr - ok
15:21:31.0508 5260 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:21:31.0511 5260 ehSched - ok
15:21:31.0546 5260 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:21:31.0556 5260 elxstor - ok
15:21:31.0592 5260 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:21:31.0596 5260 EraserUtilRebootDrv - ok
15:21:31.0618 5260 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:21:31.0620 5260 ErrDev - ok
15:21:31.0663 5260 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:21:31.0665 5260 EventSystem - ok
15:21:31.0747 5260 [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:21:31.0777 5260 EvtEng - ok
15:21:31.0812 5260 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:21:31.0817 5260 exfat - ok
15:21:31.0837 5260 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:21:31.0842 5260 fastfat - ok
15:21:31.0881 5260 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:21:31.0895 5260 Fax - ok
15:21:31.0909 5260 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:21:31.0911 5260 fdc - ok
15:21:31.0942 5260 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:21:31.0943 5260 fdPHost - ok
15:21:31.0957 5260 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:21:31.0960 5260 FDResPub - ok
15:21:31.0973 5260 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:21:31.0976 5260 FileInfo - ok
15:21:31.0990 5260 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:21:31.0992 5260 Filetrace - ok
15:21:32.0006 5260 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:21:32.0009 5260 flpydisk - ok
15:21:32.0023 5260 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:21:32.0028 5260 FltMgr - ok
15:21:32.0070 5260 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:21:32.0099 5260 FontCache - ok
15:21:32.0137 5260 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:21:32.0139 5260 FontCache3.0.0.0 - ok
15:21:32.0149 5260 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:21:32.0152 5260 FsDepends - ok
15:21:32.0177 5260 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:21:32.0179 5260 Fs_Rec - ok
15:21:32.0217 5260 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:21:32.0222 5260 fvevol - ok
15:21:32.0237 5260 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:21:32.0240 5260 gagp30kx - ok
15:21:32.0263 5260 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:21:32.0265 5260 GEARAspiWDM - ok
15:21:32.0328 5260 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
15:21:32.0330 5260 GoToAssist - ok
15:21:32.0363 5260 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:21:32.0375 5260 gpsvc - ok
15:21:32.0397 5260 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
15:21:32.0399 5260 grmnusb - ok
15:21:32.0458 5260 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:21:32.0459 5260 gupdate - ok
15:21:32.0467 5260 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:21:32.0468 5260 gupdatem - ok
15:21:32.0492 5260 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:21:32.0494 5260 hcw85cir - ok
15:21:32.0521 5260 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:21:32.0528 5260 HdAudAddService - ok
15:21:32.0553 5260 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:21:32.0556 5260 HDAudBus - ok
15:21:32.0578 5260 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:21:32.0581 5260 HECIx64 - ok
15:21:32.0593 5260 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:21:32.0595 5260 HidBatt - ok
15:21:32.0609 5260 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:21:32.0612 5260 HidBth - ok
15:21:32.0618 5260 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:21:32.0620 5260 HidIr - ok
15:21:32.0639 5260 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:21:32.0642 5260 hidserv - ok
15:21:32.0652 5260 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:21:32.0654 5260 HidUsb - ok
15:21:32.0684 5260 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:21:32.0688 5260 hkmsvc - ok
15:21:32.0711 5260 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:21:32.0716 5260 HomeGroupListener - ok
15:21:32.0742 5260 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:21:32.0748 5260 HomeGroupProvider - ok
15:21:32.0764 5260 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:21:32.0768 5260 HpSAMD - ok
15:21:32.0802 5260 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:21:32.0813 5260 HTTP - ok
15:21:32.0837 5260 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:21:32.0838 5260 hwpolicy - ok
15:21:32.0869 5260 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:21:32.0871 5260 i8042prt - ok
15:21:32.0909 5260 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:21:32.0913 5260 iaStor - ok
15:21:32.0970 5260 [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:21:32.0972 5260 IAStorDataMgrSvc - ok
15:21:33.0002 5260 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:21:33.0010 5260 iaStorV - ok
15:21:33.0079 5260 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:21:33.0082 5260 IDriverT - ok
15:21:33.0135 5260 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:21:33.0159 5260 idsvc - ok
15:21:33.0290 5260 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions

\IPSDefs\20120926.001\IDSvia64.sys
15:21:33.0299 5260 IDSVia64 - ok
15:21:33.0508 5260 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:21:33.0707 5260 igfx - ok
15:21:33.0736 5260 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:21:33.0738 5260 iirsp - ok
15:21:33.0768 5260 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:21:33.0781 5260 IKEEXT - ok
15:21:33.0805 5260 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
15:21:33.0809 5260 Impcd - ok
15:21:33.0833 5260 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
15:21:33.0839 5260 IntcDAud - ok
15:21:33.0864 5260 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:21:33.0866 5260 intelide - ok
15:21:33.0879 5260 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:21:33.0882 5260 intelppm - ok
15:21:33.0911 5260 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:21:33.0914 5260 IPBusEnum - ok
15:21:33.0939 5260 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:21:33.0941 5260 IpFilterDriver - ok
15:21:33.0970 5260 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:21:33.0981 5260 iphlpsvc - ok
15:21:33.0999 5260 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:21:34.0002 5260 IPMIDRV - ok
15:21:34.0013 5260 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:21:34.0016 5260 IPNAT - ok
15:21:34.0069 5260 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:21:34.0095 5260 iPod Service - ok
15:21:34.0109 5260 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:21:34.0111 5260 IRENUM - ok
15:21:34.0132 5260 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:21:34.0134 5260 isapnp - ok
15:21:34.0155 5260 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:21:34.0161 5260 iScsiPrt - ok
15:21:34.0185 5260 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:21:34.0187 5260 kbdclass - ok
15:21:34.0215 5260 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:21:34.0218 5260 kbdhid - ok
15:21:34.0235 5260 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:21:34.0237 5260 KeyIso - ok
15:21:34.0251 5260 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:21:34.0253 5260 KSecDD - ok
15:21:34.0280 5260 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:21:34.0284 5260 KSecPkg - ok
15:21:34.0300 5260 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:21:34.0302 5260 ksthunk - ok
15:21:34.0330 5260 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:21:34.0338 5260 KtmRm - ok
15:21:34.0366 5260 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:21:34.0372 5260 LanmanServer - ok
15:21:34.0398 5260 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:21:34.0403 5260 LanmanWorkstation - ok
15:21:34.0445 5260 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:21:34.0448 5260 lltdio - ok
15:21:34.0472 5260 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:21:34.0480 5260 lltdsvc - ok
15:21:34.0496 5260 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:21:34.0499 5260 lmhosts - ok
15:21:34.0537 5260 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:21:34.0543 5260 LMS - ok
15:21:34.0569 5260 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:21:34.0572 5260 LSI_FC - ok
15:21:34.0582 5260 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:21:34.0585 5260 LSI_SAS - ok
15:21:34.0595 5260 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:21:34.0597 5260 LSI_SAS2 - ok
15:21:34.0615 5260 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:21:34.0619 5260 LSI_SCSI - ok
15:21:34.0642 5260 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:21:34.0645 5260 luafv - ok
15:21:34.0692 5260 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:21:34.0693 5260 MBAMProtector - ok
15:21:34.0747 5260 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:21:34.0752 5260 MBAMScheduler - ok
15:21:34.0776 5260 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:21:34.0787 5260 MBAMService - ok
15:21:34.0812 5260 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:21:34.0815 5260 Mcx2Svc - ok
15:21:34.0836 5260 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:21:34.0838 5260 megasas - ok
15:21:34.0859 5260 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:21:34.0866 5260 MegaSR - ok
15:21:34.0889 5260 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:21:34.0892 5260 MMCSS - ok
15:21:34.0904 5260 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:21:34.0906 5260 Modem - ok
15:21:34.0938 5260 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:21:34.0941 5260 monitor - ok
15:21:34.0964 5260 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:21:34.0966 5260 mouclass - ok
15:21:34.0989 5260 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:21:34.0991 5260 mouhid - ok
15:21:35.0015 5260 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:21:35.0017 5260 mountmgr - ok
15:21:35.0044 5260 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:21:35.0048 5260 mpio - ok
15:21:35.0067 5260 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:21:35.0070 5260 mpsdrv - ok
15:21:35.0097 5260 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:21:35.0110 5260 MpsSvc - ok
15:21:35.0131 5260 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:21:35.0134 5260 MRxDAV - ok
15:21:35.0163 5260 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:21:35.0167 5260 mrxsmb - ok
15:21:35.0184 5260 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:21:35.0190 5260 mrxsmb10 - ok
15:21:35.0207 5260 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:21:35.0211 5260 mrxsmb20 - ok
15:21:35.0226 5260 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:21:35.0226 5260 msahci - ok
15:21:35.0245 5260 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:21:35.0249 5260 msdsm - ok
15:21:35.0270 5260 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:21:35.0275 5260 MSDTC - ok
15:21:35.0302 5260 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:21:35.0303 5260 Msfs - ok
15:21:35.0315 5260 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:21:35.0317 5260 mshidkmdf - ok
15:21:35.0336 5260 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:21:35.0336 5260 msisadrv - ok
15:21:35.0354 5260 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:21:35.0360 5260 MSiSCSI - ok
15:21:35.0365 5260 msiserver - ok
15:21:35.0384 5260 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:21:35.0386 5260 MSKSSRV - ok
15:21:35.0411 5260 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:21:35.0413 5260 MSPCLOCK - ok
15:21:35.0430 5260 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:21:35.0432 5260 MSPQM - ok
15:21:35.0463 5260 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:21:35.0470 5260 MsRPC - ok
15:21:35.0487 5260 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:21:35.0489 5260 mssmbios - ok
15:21:35.0500 5260 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:21:35.0502 5260 MSTEE - ok
15:21:35.0513 5260 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:21:35.0515 5260 MTConfig - ok
15:21:35.0532 5260 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:21:35.0533 5260 Mup - ok
15:21:35.0553 5260 [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:21:35.0560 5260 MyWiFiDHCPDNS - ok
15:21:35.0604 5260 [ DFD8873E4DC08E621A8366C6CD98AB28 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.1.1.2\ccSvcHst.exe
15:21:35.0606 5260 N360 - ok
15:21:35.0631 5260 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:21:35.0640 5260 napagent - ok
15:21:35.0671 5260 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:21:35.0678 5260 NativeWifiP - ok
15:21:35.0748 5260 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions

\VirusDefs\20120927.002\ENG64.SYS
15:21:35.0752 5260 NAVENG - ok
15:21:35.0814 5260 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions

\VirusDefs\20120927.002\EX64.SYS
15:21:35.0853 5260 NAVEX15 - ok
15:21:35.0914 5260 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:21:35.0930 5260 NDIS - ok
15:21:35.0962 5260 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:21:35.0964 5260 NdisCap - ok
15:21:35.0987 5260 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:21:35.0990 5260 NdisTapi - ok
15:21:36.0012 5260 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:21:36.0014 5260 Ndisuio - ok
15:21:36.0040 5260 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:21:36.0044 5260 NdisWan - ok
15:21:36.0065 5260 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:21:36.0067 5260 NDProxy - ok
15:21:36.0079 5260 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:21:36.0080 5260 NetBIOS - ok
15:21:36.0101 5260 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:21:36.0105 5260 NetBT - ok
15:21:36.0130 5260 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:21:36.0132 5260 Netlogon - ok
15:21:36.0159 5260 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:21:36.0166 5260 Netman - ok
15:21:36.0208 5260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:21:36.0211 5260 NetMsmqActivator - ok
15:21:36.0220 5260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:21:36.0222 5260 NetPipeActivator - ok
15:21:36.0244 5260 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:21:36.0251 5260 netprofm - ok
15:21:36.0255 5260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:21:36.0256 5260 NetTcpActivator - ok
15:21:36.0261 5260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:21:36.0262 5260 NetTcpPortSharing - ok
15:21:36.0402 5260 [ 18555F48844C2861D9DCE8F2B7223AE5 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
15:21:36.0544 5260 NETw5s64 - ok
15:21:36.0570 5260 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:21:36.0572 5260 nfrd960 - ok
15:21:36.0607 5260 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:21:36.0615 5260 NlaSvc - ok
15:21:36.0628 5260 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:21:36.0629 5260 Npfs - ok
15:21:36.0641 5260 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:21:36.0644 5260 nsi - ok
15:21:36.0657 5260 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:21:36.0658 5260 nsiproxy - ok
15:21:36.0702 5260 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:21:36.0740 5260 Ntfs - ok
15:21:36.0757 5260 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:21:36.0759 5260 Null - ok
15:21:36.0792 5260 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:21:36.0796 5260 nvraid - ok
15:21:36.0815 5260 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:21:36.0819 5260 nvstor - ok
15:21:36.0833 5260 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:21:36.0836 5260 nv_agp - ok
15:21:36.0864 5260 [ 952AB3BDEF38A7391AA05BC8C6028F15 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
15:21:36.0869 5260 NWADI - ok
15:21:36.0890 5260 [ DE3ABD010D9734CD4AD4E0BA81F50B63 ] NWUSBCDFIL64 C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
15:21:36.0892 5260 NWUSBCDFIL64 - ok
15:21:36.0914 5260 [ 6AE72C04633788C3C3B71B5BEB17183C ] NWUSBModem C:\Windows\system32\DRIVERS\nwusbmdm.sys
15:21:36.0919 5260 NWUSBModem - ok
15:21:36.0949 5260 [ 6AE72C04633788C3C3B71B5BEB17183C ] NWUSBPort C:\Windows\system32\DRIVERS\nwusbser.sys
15:21:36.0955 5260 NWUSBPort - ok
15:21:36.0978 5260 [ 6AE72C04633788C3C3B71B5BEB17183C ] NWUSBPort2 C:\Windows\system32\DRIVERS\nwusbser2.sys
15:21:36.0984 5260 NWUSBPort2 - ok
15:21:37.0008 5260 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:21:37.0012 5260 ohci1394 - ok
15:21:37.0061 5260 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:21:37.0065 5260 ose - ok
15:21:37.0226 5260 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:21:37.0304 5260 osppsvc - ok
15:21:37.0352 5260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:21:37.0360 5260 p2pimsvc - ok
15:21:37.0388 5260 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:21:37.0397 5260 p2psvc - ok
15:21:37.0419 5260 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:21:37.0422 5260 Parport - ok
15:21:37.0444 5260 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:21:37.0446 5260 partmgr - ok
15:21:37.0462 5260 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:21:37.0468 5260 PcaSvc - ok
15:21:37.0485 5260 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:21:37.0489 5260 pci - ok
15:21:37.0509 5260 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:21:37.0511 5260 pciide - ok
15:21:37.0529 5260 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:21:37.0535 5260 pcmcia - ok
15:21:37.0550 5260 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:21:37.0552 5260 pcw - ok
15:21:37.0573 5260 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:21:37.0582 5260 PEAUTH - ok
15:21:37.0639 5260 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:21:37.0643 5260 PerfHost - ok
15:21:37.0711 5260 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:21:37.0755 5260 pla - ok
15:21:37.0796 5260 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:21:37.0806 5260 PlugPlay - ok
15:21:37.0821 5260 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:21:37.0825 5260 PNRPAutoReg - ok
15:21:37.0845 5260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:21:37.0848 5260 PNRPsvc - ok
15:21:37.0871 5260 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:21:37.0880 5260 PolicyAgent - ok
15:21:37.0904 5260 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:21:37.0909 5260 Power - ok
15:21:37.0933 5260 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:21:37.0936 5260 PptpMiniport - ok
15:21:37.0963 5260 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:21:37.0966 5260 Processor - ok
15:21:37.0990 5260 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:21:37.0996 5260 ProfSvc - ok
15:21:38.0008 5260 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:21:38.0009 5260 ProtectedStorage - ok
15:21:38.0030 5260 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:21:38.0033 5260 Psched - ok
15:21:38.0074 5260 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
15:21:38.0076 5260 PSI - ok
15:21:38.0098 5260 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:21:38.0099 5260 PxHlpa64 - ok
15:21:38.0140 5260 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:21:38.0171 5260 ql2300 - ok
15:21:38.0184 5260 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:21:38.0188 5260 ql40xx - ok
15:21:38.0212 5260 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:21:38.0219 5260 QWAVE - ok
15:21:38.0229 5260 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:21:38.0232 5260 QWAVEdrv - ok
15:21:38.0251 5260 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:21:38.0253 5260 RasAcd - ok
15:21:38.0274 5260 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:21:38.0276 5260 RasAgileVpn - ok
15:21:38.0296 5260 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:21:38.0301 5260 RasAuto - ok
15:21:38.0330 5260 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:21:38.0333 5260 Rasl2tp - ok
15:21:38.0355 5260 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:21:38.0364 5260 RasMan - ok
15:21:38.0381 5260 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:21:38.0384 5260 RasPppoe - ok
15:21:38.0395 5260 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:21:38.0398 5260 RasSstp - ok
15:21:38.0415 5260 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:21:38.0420 5260 rdbss - ok
15:21:38.0433 5260 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:21:38.0435 5260 rdpbus - ok
15:21:38.0446 5260 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:21:38.0446 5260 RDPCDD - ok
15:21:38.0463 5260 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:21:38.0464 5260 RDPENCDD - ok
15:21:38.0474 5260 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:21:38.0475 5260 RDPREFMP - ok
15:21:38.0502 5260 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:21:38.0506 5260 RDPWD - ok
15:21:38.0527 5260 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:21:38.0532 5260 rdyboost - ok
15:21:38.0588 5260 [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:21:38.0603 5260 RegSrvc - ok
15:21:38.0623 5260 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:21:38.0627 5260 RemoteAccess - ok
15:21:38.0653 5260 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:21:38.0658 5260 RemoteRegistry - ok
15:21:38.0690 5260 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:21:38.0694 5260 RFCOMM - ok
15:21:38.0710 5260 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:21:38.0714 5260 RpcEptMapper - ok
15:21:38.0730 5260 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:21:38.0733 5260 RpcLocator - ok
15:21:38.0760 5260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:21:38.0764 5260 RpcSs - ok
15:21:38.0783 5260 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:21:38.0785 5260 rspndr - ok
15:21:38.0815 5260 [ 30F463768D5143BFD7B2DF822B53CF4D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
15:21:38.0821 5260 RSUSBSTOR - ok
15:21:38.0860 5260 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:21:38.0870 5260 RTL8167 - ok
15:21:38.0881 5260 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:21:38.0882 5260 SamSs - ok
15:21:38.0907 5260 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:21:38.0910 5260 sbp2port - ok
15:21:38.0961 5260 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:21:38.0977 5260 SBSDWSCService - ok
15:21:39.0000 5260 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:21:39.0006 5260 SCardSvr - ok
15:21:39.0018 5260 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:21:39.0020 5260 scfilter - ok
15:21:39.0064 5260 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:21:39.0094 5260 Schedule - ok
15:21:39.0110 5260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:21:39.0112 5260 SCPolicySvc - ok
15:21:39.0136 5260 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:21:39.0140 5260 SDRSVC - ok
15:21:39.0162 5260 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:21:39.0165 5260 secdrv - ok
15:21:39.0182 5260 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:21:39.0186 5260 seclogon - ok
15:21:39.0238 5260 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:21:39.0264 5260 Secunia PSI Agent - ok
15:21:39.0282 5260 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
15:21:39.0289 5260 Secunia Update Agent - ok
15:21:39.0312 5260 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:21:39.0315 5260 SENS - ok
15:21:39.0337 5260 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:21:39.0340 5260 SensrSvc - ok
15:21:39.0392 5260 [ DE3135E7ED559FC1C1B92AA7BA52CCDB ] Ser2ph C:\Windows\system32\DRIVERS\ser2ph64.sys
15:21:39.0395 5260 Ser2ph - ok
15:21:39.0411 5260 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:21:39.0414 5260 Serenum - ok
15:21:39.0439 5260 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:21:39.0442 5260 Serial - ok
15:21:39.0478 5260 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:21:39.0480 5260 sermouse - ok
15:21:39.0515 5260 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:21:39.0519 5260 SessionEnv - ok
15:21:39.0541 5260 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:21:39.0543 5260 sffdisk - ok
15:21:39.0555 5260 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:21:39.0557 5260 sffp_mmc - ok
15:21:39.0569 5260 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:21:39.0571 5260 sffp_sd - ok
15:21:39.0586 5260 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:21:39.0589 5260 sfloppy - ok
15:21:39.0648 5260 [ E1974A92AC0914A3859359A0A8C82C68 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:21:39.0661 5260 SftService - ok
15:21:39.0696 5260 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:21:39.0703 5260 SharedAccess - ok
15:21:39.0721 5260 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:21:39.0729 5260 ShellHWDetection - ok
15:21:39.0751 5260 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:21:39.0754 5260 SiSRaid2 - ok
15:21:39.0762 5260 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:21:39.0765 5260 SiSRaid4 - ok
15:21:39.0793 5260 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:21:39.0795 5260 Smb - ok
15:21:39.0821 5260 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:21:39.0823 5260 SNMPTRAP - ok
15:21:39.0836 5260 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:21:39.0836 5260 spldr - ok
15:21:39.0864 5260 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:21:39.0876 5260 Spooler - ok
15:21:39.0959 5260 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:21:40.0037 5260 sppsvc - ok
15:21:40.0054 5260 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:21:40.0057 5260 sppuinotify - ok
15:21:40.0110 5260 [ B2FE88C5E621C8345CC9BAC5CFD366B0 ] SRTSP C:\Windows\System32\Drivers\N360x64\1401010.002\SRTSP64.SYS
15:21:40.0124 5260 SRTSP - ok
15:21:40.0138 5260 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1401010.002\SRTSPX64.SYS
15:21:40.0141 5260 SRTSPX - ok
15:21:40.0175 5260 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:21:40.0182 5260 srv - ok
15:21:40.0206 5260 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:21:40.0215 5260 srv2 - ok
15:21:40.0231 5260 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:21:40.0235 5260 srvnet - ok
15:21:40.0268 5260 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
15:21:40.0272 5260 sscdbus - ok
15:21:40.0291 5260 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:21:40.0294 5260 sscdmdfl - ok
15:21:40.0313 5260 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
15:21:40.0318 5260 sscdmdm - ok
15:21:40.0342 5260 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:21:40.0348 5260 SSDPSRV - ok
15:21:40.0362 5260 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:21:40.0366 5260 SstpSvc - ok
15:21:40.0419 5260 [ 463E33B1EA7AF1E6EB87B66B831DB41A ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
15:21:40.0422 5260 STacSV - ok
15:21:40.0445 5260 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:21:40.0447 5260 stexstor - ok
15:21:40.0482 5260 [ 4304B75094E106FB5423A290C95841E5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:21:40.0493 5260 STHDA - ok
15:21:40.0520 5260 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
15:21:40.0522 5260 StillCam - ok
15:21:40.0557 5260 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:21:40.0568 5260 stisvc - ok
15:21:40.0594 5260 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:21:40.0596 5260 swenum - ok
15:21:40.0626 5260 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:21:40.0638 5260 swprv - ok
15:21:40.0659 5260 [ 688BBE78970E639BC1D66AE733394DCF ] SymDS C:\Windows\system32\drivers\N360x64\1401010.002\SYMDS64.SYS
15:21:40.0667 5260 SymDS - ok
15:21:40.0709 5260 [ A17EE0D0D762CC9B56FB9218D7089AFB ] SymEFA C:\Windows\system32\drivers\N360x64\1401010.002\SYMEFA64.SYS
15:21:40.0744 5260 SymEFA - ok
15:21:40.0775 5260 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:21:40.0779 5260 SymEvent - ok
15:21:40.0791 5260 SYMFW - ok
15:21:40.0808 5260 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1401010.002\Ironx64.SYS
15:21:40.0812 5260 SymIRON - ok
15:21:40.0815 5260 SYMNDISV - ok
15:21:40.0837 5260 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1401010.002\SYMNETS.SYS
15:21:40.0844 5260 SymNetS - ok
15:21:40.0873 5260 [ 8A3FBCB3D6D4710730D27DA4392A4863 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:21:40.0880 5260 SynTP - ok
15:21:40.0939 5260 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:21:40.0974 5260 SysMain - ok
15:21:40.0992 5260 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:21:40.0997 5260 TabletInputService - ok
15:21:41.0016 5260 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:21:41.0023 5260 TapiSrv - ok
15:21:41.0044 5260 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:21:41.0049 5260 TBS - ok
15:21:41.0122 5260 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:21:41.0156 5260 Tcpip - ok
15:21:41.0204 5260 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:21:41.0219 5260 TCPIP6 - ok
15:21:41.0241 5260 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:21:41.0243 5260 tcpipreg - ok
15:21:41.0264 5260 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:21:41.0266 5260 TDPIPE - ok
15:21:41.0300 5260 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:21:41.0302 5260 TDTCP - ok
15:21:41.0329 5260 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:21:41.0333 5260 tdx - ok
15:21:41.0360 5260 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:21:41.0362 5260 TermDD - ok
15:21:41.0388 5260 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:21:41.0402 5260 TermService - ok
15:21:41.0421 5260 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:21:41.0424 5260 Themes - ok
15:21:41.0453 5260 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:21:41.0455 5260 THREADORDER - ok
15:21:41.0475 5260 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:21:41.0480 5260 TrkWks - ok
15:21:41.0516 5260 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:21:41.0518 5260 TrustedInstaller - ok
15:21:41.0544 5260 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:21:41.0546 5260 tssecsrv - ok
15:21:41.0570 5260 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:21:41.0573 5260 TsUsbFlt - ok
15:21:41.0614 5260 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:21:41.0617 5260 tunnel - ok
15:21:41.0635 5260 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
15:21:41.0638 5260 TurboB - ok
15:21:41.0663 5260 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:21:41.0667 5260 TurboBoost - ok
15:21:41.0689 5260 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:21:41.0692 5260 uagp35 - ok
15:21:41.0708 5260 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:21:41.0715 5260 udfs - ok
15:21:41.0750 5260 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:21:41.0753 5260 UI0Detect - ok
15:21:41.0769 5260 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:21:41.0772 5260 uliagpkx - ok
15:21:41.0802 5260 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:21:41.0805 5260 umbus - ok
15:21:41.0821 5260 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:21:41.0825 5260 UmPass - ok
15:21:41.0924 5260 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:21:41.0941 5260 UNS - ok
15:21:41.0962 5260 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:21:41.0967 5260 upnphost - ok
15:21:41.0992 5260 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:21:41.0994 5260 USBAAPL64 - ok
15:21:42.0029 5260 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
15:21:42.0031 5260 usbbus - ok
15:21:42.0047 5260 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:21:42.0051 5260 usbccgp - ok
15:21:42.0070 5260 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:21:42.0074 5260 usbcir - ok
15:21:42.0099 5260 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
15:21:42.0102 5260 UsbDiag - ok
15:21:42.0119 5260 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:21:42.0122 5260 usbehci - ok
15:21:42.0145 5260 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:21:42.0151 5260 usbhub - ok
15:21:42.0175 5260 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
15:21:42.0177 5260 USBModem - ok
15:21:42.0194 5260 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:21:42.0197 5260 usbohci - ok
15:21:42.0214 5260 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:21:42.0216 5260 usbprint - ok
15:21:42.0238 5260 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:21:42.0240 5260 usbscan - ok
15:21:42.0258 5260 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:21:42.0261 5260 USBSTOR - ok
15:21:42.0273 5260 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:21:42.0276 5260 usbuhci - ok
15:21:42.0299 5260 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:21:42.0304 5260 usbvideo - ok
15:21:42.0321 5260 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:21:42.0324 5260 UxSms - ok
15:21:42.0340 5260 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:21:42.0341 5260 VaultSvc - ok
15:21:42.0363 5260 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:21:42.0366 5260 vdrvroot - ok
15:21:42.0393 5260 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:21:42.0405 5260 vds - ok
15:21:42.0423 5260 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:21:42.0425 5260 vga - ok
15:21:42.0449 5260 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:21:42.0452 5260 VgaSave - ok
15:21:42.0469 5260 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:21:42.0475 5260 vhdmp - ok
15:21:42.0492 5260 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:21:42.0495 5260 viaide - ok
15:21:42.0511 5260 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:21:42.0514 5260 volmgr - ok
15:21:42.0543 5260 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:21:42.0550 5260 volmgrx - ok
15:21:42.0571 5260 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:21:42.0577 5260 volsnap - ok
15:21:42.0595 5260 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:21:42.0600 5260 vsmraid - ok
15:21:42.0653 5260 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:21:42.0694 5260 VSS - ok
15:21:42.0711 5260 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:21:42.0714 5260 vwifibus - ok
15:21:42.0730 5260 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:21:42.0732 5260 vwififlt - ok
15:21:42.0747 5260 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:21:42.0750 5260 vwifimp - ok
15:21:42.0774 5260 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:21:42.0782 5260 W32Time - ok
15:21:42.0800 5260 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:21:42.0802 5260 WacomPen - ok
15:21:42.0833 5260 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:21:42.0836 5260 WANARP - ok
15:21:42.0841 5260 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:21:42.0844 5260 Wanarpv6 - ok
15:21:42.0910 5260 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:21:42.0941 5260 WatAdminSvc - ok
15:21:42.0994 5260 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:21:43.0046 5260 wbengine - ok
15:21:43.0069 5260 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:21:43.0075 5260 WbioSrvc - ok
15:21:43.0100 5260 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:21:43.0107 5260 wcncsvc - ok
15:21:43.0123 5260 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:21:43.0127 5260 WcsPlugInService - ok
15:21:43.0148 5260 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:21:43.0150 5260 Wd - ok
15:21:43.0177 5260 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:21:43.0188 5260 Wdf01000 - ok
15:21:43.0200 5260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:21:43.0204 5260 WdiServiceHost - ok
15:21:43.0209 5260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:21:43.0211 5260 WdiSystemHost - ok
15:21:43.0232 5260 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:21:43.0239 5260 WebClient - ok
15:21:43.0247 5260 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:21:43.0252 5260 Wecsvc - ok
15:21:43.0262 5260 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:21:43.0265 5260 wercplsupport - ok
15:21:43.0276 5260 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:21:43.0280 5260 WerSvc - ok
15:21:43.0305 5260 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:21:43.0308 5260 WfpLwf - ok
15:21:43.0395 5260 [ 221780B6C152FB24881638DEFEFF4305 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
15:21:43.0410 5260 WiMAXAppSrv - ok
15:21:43.0439 5260 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
15:21:43.0444 5260 WimFltr - ok
15:21:43.0454 5260 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:21:43.0456 5260 WIMMount - ok
15:21:43.0478 5260 WinDefend - ok
15:21:43.0486 5260 WinHttpAutoProxySvc - ok
15:21:43.0536 5260 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:21:43.0541 5260 Winmgmt - ok
15:21:43.0600 5260 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:21:43.0639 5260 WinRM - ok
15:21:43.0691 5260 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:21:43.0694 5260 WinUsb - ok
15:21:43.0729 5260 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:21:43.0754 5260 Wlansvc - ok
15:21:43.0808 5260 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:21:43.0811 5260 wlcrasvc - ok
15:21:43.0889 5260 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:21:43.0932 5260 wlidsvc - ok
15:21:43.0959 5260 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:21:43.0961 5260 WmiAcpi - ok
15:21:43.0985 5260 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:21:43.0990 5260 wmiApSrv - ok
15:21:44.0012 5260 WMPNetworkSvc - ok
15:21:44.0033 5260 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:21:44.0037 5260 WPCSvc - ok
15:21:44.0060 5260 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:21:44.0065 5260 WPDBusEnum - ok
15:21:44.0089 5260 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:21:44.0090 5260 ws2ifsl - ok
15:21:44.0110 5260 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:21:44.0114 5260 wscsvc - ok
15:21:44.0119 5260 WSearch - ok
15:21:44.0184 5260 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:21:44.0235 5260 wuauserv - ok
15:21:44.0248 5260 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:21:44.0251 5260 WudfPf - ok
15:21:44.0270 5260 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:21:44.0273 5260 WUDFRd - ok
15:21:44.0288 5260 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:21:44.0293 5260 wudfsvc - ok
15:21:44.0311 5260 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:21:44.0318 5260 WwanSvc - ok
15:21:44.0342 5260 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:21:44.0350 5260 yukonw7 - ok
15:21:44.0392 5260 [ 74983ADDCA2D9618512C088D856D6615 ] {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
15:21:44.0396 5260 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
15:21:44.0427 5260 ================ Scan global ===============================
15:21:44.0447 5260 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:21:44.0474 5260 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:21:44.0488 5260 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:21:44.0508 5260 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:21:44.0527 5260 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:21:44.0534 5260 [Global] - ok
15:21:44.0537 5260 ================ Scan MBR ==================================
15:21:44.0544 5260 [ C3220EB08ADD62E3ED9F72A1F4E4B1BB ] \Device\Harddisk0\DR0
15:21:44.0848 5260 \Device\Harddisk0\DR0 - ok
15:21:44.0848 5260 ================ Scan VBR ==================================
15:21:44.0851 5260 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
15:21:44.0853 5260 \Device\Harddisk0\DR0\Partition1 - ok
15:21:44.0871 5260 [ 02D3C531AC736F85F2D45F0E1FD3F66F ] \Device\Harddisk0\DR0\Partition2
15:21:44.0874 5260 \Device\Harddisk0\DR0\Partition2 - ok
15:21:44.0874 5260 ============================================================
15:21:44.0874 5260 Scan finished
15:21:44.0874 5260 ============================================================
15:21:44.0887 6736 Detected object count: 0
15:21:44.0887 6736 Actual detected object count: 0

I will proceed with completing Step 2 after I ask a couple of questions:

(1) I allowed ESET to install the following Active X Control: "ONLINESCANNER.CAB FROM ESET, SPOL.S R.O." Is this OK?
(2) Should I leave the "Remove Found Threats Box" (checked by default) as "checked"?
(3) It appears that this tool will run better if I disable antivirus/antispyware while still connected to the Internet. Should I do this??

Waiting on further instructions....thank you!!

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 27 September 2012 - 07:31 PM

Hi joshuals,

  • Yes, you can allow that active control.
  • Yes, leave it as checked.
  • You can leave your a/v on while it's scanning.

If that comes back clean, I'm going to move this thread to the Virus Removal Forum so we can use some higher power tools such as FSS.

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:11:12 PM

Posted 27 September 2012 - 08:47 PM

Hi etavares

Eset found zero threats and did not present the option to print a log. Note that I had started the scan with the fix option unchecked before receiving your last post. Since the Eset scan didn't find anything I guess it's a moot point that it was unchecked. I can run the scan again if you prefer.

The computer behavior is starting to fit a pattern. After a successful logon to BC, I can navigate around the site normally. But sooner or later, the connection will be lost and the next jump will result in the message "Internet Explorer Cannot Display the Webpage". Shortly thereafter, the yellow exclamation point will appear over my internet connection, with the message "no internet access" in the notification area in the lower right of the screen. After a few minutes, the exclamation point will go away, and sooner or later I can connect to BC again. However, it sometimes takes repeated attempts at logon to avoid the timeout message and get logged on again. I'm wondering if this behavior is a problem with the ISP or the system of routers & modems that feeds this complex. If this doesn't resolve soon, I'll attempt to conect via a hotspot nearby or my cellular modem (and pay the roaming charge!!) just to try to isolate this aspect of the problem.

Note that I have absolutely no other signs of malware since the initial intrusion revealed by MBAM: no popups, no Google redirects, no ads playing.

As I reported in my PM, all attempts to ping bleepingcomputer.com have been unsuccessful. If I am logged on, the message is "Reply from 208.43.87.2 Destination Host is Unreachable". If I have been dumped off the BC site, the message is "Ping request could not find host bleepingcomputer.com". Following up immediately with attempts to ping Google are always successful.

I think I've had about enough for today; I'll look forward to your response tomorrow.

Thanks again

joshuals

#6 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:11:12 PM

Posted 28 September 2012 - 05:52 AM

Good Morning etavares

Computer seems to be exhibiting same symptoms as yesterday: intermittent loss of internet connectivity.

I am still unable to successfully ping using any of the following commands from the command prompt
ping bleepingcomputer.com
ping www.bleepingcomputer.com
ping 208.43.87.2

The ping response failure verbiage seems to vary between "Destination Host is Unreachable" and "Ping request could not find host bleepingcomputer.com", but I can't seem to establish a pattern of what conditions elicit which response.

Notice also the ping results in This Link, Post #9. This user is getting the same failure as I.

joshuals

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 28 September 2012 - 07:12 AM

Hi joshuals,

It's interesting it's just us. Let's look at FSS and MiniToolbox to see what is going on.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Next, please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:11:12 PM

Posted 28 September 2012 - 08:24 AM

Hi etavares

Computer Behavior since last post
Internet working fine until I received BC e-mail that you had posted.
Clicked link to your post from within e-mail
Reached BC successfully & read your post
As I was reading your post, the "No Internet Access" message came up in notification area of Desktop
Connection re-established itself after several seconds
Proceeded according to your instructions; both tools run "as Administrator"
When I maximized the (previously minimized) BC page from the taskbar after running tools, any further action on BC timed out with "Internet Explorer Cannot Display the Webpage"
Internet connection apparently still OK per notification area of Taskbar
Waited a few minutes
Ability to navigate BC site has now returned without re-logging in
Now will attempt to paste logs...we'll see!! (Note I'm creating the text of the post in Fass, then pasting into BC thread so as to not lose the text if I get disconnected)

Logs follow

Farbar Service Scanner Version: 19-09-2012
Ran by Admin (administrator) on 28-09-2012 at 05:44:52
Running from "C:\Users\Ben\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
\Windows\System32\nsisvc.dll => MD5 is legit
\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
\Windows\System32\dhcpcore.dll => MD5 is legit
\Windows\System32\drivers\afd.sys => MD5 is legit
\Windows\System32\drivers\tdx.sys => MD5 is legit
\Windows\System32\Drivers\tcpip.sys => MD5 is legit
\Windows\System32\dnsrslvr.dll => MD5 is legit
\Windows\System32\mpssvc.dll => MD5 is legit
\Windows\System32\bfe.dll => MD5 is legit
\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
\Windows\System32\SDRSVC.dll => MD5 is legit
\Windows\System32\vssvc.exe => MD5 is legit
\Windows\System32\wscsvc.dll => MD5 is legit
\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
\Windows\System32\wuaueng.dll => MD5 is legit
\Windows\System32\qmgr.dll => MD5 is legit
\Windows\System32\es.dll => MD5 is legit
\Windows\System32\cryptsvc.dll => MD5 is legit
\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
\Windows\System32\svchost.exe => MD5 is legit
\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

MiniToolBox by Farbar Version: 23-07-2012
Ran by Admin (administrator) on 28-09-2012 at 05:57:27
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6250 AGN = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Intel® Centrino® WiMAX 6250 = Local Area Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : TRISTAR149
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6250
Physical Address. . . . . . . . . : 64-D4-DA-1D-86-88
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 00-23-15-AF-D9-89
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-23-15-AF-D9-89
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN
Physical Address. . . . . . . . . : 00-23-15-AF-D9-88
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e935:8c6e:9a52:21fc%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, September 28, 2012 2:46:09 AM
Lease Expires . . . . . . . . . . : Friday, October 05, 2012 2:46:09 AM
Default Gateway . . . . . . . . . : fe80::226:5aff:fecb:a471%11
192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{9384C5D0-1C31-4AA4-8AD5-6E4F394A9E99}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1c24:3155:3f57:ff9b(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c24:3155:3f57:ff9b%20(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.226.4
74.125.226.0
74.125.226.9
74.125.226.2
74.125.226.5
74.125.226.1
74.125.226.8
74.125.226.14
74.125.226.6
74.125.226.7
74.125.226.3

Pinging google.com [74.125.226.3] with 32 bytes of data:
Reply from 74.125.226.3: bytes=32 time=31ms TTL=53
Reply from 74.125.226.3: bytes=32 time=30ms TTL=53

Ping statistics for 74.125.226.3:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 31ms, Average = 30ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=136ms TTL=48
Reply from 72.30.38.140: bytes=32 time=554ms TTL=48

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 136ms, Maximum = 554ms, Average = 345ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 3ms, Average = 2ms
===========================================================================
Interface List
14...64 d4 da 1d 86 88 ......Intel® Centrino® WiMAX 6250
13...00 23 15 af d9 89 ......Microsoft Virtual WiFi Miniport Adapter #2
12...00 23 15 af d9 89 ......Microsoft Virtual WiFi Miniport Adapter
11...00 23 15 af d9 88 ......Intel® Centrino® Advanced-N 6250 AGN
1...........................Software Loopback Interface 1
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.100 281
192.168.0.100 255.255.255.255 On-link 192.168.0.100 281
192.168.0.255 255.255.255.255 On-link 192.168.0.100 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.100 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.100 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 281 ::/0 fe80::226:5aff:fecb:a471
20 58 ::/0 On-link
1 306 ::1/128 On-link
20 58 2001::/32 On-link
20 306 2001:0:9d38:953c:1c24:3155:3f57:ff9b/128
On-link
11 281 fe80::/64 On-link
20 306 fe80::/64 On-link
20 306 fe80::1c24:3155:3f57:ff9b/128
On-link
11 281 fe80::e935:8c6e:9a52:21fc/128
On-link
1 306 ff00::/8 On-link
20 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 \Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 \Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 \Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 \Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 \Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 \Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 \Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 \Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 \Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 \Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 \Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 \Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 \Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 \Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/27/2012 06:30:46 AM) (Source: Microsoft-Windows-User Profiles Service) (User: TRISTAR149)TRISTAR149
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (09/27/2012 06:30:46 AM) (Source: Microsoft-Windows-User Profiles Service) (User: TRISTAR149)TRISTAR149
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (09/27/2012 06:30:46 AM) (Source: Microsoft-Windows-User Profiles Service) (User: TRISTAR149)TRISTAR149
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.

Error: (09/27/2012 06:30:46 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)NT AUTHORITY
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\Admin\ntuser.dat

Error: (09/23/2012 00:01:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/22/2012 06:37:36 PM) (Source: Application Hang) (User: )
Description: The program OUTLOOK.EXE version 14.0.6117.5001 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e04

Start Time: 01cd992becce82e2

Termination Time: 20

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

Report Id: 373f1821-051f-11e2-9bb9-9e86a6c3603c

Error: (09/22/2012 06:27:34 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c48

Start Time: 01cd992a973fde9c

Termination Time: 10

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (09/22/2012 02:48:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/20/2012 01:33:05 PM) (Source: Outlook) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x80070015.

Error: (09/20/2012 01:32:32 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (09/28/2012 02:46:18 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (09/28/2012 02:46:18 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (09/27/2012 06:16:42 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/26/2012 05:24:27 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/26/2012 05:24:25 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/26/2012 05:24:23 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (09/26/2012 03:14:56 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (09/26/2012 03:14:56 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (09/26/2012 03:12:10 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (09/22/2012 07:02:42 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Microsoft Office Sessions:
=========================
Error: (09/27/2012 06:30:46 AM) (Source: Microsoft-Windows-User Profiles Service)(User: TRISTAR149)TRISTAR149
Description:

Error: (09/27/2012 06:30:46 AM) (Source: Microsoft-Windows-User Profiles Service)(User: TRISTAR149)TRISTAR149
Description:

Error: (09/27/2012 06:30:46 AM) (Source: Microsoft-Windows-User Profiles Service)(User: TRISTAR149)TRISTAR149
Description: The process cannot access the file because it is being used by another process.

Error: (09/27/2012 06:30:46 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)NT AUTHORITY
Description: The process cannot access the file because it is being used by another process.
C:\Users\Admin\ntuser.dat

Error: (09/23/2012 00:01:24 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (09/22/2012 06:37:36 PM) (Source: Application Hang)(User: )
Description: OUTLOOK.EXE14.0.6117.5001e0401cd992becce82e220C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE373f1821-051f-11e2-9bb9-9e86a6c3603c

Error: (09/22/2012 06:27:34 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16450c4801cd992a973fde9c10C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (09/22/2012 02:48:15 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (09/20/2012 01:33:05 PM) (Source: Outlook)(User: )
Description: 0x80070015

Error: (09/20/2012 01:32:32 PM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

=========================== Installed Programs ============================

Adobe Acrobat X Pro - English, Franšais, Deutsch (Version: 10.1.4)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Bentley InRoads Group 2004 Edition (V8.8) (Version: 08.08.00.46)
Bentley MicroStation (V 08.05.02.55) - 1
Best Buy pc app (Version: 3.1.0.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.22)
Coupon Printer for Windows (Version: 5.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.10)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.47)
Dell Dock (Version: 2.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Product Registration (Version: 1.0.3)
Dell Support Center (Version: 3.0.5621.01)
Dell Webcam Central (Version: 1.40.05)
ERUNT 1.1j
EULAlyzer 2.2 (Version: 2.2.0)
Garmin City Navigator North America NT 2012.40 Update (Version: 15.40.0.0)
Garmin City Navigator North America NT 2013.10 Update (Version: 16.10.0.0)
Garmin Lifetime Updater (Version: 2.1.7)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.123)
GoToAssist 8.0.0.514
HiJackThis (Version: 1.0.0)
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.0.334.0)
HP Deskjet 3050 J610 series Help (Version: 140.0.63.63)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 22.0.334.0)
HP Update (Version: 5.002.005.003)
IDT Audio (Version: 1.0.6289.0)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2202)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.1000)
Intel® Rapid Storage Technology (Version: 9.6.4.1002)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
Intel« PROSet/Wireless WiMAX Software (Version: 2.03.3000)
Internet Explorer (Version: 8)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
KeePass Password Safe 2.19
LG USB Modem driver
LingvoSoft Dictionary 2006 (English<->French) for Windows
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Access database engine 2010 (English) (Version: 14.0.6029.1000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Streets & Trips 2011 (Version: 18.0.1)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mobile Broadband Generic Drivers (Version: 2.02.07.002.14)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Norton 360 (Version: 20.1.1.2)
Pawsoft Fass
Power BibleCD
PowerDVD DX (Version: 8.3.6029)
Quicken 2011 (Version: 20.1.8.6)
Quickset64 (Version: 10.5.0)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30109)
Recuva (Version: 1.43)
RedistSysFiles (Version: 8.1.0)
Revo Uninstaller 1.94 (Version: 1.94)
Roxio Burn (Version: 1.01)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Speccy (Version: 1.16)
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 15.0.0.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VBA (2627.01) (Version: 6.03.00.9402)
VZAccess Manager for Novatel (Version: 6.9.8)
WIDCOMM Bluetooth Software (Version: 6.2.1.1100)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501) (Version: 03/24/2010 6.3.0.2501)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinZip 16.5 (Version: 16.5.10095)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 7990.68 MB
Available physical RAM: 5529.09 MB
Total Pagefile: 15979.56 MB
Available Pagefile: 13410.07 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.91 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:609.96 GB) NTFS

========================= Users: ========================================

User accounts for \\TRISTAR149

Admin Administrator Ben
Guest

**** End of log ****

#9 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:11:12 PM

Posted 28 September 2012 - 04:30 PM

Hi etavares...

Not meaning to bump this post, but I have some new information that may be helpful.

(1) Today all attempts fail to log in to www.bleepingcomputer.com (typing into browser) via the wireless service at my residence, resulting in "Internet Explorer Cannot Display the Webpage". Most (but not all) other websites load normally.
(2) Killed wireless connection with the switch on the laptop
(3) Connected to Internet via Verizon Wireless USB modem
(4) All attempts succeed to log in to www.bleepingcomputer.com (typing into browser) and all other websites on my desktop succeed using the Verizon modem
(5) I was able to get the landlord to unlock the cabinet where the wireless router is located. I then connected via an ethernet cable and the Internet connection seems to be much more stable, and I can now consistently reach BC.
(5) All attempts to ping bleepingcomputer.com, whether with residence wireless, residence ethernet, or Verizon modem all result in "Reply from 208.43.87.2: Destination host unreachable" or "Ping request could not find host bleepingcomputer.com. Please check the name and try again"

I also want to apprise you of some "out of the ordinary" activity that I have done on this computer recently, just to see if it helps with "Am I Infected":

(1) On September 21, having read This Topic, I performed the fixit suggested from This Fixit.

(2) On September 22 I received notification from Microsoft that a patch for IE9 was ready to install. Before allowing the Windows Update, I disabled This Fixit as instructed in This Topic. Then I ran Windows Update. The only update I allowed was the IE9 patch.

(3) On September 22, after having updated Norton360 software to the latest version, I was locked out of my Norton Backup. I allowed a Norton Customer Service Rep to initiate a RAT session whereby he took control of my computer ( :woot: ) and rectified the situation with Norton Backup. After this RAT session, I changed all banking passwords. :dance:

(4) On September 26 I got the message from MBAM that I related in Post #1 of this thread.

Hope some of this info helps

Thank you

joshuals

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 28 September 2012 - 04:39 PM

Before we move on...do others have the same issue with wireless on the same router/network?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:11:12 PM

Posted 28 September 2012 - 05:15 PM

The renters who were in the chalet next to us yesterday, and who experienced the same outage as I, have left. A new set of residents just arrived and have not checked their connection yet. I will check with them tomorrow morning and post the results. All the other chalets are unoccupied at the moment. Nothing is ever simple, is it?

Based on my last few hours' experience online, I think the wireless aspect of it was the culprit for the intermittent connection problem. I'm having no problems with the ethernet conection at the moment.

Could we take the intermittent Internet aspect out of the equation and proceed to see if I am infected or shall we close this thread and I can return to my exercises tomorrow and see what happens?

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 28 September 2012 - 07:33 PM

I've moved this thread to be safe as I'll probably get into trouble with scans and not know it. I will say that removing some of the recent malware has messed up wireless connections. The simple solution to fix that would be a system restore to a date before you ran into issues. However, if others are having the same issues, then it's narrowed down to the router or modem.

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:11:12 PM

Posted 29 September 2012 - 12:25 PM

Hi etavares

I believe we have isolated the Internet connectivity issue to a problem with the router at this residence. The residents next door, who are connected though the same network node, but are using a router located in their residence, are not having any issues. Therefore I conclude that this is not a network-wide or an ISP issue.

Are there any security/firewall concerns with my having bypassed the router and connecting directly into the network node?

In light of the logs I have posted, how shall we proceed? I would like to ensure that there is no infection present from the original MBAM issue.

joshuals

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 AM

Posted 29 September 2012 - 01:00 PM

Hi joshuals,

We can't rule if it's the network (router) or your computer's wifi yet...are you able to connect wirelessly to their router? I'm trying to narrow it down to router issue or your computer. The only way to be sure is to have them connect to your router, or have you connect to another network yourself. If you can connect via WiFi to another router...at a coffee shop, another residence, the library, etc., and you DON'T have issues...we'd just reset the router. If you have the same issues, we'll need to dig into your computer's settings and logs. Is it possible to try to connect to a different router (on your residence's network, or any other network...it doesn't matter). If not, we'll dig in, but we might be going down a rabbit hole where nothing is wrong and the router is the issue. WE'll just never be 100% sure.

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 joshuals

joshuals
  • Topic Starter

  • Members
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec (Summer) Arizona (Winter)
  • Local time:11:12 PM

Posted 30 September 2012 - 07:18 AM

Hi etavares

are you able to connect wirelessly to their router?


I am able to connect wirelessly to their router that is located in my residence. When I do, the ability to connect to BC and certain other websites (but not all) is intermittent, even though the network signal level is five bars. From time to time, an exclamation mark superimposes upon the bars in the notification area and hovering on that icon results in the message "No Internet Access". After a few seconds or minutes, the exclamation mark disappears, resulting in the message "Internet Access."

I am able to connect wirelessly from my residence to the neighbor's router (in the same network as this residence), but the signal level is weak and fluctuating, and so all internet activity is intermittent and therefore the results are inconclusive.

If I make an ethernet connection to the router in my residence, the connection is more stable than the wireless connection, but still BC and other websites are still intermittent.

If I make an ethernet connection directly to the network node located in my residence, bypassing the router in my residence, the connection works flawlessly on all websites.

I need to get to a wi-fi hotspot in town (20 miles away) to test the functionality of the laptop wireless on an independent system. We are having horrendous weather today, so I will get to this step as soon as I can.

I have experienced no other signs of malware on my system since my first post in this thread.

Please bear with me.

joshuals




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users