Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects/Pop-ups


  • Please log in to reply
15 replies to this topic

#1 Jay0906

Jay0906

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 October 2012 - 09:48 AM

Hi, well I'm not the most tech-savy person but usually I capable of fixing these problems myself with some trial & error. But I seem to have caught some sort of virus/malware or something of the sorts. The issues I am experiencing are redirects randomly and pop-ups leading me to weird sites trying to make me purchase things. Also my PC seems to have slowed down quite a lot. I've ran scans with malwarebytes and various other programs and it tells me I'm fine yet these problems occur. I've searched through Google and this forum for help but nothing seems to be working for me so I though I'd sign-up and start my own thread and see if you guys could give me a hand. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Jay0906

Jay0906
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 October 2012 - 09:58 AM

Also I forgot to add I have 2x iexplore.exe processes running according to task manager even though I only use Firefox and there is no internet explorer tab on my windows taskbar. I found this to be weird so I thought it might be helpful to you in some way.

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:09 PM

Posted 13 October 2012 - 10:21 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 Jay0906

Jay0906
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 October 2012 - 11:30 AM

TDSSKILLER:


17:26:51.0084 2344 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:26:51.0213 2344 ============================================================
17:26:51.0213 2344 Current date / time: 2012/10/13 17:26:51.0213
17:26:51.0213 2344 SystemInfo:
17:26:51.0213 2344
17:26:51.0213 2344 OS Version: 6.0.6002 ServicePack: 2.0
17:26:51.0213 2344 Product type: Workstation
17:26:51.0213 2344 ComputerName: JAY-PC
17:26:51.0213 2344 UserName: Millie
17:26:51.0213 2344 Windows directory: C:\Windows
17:26:51.0213 2344 System windows directory: C:\Windows
17:26:51.0213 2344 Processor architecture: Intel x86
17:26:51.0213 2344 Number of processors: 2
17:26:51.0213 2344 Page size: 0x1000
17:26:51.0213 2344 Boot type: Normal boot
17:26:51.0213 2344 ============================================================
17:26:52.0183 2344 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:26:52.0184 2344 ============================================================
17:26:52.0184 2344 \Device\Harddisk0\DR0:
17:26:52.0185 2344 MBR partitions:
17:26:52.0185 2344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x49256FE8
17:26:52.0185 2344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x49257800, BlocksNum 0xBFF800
17:26:52.0185 2344 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x49E57800, BlocksNum 0x9FF800
17:26:52.0185 2344 ============================================================
17:26:52.0219 2344 C: <-> \Device\Harddisk0\DR0\Partition1
17:26:52.0273 2344 D: <-> \Device\Harddisk0\DR0\Partition2
17:26:52.0309 2344 E: <-> \Device\Harddisk0\DR0\Partition3
17:26:52.0310 2344 ============================================================
17:26:52.0310 2344 Initialize success
17:26:52.0310 2344 ============================================================
17:27:04.0444 0924 ============================================================
17:27:04.0444 0924 Scan started
17:27:04.0444 0924 Mode: Manual; TDLFS;
17:27:04.0444 0924 ============================================================
17:27:05.0209 0924 ================ Scan system memory ========================
17:27:05.0209 0924 System memory - ok
17:27:05.0209 0924 ================ Scan services =============================
17:27:05.0349 0924 65878623 - ok
17:27:05.0411 0924 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:27:05.0443 0924 ACPI - ok
17:27:05.0552 0924 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:27:05.0552 0924 AdobeARMservice - ok
17:27:05.0661 0924 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:27:05.0661 0924 AdobeFlashPlayerUpdateSvc - ok
17:27:05.0723 0924 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:27:05.0739 0924 adp94xx - ok
17:27:05.0739 0924 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:27:05.0739 0924 adpahci - ok
17:27:05.0755 0924 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:27:05.0755 0924 adpu160m - ok
17:27:05.0770 0924 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:27:05.0770 0924 adpu320 - ok
17:27:05.0879 0924 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
17:27:05.0895 0924 AdvancedSystemCareService5 - ok
17:27:05.0926 0924 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:27:05.0926 0924 AeLookupSvc - ok
17:27:05.0942 0924 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
17:27:05.0942 0924 AFD - ok
17:27:05.0957 0924 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:27:05.0957 0924 agp440 - ok
17:27:05.0973 0924 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:27:05.0973 0924 aic78xx - ok
17:27:05.0989 0924 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
17:27:05.0989 0924 ALG - ok
17:27:05.0989 0924 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
17:27:06.0004 0924 aliide - ok
17:27:06.0020 0924 [ 50EBBB86E493BD9AB7DDF914A90EEF8E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:27:06.0020 0924 AMD External Events Utility - ok
17:27:06.0035 0924 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:27:06.0035 0924 amdagp - ok
17:27:06.0035 0924 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
17:27:06.0035 0924 amdide - ok
17:27:06.0051 0924 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
17:27:06.0051 0924 AmdK7 - ok
17:27:06.0051 0924 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:27:06.0051 0924 AmdK8 - ok
17:27:06.0254 0924 [ 70EB74785AB7FC603FEF19D87B7A7946 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:27:06.0301 0924 amdkmdag - ok
17:27:06.0347 0924 [ BA99833BBDE9C4FF389FC8114FB14843 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:27:06.0347 0924 amdkmdap - ok
17:27:06.0363 0924 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
17:27:06.0363 0924 Appinfo - ok
17:27:06.0441 0924 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:27:06.0441 0924 Apple Mobile Device - ok
17:27:06.0457 0924 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
17:27:06.0457 0924 arc - ok
17:27:06.0457 0924 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:27:06.0457 0924 arcsas - ok
17:27:06.0488 0924 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\Windows\system32\drivers\AsIO.sys
17:27:06.0488 0924 AsIO - ok
17:27:06.0581 0924 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:27:06.0581 0924 aspnet_state - ok
17:27:06.0597 0924 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:27:06.0597 0924 AsyncMac - ok
17:27:06.0628 0924 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
17:27:06.0628 0924 atapi - ok
17:27:06.0644 0924 [ 35290682DBDB9CEDE934B73369F3CEDE ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH3.sys
17:27:06.0644 0924 AtiHDAudioService - ok
17:27:06.0847 0924 [ 70EB74785AB7FC603FEF19D87B7A7946 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:27:06.0893 0924 atikmdag - ok
17:27:07.0034 0924 [ 6F6BF0B550156037D6B17BB443DEBE20 ] atitray C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
17:27:07.0049 0924 atitray - ok
17:27:07.0096 0924 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:27:07.0096 0924 AudioEndpointBuilder - ok
17:27:07.0112 0924 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:27:07.0112 0924 Audiosrv - ok
17:27:07.0205 0924 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:27:07.0205 0924 Beep - ok
17:27:07.0252 0924 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:27:07.0283 0924 blbdrive - ok
17:27:07.0315 0924 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:27:07.0330 0924 Bonjour Service - ok
17:27:07.0346 0924 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:27:07.0346 0924 bowser - ok
17:27:07.0361 0924 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:27:07.0361 0924 BrFiltLo - ok
17:27:07.0361 0924 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:27:07.0377 0924 BrFiltUp - ok
17:27:07.0393 0924 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
17:27:07.0393 0924 Browser - ok
17:27:07.0408 0924 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
17:27:07.0408 0924 Brserid - ok
17:27:07.0424 0924 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:27:07.0424 0924 BrSerWdm - ok
17:27:07.0439 0924 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:27:07.0439 0924 BrUsbMdm - ok
17:27:07.0439 0924 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:27:07.0439 0924 BrUsbSer - ok
17:27:07.0439 0924 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:27:07.0439 0924 BTHMODEM - ok
17:27:07.0471 0924 [ E6D35F3AA51A65EB35C1F2340154A25E ] cbwrr C:\Windows\system32\drivers\mcwoi.sys
17:27:07.0471 0924 cbwrr - ok
17:27:07.0486 0924 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:27:07.0486 0924 cdfs - ok
17:27:07.0502 0924 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:27:07.0502 0924 cdrom - ok
17:27:07.0533 0924 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
17:27:07.0533 0924 CertPropSvc - ok
17:27:07.0533 0924 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
17:27:07.0533 0924 circlass - ok
17:27:07.0549 0924 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
17:27:07.0549 0924 CLFS - ok
17:27:07.0580 0924 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:07.0580 0924 clr_optimization_v2.0.50727_32 - ok
17:27:07.0642 0924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:27:07.0642 0924 clr_optimization_v4.0.30319_32 - ok
17:27:07.0658 0924 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:27:07.0658 0924 cmdide - ok
17:27:07.0658 0924 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:27:07.0658 0924 Compbatt - ok
17:27:07.0673 0924 COMSysApp - ok
17:27:07.0673 0924 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:27:07.0673 0924 crcdisk - ok
17:27:07.0705 0924 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
17:27:07.0705 0924 Crusoe - ok
17:27:07.0720 0924 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:27:07.0720 0924 CryptSvc - ok
17:27:07.0845 0924 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:27:07.0845 0924 DcomLaunch - ok
17:27:07.0892 0924 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:27:07.0907 0924 DfsC - ok
17:27:07.0939 0924 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
17:27:07.0985 0924 DFSR - ok
17:27:08.0017 0924 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:27:08.0017 0924 Dhcp - ok
17:27:08.0032 0924 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
17:27:08.0032 0924 disk - ok
17:27:08.0063 0924 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:27:08.0063 0924 Dnscache - ok
17:27:08.0110 0924 [ 99BA7D125927C2B3DFE7373673C29DA4 ] Dokan C:\Windows\system32\drivers\dokan.sys
17:27:08.0110 0924 Dokan - ok
17:27:08.0219 0924 [ 7F5C325B16A5A237F2DF6932BF853621 ] DokanMounter C:\Program Files\Dokan\DokanLibrary\mounter.exe
17:27:08.0219 0924 DokanMounter - ok
17:27:08.0251 0924 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:27:08.0251 0924 dot3svc - ok
17:27:08.0266 0924 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
17:27:08.0282 0924 DPS - ok
17:27:08.0297 0924 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:27:08.0297 0924 drmkaud - ok
17:27:08.0344 0924 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:27:08.0360 0924 DXGKrnl - ok
17:27:08.0391 0924 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:27:08.0391 0924 E1G60 - ok
17:27:08.0391 0924 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
17:27:08.0407 0924 EapHost - ok
17:27:08.0453 0924 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
17:27:08.0453 0924 Ecache - ok
17:27:08.0531 0924 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:27:08.0547 0924 ehRecvr - ok
17:27:08.0547 0924 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
17:27:08.0547 0924 ehSched - ok
17:27:08.0594 0924 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
17:27:08.0594 0924 ehstart - ok
17:27:08.0609 0924 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:27:08.0609 0924 elxstor - ok
17:27:08.0672 0924 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:27:08.0687 0924 EMDMgmt - ok
17:27:08.0687 0924 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:27:08.0703 0924 ErrDev - ok
17:27:08.0765 0924 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
17:27:08.0781 0924 EventSystem - ok
17:27:08.0797 0924 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
17:27:08.0797 0924 exfat - ok
17:27:08.0828 0924 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:27:08.0828 0924 fastfat - ok
17:27:08.0843 0924 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:27:08.0843 0924 fdc - ok
17:27:08.0843 0924 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
17:27:08.0843 0924 fdPHost - ok
17:27:08.0859 0924 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
17:27:08.0859 0924 FDResPub - ok
17:27:08.0859 0924 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:27:08.0859 0924 FileInfo - ok
17:27:08.0859 0924 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:27:08.0875 0924 Filetrace - ok
17:27:08.0875 0924 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:27:08.0875 0924 flpydisk - ok
17:27:08.0890 0924 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:27:08.0890 0924 FltMgr - ok
17:27:08.0921 0924 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
17:27:08.0937 0924 FontCache - ok
17:27:08.0953 0924 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:27:08.0953 0924 FontCache3.0.0.0 - ok
17:27:08.0968 0924 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:27:08.0984 0924 Fs_Rec - ok
17:27:08.0984 0924 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:27:08.0984 0924 gagp30kx - ok
17:27:09.0046 0924 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:27:09.0046 0924 GEARAspiWDM - ok
17:27:09.0077 0924 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
17:27:09.0093 0924 gpsvc - ok
17:27:09.0109 0924 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:27:09.0124 0924 HdAudAddService - ok
17:27:09.0140 0924 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:27:09.0155 0924 HDAudBus - ok
17:27:09.0171 0924 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:27:09.0171 0924 HidBth - ok
17:27:09.0171 0924 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:27:09.0171 0924 HidIr - ok
17:27:09.0187 0924 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
17:27:09.0187 0924 hidserv - ok
17:27:09.0202 0924 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:27:09.0202 0924 HidUsb - ok
17:27:09.0249 0924 [ 82B2A78BCA8CA0B63BF09005783C6548 ] HiPatchService C:\Program Files\Hi-Rez Studios\HiPatchService.exe
17:27:09.0249 0924 HiPatchService - ok
17:27:09.0327 0924 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:27:09.0327 0924 hkmsvc - ok
17:27:09.0327 0924 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:27:09.0327 0924 HpCISSs - ok
17:27:09.0358 0924 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:27:09.0358 0924 HTTP - ok
17:27:09.0374 0924 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:27:09.0374 0924 i2omp - ok
17:27:09.0389 0924 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:27:09.0389 0924 i8042prt - ok
17:27:09.0405 0924 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:27:09.0405 0924 iaStorV - ok
17:27:09.0452 0924 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:27:09.0467 0924 idsvc - ok
17:27:09.0499 0924 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:27:09.0514 0924 iirsp - ok
17:27:09.0530 0924 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
17:27:09.0530 0924 IKEEXT - ok
17:27:09.0982 0924 [ F2C17D2C3D70C389193D9954E375E5E3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:27:09.0998 0924 IntcAzAudAddService - ok
17:27:10.0029 0924 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
17:27:10.0060 0924 intelide - ok
17:27:10.0076 0924 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:27:10.0076 0924 intelppm - ok
17:27:10.0091 0924 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:27:10.0091 0924 IPBusEnum - ok
17:27:10.0107 0924 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:27:10.0107 0924 IpFilterDriver - ok
17:27:10.0107 0924 IpInIp - ok
17:27:10.0123 0924 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:27:10.0123 0924 IPMIDRV - ok
17:27:10.0123 0924 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:27:10.0123 0924 IPNAT - ok
17:27:10.0325 0924 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:27:10.0357 0924 iPod Service - ok
17:27:10.0388 0924 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:27:10.0388 0924 IRENUM - ok
17:27:10.0388 0924 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:27:10.0403 0924 isapnp - ok
17:27:10.0419 0924 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:27:10.0419 0924 iScsiPrt - ok
17:27:10.0435 0924 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:27:10.0435 0924 iteatapi - ok
17:27:10.0450 0924 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:27:10.0450 0924 iteraid - ok
17:27:10.0450 0924 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:27:10.0450 0924 kbdclass - ok
17:27:10.0481 0924 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:27:10.0481 0924 kbdhid - ok
17:27:10.0497 0924 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
17:27:10.0497 0924 KeyIso - ok
17:27:10.0606 0924 [ 93F9AE67E3BFFB9F3F8F85851F83C35B ] KLIF C:\Windows\system32\DRIVERS\klif.sys
17:27:10.0715 0924 KLIF - ok
17:27:10.0778 0924 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
17:27:10.0778 0924 KMWDFILTER - ok
17:27:10.0840 0924 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:27:10.0840 0924 KSecDD - ok
17:27:10.0996 0924 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:27:10.0996 0924 KtmRm - ok
17:27:11.0074 0924 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
17:27:11.0074 0924 LanmanServer - ok
17:27:11.0183 0924 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:27:11.0183 0924 LanmanWorkstation - ok
17:27:11.0261 0924 [ 87D6731F70D017590E12735ECC746CDE ] LGDDCDevice C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys
17:27:11.0261 0924 LGDDCDevice - ok
17:27:11.0277 0924 [ 089010666D9EA3BD17AFEDE301950B09 ] LGII2CDevice C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys
17:27:11.0277 0924 LGII2CDevice - ok
17:27:11.0277 0924 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:27:11.0277 0924 lltdio - ok
17:27:11.0308 0924 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:27:11.0324 0924 lltdsvc - ok
17:27:11.0355 0924 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:27:11.0355 0924 lmhosts - ok
17:27:11.0371 0924 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:27:11.0371 0924 LSI_FC - ok
17:27:11.0371 0924 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:27:11.0386 0924 LSI_SAS - ok
17:27:11.0386 0924 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:27:11.0386 0924 LSI_SCSI - ok
17:27:11.0402 0924 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
17:27:11.0402 0924 luafv - ok
17:27:11.0433 0924 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:27:11.0433 0924 Mcx2Svc - ok
17:27:11.0464 0924 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
17:27:11.0464 0924 megasas - ok
17:27:11.0480 0924 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:27:11.0480 0924 MegaSR - ok
17:27:11.0511 0924 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
17:27:11.0511 0924 MMCSS - ok
17:27:11.0511 0924 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
17:27:11.0511 0924 Modem - ok
17:27:11.0542 0924 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:27:11.0542 0924 monitor - ok
17:27:11.0605 0924 [ 9960B18D55E7BD0F265C3C1953D19592 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
17:27:11.0636 0924 MotioninJoyXFilter - ok
17:27:11.0651 0924 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:27:11.0667 0924 mouclass - ok
17:27:11.0667 0924 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:27:11.0667 0924 mouhid - ok
17:27:11.0683 0924 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:27:11.0683 0924 MountMgr - ok
17:27:11.0714 0924 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:27:11.0714 0924 MozillaMaintenance - ok
17:27:11.0745 0924 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
17:27:11.0745 0924 mpio - ok
17:27:11.0761 0924 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:27:11.0761 0924 mpsdrv - ok
17:27:11.0761 0924 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:27:11.0761 0924 Mraid35x - ok
17:27:11.0792 0924 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:27:11.0792 0924 MRxDAV - ok
17:27:11.0807 0924 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:27:11.0807 0924 mrxsmb - ok
17:27:11.0823 0924 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:27:11.0839 0924 mrxsmb10 - ok
17:27:11.0839 0924 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:27:11.0839 0924 mrxsmb20 - ok
17:27:11.0885 0924 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
17:27:11.0885 0924 msahci - ok
17:27:11.0885 0924 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:27:11.0885 0924 msdsm - ok
17:27:11.0932 0924 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
17:27:11.0932 0924 MSDTC - ok
17:27:11.0948 0924 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:27:11.0979 0924 Msfs - ok
17:27:11.0995 0924 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:27:11.0995 0924 msisadrv - ok
17:27:12.0026 0924 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:27:12.0026 0924 MSiSCSI - ok
17:27:12.0026 0924 msiserver - ok
17:27:12.0057 0924 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:27:12.0057 0924 MSKSSRV - ok
17:27:12.0057 0924 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:27:12.0057 0924 MSPCLOCK - ok
17:27:12.0057 0924 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:27:12.0057 0924 MSPQM - ok
17:27:12.0088 0924 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:27:12.0088 0924 MsRPC - ok
17:27:12.0104 0924 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:27:12.0104 0924 mssmbios - ok
17:27:12.0104 0924 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:27:12.0104 0924 MSTEE - ok
17:27:12.0135 0924 [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:27:12.0135 0924 MTsensor - ok
17:27:12.0166 0924 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
17:27:12.0166 0924 Mup - ok
17:27:12.0213 0924 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
17:27:12.0229 0924 napagent - ok
17:27:12.0244 0924 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:27:12.0244 0924 NativeWifiP - ok
17:27:12.0260 0924 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:27:12.0275 0924 NDIS - ok
17:27:12.0307 0924 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:27:12.0307 0924 NdisTapi - ok
17:27:12.0307 0924 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:27:12.0307 0924 Ndisuio - ok
17:27:12.0353 0924 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:27:12.0353 0924 NdisWan - ok
17:27:12.0369 0924 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:27:12.0369 0924 NDProxy - ok
17:27:12.0369 0924 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:27:12.0369 0924 NetBIOS - ok
17:27:12.0385 0924 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:27:12.0385 0924 netbt - ok
17:27:12.0400 0924 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
17:27:12.0400 0924 Netlogon - ok
17:27:12.0416 0924 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
17:27:12.0416 0924 Netman - ok
17:27:12.0463 0924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:27:12.0463 0924 NetMsmqActivator - ok
17:27:12.0463 0924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:27:12.0463 0924 NetPipeActivator - ok
17:27:12.0494 0924 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
17:27:12.0494 0924 netprofm - ok
17:27:12.0509 0924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:27:12.0509 0924 NetTcpActivator - ok
17:27:12.0509 0924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:27:12.0509 0924 NetTcpPortSharing - ok
17:27:12.0525 0924 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:27:12.0525 0924 nfrd960 - ok
17:27:12.0541 0924 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:27:12.0541 0924 NlaSvc - ok
17:27:12.0572 0924 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:27:12.0572 0924 Npfs - ok
17:27:12.0572 0924 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
17:27:12.0572 0924 nsi - ok
17:27:12.0572 0924 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:27:12.0572 0924 nsiproxy - ok
17:27:12.0619 0924 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:27:12.0634 0924 Ntfs - ok
17:27:12.0681 0924 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
17:27:12.0697 0924 ntrigdigi - ok
17:27:12.0712 0924 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
17:27:12.0712 0924 Null - ok
17:27:12.0759 0924 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:27:12.0790 0924 nvraid - ok
17:27:12.0806 0924 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:27:12.0806 0924 nvstor - ok
17:27:12.0821 0924 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:27:12.0821 0924 nv_agp - ok
17:27:12.0821 0924 NwlnkFlt - ok
17:27:12.0821 0924 NwlnkFwd - ok
17:27:12.0884 0924 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:27:12.0884 0924 ohci1394 - ok
17:27:12.0946 0924 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:27:12.0946 0924 ose - ok
17:27:13.0430 0924 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:27:13.0492 0924 osppsvc - ok
17:27:13.0539 0924 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:27:13.0555 0924 p2pimsvc - ok
17:27:13.0570 0924 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
17:27:13.0570 0924 p2psvc - ok
17:27:13.0601 0924 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
17:27:13.0601 0924 Parport - ok
17:27:13.0633 0924 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:27:13.0633 0924 partmgr - ok
17:27:13.0648 0924 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
17:27:13.0648 0924 Parvdm - ok
17:27:13.0664 0924 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
17:27:13.0664 0924 PcaSvc - ok
17:27:13.0695 0924 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
17:27:13.0695 0924 pci - ok
17:27:13.0711 0924 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
17:27:13.0711 0924 pciide - ok
17:27:13.0726 0924 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:27:13.0726 0924 pcmcia - ok
17:27:13.0742 0924 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:27:13.0757 0924 PEAUTH - ok
17:27:13.0851 0924 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
17:27:13.0882 0924 pla - ok
17:27:13.0898 0924 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:27:13.0913 0924 PlugPlay - ok
17:27:13.0913 0924 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:27:13.0913 0924 PNRPAutoReg - ok
17:27:13.0929 0924 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:27:13.0929 0924 PNRPsvc - ok
17:27:13.0945 0924 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:27:13.0960 0924 PolicyAgent - ok
17:27:13.0960 0924 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:27:13.0960 0924 PptpMiniport - ok
17:27:13.0976 0924 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
17:27:13.0976 0924 Processor - ok
17:27:13.0991 0924 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
17:27:13.0991 0924 ProfSvc - ok
17:27:13.0991 0924 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:27:13.0991 0924 ProtectedStorage - ok
17:27:14.0023 0924 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:27:14.0023 0924 PSched - ok
17:27:14.0054 0924 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:27:14.0069 0924 ql2300 - ok
17:27:14.0085 0924 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:27:14.0085 0924 ql40xx - ok
17:27:14.0085 0924 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
17:27:14.0101 0924 QWAVE - ok
17:27:14.0101 0924 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:27:14.0101 0924 QWAVEdrv - ok
17:27:14.0116 0924 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:27:14.0116 0924 RasAcd - ok
17:27:14.0116 0924 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
17:27:14.0116 0924 RasAuto - ok
17:27:14.0132 0924 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:27:14.0132 0924 Rasl2tp - ok
17:27:14.0194 0924 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
17:27:14.0210 0924 RasMan - ok
17:27:14.0225 0924 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:27:14.0225 0924 RasPppoe - ok
17:27:14.0241 0924 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:27:14.0241 0924 RasSstp - ok
17:27:14.0272 0924 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:27:14.0272 0924 rdbss - ok
17:27:14.0288 0924 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:27:14.0288 0924 RDPCDD - ok
17:27:14.0288 0924 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:27:14.0303 0924 rdpdr - ok
17:27:14.0303 0924 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:27:14.0303 0924 RDPENCDD - ok
17:27:14.0397 0924 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:27:14.0397 0924 RDPWD - ok
17:27:14.0491 0924 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:27:14.0491 0924 RemoteAccess - ok
17:27:14.0491 0924 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:27:14.0491 0924 RemoteRegistry - ok
17:27:14.0522 0924 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
17:27:14.0522 0924 RimUsb - ok
17:27:14.0537 0924 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
17:27:14.0537 0924 RimVSerPort - ok
17:27:14.0537 0924 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
17:27:14.0537 0924 ROOTMODEM - ok
17:27:14.0569 0924 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
17:27:14.0569 0924 RpcLocator - ok
17:27:14.0584 0924 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
17:27:14.0584 0924 RpcSs - ok
17:27:14.0600 0924 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:27:14.0600 0924 rspndr - ok
17:27:14.0615 0924 [ 811C4A6EA5C3B8C07352D4503409EF26 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
17:27:14.0631 0924 RTL8169 - ok
17:27:14.0631 0924 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
17:27:14.0631 0924 SamSs - ok
17:27:14.0647 0924 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:27:14.0662 0924 sbp2port - ok
17:27:14.0678 0924 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:27:14.0678 0924 SCardSvr - ok
17:27:14.0709 0924 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
17:27:14.0709 0924 Schedule - ok
17:27:14.0725 0924 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:27:14.0725 0924 SCPolicySvc - ok
17:27:14.0771 0924 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:27:14.0787 0924 SDRSVC - ok
17:27:14.0803 0924 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:27:14.0803 0924 secdrv - ok
17:27:14.0818 0924 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
17:27:14.0818 0924 seclogon - ok
17:27:14.0834 0924 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
17:27:14.0834 0924 SENS - ok
17:27:14.0849 0924 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:27:14.0849 0924 Serenum - ok
17:27:14.0865 0924 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:27:14.0865 0924 Serial - ok
17:27:14.0896 0924 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:27:14.0896 0924 sermouse - ok
17:27:14.0912 0924 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
17:27:14.0912 0924 SessionEnv - ok
17:27:14.0912 0924 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:27:14.0912 0924 sffdisk - ok
17:27:14.0927 0924 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:27:14.0927 0924 sffp_mmc - ok
17:27:14.0927 0924 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:27:14.0927 0924 sffp_sd - ok
17:27:14.0927 0924 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:27:14.0927 0924 sfloppy - ok
17:27:15.0083 0924 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:27:15.0083 0924 ShellHWDetection - ok
17:27:15.0130 0924 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:27:15.0146 0924 sisagp - ok
17:27:15.0161 0924 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:27:15.0161 0924 SiSRaid2 - ok
17:27:15.0161 0924 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:27:15.0161 0924 SiSRaid4 - ok
17:27:15.0536 0924 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
17:27:15.0583 0924 slsvc - ok
17:27:15.0598 0924 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:27:15.0598 0924 SLUINotify - ok
17:27:15.0614 0924 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:27:15.0614 0924 Smb - ok
17:27:15.0629 0924 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:27:15.0629 0924 SNMPTRAP - ok
17:27:15.0629 0924 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
17:27:15.0629 0924 spldr - ok
17:27:15.0661 0924 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
17:27:15.0661 0924 Spooler - ok
17:27:15.0692 0924 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:27:15.0692 0924 srv - ok
17:27:15.0879 0924 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:27:15.0910 0924 srv2 - ok
17:27:15.0988 0924 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:27:16.0019 0924 srvnet - ok
17:27:16.0066 0924 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:27:16.0082 0924 SSDPSRV - ok
17:27:16.0129 0924 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:27:16.0129 0924 SstpSvc - ok
17:27:16.0160 0924 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
17:27:16.0160 0924 stisvc - ok
17:27:16.0160 0924 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:27:16.0160 0924 swenum - ok
17:27:16.0191 0924 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
17:27:16.0191 0924 swprv - ok
17:27:16.0207 0924 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:27:16.0207 0924 Symc8xx - ok
17:27:16.0222 0924 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:27:16.0222 0924 Sym_hi - ok
17:27:16.0238 0924 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:27:16.0238 0924 Sym_u3 - ok
17:27:16.0269 0924 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
17:27:16.0285 0924 SysMain - ok
17:27:16.0285 0924 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:27:16.0285 0924 TabletInputService - ok
17:27:16.0316 0924 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:27:16.0316 0924 TapiSrv - ok
17:27:16.0331 0924 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
17:27:16.0331 0924 TBS - ok
17:27:16.0394 0924 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:27:16.0409 0924 Tcpip - ok
17:27:16.0472 0924 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:27:16.0472 0924 Tcpip6 - ok
17:27:16.0487 0924 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:27:16.0487 0924 tcpipreg - ok
17:27:16.0503 0924 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:27:16.0503 0924 TDPIPE - ok
17:27:16.0503 0924 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:27:16.0503 0924 TDTCP - ok
17:27:16.0519 0924 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:27:16.0519 0924 tdx - ok
17:27:16.0519 0924 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:27:16.0519 0924 TermDD - ok
17:27:16.0550 0924 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
17:27:16.0550 0924 TermService - ok
17:27:16.0643 0924 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
17:27:16.0643 0924 Themes - ok
17:27:16.0659 0924 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
17:27:16.0659 0924 THREADORDER - ok
17:27:16.0659 0924 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
17:27:16.0659 0924 TrkWks - ok
17:27:16.0690 0924 [ 113384367C3999E084FE156B18C7625E ] TrojanKillerDriver C:\Windows\system32\DRIVERS\gtkdrv.sys
17:27:16.0690 0924 TrojanKillerDriver - ok
17:27:16.0721 0924 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:27:16.0721 0924 TrustedInstaller - ok
17:27:16.0737 0924 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:27:16.0737 0924 tssecsrv - ok
17:27:16.0753 0924 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:27:16.0753 0924 tunmp - ok
17:27:16.0784 0924 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:27:16.0799 0924 tunnel - ok
17:27:16.0815 0924 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:27:16.0815 0924 uagp35 - ok
17:27:16.0831 0924 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:27:16.0831 0924 udfs - ok
17:27:16.0893 0924 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:27:16.0893 0924 UI0Detect - ok
17:27:16.0909 0924 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:27:16.0924 0924 uliagpkx - ok
17:27:16.0955 0924 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:27:16.0955 0924 uliahci - ok
17:27:16.0971 0924 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:27:16.0971 0924 UlSata - ok
17:27:16.0971 0924 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:27:16.0987 0924 ulsata2 - ok
17:27:16.0987 0924 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:27:16.0987 0924 umbus - ok
17:27:17.0002 0924 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
17:27:17.0002 0924 upnphost - ok
17:27:17.0049 0924 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
17:27:17.0049 0924 USBAAPL - ok
17:27:17.0065 0924 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:27:17.0080 0924 usbccgp - ok
17:27:17.0080 0924 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:27:17.0080 0924 usbcir - ok
17:27:17.0111 0924 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:27:17.0111 0924 usbehci - ok
17:27:17.0127 0924 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:27:17.0127 0924 usbhub - ok
17:27:17.0143 0924 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:27:17.0143 0924 usbohci - ok
17:27:17.0143 0924 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:27:17.0143 0924 usbprint - ok
17:27:17.0143 0924 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:27:17.0143 0924 USBSTOR - ok
17:27:17.0158 0924 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:27:17.0158 0924 usbuhci - ok
17:27:17.0189 0924 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
17:27:17.0189 0924 UxSms - ok
17:27:17.0205 0924 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
17:27:17.0221 0924 vds - ok
17:27:17.0252 0924 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:27:17.0252 0924 vga - ok
17:27:17.0252 0924 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
17:27:17.0252 0924 VgaSave - ok
17:27:17.0267 0924 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:27:17.0267 0924 viaagp - ok
17:27:17.0267 0924 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:27:17.0267 0924 ViaC7 - ok
17:27:17.0267 0924 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
17:27:17.0267 0924 viaide - ok
17:27:17.0283 0924 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:27:17.0283 0924 volmgr - ok
17:27:17.0299 0924 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:27:17.0299 0924 volmgrx - ok
17:27:17.0330 0924 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:27:17.0345 0924 volsnap - ok
17:27:17.0345 0924 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:27:17.0361 0924 vsmraid - ok
17:27:17.0377 0924 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
17:27:17.0392 0924 VSS - ok
17:27:17.0470 0924 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
17:27:17.0470 0924 W32Time - ok
17:27:17.0486 0924 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:27:17.0486 0924 WacomPen - ok
17:27:17.0486 0924 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:27:17.0486 0924 Wanarp - ok
17:27:17.0501 0924 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:27:17.0501 0924 Wanarpv6 - ok
17:27:17.0517 0924 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:27:17.0533 0924 wcncsvc - ok
17:27:17.0548 0924 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:27:17.0548 0924 WcsPlugInService - ok
17:27:17.0548 0924 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
17:27:17.0564 0924 Wd - ok
17:27:17.0579 0924 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:27:17.0595 0924 Wdf01000 - ok
17:27:17.0611 0924 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:27:17.0611 0924 WdiServiceHost - ok
17:27:17.0611 0924 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:27:17.0611 0924 WdiSystemHost - ok
17:27:17.0626 0924 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
17:27:17.0626 0924 WebClient - ok
17:27:17.0642 0924 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:27:17.0657 0924 Wecsvc - ok
17:27:17.0657 0924 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:27:17.0657 0924 wercplsupport - ok
17:27:17.0689 0924 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
17:27:17.0689 0924 WerSvc - ok
17:27:17.0689 0924 WinHttpAutoProxySvc - ok
17:27:17.0939 0924 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:27:17.0960 0924 Winmgmt - ok
17:27:18.0015 0924 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
17:27:18.0040 0924 WinRM - ok
17:27:18.0102 0924 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:27:18.0119 0924 Wlansvc - ok
17:27:18.0142 0924 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:27:18.0143 0924 WmiAcpi - ok
17:27:18.0171 0924 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:27:18.0174 0924 wmiApSrv - ok
17:27:18.0228 0924 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:27:18.0245 0924 WMPNetworkSvc - ok
17:27:18.0259 0924 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:27:18.0264 0924 WPCSvc - ok
17:27:18.0289 0924 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:27:18.0292 0924 WPDBusEnum - ok
17:27:18.0343 0924 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:27:18.0362 0924 WpdUsb - ok
17:27:18.0449 0924 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:27:18.0477 0924 WPFFontCache_v0400 - ok
17:27:18.0518 0924 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:27:18.0524 0924 ws2ifsl - ok
17:27:18.0528 0924 WSearch - ok
17:27:18.0540 0924 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:27:18.0542 0924 WUDFRd - ok
17:27:18.0565 0924 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:27:18.0568 0924 wudfsvc - ok
17:27:18.0572 0924 XDva397 - ok
17:27:18.0575 0924 XDva398 - ok
17:27:18.0579 0924 XDva399 - ok
17:27:18.0584 0924 XDva400 - ok
17:27:18.0647 0924 [ EE9144207EE0211EB5656BA6808AC4A0 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
17:27:18.0654 0924 xusb21 - ok
17:27:18.0656 0924 ================ Scan global ===============================
17:27:18.0714 0924 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:27:18.0744 0924 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:27:18.0761 0924 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:27:18.0787 0924 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:27:18.0790 0924 [Global] - ok
17:27:18.0791 0924 ================ Scan MBR ==================================
17:27:18.0800 0924 [ 239841E1AE8E4843C0676F3681A7D6BE ] \Device\Harddisk0\DR0
17:27:20.0201 0924 \Device\Harddisk0\DR0 - ok
17:27:20.0201 0924 ================ Scan VBR ==================================
17:27:20.0232 0924 [ 4A3EE4C9C6F96D9AC50FD89C6DBDA46D ] \Device\Harddisk0\DR0\Partition1
17:27:20.0279 0924 \Device\Harddisk0\DR0\Partition1 - ok
17:27:20.0326 0924 [ 27C44B96FE0764BC72A9932E2798EDFA ] \Device\Harddisk0\DR0\Partition2
17:27:20.0357 0924 \Device\Harddisk0\DR0\Partition2 - ok
17:27:20.0388 0924 [ D53F5BF8C416BA25556FD6898758FA29 ] \Device\Harddisk0\DR0\Partition3
17:27:20.0419 0924 \Device\Harddisk0\DR0\Partition3 - ok
17:27:20.0419 0924 ============================================================
17:27:20.0419 0924 Scan finished
17:27:20.0419 0924 ============================================================
17:27:20.0419 4044 Detected object count: 0
17:27:20.0419 4044 Actual detected object count: 0
17:27:31.0433 3544 Deinitialize success

#5 Jay0906

Jay0906
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 October 2012 - 11:40 AM

aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-13 17:30:53
-----------------------------
17:30:53.543 OS Version: Windows 6.0.6002 Service Pack 2
17:30:53.543 Number of processors: 2 586 0x1706
17:30:53.544 ComputerName: JAY-PC UserName: Millie
17:30:56.016 Initialize success
17:32:30.670 AVAST engine defs: 12101300
17:32:37.295 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
17:32:37.297 Disk 0 Vendor: WDC_WD6400AAKS-65A7B0 01.03B01 Size: 610480MB BusType: 3
17:32:37.375 Disk 0 MBR read successfully
17:32:37.377 Disk 0 MBR scan
17:32:37.444 Disk 0 Windows VISTA default MBR code
17:32:37.523 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 599213 MB offset 2048
17:32:37.586 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6143 MB offset 1227192320
17:32:37.645 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 5119 MB offset 1239775232
17:32:37.667 Disk 0 scanning sectors +1250258944
17:32:37.781 Disk 0 scanning C:\Windows\system32\drivers
17:32:55.219 Service scanning
17:33:09.761 Modules scanning
17:33:12.899 Disk 0 trace - called modules:
17:33:12.922 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
17:33:12.926 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85904ac8]
17:33:12.930 3 CLASSPNP.SYS[8b3a08b3] -> nt!IofCallDriver -> [0x852adc10]
17:33:12.934 5 acpi.sys[806876bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-4[0x852c4b98]
17:33:15.400 AVAST engine scan C:\Windows
17:33:18.400 AVAST engine scan C:\Windows\system32
17:36:10.874 AVAST engine scan C:\Windows\system32\drivers
17:36:39.097 AVAST engine scan C:\Users\Millie
17:37:52.780 AVAST engine scan C:\ProgramData
17:38:31.794 Scan finished successfully
17:39:38.981 Disk 0 MBR has been saved successfully to "C:\Users\Millie\Documents\Desktop\MBR.dat"
17:39:38.986 The log file has been saved successfully to "C:\Users\Millie\Documents\Desktop\aswMBR.txt"

#6 Jay0906

Jay0906
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 October 2012 - 12:31 PM

There was no list of found threats because it didn't detect anything. So I just typed up the text for you anyway.
Scan results

No threats found.

Scanned Files: 135279
Infected Files: 0
Cleaned files: 0
Total scan time: 00:44:59
Scan status: Finished

And I'm still having the redirect/pop-up issues.

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:09 PM

Posted 13 October 2012 - 12:32 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#8 Jay0906

Jay0906
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 October 2012 - 01:43 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.12.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Millie :: JAY-PC [administrator]

13/10/2012 18:33:38
mbam-log-2012-10-13 (18-33-38).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 345337
Time elapsed: 51 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by Jay0906, 13 October 2012 - 01:44 PM.


#9 Jay0906

Jay0906
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 October 2012 - 01:46 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Millie (administrator) on 13-10-2012 at 19:33:06
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Jay-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-1F-C6-E5-F7-EA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c98b:e40c:1785:a6cf%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 13 October 2012 15:13:18
Lease Expires . . . . . . . . . . : 16 October 2012 15:13:16
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 167780294
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-21-CA-9A-00-1F-C6-E5-F7-EA
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{442FE166-B833-4CC8-8F72-D1F5075C3386}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:803::1009
173.194.34.160
173.194.34.161
173.194.34.162
173.194.34.163
173.194.34.164
173.194.34.165
173.194.34.166
173.194.34.167
173.194.34.168
173.194.34.169
173.194.34.174



Pinging google.com [173.194.34.103] with 32 bytes of data:

Reply from 173.194.34.103: bytes=32 time=38ms TTL=58

Reply from 173.194.34.103: bytes=32 time=36ms TTL=58



Ping statistics for 173.194.34.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 38ms, Average = 37ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=424ms TTL=51

Reply from 98.139.183.24: bytes=32 time=370ms TTL=51



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 370ms, Maximum = 424ms, Average = 397ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 1f c6 e5 f7 ea ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{442FE166-B833-4CC8-8F72-D1F5075C3386}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.3 276
192.168.0.3 255.255.255.255 On-link 192.168.0.3 276
192.168.0.255 255.255.255.255 On-link 192.168.0.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::c98b:e40c:1785:a6cf/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/13/2012 03:14:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 02:47:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 11:01:55 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (10/13/2012 11:01:55 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {61aeee8b-9359-47ae-9c67-8fe1769c597d}

Error: (10/13/2012 11:01:55 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (10/13/2012 11:01:55 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {61aeee8b-9359-47ae-9c67-8fe1769c597d}

Error: (10/13/2012 10:55:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (10/13/2012 10:55:53 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {61aeee8b-9359-47ae-9c67-8fe1769c597d}

Error: (10/13/2012 10:55:53 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid. hr = 0x80070539.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {61aeee8b-9359-47ae-9c67-8fe1769c597d}

Error: (10/13/2012 10:55:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.


System errors:
=============
Error: (10/13/2012 03:14:59 PM) (Source: Service Control Manager) (User: )
Description: 65878623

Error: (10/13/2012 03:13:18 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482

Error: (10/13/2012 03:11:59 PM) (Source: Service Control Manager) (User: )
Description: Advanced SystemCare Service 51

Error: (10/13/2012 02:47:42 PM) (Source: Service Control Manager) (User: )
Description: 65878623

Error: (10/13/2012 02:46:00 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue0.0.0.0:4482


Microsoft Office Sessions:
=========================
Error: (10/13/2012 03:14:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 02:47:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/13/2012 11:01:55 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (10/13/2012 11:01:55 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {61aeee8b-9359-47ae-9c67-8fe1769c597d}

Error: (10/13/2012 11:01:55 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (10/13/2012 11:01:55 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {61aeee8b-9359-47ae-9c67-8fe1769c597d}

Error: (10/13/2012 10:55:53 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.

Error: (10/13/2012 10:55:53 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {61aeee8b-9359-47ae-9c67-8fe1769c597d}

Error: (10/13/2012 10:55:53 AM) (Source: VSS)(User: )
Description: ConvertStringSidToSid0x80070539

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {61aeee8b-9359-47ae-9c67-8fe1769c597d}

Error: (10/13/2012 10:55:53 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
Access is denied.


=========================== Installed Programs ============================

AC-3 ACM Codec 2.1 (Version: 2.1)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Advanced SystemCare 5 (Version: 5.4.0)
Advanced Tactical Center™ 1.11 (Version: 1.1.1.0)
AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.873.0)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0405.2205.37728)
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728)
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728)
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728)
ccc-utility (Version: 2012.0405.2205.37728)
CCC Help Chinese Standard (Version: 2012.0405.2204.37728)
CCC Help Chinese Traditional (Version: 2012.0405.2204.37728)
CCC Help Czech (Version: 2012.0405.2204.37728)
CCC Help Danish (Version: 2012.0405.2204.37728)
CCC Help Dutch (Version: 2012.0405.2204.37728)
CCC Help English (Version: 2012.0405.2204.37728)
CCC Help Finnish (Version: 2012.0405.2204.37728)
CCC Help French (Version: 2012.0405.2204.37728)
CCC Help German (Version: 2012.0405.2204.37728)
CCC Help Greek (Version: 2012.0405.2204.37728)
CCC Help Hungarian (Version: 2012.0405.2204.37728)
CCC Help Italian (Version: 2012.0405.2204.37728)
CCC Help Japanese (Version: 2012.0405.2204.37728)
CCC Help Korean (Version: 2012.0405.2204.37728)
CCC Help Norwegian (Version: 2012.0405.2204.37728)
CCC Help Polish (Version: 2012.0405.2204.37728)
CCC Help Portuguese (Version: 2012.0405.2204.37728)
CCC Help Russian (Version: 2012.0405.2204.37728)
CCC Help Spanish (Version: 2012.0405.2204.37728)
CCC Help Swedish (Version: 2012.0405.2204.37728)
CCC Help Thai (Version: 2012.0405.2204.37728)
CCC Help Turkish (Version: 2012.0405.2204.37728)
CCleaner (Version: 3.22)
Cool & Quiet
Cross Fire En
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup (Version: 2.6.1.8)
Dokan Library 0.6.0
Driving Theory Test Professional v3.1.0.0
forteManager (Version: 3.18)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
HiJackThis (Version: 1.0.0)
iTunes (Version: 10.6.1.7)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MechWarrior Online (Version: 1.1.1.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
Mumble 1.2.3 (Version: 1.2.3)
Ray Adams ATI Tray Tools
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 6.247.222.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
RealUpgrade 1.1 (Version: 1.1.0)
RtkDashClientInstaller (Version: 1.0.9)
swMSM (Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.6)
TeamSpeak 3 Client (Version: 3.0.8.1)
Tribes Ascend (Version: 1.0.1121.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
World of Tanks - Common Test
World of Tanks v.0.8.0
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 3582.32 MB
Available physical RAM: 2134.56 MB
Total Pagefile: 11893.64 MB
Available Pagefile: 10281.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.75 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:585.17 GB) (Free:435.98 GB) NTFS
2 Drive d: () (Fixed) (Total:6 GB) (Free:5.94 GB) NTFS
3 Drive e: () (Fixed) (Total:5 GB) (Free:0.55 GB) NTFS

========================= Users: ========================================

User accounts for \\JAY-PC

Administrator Guest Jay
Millie

========================= Restore Points ==================================

29-09-2012 16:47:11 First Restore Point
29-09-2012 16:49:49 Device Driver Package Install: Kaspersky Lab Network Service
30-09-2012 17:18:05 Installed DirectX
03-10-2012 15:22:46 Windows Update
03-10-2012 15:26:39 Windows Update
03-10-2012 15:38:08 Windows Update
03-10-2012 15:52:49 Windows Update
03-10-2012 15:53:52 Windows Update
03-10-2012 16:03:26 Windows Update
05-10-2012 17:01:00 Installed Cool & Quiet
05-10-2012 17:01:29 Device Driver Package Install: ATK System devices
09-10-2012 21:10:53 Windows Update
11-10-2012 08:34:11 Windows Update
13-10-2012 00:17:47 Installed Microsoft Fix it 50267
13-10-2012 09:55:34 IObit Uninstaller restore point
13-10-2012 09:55:53 Removed Java™ 6 Update 31
13-10-2012 10:01:55 Installed Java 7 Update 7

**** End of log ****










--------------------------------------------------------------------------------------------------------------------------------------------------------------------------








Farbar Service Scanner Version: 07-10-2012
Ran by Millie (administrator) on 13-10-2012 at 19:36:00
Running from "C:\Users\Millie\Documents\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 15:32] - [2012-06-02 01:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 03:24] - [2008-01-21 03:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****











--------------------------------------------------------------------------------------------------------------------------------------------------------------------------











# AdwCleaner v2.004 - Logfile created 10/13/2012 at 19:36:47
# Updated 06/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Millie - JAY-PC
# Boot Mode : Normal
# Running from : C:\Users\Millie\Documents\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\tjzb9hjp.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Millie\AppData\Roaming\Mozilla\Firefox\Profiles\lfe4hb8h.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [852 octets] - [13/10/2012 19:36:47]

########## EOF - C:\AdwCleaner[S2].txt - [911 octets] ##########













--------------------------------------------------------------------------------------------------------------------------------------------------------------------------










Junkware Removal Tool (JRT) by Thisisu
Version: 1.5.5 (10.13.2012)
OS: Windows Vista ™ Home Premium x86
Ran by Millie on 13/10/2012 at 19:39:03.09
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on 13/10/2012 at 19:42:42.14
End of Report

Edited by Jay0906, 13 October 2012 - 01:51 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:09 PM

Posted 13 October 2012 - 02:17 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#11 Jay0906

Jay0906
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 14 October 2012 - 08:15 AM

Farbar:

Spoiler


Rkill:

Spoiler


Autoruns:

Spoiler


#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:09 PM

Posted 14 October 2012 - 09:25 AM

Do you still have pop ups?

Which browser and what kind of pop up are you referring to?

#13 Jay0906

Jay0906
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 14 October 2012 - 09:30 AM

I'm using Firefox only and the pop-ups have stopped now but the redirects are still there just a few minutes ago when I clicked a link on Google it sent me to a completely unrelated site, but it's happening less frequently. I have done some research and I read somewhere that it might be hiding in my MBR or something that's why I can't find it or something along those lines. But I'm not the expert so I can't be sure so is there anything else you need me to do?

Edited by Jay0906, 14 October 2012 - 09:37 AM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:09 PM

Posted 14 October 2012 - 10:05 AM

Ok i can find what is causing redirects

Launch Autoruns and uncheck this entry
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Microsoft" "fmtpdf" "I.R.I.S. Group" "c:\users\millie\appdata\local\microsoft\wrxcsdvb.dll"

Restart the PC and delete this file

c:\users\millie\appdata\local\microsoft\wrxcsdvb.dll

Redirects should stop now.

#15 Jay0906

Jay0906
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 14 October 2012 - 11:39 AM

Thank you, that seems to have done it. It's also got rid of those two 'iexplore.exe' processes that were running for no apparent reason. But just out of curiosity could you explain what that dll file was doing? Once again thanks you're help was much appreciated! :thumbup2:

Edited by Jay0906, 14 October 2012 - 11:41 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users