Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI MoneyPak Scam


  • Please log in to reply
28 replies to this topic

#1 boontito

boontito

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 04 October 2012 - 06:42 PM

After having been used to watch some free television shows online, I opened up my wife's laptop this morning and the screen was taken over by the FBI MoneyPak screen. No control over the screen. I can open the computer up in safe mode though. System restore is not possible/available. I tried using the automated method listed here on the site but after downloading the emsisoft emergency kit it would not let me open it. It says the files are invalid. The machine has Windows 7. I have it here on my desk right now and I have a working desktop here as well.

I would appreciate some help if there is any available.

Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:13 AM

Posted 04 October 2012 - 06:46 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 boontito

boontito
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 04 October 2012 - 10:03 PM

19:58:28.0083 0608 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:58:28.0644 0608 ============================================================
19:58:28.0644 0608 Current date / time: 2012/10/04 19:58:28.0644
19:58:28.0644 0608 SystemInfo:
19:58:28.0644 0608
19:58:28.0644 0608 OS Version: 6.1.7600 ServicePack: 0.0
19:58:28.0644 0608 Product type: Workstation
19:58:28.0660 0608 ComputerName: PETERS-HP
19:58:28.0660 0608 UserName: Peters
19:58:28.0660 0608 Windows directory: C:\windows
19:58:28.0660 0608 System windows directory: C:\windows
19:58:28.0660 0608 Processor architecture: Intel x86
19:58:28.0660 0608 Number of processors: 2
19:58:28.0660 0608 Page size: 0x1000
19:58:28.0660 0608 Boot type: Safe boot with network
19:58:28.0660 0608 ============================================================
19:58:29.0112 0608 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:58:29.0112 0608 ============================================================
19:58:29.0112 0608 \Device\Harddisk0\DR0:
19:58:29.0112 0608 MBR partitions:
19:58:29.0112 0608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
19:58:29.0112 0608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x1B562000
19:58:29.0112 0608 ============================================================
19:58:29.0159 0608 C: <-> \Device\Harddisk0\DR0\Partition2
19:58:29.0159 0608 ============================================================
19:58:29.0159 0608 Initialize success
19:58:29.0159 0608 ============================================================
19:58:59.0284 1056 ============================================================
19:58:59.0284 1056 Scan started
19:58:59.0284 1056 Mode: Manual; TDLFS;
19:58:59.0284 1056 ============================================================
19:58:59.0394 1056 ================ Scan system memory ========================
19:58:59.0394 1056 System memory - ok
19:58:59.0394 1056 ================ Scan services =============================
19:58:59.0565 1056 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
19:58:59.0565 1056 1394ohci - ok
19:58:59.0612 1056 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
19:58:59.0612 1056 ACPI - ok
19:58:59.0643 1056 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
19:58:59.0643 1056 AcpiPmi - ok
19:58:59.0784 1056 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:58:59.0784 1056 AdobeARMservice - ok
19:58:59.0815 1056 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
19:58:59.0830 1056 adp94xx - ok
19:58:59.0862 1056 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
19:58:59.0862 1056 adpahci - ok
19:58:59.0908 1056 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
19:58:59.0908 1056 adpu320 - ok
19:58:59.0940 1056 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:58:59.0955 1056 AeLookupSvc - ok
19:59:00.0049 1056 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe
19:59:00.0049 1056 AESTFilters - ok
19:59:00.0080 1056 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\windows\system32\drivers\afd.sys
19:59:00.0096 1056 AFD - ok
19:59:00.0142 1056 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
19:59:00.0174 1056 AgereSoftModem - ok
19:59:00.0205 1056 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\DRIVERS\agp440.sys
19:59:00.0205 1056 agp440 - ok
19:59:00.0252 1056 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
19:59:00.0252 1056 aic78xx - ok
19:59:00.0314 1056 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
19:59:00.0314 1056 ALG - ok
19:59:00.0330 1056 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\DRIVERS\aliide.sys
19:59:00.0345 1056 aliide - ok
19:59:00.0361 1056 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\DRIVERS\amdagp.sys
19:59:00.0361 1056 amdagp - ok
19:59:00.0376 1056 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\DRIVERS\amdide.sys
19:59:00.0392 1056 amdide - ok
19:59:00.0408 1056 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
19:59:00.0408 1056 AmdK8 - ok
19:59:00.0423 1056 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
19:59:00.0423 1056 AmdPPM - ok
19:59:00.0486 1056 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:59:00.0486 1056 amdsata - ok
19:59:00.0517 1056 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
19:59:00.0517 1056 amdsbs - ok
19:59:00.0532 1056 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:59:00.0532 1056 amdxata - ok
19:59:00.0564 1056 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\windows\system32\drivers\appid.sys
19:59:00.0579 1056 AppID - ok
19:59:00.0595 1056 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:59:00.0610 1056 AppIDSvc - ok
19:59:00.0657 1056 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\windows\System32\appinfo.dll
19:59:00.0657 1056 Appinfo - ok
19:59:00.0688 1056 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
19:59:00.0688 1056 arc - ok
19:59:00.0704 1056 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
19:59:00.0704 1056 arcsas - ok
19:59:00.0766 1056 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:59:00.0766 1056 AsyncMac - ok
19:59:00.0829 1056 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\DRIVERS\atapi.sys
19:59:00.0829 1056 atapi - ok
19:59:00.0891 1056 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:59:00.0891 1056 AudioEndpointBuilder - ok
19:59:00.0907 1056 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\windows\System32\Audiosrv.dll
19:59:00.0907 1056 Audiosrv - ok
19:59:00.0969 1056 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\windows\System32\AxInstSV.dll
19:59:00.0969 1056 AxInstSV - ok
19:59:01.0016 1056 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
19:59:01.0016 1056 b06bdrv - ok
19:59:01.0063 1056 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
19:59:01.0063 1056 b57nd60x - ok
19:59:01.0125 1056 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
19:59:01.0125 1056 BDESVC - ok
19:59:01.0141 1056 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
19:59:01.0141 1056 Beep - ok
19:59:01.0188 1056 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:59:01.0188 1056 blbdrive - ok
19:59:01.0203 1056 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:59:01.0203 1056 bowser - ok
19:59:01.0219 1056 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
19:59:01.0234 1056 BrFiltLo - ok
19:59:01.0250 1056 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
19:59:01.0250 1056 BrFiltUp - ok
19:59:01.0281 1056 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\windows\System32\browser.dll
19:59:01.0281 1056 Browser - ok
19:59:01.0312 1056 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:59:01.0312 1056 Brserid - ok
19:59:01.0344 1056 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:59:01.0344 1056 BrSerWdm - ok
19:59:01.0375 1056 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:59:01.0375 1056 BrUsbMdm - ok
19:59:01.0390 1056 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:59:01.0390 1056 BrUsbSer - ok
19:59:01.0422 1056 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:59:01.0422 1056 BTHMODEM - ok
19:59:01.0468 1056 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
19:59:01.0468 1056 bthserv - ok
19:59:01.0500 1056 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:59:01.0500 1056 cdfs - ok
19:59:01.0531 1056 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:59:01.0531 1056 cdrom - ok
19:59:01.0562 1056 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\windows\System32\certprop.dll
19:59:01.0562 1056 CertPropSvc - ok
19:59:01.0593 1056 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
19:59:01.0593 1056 circlass - ok
19:59:01.0624 1056 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
19:59:01.0624 1056 CLFS - ok
19:59:01.0702 1056 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:59:01.0702 1056 clr_optimization_v2.0.50727_32 - ok
19:59:01.0812 1056 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:59:01.0812 1056 clr_optimization_v4.0.30319_32 - ok
19:59:01.0843 1056 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:59:01.0843 1056 CmBatt - ok
19:59:01.0858 1056 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
19:59:01.0858 1056 cmdide - ok
19:59:01.0905 1056 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\windows\system32\Drivers\cng.sys
19:59:01.0905 1056 CNG - ok
19:59:01.0921 1056 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
19:59:01.0921 1056 Compbatt - ok
19:59:01.0968 1056 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:59:01.0983 1056 CompositeBus - ok
19:59:01.0999 1056 COMSysApp - ok
19:59:02.0046 1056 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
19:59:02.0046 1056 crcdisk - ok
19:59:02.0092 1056 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\windows\system32\cryptsvc.dll
19:59:02.0124 1056 CryptSvc - ok
19:59:02.0155 1056 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\windows\system32\rpcss.dll
19:59:02.0202 1056 DcomLaunch - ok
19:59:02.0233 1056 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
19:59:02.0233 1056 defragsvc - ok
19:59:02.0280 1056 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:59:02.0280 1056 DfsC - ok
19:59:02.0326 1056 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\windows\system32\dhcpcore.dll
19:59:02.0326 1056 Dhcp - ok
19:59:02.0358 1056 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
19:59:02.0358 1056 discache - ok
19:59:02.0389 1056 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
19:59:02.0389 1056 Disk - ok
19:59:02.0436 1056 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:59:02.0436 1056 Dnscache - ok
19:59:02.0451 1056 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\windows\System32\dot3svc.dll
19:59:02.0467 1056 dot3svc - ok
19:59:02.0482 1056 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\windows\system32\dps.dll
19:59:02.0482 1056 DPS - ok
19:59:02.0529 1056 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:59:02.0529 1056 drmkaud - ok
19:59:02.0576 1056 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:59:02.0576 1056 DXGKrnl - ok
19:59:02.0638 1056 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
19:59:02.0638 1056 EapHost - ok
19:59:02.0732 1056 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
19:59:02.0794 1056 ebdrv - ok
19:59:02.0841 1056 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\windows\System32\lsass.exe
19:59:02.0841 1056 EFS - ok
19:59:02.0904 1056 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:59:02.0919 1056 ehRecvr - ok
19:59:02.0966 1056 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
19:59:02.0966 1056 ehSched - ok
19:59:02.0997 1056 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
19:59:03.0013 1056 elxstor - ok
19:59:03.0044 1056 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
19:59:03.0044 1056 ErrDev - ok
19:59:03.0075 1056 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
19:59:03.0091 1056 EventSystem - ok
19:59:03.0138 1056 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
19:59:03.0138 1056 exfat - ok
19:59:03.0153 1056 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
19:59:03.0153 1056 fastfat - ok
19:59:03.0184 1056 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\windows\system32\fxssvc.exe
19:59:03.0184 1056 Fax - ok
19:59:03.0231 1056 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
19:59:03.0231 1056 fdc - ok
19:59:03.0247 1056 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
19:59:03.0262 1056 fdPHost - ok
19:59:03.0278 1056 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
19:59:03.0278 1056 FDResPub - ok
19:59:03.0325 1056 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:59:03.0325 1056 FileInfo - ok
19:59:03.0325 1056 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:59:03.0325 1056 Filetrace - ok
19:59:03.0340 1056 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
19:59:03.0340 1056 flpydisk - ok
19:59:03.0372 1056 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:59:03.0372 1056 FltMgr - ok
19:59:03.0403 1056 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\windows\system32\FntCache.dll
19:59:03.0418 1056 FontCache - ok
19:59:03.0496 1056 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:59:03.0496 1056 FontCache3.0.0.0 - ok
19:59:03.0512 1056 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:59:03.0528 1056 FsDepends - ok
19:59:03.0559 1056 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:59:03.0559 1056 Fs_Rec - ok
19:59:03.0590 1056 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:59:03.0590 1056 fvevol - ok
19:59:03.0621 1056 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
19:59:03.0621 1056 gagp30kx - ok
19:59:03.0668 1056 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\windows\System32\gpsvc.dll
19:59:03.0668 1056 gpsvc - ok
19:59:03.0699 1056 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:59:03.0699 1056 hcw85cir - ok
19:59:03.0746 1056 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:59:03.0762 1056 HdAudAddService - ok
19:59:03.0793 1056 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:59:03.0793 1056 HDAudBus - ok
19:59:03.0808 1056 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
19:59:03.0808 1056 HidBatt - ok
19:59:03.0824 1056 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
19:59:03.0824 1056 HidBth - ok
19:59:03.0871 1056 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
19:59:03.0871 1056 HidIr - ok
19:59:03.0902 1056 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
19:59:03.0902 1056 hidserv - ok
19:59:03.0918 1056 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:59:03.0918 1056 HidUsb - ok
19:59:03.0949 1056 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\windows\system32\kmsvc.dll
19:59:03.0949 1056 hkmsvc - ok
19:59:03.0964 1056 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:59:03.0964 1056 HomeGroupListener - ok
19:59:03.0996 1056 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:59:03.0996 1056 HomeGroupProvider - ok
19:59:04.0105 1056 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:59:04.0120 1056 HP Support Assistant Service - ok
19:59:04.0167 1056 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:59:04.0183 1056 HPDrvMntSvc.exe - ok
19:59:04.0261 1056 [ 4D94F4D7782657E79EB1352570B563DB ] hpHotkeyMonitor C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
19:59:04.0261 1056 hpHotkeyMonitor - ok
19:59:04.0292 1056 [ EE9F88368739554DCCA142AE0214BCB1 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
19:59:04.0292 1056 HpqKbFiltr - ok
19:59:04.0370 1056 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
19:59:04.0370 1056 hpqwmiex - ok
19:59:04.0417 1056 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
19:59:04.0417 1056 HpSAMD - ok
19:59:04.0448 1056 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\windows\system32\drivers\HTTP.sys
19:59:04.0464 1056 HTTP - ok
19:59:04.0495 1056 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:59:04.0495 1056 hwpolicy - ok
19:59:04.0557 1056 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:59:04.0557 1056 i8042prt - ok
19:59:04.0604 1056 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:59:04.0604 1056 iaStor - ok
19:59:04.0682 1056 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:59:04.0682 1056 IAStorDataMgrSvc - ok
19:59:04.0729 1056 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:59:04.0729 1056 iaStorV - ok
19:59:04.0807 1056 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:59:04.0822 1056 idsvc - ok
19:59:04.0978 1056 [ 4EE7874572A515D112D2F35112F5AD41 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
19:59:05.0103 1056 igfx - ok
19:59:05.0150 1056 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
19:59:05.0166 1056 iirsp - ok
19:59:05.0197 1056 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\windows\System32\ikeext.dll
19:59:05.0212 1056 IKEEXT - ok
19:59:05.0244 1056 [ 81486F0EB4238B65C317F97DE246C4AC ] IntcHdmiAddService C:\windows\system32\drivers\IntcHdmi.sys
19:59:05.0244 1056 IntcHdmiAddService - ok
19:59:05.0259 1056 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\DRIVERS\intelide.sys
19:59:05.0275 1056 intelide - ok
19:59:05.0290 1056 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:59:05.0290 1056 intelppm - ok
19:59:05.0337 1056 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:59:05.0337 1056 IPBusEnum - ok
19:59:05.0353 1056 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:59:05.0368 1056 IpFilterDriver - ok
19:59:05.0384 1056 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
19:59:05.0384 1056 IPMIDRV - ok
19:59:05.0400 1056 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:59:05.0400 1056 IPNAT - ok
19:59:05.0431 1056 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
19:59:05.0431 1056 IRENUM - ok
19:59:05.0462 1056 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
19:59:05.0462 1056 isapnp - ok
19:59:05.0493 1056 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
19:59:05.0493 1056 iScsiPrt - ok
19:59:05.0524 1056 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:59:05.0524 1056 kbdclass - ok
19:59:05.0556 1056 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
19:59:05.0556 1056 kbdhid - ok
19:59:05.0587 1056 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\windows\system32\lsass.exe
19:59:05.0587 1056 KeyIso - ok
19:59:05.0618 1056 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:59:05.0618 1056 KSecDD - ok
19:59:05.0649 1056 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:59:05.0665 1056 KSecPkg - ok
19:59:05.0680 1056 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
19:59:05.0696 1056 KtmRm - ok
19:59:05.0727 1056 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\windows\system32\srvsvc.dll
19:59:05.0743 1056 LanmanServer - ok
19:59:05.0790 1056 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:59:05.0790 1056 LanmanWorkstation - ok
19:59:05.0836 1056 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:59:05.0836 1056 LightScribeService - ok
19:59:05.0899 1056 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:59:05.0899 1056 lltdio - ok
19:59:05.0930 1056 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
19:59:05.0946 1056 lltdsvc - ok
19:59:05.0961 1056 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
19:59:05.0961 1056 lmhosts - ok
19:59:06.0008 1056 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
19:59:06.0008 1056 LSI_FC - ok
19:59:06.0039 1056 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
19:59:06.0039 1056 LSI_SAS - ok
19:59:06.0055 1056 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
19:59:06.0055 1056 LSI_SAS2 - ok
19:59:06.0070 1056 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
19:59:06.0070 1056 LSI_SCSI - ok
19:59:06.0117 1056 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
19:59:06.0117 1056 luafv - ok
19:59:06.0148 1056 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
19:59:06.0148 1056 MBAMProtector - ok
19:59:06.0195 1056 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:59:06.0195 1056 MBAMScheduler - ok
19:59:06.0242 1056 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:59:06.0242 1056 MBAMService - ok
19:59:06.0273 1056 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:59:06.0273 1056 Mcx2Svc - ok
19:59:06.0304 1056 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
19:59:06.0304 1056 megasas - ok
19:59:06.0336 1056 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
19:59:06.0336 1056 MegaSR - ok
19:59:06.0367 1056 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
19:59:06.0367 1056 MMCSS - ok
19:59:06.0398 1056 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
19:59:06.0398 1056 Modem - ok
19:59:06.0429 1056 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:59:06.0429 1056 monitor - ok
19:59:06.0445 1056 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:59:06.0445 1056 mouclass - ok
19:59:06.0476 1056 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:59:06.0476 1056 mouhid - ok
19:59:06.0507 1056 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:59:06.0507 1056 mountmgr - ok
19:59:06.0538 1056 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\windows\system32\DRIVERS\mpio.sys
19:59:06.0538 1056 mpio - ok
19:59:06.0554 1056 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:59:06.0554 1056 mpsdrv - ok
19:59:06.0585 1056 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:59:06.0585 1056 MRxDAV - ok
19:59:06.0616 1056 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:59:06.0632 1056 mrxsmb - ok
19:59:06.0663 1056 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:59:06.0663 1056 mrxsmb10 - ok
19:59:06.0679 1056 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:59:06.0679 1056 mrxsmb20 - ok
19:59:06.0710 1056 [ 5D9E758BAEFB5A4F3639E755C66625AA ] msahci C:\windows\system32\DRIVERS\msahci.sys
19:59:06.0710 1056 msahci - ok
19:59:06.0726 1056 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
19:59:06.0726 1056 msdsm - ok
19:59:06.0757 1056 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
19:59:06.0757 1056 MSDTC - ok
19:59:06.0819 1056 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
19:59:06.0819 1056 Msfs - ok
19:59:06.0835 1056 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:59:06.0835 1056 mshidkmdf - ok
19:59:06.0850 1056 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
19:59:06.0850 1056 msisadrv - ok
19:59:06.0882 1056 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:59:06.0882 1056 MSiSCSI - ok
19:59:06.0882 1056 msiserver - ok
19:59:06.0913 1056 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:59:06.0913 1056 MSKSSRV - ok
19:59:06.0960 1056 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:59:06.0960 1056 MSPCLOCK - ok
19:59:06.0975 1056 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:59:06.0975 1056 MSPQM - ok
19:59:07.0006 1056 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:59:07.0006 1056 MsRPC - ok
19:59:07.0022 1056 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:59:07.0022 1056 mssmbios - ok
19:59:07.0038 1056 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:59:07.0038 1056 MSTEE - ok
19:59:07.0053 1056 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
19:59:07.0053 1056 MTConfig - ok
19:59:07.0069 1056 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
19:59:07.0069 1056 Mup - ok
19:59:07.0100 1056 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\windows\system32\qagentRT.dll
19:59:07.0100 1056 napagent - ok
19:59:07.0131 1056 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:59:07.0147 1056 NativeWifiP - ok
19:59:07.0178 1056 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\windows\system32\drivers\ndis.sys
19:59:07.0194 1056 NDIS - ok
19:59:07.0209 1056 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:59:07.0209 1056 NdisCap - ok
19:59:07.0240 1056 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:59:07.0240 1056 NdisTapi - ok
19:59:07.0287 1056 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:59:07.0287 1056 Ndisuio - ok
19:59:07.0287 1056 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:59:07.0303 1056 NdisWan - ok
19:59:07.0318 1056 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:59:07.0318 1056 NDProxy - ok
19:59:07.0350 1056 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:59:07.0350 1056 NetBIOS - ok
19:59:07.0365 1056 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:59:07.0365 1056 NetBT - ok
19:59:07.0381 1056 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\windows\system32\lsass.exe
19:59:07.0381 1056 Netlogon - ok
19:59:07.0443 1056 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
19:59:07.0443 1056 Netman - ok
19:59:07.0459 1056 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
19:59:07.0474 1056 netprofm - ok
19:59:07.0506 1056 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:59:07.0506 1056 NetTcpPortSharing - ok
19:59:07.0537 1056 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
19:59:07.0537 1056 nfrd960 - ok
19:59:07.0568 1056 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\windows\System32\nlasvc.dll
19:59:07.0568 1056 NlaSvc - ok
19:59:07.0615 1056 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
19:59:07.0615 1056 Npfs - ok
19:59:07.0630 1056 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
19:59:07.0646 1056 nsi - ok
19:59:07.0646 1056 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:59:07.0646 1056 nsiproxy - ok
19:59:07.0708 1056 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:59:07.0740 1056 Ntfs - ok
19:59:07.0755 1056 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
19:59:07.0755 1056 Null - ok
19:59:07.0802 1056 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\windows\system32\drivers\nvraid.sys
19:59:07.0802 1056 nvraid - ok
19:59:07.0833 1056 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\windows\system32\drivers\nvstor.sys
19:59:07.0833 1056 nvstor - ok
19:59:07.0849 1056 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
19:59:07.0864 1056 nv_agp - ok
19:59:07.0896 1056 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
19:59:07.0896 1056 ohci1394 - ok
19:59:07.0942 1056 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:59:07.0942 1056 ose - ok
19:59:08.0098 1056 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:59:08.0208 1056 osppsvc - ok
19:59:08.0254 1056 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:59:08.0254 1056 p2pimsvc - ok
19:59:08.0286 1056 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
19:59:08.0301 1056 p2psvc - ok
19:59:08.0332 1056 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
19:59:08.0348 1056 Parport - ok
19:59:08.0379 1056 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\windows\system32\drivers\partmgr.sys
19:59:08.0379 1056 partmgr - ok
19:59:08.0395 1056 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
19:59:08.0395 1056 Parvdm - ok
19:59:08.0426 1056 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
19:59:08.0426 1056 PcaSvc - ok
19:59:08.0457 1056 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\windows\system32\DRIVERS\pci.sys
19:59:08.0457 1056 pci - ok
19:59:08.0488 1056 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\DRIVERS\pciide.sys
19:59:08.0488 1056 pciide - ok
19:59:08.0504 1056 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
19:59:08.0504 1056 pcmcia - ok
19:59:08.0535 1056 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
19:59:08.0535 1056 pcw - ok
19:59:08.0566 1056 pdfcDispatcher - ok
19:59:08.0613 1056 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:59:08.0613 1056 PEAUTH - ok
19:59:08.0691 1056 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\windows\system32\pla.dll
19:59:08.0722 1056 pla - ok
19:59:08.0769 1056 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:59:08.0769 1056 PlugPlay - ok
19:59:08.0785 1056 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:59:08.0800 1056 PNRPAutoReg - ok
19:59:08.0816 1056 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:59:08.0832 1056 PNRPsvc - ok
19:59:08.0847 1056 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:59:08.0863 1056 PolicyAgent - ok
19:59:08.0910 1056 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\windows\system32\umpo.dll
19:59:08.0910 1056 Power - ok
19:59:08.0956 1056 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:59:08.0956 1056 PptpMiniport - ok
19:59:08.0972 1056 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
19:59:08.0972 1056 Processor - ok
19:59:09.0003 1056 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\windows\system32\profsvc.dll
19:59:09.0003 1056 ProfSvc - ok
19:59:09.0034 1056 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\windows\system32\lsass.exe
19:59:09.0034 1056 ProtectedStorage - ok
19:59:09.0050 1056 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:59:09.0050 1056 Psched - ok
19:59:09.0097 1056 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
19:59:09.0097 1056 PxHelp20 - ok
19:59:09.0144 1056 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
19:59:09.0175 1056 ql2300 - ok
19:59:09.0206 1056 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
19:59:09.0206 1056 ql40xx - ok
19:59:09.0237 1056 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
19:59:09.0253 1056 QWAVE - ok
19:59:09.0284 1056 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:59:09.0284 1056 QWAVEdrv - ok
19:59:09.0300 1056 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:59:09.0300 1056 RasAcd - ok
19:59:09.0331 1056 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:59:09.0331 1056 RasAgileVpn - ok
19:59:09.0346 1056 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
19:59:09.0346 1056 RasAuto - ok
19:59:09.0362 1056 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:59:09.0378 1056 Rasl2tp - ok
19:59:09.0409 1056 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\windows\System32\rasmans.dll
19:59:09.0424 1056 RasMan - ok
19:59:09.0424 1056 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:59:09.0440 1056 RasPppoe - ok
19:59:09.0487 1056 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:59:09.0487 1056 RasSstp - ok
19:59:09.0502 1056 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:59:09.0518 1056 rdbss - ok
19:59:09.0549 1056 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
19:59:09.0549 1056 rdpbus - ok
19:59:09.0580 1056 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:59:09.0580 1056 RDPCDD - ok
19:59:09.0596 1056 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:59:09.0596 1056 RDPENCDD - ok
19:59:09.0612 1056 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:59:09.0612 1056 RDPREFMP - ok
19:59:09.0643 1056 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:59:09.0658 1056 RDPWD - ok
19:59:09.0690 1056 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:59:09.0690 1056 rdyboost - ok
19:59:09.0736 1056 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
19:59:09.0736 1056 RemoteAccess - ok
19:59:09.0752 1056 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:59:09.0752 1056 RemoteRegistry - ok
19:59:09.0768 1056 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:59:09.0783 1056 RpcEptMapper - ok
19:59:09.0814 1056 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
19:59:09.0814 1056 RpcLocator - ok
19:59:09.0830 1056 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\windows\system32\rpcss.dll
19:59:09.0846 1056 RpcSs - ok
19:59:09.0877 1056 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:59:09.0877 1056 rspndr - ok
19:59:09.0924 1056 [ 3F7DACFBC83FE01DEBE33D28F93D8D86 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
19:59:09.0924 1056 RTL8167 - ok
19:59:09.0986 1056 [ AB771B512804AA85959E9DA8CA55165B ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys
19:59:10.0002 1056 rtl8192se - ok
19:59:10.0017 1056 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\windows\system32\lsass.exe
19:59:10.0017 1056 SamSs - ok
19:59:10.0033 1056 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
19:59:10.0033 1056 sbp2port - ok
19:59:10.0080 1056 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
19:59:10.0095 1056 SCardSvr - ok
19:59:10.0111 1056 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:59:10.0111 1056 scfilter - ok
19:59:10.0142 1056 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\windows\system32\schedsvc.dll
19:59:10.0158 1056 Schedule - ok
19:59:10.0189 1056 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\windows\System32\certprop.dll
19:59:10.0189 1056 SCPolicySvc - ok
19:59:10.0189 1056 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:59:10.0204 1056 SDRSVC - ok
19:59:10.0251 1056 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:59:10.0251 1056 secdrv - ok
19:59:10.0267 1056 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
19:59:10.0267 1056 seclogon - ok
19:59:10.0314 1056 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
19:59:10.0314 1056 SENS - ok
19:59:10.0329 1056 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
19:59:10.0329 1056 SensrSvc - ok
19:59:10.0360 1056 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
19:59:10.0376 1056 Serenum - ok
19:59:10.0392 1056 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
19:59:10.0392 1056 Serial - ok
19:59:10.0423 1056 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
19:59:10.0423 1056 sermouse - ok
19:59:10.0485 1056 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\windows\system32\sessenv.dll
19:59:10.0501 1056 SessionEnv - ok
19:59:10.0532 1056 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
19:59:10.0532 1056 sffdisk - ok
19:59:10.0548 1056 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
19:59:10.0548 1056 sffp_mmc - ok
19:59:10.0563 1056 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
19:59:10.0563 1056 sffp_sd - ok
19:59:10.0579 1056 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
19:59:10.0579 1056 sfloppy - ok
19:59:10.0610 1056 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:59:10.0610 1056 ShellHWDetection - ok
19:59:10.0626 1056 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\DRIVERS\sisagp.sys
19:59:10.0626 1056 sisagp - ok
19:59:10.0641 1056 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
19:59:10.0641 1056 SiSRaid2 - ok
19:59:10.0688 1056 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
19:59:10.0688 1056 SiSRaid4 - ok
19:59:10.0719 1056 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
19:59:10.0719 1056 Smb - ok
19:59:10.0750 1056 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:59:10.0766 1056 SNMPTRAP - ok
19:59:10.0782 1056 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
19:59:10.0782 1056 spldr - ok
19:59:10.0828 1056 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\windows\System32\spoolsv.exe
19:59:10.0828 1056 Spooler - ok
19:59:10.0906 1056 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\windows\system32\sppsvc.exe
19:59:10.0969 1056 sppsvc - ok
19:59:11.0000 1056 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:59:11.0000 1056 sppuinotify - ok
19:59:11.0031 1056 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\windows\system32\DRIVERS\srv.sys
19:59:11.0031 1056 srv - ok
19:59:11.0062 1056 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:59:11.0062 1056 srv2 - ok
19:59:11.0094 1056 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:59:11.0094 1056 srvnet - ok
19:59:11.0125 1056 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:59:11.0125 1056 SSDPSRV - ok
19:59:11.0140 1056 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
19:59:11.0156 1056 SstpSvc - ok
19:59:11.0250 1056 [ 9C1EA4217DC30E085F8418474DCC3616 ] STacSV C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe
19:59:11.0265 1056 STacSV - ok
19:59:11.0281 1056 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
19:59:11.0281 1056 stexstor - ok
19:59:11.0312 1056 [ C502802475B7A2CB843F9F815D7DDC36 ] STHDA C:\windows\system32\DRIVERS\stwrt.sys
19:59:11.0328 1056 STHDA - ok
19:59:11.0359 1056 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\windows\System32\wiaservc.dll
19:59:11.0374 1056 StiSvc - ok
19:59:11.0421 1056 [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:59:11.0421 1056 stllssvr - ok
19:59:11.0437 1056 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:59:11.0452 1056 swenum - ok
19:59:11.0484 1056 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
19:59:11.0484 1056 swprv - ok
19:59:11.0577 1056 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
19:59:11.0577 1056 SynTP - ok
19:59:11.0624 1056 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\windows\system32\sysmain.dll
19:59:11.0671 1056 SysMain - ok
19:59:11.0686 1056 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
19:59:11.0686 1056 TabletInputService - ok
19:59:11.0702 1056 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\windows\System32\tapisrv.dll
19:59:11.0718 1056 TapiSrv - ok
19:59:11.0733 1056 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
19:59:11.0749 1056 TBS - ok
19:59:11.0811 1056 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:59:11.0842 1056 Tcpip - ok
19:59:11.0874 1056 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:59:11.0889 1056 TCPIP6 - ok
19:59:11.0920 1056 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:59:11.0936 1056 tcpipreg - ok
19:59:11.0952 1056 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:59:11.0952 1056 TDPIPE - ok
19:59:11.0983 1056 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:59:11.0983 1056 TDTCP - ok
19:59:11.0998 1056 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:59:11.0998 1056 tdx - ok
19:59:12.0030 1056 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:59:12.0030 1056 TermDD - ok
19:59:12.0061 1056 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\windows\System32\termsrv.dll
19:59:12.0076 1056 TermService - ok
19:59:12.0092 1056 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
19:59:12.0092 1056 Themes - ok
19:59:12.0108 1056 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
19:59:12.0108 1056 THREADORDER - ok
19:59:12.0139 1056 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\windows\system32\drivers\tpm.sys
19:59:12.0154 1056 TPM - ok
19:59:12.0170 1056 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
19:59:12.0170 1056 TrkWks - ok
19:59:12.0248 1056 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:59:12.0248 1056 TrustedInstaller - ok
19:59:12.0248 1056 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:59:12.0264 1056 tssecsrv - ok
19:59:12.0295 1056 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:59:12.0295 1056 tunnel - ok
19:59:12.0310 1056 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
19:59:12.0310 1056 uagp35 - ok
19:59:12.0357 1056 [ 2EFEE45A340E1590E37C2F2BAC16D051 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:59:12.0357 1056 udfs - ok
19:59:12.0404 1056 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:59:12.0404 1056 UI0Detect - ok
19:59:12.0435 1056 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
19:59:12.0435 1056 uliagpkx - ok
19:59:12.0466 1056 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:59:12.0466 1056 umbus - ok
19:59:12.0498 1056 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
19:59:12.0498 1056 UmPass - ok
19:59:12.0513 1056 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
19:59:12.0529 1056 upnphost - ok
19:59:12.0591 1056 [ 5C233AEFB566EE78C1EFBC0493FB066A ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:59:12.0591 1056 usbccgp - ok
19:59:12.0622 1056 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
19:59:12.0622 1056 usbcir - ok
19:59:12.0654 1056 [ 5B71019A6ACA0116FD21B368F19C0B91 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
19:59:12.0654 1056 usbehci - ok
19:59:12.0700 1056 [ 5823D3965C2A4F6F785ED1A3B403F3B8 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:59:12.0700 1056 usbhub - ok
19:59:12.0716 1056 [ E753ED6C49DA13967EBABF9EA616454A ] usbohci C:\windows\system32\drivers\usbohci.sys
19:59:12.0716 1056 usbohci - ok
19:59:12.0763 1056 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:59:12.0763 1056 usbprint - ok
19:59:12.0794 1056 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
19:59:12.0794 1056 usbscan - ok
19:59:12.0841 1056 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:59:12.0841 1056 USBSTOR - ok
19:59:12.0856 1056 [ 6A30928A469CE802600E1EA8C0F2F53F ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
19:59:12.0856 1056 usbuhci - ok
19:59:12.0888 1056 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
19:59:12.0888 1056 UxSms - ok
19:59:12.0888 1056 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\windows\system32\lsass.exe
19:59:12.0888 1056 VaultSvc - ok
19:59:12.0919 1056 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
19:59:12.0919 1056 vdrvroot - ok
19:59:12.0950 1056 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\windows\System32\vds.exe
19:59:12.0966 1056 vds - ok
19:59:12.0997 1056 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:59:12.0997 1056 vga - ok
19:59:13.0012 1056 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
19:59:13.0012 1056 VgaSave - ok
19:59:13.0028 1056 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
19:59:13.0028 1056 vhdmp - ok
19:59:13.0075 1056 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\DRIVERS\viaagp.sys
19:59:13.0075 1056 viaagp - ok
19:59:13.0106 1056 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
19:59:13.0106 1056 ViaC7 - ok
19:59:13.0137 1056 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\DRIVERS\viaide.sys
19:59:13.0137 1056 viaide - ok
19:59:13.0168 1056 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
19:59:13.0168 1056 volmgr - ok
19:59:13.0215 1056 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:59:13.0215 1056 volmgrx - ok
19:59:13.0246 1056 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
19:59:13.0246 1056 volsnap - ok
19:59:13.0278 1056 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
19:59:13.0278 1056 vsmraid - ok
19:59:13.0309 1056 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\windows\system32\vssvc.exe
19:59:13.0340 1056 VSS - ok
19:59:13.0387 1056 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:59:13.0387 1056 vwifibus - ok
19:59:13.0402 1056 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:59:13.0418 1056 vwififlt - ok
19:59:13.0449 1056 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
19:59:13.0449 1056 W32Time - ok
19:59:13.0496 1056 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
19:59:13.0496 1056 WacomPen - ok
19:59:13.0527 1056 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:59:13.0527 1056 WANARP - ok
19:59:13.0543 1056 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:59:13.0543 1056 Wanarpv6 - ok
19:59:13.0605 1056 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:59:13.0636 1056 WatAdminSvc - ok
19:59:13.0683 1056 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\windows\system32\wbengine.exe
19:59:13.0714 1056 wbengine - ok
19:59:13.0746 1056 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:59:13.0761 1056 WbioSrvc - ok
19:59:13.0792 1056 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\windows\System32\wcncsvc.dll
19:59:13.0792 1056 wcncsvc - ok
19:59:13.0824 1056 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:59:13.0824 1056 WcsPlugInService - ok
19:59:13.0855 1056 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
19:59:13.0855 1056 Wd - ok
19:59:13.0886 1056 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:59:13.0902 1056 Wdf01000 - ok
19:59:13.0917 1056 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
19:59:13.0917 1056 WdiServiceHost - ok
19:59:13.0933 1056 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
19:59:13.0933 1056 WdiSystemHost - ok
19:59:13.0964 1056 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\windows\System32\webclnt.dll
19:59:13.0964 1056 WebClient - ok
19:59:13.0980 1056 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
19:59:13.0980 1056 Wecsvc - ok
19:59:14.0011 1056 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
19:59:14.0011 1056 wercplsupport - ok
19:59:14.0026 1056 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
19:59:14.0026 1056 WerSvc - ok
19:59:14.0042 1056 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:59:14.0042 1056 WfpLwf - ok
19:59:14.0073 1056 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:59:14.0073 1056 WIMMount - ok
19:59:14.0073 1056 WinHttpAutoProxySvc - ok
19:59:14.0136 1056 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:59:14.0136 1056 Winmgmt - ok
19:59:14.0182 1056 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\windows\system32\WsmSvc.dll
19:59:14.0214 1056 WinRM - ok
19:59:14.0276 1056 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
19:59:14.0276 1056 WinUsb - ok
19:59:14.0338 1056 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
19:59:14.0354 1056 Wlansvc - ok
19:59:14.0370 1056 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
19:59:14.0370 1056 WmiAcpi - ok
19:59:14.0401 1056 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:59:14.0401 1056 wmiApSrv - ok
19:59:14.0494 1056 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:59:14.0526 1056 WMPNetworkSvc - ok
19:59:14.0572 1056 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
19:59:14.0572 1056 WPCSvc - ok
19:59:14.0572 1056 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:59:14.0572 1056 WPDBusEnum - ok
19:59:14.0619 1056 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:59:14.0619 1056 ws2ifsl - ok
19:59:14.0619 1056 WSearch - ok
19:59:14.0650 1056 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:59:14.0650 1056 WudfPf - ok
19:59:14.0682 1056 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:59:14.0682 1056 WUDFRd - ok
19:59:14.0713 1056 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:59:14.0713 1056 wudfsvc - ok
19:59:14.0744 1056 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
19:59:14.0744 1056 WwanSvc - ok
19:59:14.0806 1056 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:59:14.0806 1056 YahooAUService - ok
19:59:14.0822 1056 ================ Scan global ===============================
19:59:14.0838 1056 [ 9A595DF601070DA78C40481120DD2C06 ] C:\windows\system32\basesrv.dll
19:59:14.0869 1056 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
19:59:14.0884 1056 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
19:59:14.0916 1056 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
19:59:14.0947 1056 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
19:59:14.0962 1056 [Global] - ok
19:59:14.0962 1056 ================ Scan MBR ==================================
19:59:14.0962 1056 [ A376E68426AB98641B79669004E4181B ] \Device\Harddisk0\DR0
19:59:15.0602 1056 \Device\Harddisk0\DR0 - ok
19:59:15.0602 1056 ================ Scan VBR ==================================
19:59:15.0602 1056 [ 68130974B0E953601C262791459C4433 ] \Device\Harddisk0\DR0\Partition1
19:59:15.0602 1056 \Device\Harddisk0\DR0\Partition1 - ok
19:59:15.0649 1056 [ 44A715F6C68240FCE508DC953B543C4F ] \Device\Harddisk0\DR0\Partition2
19:59:15.0649 1056 \Device\Harddisk0\DR0\Partition2 - ok
19:59:15.0649 1056 ============================================================
19:59:15.0649 1056 Scan finished
19:59:15.0649 1056 ============================================================
19:59:15.0664 0832 Detected object count: 0
19:59:15.0664 0832 Actual detected object count: 0

#4 boontito

boontito
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 04 October 2012 - 10:49 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-04 20:04:34
-----------------------------
20:04:34.034 OS Version: Windows 6.1.7600
20:04:34.034 Number of processors: 2 586 0x170A
20:04:34.034 ComputerName: PETERS-HP UserName: Peters
20:05:00.714 Initialize success
20:11:08.459 AVAST engine defs: 12100500
20:14:36.594 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:14:36.594 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 3
20:14:36.610 Disk 0 MBR read successfully
20:14:36.610 Disk 0 MBR scan
20:14:36.626 Disk 0 unknown MBR code
20:14:36.641 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
20:14:36.672 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 223940 MB offset 616448
20:14:36.704 Disk 0 Partition 3 00 1C Hidd FAT32 LBA MSDOS5.0 2048 MB offset 459245568
20:14:36.735 Disk 0 Partition 4 00 1C Hidd FAT32 LBA MSWIN4.1 12177 MB offset 463456256
20:14:36.735 Disk 0 scanning sectors +488395120
20:14:36.813 Disk 0 scanning C:\windows\system32\drivers
20:14:47.421 Service scanning
20:15:24.315 Modules scanning
20:15:47.933 Disk 0 trace - called modules:
20:15:47.964 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:15:47.980 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85618948]
20:15:47.980 3 CLASSPNP.SYS[881a059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84b0d028]
20:15:48.448 AVAST engine scan C:\windows
20:15:50.398 AVAST engine scan C:\windows\system32
20:17:34.856 File: C:\windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:18:25.462 AVAST engine scan C:\windows\system32\drivers
20:18:38.145 AVAST engine scan C:\Users\Peters
20:20:13.742 File: C:\Users\Peters\AppData\Local\Microsoft\Windows\1102\xmllite.exe **INFECTED** Win32:Trojan-gen
20:23:48.773 AVAST engine scan C:\ProgramData
20:24:14.825 Scan finished successfully
20:47:53.442 Disk 0 MBR has been saved successfully to "C:\Users\Peters\Desktop\MBR.dat"
20:47:53.474 The log file has been saved successfully to "C:\Users\Peters\Desktop\aswMBR.txt"

#5 boontito

boontito
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 04 October 2012 - 11:56 PM

C:\$Recycle.Bin\S-1-5-21-104206537-1590477645-3704777414-1001\$R318J11.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-104206537-1590477645-3704777414-1001\$R8HO0W0.exe a variant of Win32/Adware.Gamevance.AT application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-104206537-1590477645-3704777414-1001\$RA3ZJLW.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-104206537-1590477645-3704777414-1001\$RLFBH1D.exe a variant of Win32/Adware.Gamevance.AT application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-104206537-1590477645-3704777414-1001\$RUQQ8HL.exe a variant of Win32/InstallCore.T application cleaned by deleting - quarantined
C:\Program Files\Installation Assistant\Installation Assistant.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
C:\Program Files\Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\Users\Peters\AppData\Local\Temp\softwareassistinstaller.exe a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
C:\Users\Peters\Downloads\movie_player_1280.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Peters\Downloads\mplayer_Setup (1).exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
C:\Users\Peters\Downloads\mplayer_Setup.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined

All three logs requested have been posted. Thanks for the help so far.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:13 AM

Posted 05 October 2012 - 05:12 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#7 boontito

boontito
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 05 October 2012 - 12:51 PM

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.04.10

Windows 7 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Peters :: PETERS-HP [administrator]

Protection: Disabled

10/5/2012 10:01:09 AM
mbam-log-2012-10-05 (10-01-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314336
Time elapsed: 37 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Peters\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Peters\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
C:\Users\Peters\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

(end)

#8 boontito

boontito
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 05 October 2012 - 12:54 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Peters (administrator) on 05-10-2012 at 10:53:15
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8191SE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Peters-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : westell.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : Realtek RTL8191SE 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 1C-65-9D-D2-55-3F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b00a:7692:da49:4bb6%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.27(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, October 05, 2012 9:59:36 AM
Lease Expires . . . . . . . . . . : Saturday, October 06, 2012 9:59:35 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 320628125
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-24-79-AC-64-31-50-72-2A-03
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 64-31-50-72-2A-03
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.westell.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{449CAA67-0A66-4262-B902-B197CE4F3417}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:400a:800::1001
173.194.33.0
173.194.33.1
173.194.33.2
173.194.33.3
173.194.33.4
173.194.33.5
173.194.33.6
173.194.33.7
173.194.33.8
173.194.33.9
173.194.33.14


Pinging google.com [173.194.33.14] with 32 bytes of data:
Reply from 173.194.33.14: bytes=32 time=28ms TTL=56
Reply from 173.194.33.14: bytes=32 time=76ms TTL=56

Ping statistics for 173.194.33.14:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 76ms, Average = 52ms
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=81ms TTL=50
Reply from 98.138.253.109: bytes=32 time=153ms TTL=50

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 81ms, Maximum = 153ms, Average = 117ms
Server: dslrouter.westell.com
Address: 192.168.1.1


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...1c 65 9d d2 55 3f ......Realtek RTL8191SE 802.11b/g/n WiFi Adapter
11...64 31 50 72 2a 03 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.27 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.27 281
192.168.1.27 255.255.255.255 On-link 192.168.1.27 281
192.168.1.255 255.255.255.255 On-link 192.168.1.27 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.27 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.27 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::b00a:7692:da49:4bb6/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/04/2012 00:07:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (09/04/2012 05:39:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 14.0.6024.1000, time stamp: 0x4d83e310
Faulting module name: VBE7.DLL, version: 7.0.16.27, time stamp: 0x4f86f5aa
Exception code: 0xc0000005
Fault offset: 0x000b74e5
Faulting process id: 0x1198
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (08/24/2012 08:32:39 PM) (Source: MsiInstaller) (User: Peters-HP)Peters-HP
Description: Product: Adobe Reader X (10.1.4) - Update 'Adobe Reader X (10.1.4)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/24/2012 08:32:34 PM) (Source: MsiInstaller) (User: Peters-HP)Peters-HP
Description: Product: Adobe Reader X (10.1.4) -- Error 1904.Module C:\Program Files\Adobe\Reader 10.0\Reader\authplay.dll failed to register. HRESULT -1073741502. Contact your support personnel.

Error: (08/08/2012 07:08:27 AM) (Source: Chrome) (User: Peters-HP)Peters-HP
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\Peters\AppData\Local\Google\CrashReports\79ecdfb5-b337-4293-970b-d1f81c5ff7f5.dmp

Error: (08/08/2012 07:07:44 AM) (Source: Chrome) (User: Peters-HP)Peters-HP
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\Peters\AppData\Local\Google\CrashReports\7afb15be-6b1c-4c4a-a986-def37e91912b.dmp

Error: (08/08/2012 06:50:36 AM) (Source: Chrome) (User: Peters-HP)Peters-HP
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\Peters\AppData\Local\Google\CrashReports\569321f7-9744-45b3-960d-5ba7db5c8e17.dmp

Error: (08/08/2012 06:50:21 AM) (Source: Chrome) (User: Peters-HP)Peters-HP
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\Peters\AppData\Local\Google\CrashReports\bbe63c61-c932-4741-805d-166d8b1c1a21.dmp

Error: (07/16/2012 03:00:23 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 20.0.1132.57 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c70

Start Time: 01cd6391242dca4d

Termination Time: 35

Application Path: C:\Users\Peters\AppData\Local\Google\Chrome\Application\chrome.exe

Report Id: 945faf41-cf91-11e1-ba10-643150722a03

Error: (06/30/2012 00:12:24 AM) (Source: Chrome) (User: Peters-HP)Peters-HP
Description: Chrome has encountered a fatal error.
ver=19.0.1084.56;is_machine=0;minidump=C:\Users\Peters\AppData\Local\Google\CrashReports\dafb1399-17fd-48d9-95ea-25466b9e74a7.dmp


System errors:
=============
Error: (10/05/2012 09:59:55 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (10/05/2012 09:59:54 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/05/2012 09:59:54 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/05/2012 09:59:53 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/05/2012 09:59:47 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/05/2012 09:59:36 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
spldr
Wanarpv6

Error: (10/05/2012 09:59:35 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (10/05/2012 09:59:35 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (10/05/2012 09:59:35 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (10/05/2012 09:59:29 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:07:33 AM on ?10/?5/?2012 was unexpected.


Microsoft Office Sessions:
=========================
Error: (10/04/2012 00:07:22 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (09/04/2012 05:39:40 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE14.0.6024.10004d83e310VBE7.DLL7.0.16.274f86f5aac0000005000b74e5119801cd8af9667a09afC:\Program Files\Microsoft Office\Office14\WINWORD.EXEC:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA7\VBE7.DLL2d109621-f6f2-11e1-868c-643150722a03

Error: (08/24/2012 08:32:39 PM) (Source: MsiInstaller)(User: Peters-HP)Peters-HP
Description: Adobe Reader X (10.1.4)Adobe Reader X (10.1.4)1603(NULL)(NULL)(NULL)

Error: (08/24/2012 08:32:34 PM) (Source: MsiInstaller)(User: Peters-HP)Peters-HP
Description: Product: Adobe Reader X (10.1.4) -- Error 1904.Module C:\Program Files\Adobe\Reader 10.0\Reader\authplay.dll failed to register. HRESULT -1073741502. Contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/08/2012 07:08:27 AM) (Source: Chrome)(User: Peters-HP)Peters-HP
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\Peters\AppData\Local\Google\CrashReports\79ecdfb5-b337-4293-970b-d1f81c5ff7f5.dmp

Error: (08/08/2012 07:07:44 AM) (Source: Chrome)(User: Peters-HP)Peters-HP
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\Peters\AppData\Local\Google\CrashReports\7afb15be-6b1c-4c4a-a986-def37e91912b.dmp

Error: (08/08/2012 06:50:36 AM) (Source: Chrome)(User: Peters-HP)Peters-HP
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\Peters\AppData\Local\Google\CrashReports\569321f7-9744-45b3-960d-5ba7db5c8e17.dmp

Error: (08/08/2012 06:50:21 AM) (Source: Chrome)(User: Peters-HP)Peters-HP
Description: Chrome has encountered a fatal error.
ver=21.0.1180.60;is_machine=0;minidump=C:\Users\Peters\AppData\Local\Google\CrashReports\bbe63c61-c932-4741-805d-166d8b1c1a21.dmp

Error: (07/16/2012 03:00:23 PM) (Source: Application Hang)(User: )
Description: chrome.exe20.0.1132.57c7001cd6391242dca4d35C:\Users\Peters\AppData\Local\Google\Chrome\Application\chrome.exe945faf41-cf91-11e1-ba10-643150722a03

Error: (06/30/2012 00:12:24 AM) (Source: Chrome)(User: Peters-HP)Peters-HP
Description: Chrome has encountered a fatal error.
ver=19.0.1084.56;is_machine=0;minidump=C:\Users\Peters\AppData\Local\Google\CrashReports\dafb1399-17fd-48d9-95ea-25466b9e74a7.dmp


=========================== Installed Programs ============================

7-Zip 9.22beta
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Casinoval
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Energy Star Digital Logo (Version: 1.0.1)
ESET Online Scanner v3
Google Chrome (Version: 22.0.1229.79)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.5.0.0)
HP ESU for Microsoft Windows 7 (Version: 1.1.6.1)
HP HotKey Support (Version: 3.5.15.1)
HP Setup (Version: 8.5.4371.3505)
HP SoftPaq Download Manager (Version: 3.0.5.0)
HP Software Framework (Version: 4.0.51.1)
HP Software Setup (Version: 7.0.1.6)
HP Support Assistant (Version: 6.1.12.1)
HP Wireless Assistant (Version: 3.50.10.1)
IDT Audio (Version: 1.0.6268.0)
Installation Assistant (Version: 1.23.151.151)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2057)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
LightScribe System Software (Version: 1.18.11.1)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Optimizer Pro v3.0 (Version: 3.0)
PDF Complete Special Edition (Version: 3.5.116)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 1.12.0016)
REALTEK Wireless LAN Software (Version: 1.00.10.0329)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.8.0)
Roxio Creator Business (Version: 10.3.56.21)
Roxio Creator Business v10 (Version: 3.8.0)
Roxio Creator Copy (Version: 3.8.0)
Roxio Creator Data (Version: 3.8.0)
Roxio Creator Tools (Version: 3.8.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Spotify (Version: 0.8.4.124.ga3559d86)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
Unity Web Player (Version: 2.6.1f3_31223)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows 7 Default Setting (Version: 1.0.1.6)
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 1976.27 MB
Available physical RAM: 1208.19 MB
Total Pagefile: 3952.53 MB
Available Pagefile: 3253.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.86 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:218.69 GB) (Free:185.67 GB) NTFS

========================= Users: ========================================

User accounts for \\PETERS-HP

Administrator Guest Peters

========================= Restore Points ==================================


**** End of log ****

#9 boontito

boontito
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 05 October 2012 - 12:56 PM

Farbar Service Scanner Version: 19-09-2012
Ran by Peters (administrator) on 05-10-2012 at 10:55:55
Running from "C:\Users\Peters\Downloads"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2012-05-11 21:46] - [2012-03-30 03:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\windows\system32\dnsrslvr.dll
[2011-04-13 03:33] - [2011-03-02 22:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\windows\system32\mpssvc.dll
[2009-07-13 16:53] - [2009-07-13 18:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\windows\system32\bfe.dll
[2009-07-13 16:54] - [2009-07-13 18:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll
[2009-07-13 16:23] - [2009-07-13 18:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\windows\system32\vssvc.exe
[2009-07-13 16:24] - [2009-07-13 18:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\windows\system32\wscsvc.dll
[2011-03-30 03:05] - [2010-12-20 22:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll
[2009-07-13 16:30] - [2009-07-13 18:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2012-06-13 23:47] - [2012-04-23 21:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 boontito

boontito
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 05 October 2012 - 01:02 PM

# AdwCleaner v2.003 - Logfile created 10/05/2012 at 11:01:58
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Peters - PETERS-HP
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Peters\Downloads\adwcleaner (1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Peters\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1257 octets] - [05/10/2012 10:57:19]
AdwCleaner[S2].txt - [1752 octets] - [05/10/2012 10:57:43]
AdwCleaner[R2].txt - [791 octets] - [05/10/2012 11:01:58]

########## EOF - C:\AdwCleaner[R2].txt - [850 octets] ##########

#11 boontito

boontito
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 05 October 2012 - 01:11 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.5 (10.05.2012)
OS: Windows 7 Home Premium x86
Ran by Peters on Fri 10/05/2012 at 11:11:01.14
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{11111111-1111-1111-1111-110111691112}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{11111111-1111-1111-1111-110111691112}



*** Files:

Successfully deleted: [FILE] C:\Program Files\installation assistant\ButtonUtil.dll
Successfully deleted: [FILE] C:\Program Files\installation assistant\Installation Assistant-bg.exe
Successfully deleted: [FILE] C:\Program Files\installation assistant\Installation Assistant.exe
Successfully deleted: [FILE] C:\Program Files\installation assistant\Installation Assistant.ico
Successfully deleted: [FILE] C:\Program Files\installation assistant\Installation Assistant.ini
Successfully deleted: [FILE] C:\Program Files\installation assistant\Installation AssistantGui.exe
Successfully deleted: [FILE] C:\Program Files\installation assistant\Installation AssistantInstaller.log
Successfully deleted: [FILE] C:\Program Files\installation assistant\Uninstall.exe
Successfully deleted: [FILE] C:\Program Files\optimizer pro\English.ini
Successfully deleted: [FILE] C:\Program Files\optimizer pro\file_id.diz
Successfully deleted: [FILE] C:\Program Files\optimizer pro\HomePage.url
Successfully deleted: [FILE] C:\Program Files\optimizer pro\OptimizerPro.chm
Successfully deleted: [FILE] C:\Program Files\optimizer pro\OptProGuard.exe
Successfully deleted: [FILE] C:\Program Files\optimizer pro\OptProLauncher.exe
Successfully deleted: [FILE] C:\Program Files\optimizer pro\OptProReminder.exe
Successfully deleted: [FILE] C:\Program Files\optimizer pro\OptProSchedule.exe
Successfully deleted: [FILE] C:\Program Files\optimizer pro\OptProSmartScan.exe
Successfully deleted: [FILE] C:\Program Files\optimizer pro\OptProStart.exe
Successfully deleted: [FILE] C:\Program Files\optimizer pro\OptProUninstaller.exe
Successfully deleted: [FILE] C:\Program Files\optimizer pro\scan.gif
Successfully deleted: [FILE] C:\Program Files\optimizer pro\sqlite3.dll
Successfully deleted: [FILE] C:\Program Files\optimizer pro\unins000.dat
Successfully deleted: [FILE] C:\Program Files\optimizer pro\unins000.exe
Successfully deleted: [FILE] C:\eula.1028.txt
Successfully deleted: [FILE] C:\eula.1031.txt
Successfully deleted: [FILE] C:\eula.1033.txt
Successfully deleted: [FILE] C:\eula.1036.txt
Successfully deleted: [FILE] C:\eula.1040.txt
Successfully deleted: [FILE] C:\eula.1041.txt
Successfully deleted: [FILE] C:\eula.1042.txt
Successfully deleted: [FILE] C:\eula.2052.txt
Successfully deleted: [FILE] C:\install.res.1028.dll
Successfully deleted: [FILE] C:\install.res.1031.dll
Successfully deleted: [FILE] C:\install.res.1033.dll
Successfully deleted: [FILE] C:\install.res.1036.dll
Successfully deleted: [FILE] C:\install.res.1040.dll
Successfully deleted: [FILE] C:\install.res.1041.dll
Successfully deleted: [FILE] C:\install.res.1042.dll
Successfully deleted: [FILE] C:\install.res.2052.dll
Successfully deleted: [FILE] C:\install.res.3082.dll



*** Folders:

Successfully deleted: [FOLDER] "C:\Program Files\installation assistant"



Removed the following from [PREFS.JS] :



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Fri 10/05/2012 at 11:11:01.51
End of Report

#12 boontito

boontito
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 05 October 2012 - 01:13 PM

All 5 tools downloaded, ran, and logs posted.
Thanks again.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:13 AM

Posted 05 October 2012 - 01:23 PM

Reboot to normal mode and run malwarebytes again and post the log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#14 boontito

boontito
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:13 AM

Posted 05 October 2012 - 01:39 PM

I rebooted to normal mode and it gave me about 5-10 seconds of desktop and then the FBI MoneyPak screen took over again.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:13 AM

Posted 05 October 2012 - 01:47 PM

Run malwarebytes scan in safemode with networking and post the new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users