Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble with malware, infected conhost.exe


  • Please log in to reply
19 replies to this topic

#1 Byron 89

Byron 89

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:01:08 AM

Posted 30 August 2011 - 09:40 AM

Recently my AVG Internet Security has detected a threat called Trojan Horse Agent_R.AOB, I have tried various software to remove it such as SUPER Anti Spyware, Malware Bytes and Spybot - Search&Destroy but still it persist on showing this warning to me:
Posted Image

This is what happened when I try to move it to vault:
Posted Image

It's really annoying, it tends to pop up every few minutes and I don't even know how big of a threat it is to my computer. This is what showed when i ignored it for 15 minutes:
Posted ImagePosted Image


If someone could kindly help me out with this, I would very much appreciate it!! :wink:

BC AdBot (Login to Remove)

 


#2 Spazzimus

Spazzimus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:12:08 PM

Posted 30 August 2011 - 02:18 PM

I have exactly the same problem,it's fairly annoying (underselling)

I updated my AVG but it doesnt do anything. It finds it as shownin the image above but when I say move to vault it says unsuccessful.

I updated my anti malware bytes but that caused my pc to freeze then restart, so i promptly uninstalled that and the restarting stopped.

Further installed spybot which removed random bots but not this one.

Anyone found anything that works for this thing?

Crazy enough to download random tools and try them,none working so far.

Windows 7
AVG full edition
Spybot,current and updated.

Much obliged

Edited by Spazzimus, 30 August 2011 - 02:20 PM.


#3 mypcisdead

mypcisdead

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 30 August 2011 - 05:08 PM

Hi guys,

I registered here to share my hours and hours of experience with this b^%$2$% of a trojan.

I initially had the same error messages as in the first post here. MY AVG did not tell me it could not remove or anything, but conhost.exe kept coming back in the windows/temp folder. I could not manually delete this file, but I could change its name and extension (weird huh). After I reboot I was able to remove the changed file, but the conhost.exe kept reappearing. MBAM was able to detect and "remove" it once, but this did not solve the issue. After that, it was blind to it.

At one point I had to do everything in safe mode as normal mode would not even boot anymore (or briefly, followed by a blue screen of death). I still don't know how exactly I got the normal booting to work again. Anyway, I read that Avast was better suited for this trojan than AVG, so I removed AVG and installed Avast. To no avail, and eventually it did not scan anymore. Something with "no more endpoints available" or something. Whatever...

So I removed Avast again and installed the 2011 version of AVG. It's looking alright now, and it even looks like it removed - genuinely removed - conhost.exe (and some additional one, spy.gen or something). Currently running a full system scan and it looks like my machine is clean now (only two more occurences in the bin, which I will empty like nobody's business in a minute). Windows defender also stopped some malware (forgot name, something with "coin").

Spyware Doctor found a lot more crap, but all low threat cookies and not the original issue (agent_r.AOB), so I am not paying for a license to get those cleared out. Will have to figure out what to do with those. Will remove this program too, I think.

I am no expert, by a mile, but I will check back here to see if there is anything I can offer in terms of help. Will do what I can; I know how you feel...

Cheers

Edited by mypcisdead, 30 August 2011 - 05:10 PM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:08 AM

Posted 30 August 2011 - 07:31 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Byron 89

Byron 89
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:01:08 AM

Posted 31 August 2011 - 07:37 AM

Hello, This is the result from SecurityCheck.exe.


Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Java™ 6 Update 22
Adobe Flash Player 10.1.102.64
Adobe Reader X (10.0.1)
Japanese Fonts Support For Adobe Reader 9
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#6 Byron 89

Byron 89
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:01:08 AM

Posted 31 August 2011 - 07:39 AM

This is the result from MiniToolbox.exe



MiniToolBox by Farbar
Ran by Black666 (administrator) on 31-08-2011 at 09:57:16
Windows 7 Enterprise (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection* 118" address=10.35.40.4
add address name="Local Area Connection" address=192.168.0.1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Black666-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection* 118:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Anchorfree HSS Adapter
Physical Address. . . . . . . . . : 00-FF-63-CC-81-C0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1D-E0-30-52-07
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::80d9:1300:ed3e:9b7a%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, August 30, 2011 9:52:21 AM
Lease Expires . . . . . . . . . . : Wednesday, August 31, 2011 10:52:30 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218111456
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-20-83-C9-00-1B-24-F3-ED-9A
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1B-24-F3-ED-9A
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6EE47BBC-1EBD-4A53-BE50-9ABDCEACE4ED}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 36:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #28
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #9
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #10
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 35:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #27
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 34:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #26
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #11
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #12
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #13
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #14
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #15
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #16
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #17
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #18
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 27:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #19
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 28:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #20
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 29:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #21
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 30:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #22
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 31:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #23
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 32:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #24
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 33:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #25
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 42:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #34
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 37:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #29
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 38:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #30
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 39:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #31
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 40:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #32
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 41:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #33
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 43:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #35
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 45:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #37
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 44:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #36
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 49:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #41
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 47:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #39
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 46:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #38
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 48:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #40
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 51:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #43
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 50:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #42
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 53:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #45
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 52:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #44
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 54:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #46
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 56:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #48
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 55:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #47
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 59:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #51
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 57:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #49
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 61:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #53
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 58:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #50
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 60:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #52
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 68:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #60
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 62:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #54
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 63:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #55
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 66:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #58
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 64:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #56
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 67:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #59
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 65:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #57
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 70:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #62
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 69:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #61
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 72:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #64
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 73:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #65
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 75:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #67
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 71:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #63
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 74:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #66
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 76:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #68
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 77:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #69
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 80:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #72
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 78:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #70
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 79:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #71
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 81:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #73
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 84:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #76
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 82:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #74
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 83:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #75
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 85:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #77
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 86:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #78
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 89:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #81
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 87:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #79
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 88:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #80
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 90:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #82
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 94:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #86
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 92:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #84
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 91:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #83
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 93:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #85
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 95:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #87
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 96:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #88
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 99:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #90
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 98:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #89
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 103:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #94
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 110:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #101
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 100:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #91
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 101:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #92
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 102:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #93
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 104:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #95
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 106:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #97
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 105:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #96
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 107:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #98
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 108:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #99
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 109:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #100
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 125:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #109
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 121:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #105
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 111:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #102
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 122:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #106
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 123:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #107
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 120:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #104
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 124:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #108
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 127:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #111
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 126:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #110
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 129:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #113
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 128:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #112
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 130:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #114
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 131:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #115
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 132:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #116
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 134:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #118
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 135:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #119
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 133:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #117
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 136:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #120
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 137:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #121
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 143:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #127
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 142:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #126
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {647B60E2-31FA-4E6C-B3DF-E33DBE57C057}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 141:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #125
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 138:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #122
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 139:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #123
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 140:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #124
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 147:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #131
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 146:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #130
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 145:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #129
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {C2236A65-8BE7-49E3-9DB1-B76A25FE0A16}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {35E2E0D2-AAD7-4E20-9B0E-F63763EA75D5}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 159:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:81b:f1e:8c7a:b66(Preferred)
Link-local IPv6 Address . . . . . : fe80::81b:f1e:8c7a:b66%178(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 160:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: mygateway1.ar7
Address: 192.168.1.1

Name: google.com
Addresses: 209.85.175.147
209.85.175.105
209.85.175.106
209.85.175.104
209.85.175.103
209.85.175.99


Pinging google.com [209.85.175.147] with 32 bytes of data:
Reply from 209.85.175.147: bytes=32 time=42ms TTL=51
Reply from 209.85.175.147: bytes=32 time=43ms TTL=51

Ping statistics for 209.85.175.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 43ms, Average = 42ms
Server: mygateway1.ar7
Address: 192.168.1.1

Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=318ms TTL=48
Reply from 67.195.160.76: bytes=32 time=343ms TTL=48

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 318ms, Maximum = 343ms, Average = 330ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
129...00 ff 63 cc 81 c0 ......Anchorfree HSS Adapter
12...00 1d e0 30 52 07 ......Intel® Wireless WiFi Link 4965AGN
11...00 1b 24 f3 ed 9a ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
163...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
42...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #28
20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
22...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #8
23...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #9
24...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #10
41...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #27
40...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #26
25...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #11
26...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #12
27...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #13
28...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #14
29...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #15
30...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #16
31...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #17
32...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #18
33...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #19
34...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #20
35...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #21
36...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #22
37...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #23
38...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #24
39...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #25
48...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #34
43...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #29
44...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #30
45...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #31
46...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #32
47...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #33
49...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #35
51...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #37
50...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #36
57...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #41
55...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #39
54...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #38
56...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #40
59...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #43
58...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #42
61...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #45
60...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #44
62...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #46
64...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #48
63...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #47
67...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #51
65...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #49
69...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #53
66...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #50
68...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #52
76...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #60
70...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #54
71...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #55
74...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #58
72...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #56
75...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #59
73...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #57
79...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #62
77...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #61
81...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #64
82...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #65
84...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #67
80...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #63
83...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #66
85...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #68
87...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #69
90...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #72
88...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #70
89...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #71
91...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #73
94...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #76
92...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #74
93...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #75
95...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #77
96...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #78
99...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #81
97...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #79
98...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #80
100...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #82
104...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #86
102...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #84
101...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #83
103...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #85
105...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #87
106...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #88
109...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #90
108...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #89
114...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #94
121...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #101
111...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #91
112...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #92
113...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #93
115...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #95
117...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #97
116...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #96
118...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #98
119...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #99
120...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #100
136...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #109
132...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #105
122...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #102
133...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #106
134...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #107
131...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #104
135...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #108
138...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #111
137...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #110
140...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #113
139...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #112
141...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #114
142...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #115
143...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #116
145...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #118
146...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #119
144...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #117
147...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #120
148...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #121
154...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #127
153...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #126
168...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
152...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #125
149...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #122
150...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #123
151...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #124
158...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #131
157...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #130
156...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #129
164...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
166...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
178...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
179...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.5 281
192.168.1.5 255.255.255.255 On-link 192.168.1.5 281
192.168.1.255 255.255.255.255 On-link 192.168.1.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.5 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
178 58 ::/0 On-link
1 306 ::1/128 On-link
178 58 2001::/32 On-link
178 306 2001:0:4137:9e76:81b:f1e:8c7a:b66/128
On-link
12 281 fe80::/64 On-link
178 306 fe80::/64 On-link
178 306 fe80::81b:f1e:8c7a:b66/128
On-link
12 281 fe80::80d9:1300:ed3e:9b7a/128
On-link
1 306 ff00::/8 On-link
178 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/31/2011 03:04:12 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {24c388c3-a49d-439e-a91d-5002a14d6c03}

Error: (08/31/2011 03:00:28 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {24c388c3-a49d-439e-a91d-5002a14d6c03}

Error: (08/30/2011 09:36:19 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {0f9277ea-d5d1-41d0-b319-d7f438d21d20}

Error: (08/30/2011 09:35:19 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {0f9277ea-d5d1-41d0-b319-d7f438d21d20}

Error: (08/30/2011 08:13:27 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{77405340-F779-4E3C-B2D6-E9890B19333D}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}HB_StartShell

Error: (08/30/2011 08:12:15 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d225150a-fff8-4717-8c9a-5e3fade39022}

Error: (08/30/2011 08:09:30 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d225150a-fff8-4717-8c9a-5e3fade39022}

Error: (08/30/2011 08:06:26 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d225150a-fff8-4717-8c9a-5e3fade39022}

Error: (08/30/2011 08:06:23 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetDiskComponents. hr = 0x80070057, The parameter is incorrect.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: ASR Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {d225150a-fff8-4717-8c9a-5e3fade39022}

Error: (08/30/2011 08:06:23 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {eadb7d3e-9626-459c-977b-f49182ccef6e}


System errors:
=============
Error: (08/31/2011 09:54:42 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (08/31/2011 09:54:34 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (08/31/2011 09:52:34 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/31/2011 09:52:34 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/31/2011 09:52:34 AM) (Source: Service Control Manager) (User: )
Description: The TuneUp Theme Extension service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/31/2011 09:52:34 AM) (Source: Service Control Manager) (User: )
Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/31/2011 09:52:34 AM) (Source: Service Control Manager) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/31/2011 09:52:34 AM) (Source: Service Control Manager) (User: )
Description: The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/31/2011 09:52:34 AM) (Source: Service Control Manager) (User: )
Description: The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/31/2011 09:52:34 AM) (Source: Service Control Manager) (User: )
Description: The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

'Full Speed' Internet Booster + Performance Tests (Version: 3.6)
Torrent (Version: 2.0.1)
巡ﺼ ¶ (Version: 0.90.2)
7-Zip 9.20
Acer Crystal Eye Webcam (Version: 5.2.7.1)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (Version: 10.1.102.64)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.0.1) (Version: 10.0.1)
Advanced ZIP Password Recovery
AhnLab Online Security
Akamai NetSession Interface
Any Video Converter 3.0.7
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.8.0.0)
AutoHotkey 1.0.48.05 (Version: 1.0.48.05)
AVG 2011 (Version: 10.0.1392)
AVG 2011 (Version: 10.0.1520)
BluffTitler
Cheat Engine 5.6.1
Comical 0.8
Conduit Engine (Version: )
CyberLink PowerDirector (Version: 8.0.2013)
CyberLink PowerDVD 9 (Version: 9.0.2528)
CyberLink YouCam (Version: 3.1.2525)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.40.2.0131)
DAEMON Tools Toolbar (Version: 1.1.4.0024)
DiGi Internet (Version: 11.300.05.08.311)
DivX Setup (Version: 1.0.0.450)
Dungeon Keeper 2
Facicons (Version: 1.0.1)
Free Download Manager 3.0
Free Video to MP3 Converter version 4.0
Garena 2010 (Version: 2010)
GOM Player (Version: 2.1.28.5039)
Google Earth (Version: 5.2.1.1588)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.65)
Guitar Pro 5.2
Haali Media Splitter
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.55)
Hotspot Shield 1.52 (Version: 1.52)
ID Photo Maker 3.2
Internet Download Manager
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Launch Manager (Version: 3.0.03)
League of Legends (Version: 1.02.0000)
Magic: The Gathering - Duels of the Planeswalkers
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
MDK2
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mouse Driver
Mouse Recorder Pro 2.0.5.0
Mozilla Firefox (3.6) (Version: 3.6 (en-US))
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nexon Game Manager
Nokia Connectivity Cable Driver (Version: 7.1.36.0)
Nokia Ovi Player (Version: 2.1.10304)
Nokia Ovi Suite (Version: 3.0.0.290)
Nokia Ovi Suite Software Updater (Version: 02.06.006.44298)
Nokia Software Updater (Version: 02.05.008.43342)
Nokia_Multimedia_Common_Components_2_5 (Version: 2.6.86)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA PhysX (Version: 9.10.0224)
ObjectDock
Ovi Desktop Sync Engine (Version: 1.5.161.0)
OviMPlatform (Version: 2.7.44.2)
Pando Media Booster (Version: 2.3.4.3)
PC Connectivity Solution (Version: 10.50.2.0)
PDF Settings CS5 (Version: 10.0)
PhotoScape
Portal 2 (Version: 1.0.0.0)
QuickTime (Version: 7.69.80.9)
RAR Password Cracker 4.12
Razer Naga (Version: 3.01.05)
Realtek High Definition Audio Driver (Version: 6.0.1.5901)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02)
RocketDock 1.3.5
Sage UBS nine Accounting 9.5 (Version: 9.5.0.0)
Skype Toolbars (Version: 1.0.4051)
Skype 4.2 (Version: 4.2.187)
SmartSound Quicktracks Plugin (Version: 3.0.3.0)
Softonic-Eng7 Toolbar (Version: 6.2.3.0)
SPORE (Version: 1.00.0000)
Spybot - Search & Destroy (Version: 1.6.2)
SRS Audio Sandbox (Version: 1.09.0004)
Starcraft
SUPERAntiSpyware (Version: 4.49.1000)
Synthesia (remove only)
TuneUp Utilities (Version: 9.0.2000.16)
TuneUp Utilities Language Pack (en-US) (Version: 9.0.2000.16)
Typer Shark Deluxe 1.02
Uninstall 1.0.0.1
Unlocker 1.8.7 (Version: 1.8.7)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Veoh Web Player (Version: 1.1.2.0000)
Veoh Web Player Toolbar (Version: 5.7.2.2)
Visual C++ 8.0 Runtime Setup Package (Version: 1.0.0.0)
VobSub v2.23 (Remove Only)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Win7codecs (Version: 2.4.1)
Winbond CIR Drivers (Version: 7.60.1002)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zynga Toolbar (Version: 5.7.2.2)

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 2046.41 MB
Available physical RAM: 822.9 MB
Total Pagefile: 4092.83 MB
Available Pagefile: 1718.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.5 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:48.73 GB) (Free:2.06 GB) NTFS
2 Drive d: () (Fixed) (Total:105.22 GB) (Free:7.77 GB) NTFS
3 Drive e: (DATA) (Fixed) (Total:140.79 GB) (Free:9.76 GB) NTFS
5 Drive g: (BROODWAR) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\BLACK666-PC

Administrator Black666 Guest


**** End of log ****

#7 Byron 89

Byron 89
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:01:08 AM

Posted 31 August 2011 - 07:41 AM

Results from malwarebytes'



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7616

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

31-Aug-11 6:14:12 PM
mbam-log-2011-08-31 (18-14-12).txt

Scan type: Quick scan
Objects scanned: 187690
Time elapsed: 11 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\mmflap\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#8 Byron 89

Byron 89
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:01:08 AM

Posted 31 August 2011 - 07:43 AM

And this is the results i got from Gmer.



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-31 20:31:05
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: 0jz5x5z2.exe; Driver: C:\Users\Black666\AppData\Local\Temp\uwroikog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA29D57A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA29D5848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA29D58E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA29D5980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83844569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83869092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 83870AF8 4 Bytes [A0, 57, 9D, A2]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 83870DC8 8 Bytes [48, 58, 9D, A2, E4, 58, 9D, ...] {DEC EAX; POP EAX; POPF ; MOV [0xa29d58e4], AL}
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 83870E3C 4 Bytes [80, 59, 9D, A2] {SBB BYTE [ECX-0x63], 0xa2}
? System32\Drivers\spgp.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8FFA1D18 5 Bytes JMP 872074E0
.text D:\CyberLink\PowerDVD9\PowerDVD9\NavFilter\000.fcl section is writeable [0xA4B4E000, 0x2892, 0xE8000020]
.vmp2 D:\CyberLink\PowerDVD9\PowerDVD9\NavFilter\000.fcl entry point in ".vmp2" section [0xA4B71050]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[912] ntdll.dll!NtProtectVirtualMemory 778D51C0 5 Bytes JMP 0187000A
.text C:\Windows\Explorer.EXE[912] ntdll.dll!NtWriteVirtualMemory 778D5D40 5 Bytes JMP 0188000A
.text C:\Windows\Explorer.EXE[912] ntdll.dll!KiUserExceptionDispatcher 778D6298 5 Bytes JMP 0186000A
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtProtectVirtualMemory 778D51C0 5 Bytes JMP 0020000A
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtWriteVirtualMemory 778D5D40 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!KiUserExceptionDispatcher 778D6298 5 Bytes JMP 001F000A
.text C:\Windows\system32\wuauclt.exe[5552] ntdll.dll!NtProtectVirtualMemory 778D51C0 5 Bytes JMP 0018000A
.text C:\Windows\system32\wuauclt.exe[5552] ntdll.dll!NtWriteVirtualMemory 778D5D40 5 Bytes JMP 0019000A
.text C:\Windows\system32\wuauclt.exe[5552] ntdll.dll!KiUserExceptionDispatcher 778D6298 5 Bytes JMP 0017000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [84032042] \SystemRoot\System32\Drivers\spgp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [840326D6] \SystemRoot\System32\Drivers\spgp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [84032800] \SystemRoot\System32\Drivers\spgp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8403213E] \SystemRoot\System32\Drivers\spgp.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A42494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A25624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A256E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A4250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A38573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A34D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A350CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A351A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73A366D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A382CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A38819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A3907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A3E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73A34C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3020] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [751C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86B511F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\NetBT \Device\NetBT_Tcpip_{FD634057-BDCF-48D6-AD8C-4048E4E57A17} 86FA51F8
Device \Driver\volmgr \Device\VolMgrControl 86B4C1F8
Device \Driver\usbuhci \Device\USBPDO-0 872CD1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6EE47BBC-1EBD-4A53-BE50-9ABDCEACE4ED} 86FA51F8
Device \Driver\usbuhci \Device\USBPDO-1 872CD1F8
Device \Driver\ACPI_HAL \Device\000000ed halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{63CC81C0-8B43-4059-A9D0-8250ED59801A} 86FA51F8
Device \Driver\usbehci \Device\USBPDO-2 8727C500
Device \Driver\usbuhci \Device\USBPDO-3 872CD1F8
Device \Driver\usbuhci \Device\USBPDO-4 872CD1F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 872CD1F8
Device \Driver\usbehci \Device\USBPDO-6 8727C500
Device \Driver\volmgr \Device\HarddiskVolume1 86B4C1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 86B4C1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86F181F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 86B4E1F8
Device \Driver\atapi \Device\Ide\IdePort0 86B4E1F8
Device \Driver\atapi \Device\Ide\IdePort1 86B4E1F8
Device \Driver\atapi \Device\Ide\IdePort2 86B4E1F8
Device \Driver\atapi \Device\Ide\IdePort3 86B4E1F8
Device \Driver\atapi \Device\Ide\IdePort4 86B4E1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 86B4F1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 86B4F1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 86B4F1F8
Device \Driver\volmgr \Device\HarddiskVolume3 86B4C1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 86F181F8
Device \Driver\volmgr \Device\HarddiskVolume4 86B4C1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom2 86F181F8
Device \Driver\cdrom \Device\CdRom3 86F181F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86FA51F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 872CD1F8
Device \Driver\usbuhci \Device\USBFDO-1 872CD1F8
Device \Driver\usbehci \Device\USBFDO-2 8727C500
Device \Driver\usbuhci \Device\USBFDO-3 872CD1F8
Device \Driver\usbuhci \Device\USBFDO-4 872CD1F8
Device \Driver\usbuhci \Device\USBFDO-5 872CD1F8
Device \Driver\usbehci \Device\USBFDO-6 8727C500
Device \FileSystem\cdfs \Cdfs A955B1F8
Device \Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#5&17e44c36&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001dd9ff22f3
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001dd9ff22f3@001baff08988 0xA7 0x7D 0x82 0xB9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001dd9ff22f3@c8979fd41aa2 0x36 0x40 0xDC 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001dd9ff22f3@00174b50ab21 0xBB 0x7B 0x2B 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001dd9ff22f3@2cd2e77db0ba 0xA2 0x21 0xDA 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ????????? ??!???????????????????????6???? ???????????????????u?:????????h?????????????h?????H???@???????@???????H???????????????????????????? h?????????????o???????????? ???????????????????u?:????????h???????ev????h?????H???@???????@???????H???????????????????????? ????X??????????t??????????????????AVG??????????????????????:??? ???????o??????????????????????N????????????????o??????????system32\DRIVERS\rfcomm.sys??????????????????????????????????????????????????????l??????p????????o???1???????????????_????????????X??????a???t???????????????4????????????????????????????????????????\???????????????8???????????h???????????????????????X??????{???9??????os??t???????????????????????? ?????????????????????????????????? ???????????? ????????????????????????????"?B????????k??? B?????????????e???%SystemRoot%\System32\wshBth.dll????????2?????????????h???????????????????????h???????8??????????g?????? ????? ????? ????? ?????????????????????? ???????o?????????????,????????<???????????SRS Audio Sandbox (WDM)????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????-21??z???????????????????????????????????????????A??GR???????????????"???????????/?;???5?~?~?~?~?~????????????X??????????????????5??????????? ????????????????????????????????????????????????????\??????????????????????n?????? P??????50???????l???????e??????????????? ?????????????????????-??"?????????????????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????? ???????????????????i?1?????????????????????????????e??2-??????????????????????????? ?????????????????????1??????????????????????????????????????|??????5??????? ???????????????????i?1?????????????????????????????R??T\??????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????}"??????????????Microsoft????????????????????*??at??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\vds.exe|Svc=vds|Name=@FirewallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|??????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP#001D0F0CAAC55B940D0B00D6&0#??????\\?\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP#001D0F0CAAC55B940D0B00D6&0##{10497b1b-ba51-44e5-8318-a65c837b6661}???????????????????????????????? ?????????????????????1????????????&???????????????????????????????????????????????{c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}??????????A6???????????2??C0??????????????????????????????????????????????????????????????????????????????%SystemRoot%\system32\wpdshext.dll,-701?? ??? ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????? ??????????????????????WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_PMAP#001D0F0CAAC55B940D0B00D6&0#??????????????????? ???????.??????? ?????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ?????D??????????????????????????????HID-compliant mouse?EE??????2#??????so???????????????????h?????????????????s????????}????????????s??la??? ???y???_??????d8???????????????h??? ?????????????r?????????????????????E??57???????????"??????????????????????????????????????s????????????7??91????<??????????????????????????????????????????????????????????t????????????????????????????N??????d??????????? ??????? ?????593??????????????? ???????|???????????m?:??????????0?&????????????????????"??? ?????????????????????????????????e????? ???s???|?????|5C??????????????????l???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????MSAFD NetBIOS [\Device\NetBT_Tcpip6_{56FFFC02-DE66-416E-91D8-E74474CF4920}] DATAGRAM 144????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????A4??MSAFD NetBIOS [\Device\NetB
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????????????F???????4??? p?????????????????6-21-2006???? l????????????? 2????N????????????D??????6?????????????????????????volume.inf?g????????????????3.??6.1.7600.16385??????hid_device_system_mouse?5}???????????D???"????"?????????st??????25????X???????????????X?????????????????????????????? ???????????????7????????????????????????????????????????????????????????????????????????????????*????????????????????????z????????????????????????vi???????????1??85????????????????????B???????????????????|????????????????????????????????e??????(?????? ???????????????????o????????"???l?????????A-???????????1????????m268???????????R????????????????????????D??????p???????????????????????????????????2??b8??????????????????????????????????`????????????????????????????8??????????Port_#0002.Hub_#0007?i?????????????????????????e????? l??????i?????nte??? ???????l???????/????r????????g????? `??????????????????????????c???????????????5??en???????????????????????????????????#???????????l?????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????????? ?????????????????????1????????????????????? ???????????????????u?1??????????????????????$??????n???????%??.NTx86??????? ?????????????????????1????????????????????????????????????????? ???????????????????u?1?????????????????????????????N??????ip??????????????????????? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????????????? ???????????????????u?1?????????????????????????????e??????????????????????????????? ?????????????????????1????????????????????? ???????????????????u?1????????????????????????????????????????????????????????m???*6to4mp?????? ?????????????????????1????????????????????Root\*6TO4MP\0038???? ???????????????????u?1????????H???????????? ?????????????????????1????????????&???????????????????????????????????????????? ?????????????????????1????????????????????? ???????????????????u?1????????????????????? ??????????????????????????????"??? ???????"{??????????? ?????????????????????1??????????????????????z??????1??????????WpdFs??????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ????????? ???????????????? ????-??"???&?????????????????USB\VID_12D1&PID_1446&REV_0000?USB\VID_12D1&PID_1446????{5fdad6f3-cf67-11df-9d6f-b6a7413b6fc5}??????????????????????USB\DevClass_00&SubClass_00&Prot_00?USB\DevClass_00&SubClass_00?USB\DevClass_00?USB\COMPOSITE???????? ?????????????????????1??L????????? ?????????????J?????????????????????????????\Device\{63CC81C0-8B43-4059-A9D0-8250ED59801A}?\Device\{8F4D9D4E-7FF0-47B4-9F96-67122FAD0E70}?\Device\{DA66FDD8-0AD3-402C-A3C9-ED3383E05A92}?\Device\{2C4D1543-2B80-4F68-BAEB-FCC959326E88}?\Device\{DF5C1CD0-6517-4873-9679-7D9E3728C1DA}?\Device\{785C512F-EF30-4A49-883F-3906748338B2}?\Device\{E6A5CD5D-E858-4D6A-A4C6-0ABA3CEA6A03}?\Device\{6EE47BBC-1EBD-4A53-BE50-9ABDCEACE4ED}?\Device\{FD634057-BDCF-48D6-AD8C-4048E4E57A17}??CC???????????B???h??? ???????/?????????????,??????(??????????????????$???????n??????????????????NT???????????D??????????????????????????#???????????????????????? ?????????????????????1????????????????????input.inf:Standard.NTx86:HID_Inst:6.1.7600.
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ????????? ??????????????????6to4mp.ndi?fs???tunnel??????{80D9E3FF-6F7B-4B76-95FE-223E30E968CE}???}??? ??????????????????????????? ?????????ter????????????????????????$?????????????????ROOT\*6TO4MP\0125???????????????????????????????????????????? ???????????????????????????????t??????????????????????????????? ???????.??????nb??6.1.7600.16385?;Fi???????????-???????A??????????? ??????????????????????????? ??????????????????system32\DRIVERS\termdd.sys?\termdd.sys??????????????&??????????d?????N????????????D????usb.inf?te????????N????????????D??????N????????????D?????????????????e????8?????????????????????d???keyboard.inf????????????@%systemroot%\system32\rascfg.dll,-32007??????N?????????????????????????????????? ??r???????????x???Microsoft???hid\vid_1532&pid_0015&mi_01??u???????h???????e??????a???@system32\DRIVERS\BthEnum.sys,#1;Bluetooth Peripheral Device????@system32\DRIVERS\BthEnum.sys,#1;Bluetooth Peripheral Device????@system32\drivers\BthEnum.sys,#1;Bluetooth Peripheral Device????BTHENUM\{00005005-0000-1000
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ?????????8?@?@?@?????@??? ???????:?????;??????????V?????????&???????????????????????? ???????;??????????????????????????+??????????????????????0????? ???????:?????;???????1????????????????????? ???????;???????????9?1?????????????????????????????-??E5???????;???3??8C??Microsoft????????;???-???????A??? ???;???0??????????? ???????????????????,????????"???!????????????????????????????????????????????????:?;????,??????????????????????????????5????`?????????????System???????2?2?2?:????Net??????2?2?2?;?????;???;??????????????@nettcpip.inf,%ms_tcpip.tunnel.displayname%;Internet Protocol (TCP/IP) - Tunnels?????? ??;???f??????????MS_TCPIP_TUNNEL??????;?;?;?;?;?;?;???????;???????????????????????C???????N???;???????;???5?????Pbf??? ???????0??????????? ?????????????????????'???????????? ??????????????????;???????????????;?;?;cp??? ???????0?????;?????;?9?????? ?????&??????????????????????????9???1???1???9???/???0???2???2???;???:???1???;???9???1???1???:???9???1??ptp????????????8?ms_l2tp??????????TCPIP6TUNNEL?n??? ???????9?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ????en??? ???????/?????????????-??????????6???????????6DCF???????????4??????57????<??????R????h?????? ?????????????????????,????????z?????????????4Local Area Connection* 147???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????6Microsoft 6to4 Adapter #131???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ??????????????X??????????t??????os??Net??z???????????????????????????????|????X???????????????6??????????????j????????????????????????????????X??????????t????????????????????N??????{?????|?|??s?????????????????????`???????????????????????????????.??????????????????????n??????????????????????????NPPTNT2?????????????????? ???????s????????????????|??????????????s???????????o????????mer?????N?????? ????D???????????????????????????????m?????11???????????????????????????t??? ???????o?????????????,????????l???????????????????????????????????????????t?????????????????????????l???????????h?????%SystemRoot%\system32\svchost.exe -k HsfXAudioService?????"????????????e????HsfXAudioService????? 4?????????????????NT AUTHORITY\LocalService?????????????????????L????????????n????User-mode gate for Modem Speakerphone???? ??????????????????????????????B??? ???????????? B?????????????????C:\Windows\system32\XAudio32.dll???????????????????n????ServiceMain?????? ??????????????????????????????????????????????????????????? ???????o?
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1D 0x3C 0xB1 0x01 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE3 0x30 0x64 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x9F 0xD0 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001dd9ff22f3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001dd9ff22f3@001baff08988 0xA7 0x7D 0x82 0xB9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001dd9ff22f3@c8979fd41aa2 0x36 0x40 0xDC 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001dd9ff22f3@00174b50ab21 0xBB 0x7B 0x2B 0xB8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001dd9ff22f3@2cd2e77db0ba 0xA2 0x21 0xDA 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???p?p??????????????1???tcpipreg????????????Fs_Rec?4?4???????i????X??????&???&???i?i??????X?????????????tunnel???"??VgaSave?????????????????? ???????i?????i???????-??(???????????????????sr????????\?????????t??????i?i????? ???????i?????i???????-??4??????????????????????????i?i????? ???????i???????????h?-?????????????????????y?????????????????????????i???????? ????o???????????8?????i?????i??????????????? ???????j?????i???????1?????????????????????????????I??el???i??? ???????i???????????i?1?????????????????????????????????????????i???5??????IDE Channel??????i?i???????i????? ???????j?????i???????1????????????????????? ???????i???????????i?1?????????????????????????????5???????????i???5??????mshdc.inf????i?i???????i????? ???????j?????i???????1?????????????????????????????/???/????B??i??????? ??? ???????i???????????i?1?????????????????????????i???5??????atapi_Inst?\ve???i?i? ?????i????? ???????j?????i???????1????????????????????? ???????i???????????i?1????????*?????????????????????????????*??i???8??01??internal_id
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???l??????????????????????????????X?????? ???????????????#?????????????????????????6?????#?????????????????????????7????? ???@???????????????????????????????????????????????6???????????????????????????6???'???????????????????????????6????????????????????????????????????????????????6?????????????????????????????????????????????????????? ??????????????????????????? ???????????????????????????$???@???????????????????????????$???@???????????????????????????$???@???????????????????????????$???@???????????????????????????$???@???????????????????????????8???@???????????????????????????????????(???????????????????????????????%??????????????????????????0????(???????????????????????????????%??????????????????????????S???????????????????????????6????????????????????????6???(??E@???????????????????????????(???????????????????????????????,???@???????????????????????????????'???@???????????????????????6???%??????????????????????????6????'???????????????????????????6???'???????????????????????????5??? ???@?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????p???o????????????z??????7??B7??????A5??????????2.0.3.828?????(??????a??on??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?nf???{c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}\0006?di??????? ???????????3??{4d36e972-e325-11ce-bfc1-08002be10318}\0074?-E???????????????????????????????????5???????5??????????????????????????????????????????????????????????????te????????????????????????????z?????????????@oem6.inf,%btaudio.devicedesc2%;Bluetooth Headset AG? Device????Microsoft 6to4 Adapter??????????????????????????????????????????????????????????Port_#0004.Hub_#0007??????:?????????????ms_HssDrvmp?????????????????????????????????????????????{00000000-0000-0000-0000-000000000000}???????????????A??GR??????A5??????????????????????????? ???????5??????????????????????????? T???????????????????????????????????????0??????a?????e8f???????????E????????nDev??{48b8f4ee-0031-5863-9a67-dcce74b7ca8f}??????s9??????-5??bthenum\{00001101-0000-1000-8000-00805f9b34fb}????????.?????????????BTHENUM\{00001103-0000-1000-8000-00805f9b34fb}??????? ?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???p????????????????????????????????t???????????????????????????mshdc.inf_x86_neutral_f64b9c35a3a5be81???????????????????????????????????p?s????system32\DRIVERS\kbdclass.sys?bdclass.sys????|?|??????,??o?????????e????system32\DRIVERS\kbdhid.sys?\kbdhid.sys?????????47??Keyboard Class Driver?????8??o????????h?????????????Keyboard Class????????T??????????????d??? ???p??????????$????????o??????p????t??????system32\DRIVERS\intelppm.sys?ntelppm.sys????????p??????p????????????????????????????????~???????????5???????????s???????????????????5??????????????????????????????????6?????N??????6????D}????Net??????????p??????????PNP_TDI??????????????????????????????????????????p??????????Microsoft?????????????Z??p?????????e?????????o??????????????????????????System32\Drivers\dfsc.sys?????4??p???????????????????????u???|???????????????????????????????|??????????????Auto?????o?p?o?p?p?p?p??????????????????????????????t???RPCSS??.?.???p????????????????4??o????????h???????0??p?????????e??????b??p?????????e?????????p???+???+?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ????????????????*ISATAP?????? ???????????????????????????????? ?&???????????????????????? ??????????????????????????????????&???????????????????????? ??????????????????????????????????&???????????????????????? ??????????????????????????????????&???????????????????????? ??????????????????? ??????????????????????????????????&???????????????????????? ??????????????s???????? ???????p????????????????????L??? ???????????s??????&???????????????????????????????????&???????????????????????????????????????&???????????????????????????????&??????????????????????????????????????????? ???????p???????? ???????????L????????????????s?????&???????????????????????????????&???????????????????????????????????????????????&??????????????????????????????PNP Filter???????????????&???????????????????????????????&????????????????????????????????P? ?????????h??????&???????????????????????????????&??????????????????????????????????????????t????????&???????????????????????????????&???????????????????????????????????????o??????????e;???&?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ????????????????????????????????????????BTHENUM\{00000002-0000-1000-8000-0002ee000002}_LOCALMFG&000f????BTHENUM\{00000002-0000-1000-8000-0002ee000002}??f?????N????????????D??????2Local Area Connection* 14????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????2Microsoft 6to4 Adapter #5?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ???p?u???i?i?i????N??i?????????D????? r??o?????????0????{4d36e97d-e325-11ce-bfc1-08002be10318}???????????d???D???e??{4d36e972-e325-11ce-bfc1-08002be10318}??????? ???????i?????????????-??????????????????????s?????? ???????i?????????????-?????????????????f???i?i????????? ???????i?????i???????1??L????????? ??????????????i???i???i??t %1??????? ???????i??????????????PCI\VEN_8086&DEV_2845&REV_03?PCI\VEN_8086&DEV_2845?PCI\VEN_8086&CC_060400?PCI\VEN_8086&CC_0604?PCI\VEN_8086?PCI\CC_060400?PCI\CC_0604????/???i??? ???i??????????s?????N??i?????????D??????X??????????t?????i????@machine.inf,%pci\ven_8086&dev_2845.devicedesc%;Intel® ICH8 Family PCI Express Root Port 4 - 2845??4??????!??????i???????i???????i????@system32\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,3)????????????? ???????i?????i???????-??(???????????????????s??/??? ???????i?????i???????-??4??????????????????????4??? ???????i?????????????-?????????????????????y??? ???????i???????????i?-??????"??????????????????i ??/????????r??/????????|
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ????????????????????????BTWNULL?t????????????????????????????????????????????t???t????P???????????????,????????????????????? ????t???n??????????????????????????????????????et??GenericSerial????????????6??????????system32\DRIVERS\HssDrv.sys?44???????????????????????q???????????????????????????????a??te????j??????2????????????N??????f?????Dde???????????????e??T_???????????????????????????????????????????????????1??????p????????????z???e???????????????8??????B9????X??????????????????????????????????????r?gBl???????w???4??s???????E4???????????????????????????????s????????????8??????a????hcal???v????????????????????>????????????e?????????t???????????e??Hotspot Shield Helper Miniport???????????????????????k?l?s?t???s?s???s???????s????X??????????????|???u????6??????p??????34???????????????????z???????{??C:\PROGRA~1\COMMON~1\SYSTEM\OLEDB~1\MSDMINE.DLL?????????????? ???????-?????41E????????????????H?????????????6E????6?????????????16??????????????????.NT??e????????????X??????????????????????"??C9????P????????????n???
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ??????????????????????8??????5???????????????????????????????????6???f??????????????????????????????????????0.0.0.0???????:?????? ???????????????????????????????????????????????4??B-???????????c??????????????????????????????????????266006bc????2001:0:4137:9e76:30da:249f:8c5b:7afe?6?????,?????????????????????????????????????|???????t??????????????????????????.NTx86??71?????????????????????q???q???q???q???q???????????q???????q???????????q???????q???q???q???q???q?5?q???q???q???????q???q???q???q?????????? ????????????????????????????????????????????????????????????????????????????????????????????????????q???q???q???????????q???????????????????q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???q???????q???q???q???q???q???q???????????????????????????????q???q???q???q???q???q???q???????????q???q???q???q???q???????q???????q???????q???????????q???q???????q???????q???q???????q???????q???????q???????????q???q???q???q???
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ????????????????????????? ???????????????????????????????-??14????????????????????:??????????????????????i??\L??? H????????????~?????????k??????????Microsoft????????z??????s????????????????????????????????=???????????????????????????????????????????????????????????4????????????????????????????????????????????????????????????????????????????????????????????:??????2?gd9???????????T???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????2????????????6?????????????????cdrom????????????????????????????????p???????????????????????????????????????u??????????? ???l???????????e???????????l????????????N??????{???????|????"???????????????N??????`???????`??????????*6to4mp??&??? ???????@???????????????????? ?(?&??????????????????????h??circlass.inf????? ?????????????????CIRCLASS_Device?????????????? ??????????????t???.NT?????????????????????????Microsoft???Microsoft???????????????????????? ??????????????????6-21-2006????????????????h??? ?
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ???t?u??????????????????tunnel???????????????????????????????$???$??????????RPCSS???????11?p??????????????????????????????????????????????????????????????@FirewallAPI.dll,-23521???????@FirewallAPI.dll,-23522???????MPSSVC?????????????????????????? ??????????? ????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P????????????(??????P?????????????P????????????????????????8?p??????????????$??s??????p???Loopback?????????????4??????????????????disk.inf????????????????????????????Keyboard Port???Boot File System?????????????????????????? ??i??????p????????t??int?wa???? ??k??????p????&???p???????????????????????????&???p??????????????????????????? ???????o???????????o????????L????????????????????????????????????????????????????#????????????????????@FirewallAPI.dll,-23501?????????????????????????????????????????????????????????????????????????????????????@FirewallAPI.dll,-23501??????????????????????????&???????????????????????????????&??????????????????????????????? ???????o?????
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1D 0x3C 0xB1 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE3 0x30 0x64 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x9F 0xD0 0xB7 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

#9 Spazzimus

Spazzimus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Africa
  • Local time:12:08 PM

Posted 31 August 2011 - 04:16 PM

Think i'll wait to see what they say about your results :)

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:08 AM

Posted 31 August 2011 - 09:25 PM

You're infected with a rootkit.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 Byron 89

Byron 89
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:01:08 AM

Posted 31 August 2011 - 10:48 PM

This is the the result in TDSSKiller.2.5.17.0_01.09.2011_11.37.40_log after the scan.


2011/09/01 11:37:40.0673 7312 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/01 11:37:42.0674 7312 ================================================================================
2011/09/01 11:37:42.0674 7312 SystemInfo:
2011/09/01 11:37:42.0675 7312
2011/09/01 11:37:42.0675 7312 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/01 11:37:42.0675 7312 Product type: Workstation
2011/09/01 11:37:42.0675 7312 ComputerName: BLACK666-PC
2011/09/01 11:37:42.0675 7312 UserName: Black666
2011/09/01 11:37:42.0675 7312 Windows directory: C:\Windows
2011/09/01 11:37:42.0675 7312 System windows directory: C:\Windows
2011/09/01 11:37:42.0675 7312 Processor architecture: Intel x86
2011/09/01 11:37:42.0675 7312 Number of processors: 2
2011/09/01 11:37:42.0675 7312 Page size: 0x1000
2011/09/01 11:37:42.0675 7312 Boot type: Normal boot
2011/09/01 11:37:42.0675 7312 ================================================================================
2011/09/01 11:37:49.0843 7312 Initialize success
2011/09/01 11:38:07.0603 3996 ================================================================================
2011/09/01 11:38:07.0603 3996 Scan started
2011/09/01 11:38:07.0603 3996 Mode: Manual;
2011/09/01 11:38:07.0603 3996 ================================================================================
2011/09/01 11:38:10.0935 3996 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/01 11:38:10.0989 3996 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/01 11:38:11.0017 3996 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/01 11:38:11.0073 3996 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/01 11:38:11.0104 3996 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/01 11:38:11.0136 3996 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/01 11:38:11.0214 3996 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/09/01 11:38:11.0254 3996 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/01 11:38:11.0301 3996 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/09/01 11:38:11.0390 3996 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/01 11:38:11.0412 3996 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/09/01 11:38:11.0430 3996 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/01 11:38:11.0474 3996 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/01 11:38:11.0492 3996 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/01 11:38:11.0556 3996 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/09/01 11:38:11.0593 3996 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/01 11:38:11.0619 3996 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/09/01 11:38:11.0662 3996 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/09/01 11:38:11.0733 3996 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/09/01 11:38:11.0755 3996 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/01 11:38:11.0813 3996 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/01 11:38:11.0844 3996 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/01 11:38:11.0932 3996 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\Windows\system32\DRIVERS\avgfwd6x.sys
2011/09/01 11:38:12.0026 3996 AVGIDSDriver (2177e7448c1ecfb35a5db417603d205a) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/01 11:38:12.0071 3996 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/09/01 11:38:12.0111 3996 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/01 11:38:12.0155 3996 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/09/01 11:38:12.0249 3996 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/09/01 11:38:12.0313 3996 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/09/01 11:38:12.0373 3996 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/09/01 11:38:12.0460 3996 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/09/01 11:38:12.0561 3996 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/09/01 11:38:12.0646 3996 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/09/01 11:38:12.0696 3996 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/09/01 11:38:12.0749 3996 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/01 11:38:12.0985 3996 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/01 11:38:13.0068 3996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/01 11:38:13.0101 3996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/01 11:38:13.0165 3996 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/09/01 11:38:13.0193 3996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/01 11:38:13.0226 3996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/01 11:38:13.0258 3996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/01 11:38:13.0375 3996 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/09/01 11:38:13.0436 3996 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/01 11:38:13.0521 3996 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/01 11:38:13.0666 3996 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
2011/09/01 11:38:13.0824 3996 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
2011/09/01 11:38:13.0911 3996 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
2011/09/01 11:38:14.0004 3996 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys
2011/09/01 11:38:14.0244 3996 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/09/01 11:38:14.0301 3996 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/09/01 11:38:14.0383 3996 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/01 11:38:14.0519 3996 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/01 11:38:14.0629 3996 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/01 11:38:14.0712 3996 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/09/01 11:38:14.0908 3996 clwvd (8d4136847c6d647f70b54e1227e53c66) C:\Windows\system32\DRIVERS\clwvd.sys
2011/09/01 11:38:14.0991 3996 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/01 11:38:15.0042 3996 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/01 11:38:15.0072 3996 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/09/01 11:38:15.0129 3996 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/01 11:38:15.0158 3996 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/01 11:38:15.0192 3996 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/01 11:38:15.0258 3996 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/09/01 11:38:15.0340 3996 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/09/01 11:38:15.0367 3996 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/09/01 11:38:15.0403 3996 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/09/01 11:38:15.0444 3996 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/09/01 11:38:15.0559 3996 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/09/01 11:38:15.0627 3996 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/09/01 11:38:15.0794 3996 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/01 11:38:16.0104 3996 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/09/01 11:38:16.0254 3996 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/01 11:38:16.0287 3996 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/01 11:38:16.0376 3996 ewusbnet (dafc7e1b2ffa35ccbddf95ae3e31bfae) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/09/01 11:38:16.0415 3996 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/09/01 11:38:16.0449 3996 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/09/01 11:38:16.0485 3996 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/01 11:38:16.0527 3996 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/09/01 11:38:16.0559 3996 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/09/01 11:38:16.0598 3996 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/01 11:38:16.0631 3996 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/09/01 11:38:16.0667 3996 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/09/01 11:38:16.0695 3996 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/01 11:38:16.0741 3996 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/01 11:38:16.0775 3996 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/01 11:38:17.0122 3996 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/01 11:38:17.0196 3996 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/09/01 11:38:17.0248 3996 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/01 11:38:17.0273 3996 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/01 11:38:17.0299 3996 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/01 11:38:17.0348 3996 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/01 11:38:17.0381 3996 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/01 11:38:17.0441 3996 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/01 11:38:17.0505 3996 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/09/01 11:38:17.0589 3996 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/09/01 11:38:17.0674 3996 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/09/01 11:38:17.0740 3996 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/09/01 11:38:17.0824 3996 hwdatacard (1fc7a63148e4f2bd831dab0dc732026d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/09/01 11:38:17.0875 3996 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/01 11:38:17.0931 3996 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/09/01 11:38:17.0991 3996 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/01 11:38:18.0037 3996 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/09/01 11:38:18.0126 3996 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/01 11:38:18.0248 3996 IntcAzAudAddService (da7dcb6565e68e3f95f043c4b01b8960) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/01 11:38:18.0354 3996 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/01 11:38:18.0392 3996 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/01 11:38:18.0431 3996 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/01 11:38:18.0466 3996 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/01 11:38:18.0489 3996 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/09/01 11:38:18.0525 3996 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/09/01 11:38:18.0542 3996 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/01 11:38:18.0585 3996 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/01 11:38:18.0637 3996 ivusb (37412294ea4b70ed8b4a9338ebaeecaa) C:\Windows\system32\DRIVERS\ivusb.sys
2011/09/01 11:38:18.0681 3996 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/01 11:38:18.0718 3996 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/01 11:38:18.0807 3996 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/09/01 11:38:18.0833 3996 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/01 11:38:18.0880 3996 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/01 11:38:18.0953 3996 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/01 11:38:19.0012 3996 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/01 11:38:19.0041 3996 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/01 11:38:19.0065 3996 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/01 11:38:19.0099 3996 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/01 11:38:19.0136 3996 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/09/01 11:38:19.0212 3996 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/09/01 11:38:19.0252 3996 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/09/01 11:38:19.0277 3996 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/01 11:38:19.0324 3996 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/01 11:38:19.0415 3996 Mkd2kfNt (6f4d79ea861137ef2f9078e265c2aa83) C:\Windows\system32\drivers\Mkd2kfNt.sys
2011/09/01 11:38:19.0449 3996 Mkd2Nadr (fe7925784f6801e983b41ec118ef62ac) C:\Windows\system32\drivers\Mkd2Nadr.sys
2011/09/01 11:38:19.0492 3996 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/09/01 11:38:19.0532 3996 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/01 11:38:19.0593 3996 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/01 11:38:19.0630 3996 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/01 11:38:19.0660 3996 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/09/01 11:38:19.0692 3996 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/01 11:38:19.0731 3996 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/01 11:38:19.0768 3996 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/09/01 11:38:19.0806 3996 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/01 11:38:19.0841 3996 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/01 11:38:19.0874 3996 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/01 11:38:19.0892 3996 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/01 11:38:19.0923 3996 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/01 11:38:19.0958 3996 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/09/01 11:38:19.0990 3996 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/01 11:38:20.0007 3996 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/01 11:38:20.0064 3996 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/01 11:38:20.0091 3996 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/01 11:38:20.0114 3996 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/09/01 11:38:20.0136 3996 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/09/01 11:38:20.0175 3996 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/01 11:38:20.0203 3996 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/09/01 11:38:20.0221 3996 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/01 11:38:20.0255 3996 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/09/01 11:38:20.0313 3996 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/01 11:38:20.0362 3996 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/09/01 11:38:20.0399 3996 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/01 11:38:20.0437 3996 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/01 11:38:20.0460 3996 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/01 11:38:20.0478 3996 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/01 11:38:20.0505 3996 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/09/01 11:38:20.0543 3996 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/01 11:38:20.0571 3996 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/01 11:38:20.0764 3996 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/09/01 11:38:20.0899 3996 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/01 11:38:20.0950 3996 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\Windows\system32\drivers\ccdcmb.sys
2011/09/01 11:38:21.0080 3996 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\Windows\system32\drivers\ccdcmbo.sys
2011/09/01 11:38:21.0122 3996 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/09/01 11:38:21.0216 3996 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
2011/09/01 11:38:21.0271 3996 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/01 11:38:21.0331 3996 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/09/01 11:38:21.0392 3996 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/09/01 11:38:21.0673 3996 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/01 11:38:21.0978 3996 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/09/01 11:38:22.0017 3996 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/09/01 11:38:22.0071 3996 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/01 11:38:22.0110 3996 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/01 11:38:22.0201 3996 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/09/01 11:38:22.0242 3996 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/09/01 11:38:22.0273 3996 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/09/01 11:38:22.0327 3996 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/09/01 11:38:22.0364 3996 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/09/01 11:38:22.0409 3996 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/01 11:38:22.0439 3996 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/01 11:38:22.0458 3996 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/09/01 11:38:22.0516 3996 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/09/01 11:38:22.0622 3996 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/01 11:38:22.0647 3996 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/09/01 11:38:22.0704 3996 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/01 11:38:22.0761 3996 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/01 11:38:22.0822 3996 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/01 11:38:22.0853 3996 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/01 11:38:22.0898 3996 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/01 11:38:22.0948 3996 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/01 11:38:22.0970 3996 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/01 11:38:22.0997 3996 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/01 11:38:23.0016 3996 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/01 11:38:23.0047 3996 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/01 11:38:23.0079 3996 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/01 11:38:23.0106 3996 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/01 11:38:23.0143 3996 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/09/01 11:38:23.0176 3996 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/01 11:38:23.0198 3996 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/01 11:38:23.0232 3996 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/09/01 11:38:23.0282 3996 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/09/01 11:38:23.0345 3996 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/01 11:38:23.0414 3996 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/09/01 11:38:23.0432 3996 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/09/01 11:38:23.0452 3996 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/09/01 11:38:23.0520 3996 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/01 11:38:23.0577 3996 RzSynapse (2e2f0d988f6d46e5e5e84d9fcad39081) C:\Windows\system32\DRIVERS\RzSynapse.sys
2011/09/01 11:38:23.0609 3996 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/09/01 11:38:23.0793 3996 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/01 11:38:23.0857 3996 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/01 11:38:23.0955 3996 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/01 11:38:24.0039 3996 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/01 11:38:24.0091 3996 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\DRIVERS\sdbus.sys
2011/09/01 11:38:24.0160 3996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/01 11:38:24.0221 3996 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/01 11:38:24.0267 3996 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/09/01 11:38:24.0292 3996 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/01 11:38:24.0351 3996 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/01 11:38:24.0393 3996 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/01 11:38:24.0414 3996 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/01 11:38:24.0460 3996 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/01 11:38:24.0498 3996 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/09/01 11:38:24.0540 3996 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/01 11:38:24.0564 3996 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/01 11:38:24.0608 3996 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/09/01 11:38:24.0649 3996 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/09/01 11:38:24.0763 3996 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/09/01 11:38:24.0764 3996 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/09/01 11:38:24.0770 3996 sptd - detected LockedFile.Multi.Generic (1)
2011/09/01 11:38:24.0821 3996 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\Windows\system32\drivers\srs_sscfilter_i386.sys
2011/09/01 11:38:24.0857 3996 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/09/01 11:38:24.0881 3996 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/01 11:38:24.0928 3996 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/01 11:38:24.0982 3996 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/09/01 11:38:25.0061 3996 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/09/01 11:38:25.0123 3996 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/01 11:38:25.0206 3996 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/01 11:38:25.0228 3996 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/09/01 11:38:25.0259 3996 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/09/01 11:38:25.0280 3996 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/01 11:38:25.0369 3996 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/09/01 11:38:25.0443 3996 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys
2011/09/01 11:38:25.0536 3996 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/01 11:38:25.0576 3996 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/01 11:38:25.0605 3996 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/09/01 11:38:25.0627 3996 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/09/01 11:38:25.0659 3996 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/01 11:38:25.0685 3996 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/01 11:38:25.0747 3996 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/01 11:38:25.0832 3996 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
2011/09/01 11:38:25.0875 3996 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/01 11:38:25.0909 3996 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/01 11:38:25.0941 3996 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/01 11:38:25.0982 3996 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/01 11:38:26.0016 3996 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/01 11:38:26.0038 3996 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/01 11:38:26.0125 3996 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/09/01 11:38:26.0185 3996 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/09/01 11:38:26.0240 3996 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/09/01 11:38:26.0283 3996 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/01 11:38:26.0357 3996 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/01 11:38:26.0400 3996 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/01 11:38:26.0446 3996 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/01 11:38:26.0478 3996 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
2011/09/01 11:38:26.0527 3996 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/01 11:38:26.0563 3996 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/01 11:38:26.0631 3996 usbser (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys
2011/09/01 11:38:26.0659 3996 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/09/01 11:38:26.0703 3996 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
2011/09/01 11:38:26.0762 3996 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/01 11:38:26.0812 3996 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/01 11:38:26.0896 3996 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/01 11:38:26.0936 3996 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/01 11:38:26.0966 3996 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/09/01 11:38:26.0992 3996 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/01 11:38:27.0028 3996 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/09/01 11:38:27.0049 3996 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/09/01 11:38:27.0074 3996 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/01 11:38:27.0108 3996 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/09/01 11:38:27.0140 3996 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/09/01 11:38:27.0164 3996 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/01 11:38:27.0186 3996 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/09/01 11:38:27.0218 3996 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/01 11:38:27.0259 3996 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/01 11:38:27.0289 3996 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/09/01 11:38:27.0344 3996 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/01 11:38:27.0379 3996 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/01 11:38:27.0391 3996 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/01 11:38:27.0455 3996 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/09/01 11:38:27.0492 3996 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/01 11:38:27.0566 3996 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/01 11:38:27.0589 3996 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/09/01 11:38:27.0664 3996 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/09/01 11:38:27.0707 3996 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
2011/09/01 11:38:27.0817 3996 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/01 11:38:27.0888 3996 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/01 11:38:27.0941 3996 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/01 11:38:27.0982 3996 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/09/01 11:38:28.0033 3996 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/01 11:38:28.0090 3996 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/09/01 11:38:28.0302 3996 {B154377D-700F-42cc-9474-23858FBDF4BD} (74ec37b9eaf9fca015b933a526825c7a) D:\CyberLink\PowerDVD9\PowerDVD9\NavFilter\000.fcl
2011/09/01 11:38:28.0368 3996 MBR (0x1B8) (8348457f8f6851d6307ec0340a0124d8) \Device\Harddisk0\DR0
2011/09/01 11:38:28.0372 3996 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/01 11:38:28.0405 3996 Boot (0x1200) (4f340b840c7ce4caa400cf1b3e4198d4) \Device\Harddisk0\DR0\Partition0
2011/09/01 11:38:28.0419 3996 Boot (0x1200) (e06582c66996f4f2032d0adfd560d77d) \Device\Harddisk0\DR0\Partition1
2011/09/01 11:38:28.0442 3996 Boot (0x1200) (0c568ee4b94d08082315b96cc41a8739) \Device\Harddisk0\DR0\Partition2
2011/09/01 11:38:28.0466 3996 Boot (0x1200) (e9b4a2e51573fc98a3f07059c85d868e) \Device\Harddisk0\DR0\Partition3
2011/09/01 11:38:28.0470 3996 ================================================================================
2011/09/01 11:38:28.0470 3996 Scan finished
2011/09/01 11:38:28.0470 3996 ================================================================================
2011/09/01 11:38:28.0480 7892 Detected object count: 2
2011/09/01 11:38:28.0480 7892 Actual detected object count: 2
2011/09/01 11:38:55.0032 7892 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/09/01 11:38:55.0138 7892 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/01 11:38:55.0138 7892 \Device\Harddisk0\DR0 - ok
2011/09/01 11:38:55.0202 7892 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/01 11:39:22.0914 7500 Deinitialize success

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:08 AM

Posted 31 August 2011 - 10:50 PM

Good :)

Let's double check....

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 Byron 89

Byron 89
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:01:08 AM

Posted 31 August 2011 - 11:04 PM

This is the report from RKUnhookerLE.exe, should i close it? it says "Hmm, are you sure? :)" as i press close


RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x93625000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 )
0x92A17000 C:\Windows\system32\DRIVERS\netw5v32.sys 4272128 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x83850000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x83850000 PnpManager 4259840 bytes
0x83850000 RAW 4259840 bytes
0x83850000 WMIxWDM 4259840 bytes
0x9442C000 C:\Windows\system32\drivers\RTKVHDA.sys 2732032 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x98B00000 Win32k 2408448 bytes
0x98B00000 C:\Windows\System32\win32k.sys 2408448 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x89C7A000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x89A17000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x93281000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x89694000 PCI_PNP6237 995328 bytes
0x89694000 C:\Windows\System32\Drivers\spal.sys 995328 bytes
0x89694000 sptd 995328 bytes
0x940A5000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8992A000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x93011000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x83EF5000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA0D5A000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA0C11000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83E22000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x89615000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8F46B000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x89B84000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8E8B5000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x92ED0000 C:\Windows\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xA8E95000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA8E26000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x98DB0000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x941A0000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x89830000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x897B6000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8E83C000 C:\Windows\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x9474C000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9322C000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83EB3000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8F40A000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89E0F000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x89C17000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9470F000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8F4F5000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x92E2A000 C:\Windows\system32\DRIVERS\b57nd60x.sys 245760 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.)
0x8E943000 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 241664 bytes (DT Soft Ltd, DAEMON Tools Virtual Bus Driver)
0xA0CE4000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x9415C000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83819000 ACPI_HAL 225280 bytes
0x83819000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x898E5000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x92F97000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x89E9B000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8E883000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x89DC3000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x946C7000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89E56000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x94400000 D:\CyberLink\PowerDVD9\PowerDVD9\NavFilter\000.fcl 180224 bytes (CyberLink Corp., -)
0x92E66000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x89B46000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83FA0000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x89790000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x89EDE000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x89C55000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x9312C000 C:\Windows\System32\Drivers\usbvideo.sys 147456 bytes (Microsoft Corporation, USB Video Class Driver)
0x898AF000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA0CC1000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8F597000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8E9A1000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x947B5000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8F531000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x89F86000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA8E75000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0x89F41000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x93600000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8E916000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x98D90000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x931BD000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA0D1F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9315B000 C:\Windows\system32\DRIVERS\RzSynapse.sys 106496 bytes (Razer USA Ltd, Razer Synapse Engine)
0x931D8000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA0C96000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x946F6000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x92E92000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8F4CF000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x92F37000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x8F574000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F5B9000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F5D1000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8F5E8000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x89C00000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x93113000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA8EE8000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x89890000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x92F22000 C:\Windows\system32\DRIVERS\winbondcir.sys 86016 bytes (Winbond Electronics Corporation, Winbond MCE CIR Port Driver)
0x92EBC000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x930E2000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x89B71000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x947A2000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8E97E000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x92A00000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8F552000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0xA0CAF000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x89FE5000 C:\Windows\system32\DRIVERS\avgfwd6x.sys 69632 bytes (AVG Technologies CZ, s.r.o., AVG Filter Driver)
0x89ECD000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x93197000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x89919000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x93270000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83FCA000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83E9A000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x92EAB000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0x8F564000 C:\Windows\system32\DRIVERS\HssDrv.sys 65536 bytes (AnchorFree Inc., Hotspot Shield Routing Driver)
0x93000000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x89E83000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x94792000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8E991000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83FEE000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x930D3000 C:\Windows\system32\DRIVERS\hidir.sys 61440 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x941EB000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8F4E7000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8E9D3000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x8E935000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x89FD7000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x89882000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x89BE1000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8E9E1000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x89686000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x92F80000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x93175000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x92F59000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x930C6000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x92F66000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA0C00000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x89FA7000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x89F60000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8F45F000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x930FC000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x92FDE000 C:\Windows\system32\drivers\surroundhp_kern_i386.sys 49152 bytes (-, SRS Labs Surround HP kernel DLL)
0x92FEA000 C:\Windows\system32\drivers\tshd4_kern_i386.sys 49152 bytes (-, SRS Labs TruSurround HD 4 kernel DLL)
0x89F7A000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83FE3000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x92FD3000 C:\Windows\system32\drivers\csiidecoder_kern_i386.sys 45056 bytes (-, SRS Labs CSII Decoder Kernel DLL)
0x93182000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x93150000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x931B2000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x93108000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x89FCC000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8F58C000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x89E00000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x94195000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x89608000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x92F4F000 C:\Windows\system32\DRIVERS\DKbFltr.sys 40960 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0x9318D000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x931A8000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x898D2000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8F455000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8F44B000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8E9C9000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA0DF1000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x92F8D000 C:\Windows\system32\drivers\srs_sscfilter_i386.sys 40960 bytes (-, SRS WOW HD, TSXT, CSII, Mobile HD Standalone driver)
0x898DC000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA0D47000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x898A6000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA8EFE000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x89BEF000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x98D60000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89DF4000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x92F77000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x89787000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x83EAB000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83FDB000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x89E93000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BA0000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x89600000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x89FB4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x89FBC000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x89FC4000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x89E4E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x92FCB000 C:\Windows\system32\drivers\wowhd_kern_i386.sys 32768 bytes (SRS Labs, Inc., WOW HD kernel mode DLL for Windows)
0xA0D3A000 C:\Windows\system32\DRIVERS\XAudio32.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x89F03000 C:\Windows\system32\DRIVERS\avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x89F73000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x930F5000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8987B000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x89F6C000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8F400000 C:\Windows\system32\DRIVERS\taphss.sys 28672 bytes (AnchorFree Inc, TAP-Win32 Virtual Network Driver)
0x8E90F000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x92FF6000 C:\Windows\system32\DRIVERS\clwvd.sys 24576 bytes (Windows ® Win 7 DDK provider, CyberLink WebCam Virtual Driver)
0x8E9C3000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xA0D42000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0x89F0A000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xA0D52000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0x92F73000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA0D56000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x940A3000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 )
0x92A12000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x9312A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xA8EE7000 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 4096 bytes (TuneUp Software, TuneUp Utilities Driver)
0x867541F8 unknown_irp_handler 3592 bytes
0x85A7D1F8 unknown_irp_handler 3592 bytes
0x867531F8 unknown_irp_handler 3592 bytes
0x86B551F8 unknown_irp_handler 3592 bytes
0x86AA71F8 unknown_irp_handler 3592 bytes
0x85A7B1F8 unknown_irp_handler 3592 bytes
0x85A7E1F8 unknown_irp_handler 3592 bytes
0x88FDA1F8 unknown_irp_handler 3592 bytes
0xAA5141F8 unknown_irp_handler 3592 bytes
0x86E2E500 unknown_irp_handler 2816 bytes
0x86E31500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]

Edited by Byron 89, 31 August 2011 - 11:05 PM.


#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:08 AM

Posted 31 August 2011 - 11:07 PM

It looks good now :)

How is computer doing?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 Byron 89

Byron 89
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Malaysia
  • Local time:01:08 AM

Posted 01 September 2011 - 04:21 AM

Finish after 3 long hour :)


C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\ToolbarFacemood95.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Black666\Downloads\cnet_DTLite4402-0131_exe.exe a variant of Win32/InstallCore.B application cleaned by deleting - quarantined
C:\Users\Black666\Downloads\Daemon_Tools_Lite_4_35_serial_key_gen.zip a variant of Win32/Nebuler.CT trojan deleted - quarantined
C:\Users\Black666\Downloads\Apps\facewarpin_p8djqqpn.sis a variant of SymbOS/KillPhone.E trojan deleted - quarantined
C:\Users\Black666\Downloads\Apps\messagesto_mk9ru6at.sis a variant of SymbOS/KillPhone.E trojan deleted - quarantined
C:\Users\Black666\Downloads\Downloaded software and utilities\HSS-1.52-install-anchorfree-238-conduit2.exe a variant of Win32/HotSpotShield application deleted - quarantined
C:\Users\Black666\Downloads\Entertainments\Games\Garena Universal Maphack v4.1.zip probably a variant of Win32/VB.KWSNKH trojan deleted - quarantined
C:\Users\Black666\Downloads\Garena Universal Maphack v4.1\Garena Universal Maphack v4.1\files.db probably a variant of Win32/VB.KWSNKH trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\3084712-7ee58db9 multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60d9c47e-6747e2c6 a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60d9c47e-6d42df11 a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
D:\My Documents\Downloads\counter_strike_1_crack.zip a variant of Win32/Kryptik.BIA trojan deleted - quarantined
D:\New folder\S.o.n.y Vegas Pro v.9.0 Full.rar a variant of Win32/Keygen.AR application deleted - quarantined
D:\New folder\Sony.Vegas.Pro.9.Activation.bymaybank2u_www.bayw.org.rar multiple threats deleted - quarantined
E:\My Games\softnyx\GunboundWC\gzbotPRO_cracked.rar multiple threats deleted - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users