Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google access blocked


  • Please log in to reply
9 replies to this topic

#1 GroovieUV

GroovieUV

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:38 AM

Posted 09 February 2012 - 10:46 PM

Hi.

I just began to experience a new problem which is universal to firefox, explorer, and opera. Whenever I use the google search bar or attempt to access google.com through the actual address bar, my browser is redirected to a search site called www.results-page.net. Even clicking on this site's link to google.com does not allow me to access it, but instead directs me back to the phony search engine. I am still able to access other websites by using the address bar. Disturbingly, even though almost all searches using the search bar are redirected to results-page.net, if I type in anti-virus companies' names or major shopping websites such as amazon, I am directed to those websites after passing through an intermediate website whose address briefly flashes on the address bar. An example of this intermediate is as follows:

http://92.242.140.21/?nxdomain=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dbbb%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a&AddInType=2&PlatformInfo=pbrgen

The IP address is always the same.

I am running the 32-bit version of Windows 7 Professional.

Any help would be greatly appreciated. Thanks in advance!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:38 AM

Posted 09 February 2012 - 11:23 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 GroovieUV

GroovieUV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:38 AM

Posted 11 February 2012 - 10:15 AM

Thank you for your response.

TDSSKiller detected the boot.pihar rootkit. As the log points out I instructed the tool to skip it for now. Was this correct?


09:09:14.0831 6332 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
09:09:15.0127 6332 ============================================================
09:09:15.0127 6332 Current date / time: 2012/02/11 09:09:15.0127
09:09:15.0127 6332 SystemInfo:
09:09:15.0127 6332
09:09:15.0127 6332 OS Version: 6.1.7600 ServicePack: 0.0
09:09:15.0127 6332 Product type: Workstation
09:09:15.0128 6332 ComputerName: ALENKA213-PC
09:09:15.0128 6332 UserName: alenka213
09:09:15.0128 6332 Windows directory: C:\Windows
09:09:15.0128 6332 System windows directory: C:\Windows
09:09:15.0128 6332 Processor architecture: Intel x86
09:09:15.0128 6332 Number of processors: 4
09:09:15.0128 6332 Page size: 0x1000
09:09:15.0128 6332 Boot type: Normal boot
09:09:15.0128 6332 ============================================================
09:09:15.0545 6332 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:09:15.0548 6332 Drive \Device\Harddisk1\DR1 - Size: 0xEC000000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:09:15.0549 6332 \Device\Harddisk0\DR0:
09:09:15.0549 6332 MBR used
09:09:15.0549 6332 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
09:09:15.0549 6332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
09:09:15.0549 6332 \Device\Harddisk1\DR1:
09:09:15.0550 6332 MBR used
09:09:15.0550 6332 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760000
09:09:15.0566 6332 Initialize success
09:09:15.0566 6332 ============================================================
09:09:45.0587 3844 ============================================================
09:09:45.0587 3844 Scan started
09:09:45.0587 3844 Mode: Manual; TDLFS;
09:09:45.0587 3844 ============================================================
09:09:45.0937 3844 1394ohci (bf02f806c873abb04b197161e8e5a316) C:\Windows\system32\DRIVERS\1394ohci.sys
09:09:45.0942 3844 1394ohci - ok
09:09:45.0975 3844 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\Windows\system32\DRIVERS\Accelern.sys
09:09:45.0978 3844 Acceler - ok
09:09:46.0014 3844 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
09:09:46.0021 3844 ACPI - ok
09:09:46.0050 3844 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
09:09:46.0052 3844 AcpiPmi - ok
09:09:46.0093 3844 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:09:46.0102 3844 adp94xx - ok
09:09:46.0129 3844 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:09:46.0135 3844 adpahci - ok
09:09:46.0156 3844 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:09:46.0160 3844 adpu320 - ok
09:09:46.0232 3844 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
09:09:46.0240 3844 AFD - ok
09:09:46.0257 3844 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
09:09:46.0259 3844 agp440 - ok
09:09:46.0281 3844 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:09:46.0284 3844 aic78xx - ok
09:09:46.0318 3844 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
09:09:46.0320 3844 aliide - ok
09:09:46.0344 3844 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
09:09:46.0347 3844 amdagp - ok
09:09:46.0369 3844 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
09:09:46.0371 3844 amdide - ok
09:09:46.0400 3844 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:09:46.0403 3844 AmdK8 - ok
09:09:46.0434 3844 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:09:46.0436 3844 AmdPPM - ok
09:09:46.0486 3844 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
09:09:46.0489 3844 amdsata - ok
09:09:46.0512 3844 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:09:46.0516 3844 amdsbs - ok
09:09:46.0543 3844 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
09:09:46.0546 3844 amdxata - ok
09:09:46.0591 3844 ApfiltrService (8ff1990dc4cc50b68ddcde1db3782923) C:\Windows\system32\DRIVERS\Apfiltr.sys
09:09:46.0597 3844 ApfiltrService - ok
09:09:46.0621 3844 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
09:09:46.0623 3844 AppID - ok
09:09:46.0647 3844 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:09:46.0649 3844 arc - ok
09:09:46.0671 3844 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:09:46.0674 3844 arcsas - ok
09:09:46.0700 3844 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:09:46.0702 3844 AsyncMac - ok
09:09:46.0749 3844 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
09:09:46.0751 3844 atapi - ok
09:09:46.0833 3844 ATSwpWDF (756509313c03b9d65e851ba4c53e9532) C:\Windows\system32\Drivers\ATSwpWDF.sys
09:09:46.0842 3844 ATSwpWDF - ok
09:09:46.0902 3844 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:09:46.0905 3844 AVGIDSDriver - ok
09:09:46.0961 3844 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:09:46.0963 3844 AVGIDSEH - ok
09:09:47.0004 3844 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:09:47.0006 3844 AVGIDSFilter - ok
09:09:47.0037 3844 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
09:09:47.0039 3844 AVGIDSShim - ok
09:09:47.0096 3844 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
09:09:47.0101 3844 Avgldx86 - ok
09:09:47.0149 3844 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
09:09:47.0152 3844 Avgmfx86 - ok
09:09:47.0179 3844 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
09:09:47.0182 3844 Avgrkx86 - ok
09:09:47.0228 3844 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
09:09:47.0236 3844 Avgtdix - ok
09:09:47.0301 3844 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:09:47.0311 3844 b06bdrv - ok
09:09:47.0348 3844 b57nd60x (958438198ed140c6eb6348cf8a35b36c) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:09:47.0354 3844 b57nd60x - ok
09:09:47.0372 3844 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys
09:09:47.0374 3844 BCM42RLY - ok
09:09:47.0466 3844 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:09:47.0535 3844 BCM43XX - ok
09:09:47.0571 3844 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:09:47.0575 3844 Beep - ok
09:09:47.0605 3844 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:09:47.0609 3844 blbdrive - ok
09:09:47.0651 3844 Blfp (8b9f91def5dbfb4f9b700db51e0d00cc) C:\Windows\system32\DRIVERS\basp.sys
09:09:47.0654 3844 Blfp - ok
09:09:47.0693 3844 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
09:09:47.0696 3844 bowser - ok
09:09:47.0724 3844 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:09:47.0726 3844 BrFiltLo - ok
09:09:47.0747 3844 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:09:47.0749 3844 BrFiltUp - ok
09:09:47.0769 3844 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
09:09:47.0772 3844 BridgeMP - ok
09:09:47.0802 3844 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:09:47.0809 3844 Brserid - ok
09:09:47.0828 3844 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:09:47.0832 3844 BrSerWdm - ok
09:09:47.0850 3844 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:09:47.0852 3844 BrUsbMdm - ok
09:09:47.0872 3844 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:09:47.0874 3844 BrUsbSer - ok
09:09:47.0905 3844 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
09:09:47.0907 3844 BthEnum - ok
09:09:47.0928 3844 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:09:47.0931 3844 BTHMODEM - ok
09:09:47.0961 3844 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
09:09:47.0965 3844 BthPan - ok
09:09:47.0999 3844 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
09:09:48.0009 3844 BTHPORT - ok
09:09:48.0036 3844 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
09:09:48.0038 3844 BTHUSB - ok
09:09:48.0057 3844 btwampfl (f73511fdef84bdccc1bcec4b0cddf03c) C:\Windows\system32\drivers\btwampfl.sys
09:09:48.0064 3844 btwampfl - ok
09:09:48.0119 3844 btwaudio (81ece570471e0589bf488e4b11e6357b) C:\Windows\system32\drivers\btwaudio.sys
09:09:48.0126 3844 btwaudio - ok
09:09:48.0148 3844 btwavdt (c770311b74599378990228e6d732c718) C:\Windows\system32\DRIVERS\btwavdt.sys
09:09:48.0156 3844 btwavdt - ok
09:09:48.0190 3844 btwl2cap (4ddbb2a4d11ebe70da3db4f98e1a0344) C:\Windows\system32\DRIVERS\btwl2cap.sys
09:09:48.0193 3844 btwl2cap - ok
09:09:48.0230 3844 btwrchid (0634f4b7e3f4507c0c49a512ce4d93ff) C:\Windows\system32\DRIVERS\btwrchid.sys
09:09:48.0232 3844 btwrchid - ok
09:09:48.0328 3844 catchme - ok
09:09:48.0369 3844 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:09:48.0372 3844 cdfs - ok
09:09:48.0400 3844 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
09:09:48.0404 3844 cdrom - ok
09:09:48.0427 3844 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:09:48.0429 3844 circlass - ok
09:09:48.0455 3844 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:09:48.0459 3844 CLFS - ok
09:09:48.0494 3844 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:09:48.0496 3844 CmBatt - ok
09:09:48.0513 3844 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
09:09:48.0516 3844 cmdide - ok
09:09:48.0557 3844 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
09:09:48.0566 3844 CNG - ok
09:09:48.0589 3844 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:09:48.0591 3844 Compbatt - ok
09:09:48.0619 3844 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:09:48.0622 3844 CompositeBus - ok
09:09:48.0646 3844 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:09:48.0649 3844 crcdisk - ok
09:09:48.0703 3844 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
09:09:48.0712 3844 CSC - ok
09:09:48.0752 3844 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
09:09:48.0757 3844 CtAudDrv - ok
09:09:48.0792 3844 CtClsFlt (aa52c0b88c46d5037809d05dd826c61e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
09:09:48.0796 3844 CtClsFlt - ok
09:09:48.0853 3844 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
09:09:48.0855 3844 dc3d - ok
09:09:48.0893 3844 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
09:09:48.0895 3844 DfsC - ok
09:09:48.0911 3844 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:09:48.0913 3844 discache - ok
09:09:48.0933 3844 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:09:48.0936 3844 Disk - ok
09:09:48.0968 3844 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:09:48.0969 3844 drmkaud - ok
09:09:48.0995 3844 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
09:09:48.0997 3844 dsNcAdpt - ok
09:09:49.0060 3844 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
09:09:49.0074 3844 DXGKrnl - ok
09:09:49.0157 3844 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:09:49.0220 3844 ebdrv - ok
09:09:49.0256 3844 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:09:49.0262 3844 elxstor - ok
09:09:49.0278 3844 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
09:09:49.0280 3844 ErrDev - ok
09:09:49.0315 3844 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:09:49.0320 3844 exfat - ok
09:09:49.0349 3844 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:09:49.0354 3844 fastfat - ok
09:09:49.0375 3844 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:09:49.0378 3844 fdc - ok
09:09:49.0406 3844 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:09:49.0410 3844 FileInfo - ok
09:09:49.0432 3844 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:09:49.0434 3844 Filetrace - ok
09:09:49.0457 3844 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:09:49.0459 3844 flpydisk - ok
09:09:49.0480 3844 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:09:49.0485 3844 FltMgr - ok
09:09:49.0510 3844 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:09:49.0514 3844 FsDepends - ok
09:09:49.0550 3844 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
09:09:49.0553 3844 fssfltr - ok
09:09:49.0582 3844 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:09:49.0585 3844 Fs_Rec - ok
09:09:49.0631 3844 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
09:09:49.0636 3844 fvevol - ok
09:09:49.0659 3844 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:09:49.0662 3844 gagp30kx - ok
09:09:49.0738 3844 hcmon (9f40fc2a562dc9f4d9e10943586d9ed1) C:\Windows\system32\drivers\hcmon.sys
09:09:49.0741 3844 hcmon - ok
09:09:49.0760 3844 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:09:49.0762 3844 hcw85cir - ok
09:09:49.0792 3844 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:09:49.0795 3844 HDAudBus - ok
09:09:49.0827 3844 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
09:09:49.0830 3844 HECI - ok
09:09:49.0855 3844 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:09:49.0858 3844 HidBatt - ok
09:09:49.0884 3844 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:09:49.0887 3844 HidBth - ok
09:09:49.0918 3844 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:09:49.0921 3844 HidIr - ok
09:09:49.0964 3844 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
09:09:49.0967 3844 HidUsb - ok
09:09:49.0995 3844 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:09:49.0997 3844 HpSAMD - ok
09:09:50.0028 3844 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
09:09:50.0034 3844 HTTP - ok
09:09:50.0058 3844 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
09:09:50.0059 3844 hwpolicy - ok
09:09:50.0118 3844 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:09:50.0121 3844 i8042prt - ok
09:09:50.0152 3844 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
09:09:50.0158 3844 iaStor - ok
09:09:50.0199 3844 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
09:09:50.0207 3844 iaStorV - ok
09:09:50.0404 3844 igfx (0dab2d553be272359bcce55c3449937e) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:09:50.0565 3844 igfx - ok
09:09:50.0592 3844 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:09:50.0595 3844 iirsp - ok
09:09:50.0617 3844 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
09:09:50.0620 3844 Impcd - ok
09:09:50.0670 3844 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
09:09:50.0676 3844 IntcDAud - ok
09:09:50.0693 3844 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
09:09:50.0695 3844 intelide - ok
09:09:50.0716 3844 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:09:50.0718 3844 intelppm - ok
09:09:50.0763 3844 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:09:50.0766 3844 IpFilterDriver - ok
09:09:50.0787 3844 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:09:50.0791 3844 IPMIDRV - ok
09:09:50.0810 3844 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:09:50.0814 3844 IPNAT - ok
09:09:50.0833 3844 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:09:50.0836 3844 IRENUM - ok
09:09:50.0863 3844 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
09:09:50.0866 3844 isapnp - ok
09:09:50.0905 3844 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
09:09:50.0910 3844 iScsiPrt - ok
09:09:50.0941 3844 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:09:50.0944 3844 kbdclass - ok
09:09:50.0975 3844 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
09:09:50.0978 3844 kbdhid - ok
09:09:51.0015 3844 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
09:09:51.0018 3844 KSecDD - ok
09:09:51.0037 3844 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
09:09:51.0042 3844 KSecPkg - ok
09:09:51.0079 3844 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:09:51.0081 3844 lltdio - ok
09:09:51.0119 3844 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:09:51.0123 3844 LSI_FC - ok
09:09:51.0143 3844 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:09:51.0146 3844 LSI_SAS - ok
09:09:51.0169 3844 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:09:51.0172 3844 LSI_SAS2 - ok
09:09:51.0189 3844 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:09:51.0193 3844 LSI_SCSI - ok
09:09:51.0214 3844 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:09:51.0217 3844 luafv - ok
09:09:51.0237 3844 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:09:51.0240 3844 megasas - ok
09:09:51.0262 3844 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:09:51.0268 3844 MegaSR - ok
09:09:51.0294 3844 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:09:51.0297 3844 Modem - ok
09:09:51.0317 3844 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:09:51.0319 3844 monitor - ok
09:09:51.0337 3844 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:09:51.0340 3844 mouclass - ok
09:09:51.0373 3844 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:09:51.0376 3844 mouhid - ok
09:09:51.0402 3844 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
09:09:51.0406 3844 mountmgr - ok
09:09:51.0430 3844 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
09:09:51.0434 3844 mpio - ok
09:09:51.0448 3844 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:09:51.0451 3844 mpsdrv - ok
09:09:51.0482 3844 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
09:09:51.0485 3844 MRxDAV - ok
09:09:51.0522 3844 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:09:51.0527 3844 mrxsmb - ok
09:09:51.0573 3844 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:09:51.0579 3844 mrxsmb10 - ok
09:09:51.0598 3844 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:09:51.0602 3844 mrxsmb20 - ok
09:09:51.0642 3844 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
09:09:51.0645 3844 msahci - ok
09:09:51.0678 3844 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
09:09:51.0682 3844 msdsm - ok
09:09:51.0718 3844 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:09:51.0722 3844 Msfs - ok
09:09:51.0736 3844 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:09:51.0738 3844 mshidkmdf - ok
09:09:51.0757 3844 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
09:09:51.0760 3844 msisadrv - ok
09:09:51.0800 3844 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:09:51.0802 3844 MSKSSRV - ok
09:09:51.0824 3844 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:09:51.0827 3844 MSPCLOCK - ok
09:09:51.0839 3844 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:09:51.0841 3844 MSPQM - ok
09:09:51.0870 3844 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:09:51.0874 3844 MsRPC - ok
09:09:51.0894 3844 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
09:09:51.0897 3844 mssmbios - ok
09:09:51.0916 3844 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:09:51.0919 3844 MSTEE - ok
09:09:51.0944 3844 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:09:51.0946 3844 MTConfig - ok
09:09:51.0970 3844 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:09:51.0973 3844 Mup - ok
09:09:52.0016 3844 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:09:52.0023 3844 NativeWifiP - ok
09:09:52.0055 3844 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
09:09:52.0083 3844 NDIS - ok
09:09:52.0104 3844 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:09:52.0107 3844 NdisCap - ok
09:09:52.0137 3844 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:09:52.0140 3844 NdisTapi - ok
09:09:52.0160 3844 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
09:09:52.0163 3844 Ndisuio - ok
09:09:52.0182 3844 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
09:09:52.0186 3844 NdisWan - ok
09:09:52.0205 3844 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
09:09:52.0209 3844 NDProxy - ok
09:09:52.0228 3844 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:09:52.0231 3844 NetBIOS - ok
09:09:52.0253 3844 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
09:09:52.0258 3844 NetBT - ok
09:09:52.0304 3844 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:09:52.0307 3844 nfrd960 - ok
09:09:52.0335 3844 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:09:52.0339 3844 Npfs - ok
09:09:52.0366 3844 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:09:52.0368 3844 nsiproxy - ok
09:09:52.0434 3844 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
09:09:52.0469 3844 Ntfs - ok
09:09:52.0522 3844 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
09:09:52.0525 3844 NuidFltr - ok
09:09:52.0547 3844 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:09:52.0550 3844 Null - ok
09:09:52.0597 3844 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
09:09:52.0601 3844 nvraid - ok
09:09:52.0637 3844 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
09:09:52.0641 3844 nvstor - ok
09:09:52.0666 3844 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
09:09:52.0670 3844 nv_agp - ok
09:09:52.0705 3844 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
09:09:52.0708 3844 ohci1394 - ok
09:09:52.0753 3844 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:09:52.0757 3844 Parport - ok
09:09:52.0774 3844 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
09:09:52.0777 3844 partmgr - ok
09:09:52.0796 3844 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:09:52.0800 3844 Parvdm - ok
09:09:52.0840 3844 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
09:09:52.0843 3844 PBADRV - ok
09:09:52.0888 3844 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
09:09:52.0893 3844 pci - ok
09:09:52.0932 3844 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
09:09:52.0934 3844 pciide - ok
09:09:52.0966 3844 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:09:52.0970 3844 pcmcia - ok
09:09:52.0990 3844 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:09:52.0993 3844 pcw - ok
09:09:53.0023 3844 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:09:53.0036 3844 PEAUTH - ok
09:09:53.0078 3844 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys
09:09:53.0080 3844 Point32 - ok
09:09:53.0113 3844 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:09:53.0117 3844 PptpMiniport - ok
09:09:53.0143 3844 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:09:53.0146 3844 Processor - ok
09:09:53.0181 3844 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:09:53.0184 3844 Psched - ok
09:09:53.0219 3844 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
09:09:53.0223 3844 PxHelp20 - ok
09:09:53.0276 3844 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:09:53.0313 3844 ql2300 - ok
09:09:53.0334 3844 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:09:53.0337 3844 ql40xx - ok
09:09:53.0355 3844 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:09:53.0357 3844 QWAVEdrv - ok
09:09:53.0382 3844 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:09:53.0384 3844 RasAcd - ok
09:09:53.0426 3844 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:09:53.0429 3844 RasAgileVpn - ok
09:09:53.0474 3844 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:09:53.0477 3844 Rasl2tp - ok
09:09:53.0511 3844 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:09:53.0515 3844 RasPppoe - ok
09:09:53.0549 3844 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:09:53.0554 3844 RasSstp - ok
09:09:53.0579 3844 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
09:09:53.0586 3844 rdbss - ok
09:09:53.0602 3844 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:09:53.0616 3844 rdpbus - ok
09:09:53.0637 3844 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:09:53.0640 3844 RDPCDD - ok
09:09:53.0682 3844 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
09:09:53.0686 3844 RDPDR - ok
09:09:53.0708 3844 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:09:53.0710 3844 RDPENCDD - ok
09:09:53.0730 3844 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:09:53.0732 3844 RDPREFMP - ok
09:09:53.0758 3844 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
09:09:53.0764 3844 RDPWD - ok
09:09:53.0786 3844 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
09:09:53.0791 3844 rdyboost - ok
09:09:53.0829 3844 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
09:09:53.0833 3844 RFCOMM - ok
09:09:53.0872 3844 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys
09:09:53.0874 3844 rimspci - ok
09:09:53.0885 3844 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\Windows\system32\DRIVERS\risdpe86.sys
09:09:53.0887 3844 risdpcie - ok
09:09:53.0905 3844 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\Windows\system32\DRIVERS\rixdpe86.sys
09:09:53.0909 3844 rixdpcie - ok
09:09:53.0941 3844 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:09:53.0944 3844 rspndr - ok
09:09:53.0974 3844 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
09:09:53.0977 3844 s3cap - ok
09:09:54.0013 3844 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
09:09:54.0017 3844 sbp2port - ok
09:09:54.0042 3844 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
09:09:54.0045 3844 scfilter - ok
09:09:54.0096 3844 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:09:54.0102 3844 secdrv - ok
09:09:54.0141 3844 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:09:54.0142 3844 Serenum - ok
09:09:54.0165 3844 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:09:54.0168 3844 Serial - ok
09:09:54.0195 3844 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:09:54.0198 3844 sermouse - ok
09:09:54.0225 3844 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
09:09:54.0227 3844 sffdisk - ok
09:09:54.0241 3844 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:09:54.0243 3844 sffp_mmc - ok
09:09:54.0257 3844 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:09:54.0259 3844 sffp_sd - ok
09:09:54.0279 3844 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:09:54.0281 3844 sfloppy - ok
09:09:54.0320 3844 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
09:09:54.0323 3844 sisagp - ok
09:09:54.0350 3844 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:09:54.0352 3844 SiSRaid2 - ok
09:09:54.0376 3844 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:09:54.0379 3844 SiSRaid4 - ok
09:09:54.0405 3844 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:09:54.0409 3844 Smb - ok
09:09:54.0451 3844 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:09:54.0454 3844 spldr - ok
09:09:54.0500 3844 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
09:09:54.0509 3844 srv - ok
09:09:54.0531 3844 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
09:09:54.0539 3844 srv2 - ok
09:09:54.0576 3844 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
09:09:54.0581 3844 srvnet - ok
09:09:54.0655 3844 stdflt (a5b83c8050572622e5c43b5b3326a129) C:\Windows\system32\DRIVERS\stdfltn.sys
09:09:54.0658 3844 stdflt - ok
09:09:54.0678 3844 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:09:54.0681 3844 stexstor - ok
09:09:54.0728 3844 STHDA (2b50cfed920d4cd973adbaaad3fe704f) C:\Windows\system32\DRIVERS\stwrt.sys
09:09:54.0738 3844 STHDA - ok
09:09:54.0772 3844 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
09:09:54.0775 3844 storflt - ok
09:09:54.0805 3844 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
09:09:54.0807 3844 storvsc - ok
09:09:54.0827 3844 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
09:09:54.0829 3844 swenum - ok
09:09:54.0929 3844 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
09:09:54.0965 3844 Tcpip - ok
09:09:54.0992 3844 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
09:09:55.0001 3844 TCPIP6 - ok
09:09:55.0017 3844 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
09:09:55.0019 3844 tcpipreg - ok
09:09:55.0044 3844 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
09:09:55.0046 3844 TDPIPE - ok
09:09:55.0061 3844 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
09:09:55.0063 3844 TDTCP - ok
09:09:55.0083 3844 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
09:09:55.0087 3844 tdx - ok
09:09:55.0103 3844 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
09:09:55.0106 3844 TermDD - ok
09:09:55.0136 3844 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:09:55.0137 3844 tssecsrv - ok
09:09:55.0158 3844 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
09:09:55.0161 3844 tunnel - ok
09:09:55.0185 3844 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:09:55.0188 3844 uagp35 - ok
09:09:55.0232 3844 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
09:09:55.0239 3844 udfs - ok
09:09:55.0285 3844 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:09:55.0288 3844 uliagpkx - ok
09:09:55.0309 3844 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
09:09:55.0313 3844 umbus - ok
09:09:55.0333 3844 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:09:55.0336 3844 UmPass - ok
09:09:55.0378 3844 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
09:09:55.0381 3844 usbccgp - ok
09:09:55.0401 3844 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
09:09:55.0406 3844 usbcir - ok
09:09:55.0443 3844 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
09:09:55.0445 3844 usbehci - ok
09:09:55.0492 3844 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
09:09:55.0499 3844 usbhub - ok
09:09:55.0537 3844 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
09:09:55.0539 3844 usbohci - ok
09:09:55.0553 3844 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:09:55.0556 3844 usbprint - ok
09:09:55.0602 3844 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:09:55.0605 3844 usbscan - ok
09:09:55.0645 3844 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:09:55.0648 3844 USBSTOR - ok
09:09:55.0699 3844 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
09:09:55.0701 3844 usbuhci - ok
09:09:55.0744 3844 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
09:09:55.0749 3844 usbvideo - ok
09:09:55.0784 3844 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:09:55.0788 3844 vdrvroot - ok
09:09:55.0816 3844 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:09:55.0819 3844 vga - ok
09:09:55.0839 3844 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:09:55.0842 3844 VgaSave - ok
09:09:55.0879 3844 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
09:09:55.0883 3844 vhdmp - ok
09:09:55.0921 3844 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
09:09:55.0923 3844 viaagp - ok
09:09:55.0943 3844 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:09:55.0947 3844 ViaC7 - ok
09:09:55.0975 3844 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
09:09:55.0978 3844 viaide - ok
09:09:56.0024 3844 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
09:09:56.0030 3844 vmbus - ok
09:09:56.0048 3844 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
09:09:56.0051 3844 VMBusHID - ok
09:09:56.0090 3844 vmci (891c6820a9109ddb6b980399e9c7cd94) C:\Windows\system32\Drivers\vmci.sys
09:09:56.0093 3844 vmci - ok
09:09:56.0116 3844 vmkbd (dcd2f4a14795e8a8114a7cae2a9b9465) C:\Windows\system32\drivers\VMkbd.sys
09:09:56.0119 3844 vmkbd - ok
09:09:56.0132 3844 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
09:09:56.0135 3844 VMnetAdapter - ok
09:09:56.0153 3844 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
09:09:56.0156 3844 VMnetBridge - ok
09:09:56.0177 3844 VMnetuserif (b505164f82029ca42ecdf56acab3a2a3) C:\Windows\system32\drivers\vmnetuserif.sys
09:09:56.0180 3844 VMnetuserif - ok
09:09:56.0211 3844 VMparport (9ece00b4749ab2baa5955f322e8f1284) C:\Windows\system32\Drivers\VMparport.sys
09:09:56.0214 3844 VMparport - ok
09:09:56.0290 3844 vmx86 (fea33538b0123b03b38143bf05295a76) C:\Windows\system32\Drivers\vmx86.sys
09:09:56.0317 3844 vmx86 - ok
09:09:56.0340 3844 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
09:09:56.0343 3844 volmgr - ok
09:09:56.0363 3844 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:09:56.0371 3844 volmgrx - ok
09:09:56.0393 3844 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
09:09:56.0399 3844 volsnap - ok
09:09:56.0433 3844 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:09:56.0437 3844 vsmraid - ok
09:09:56.0550 3844 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware View\Client\Local Mode\vstor2-ws60.sys
09:09:56.0553 3844 vstor2-ws60 - ok
09:09:56.0574 3844 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:09:56.0578 3844 vwifibus - ok
09:09:56.0604 3844 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:09:56.0607 3844 vwififlt - ok
09:09:56.0633 3844 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:09:56.0635 3844 WacomPen - ok
09:09:56.0652 3844 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:09:56.0663 3844 WANARP - ok
09:09:56.0667 3844 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:09:56.0669 3844 Wanarpv6 - ok
09:09:56.0717 3844 WavxDMgr (b5a4dc2aa19f0d4594f7897e87a10d21) C:\Windows\system32\DRIVERS\WavxDMgr.sys
09:09:56.0729 3844 WavxDMgr - ok
09:09:56.0764 3844 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:09:56.0766 3844 Wd - ok
09:09:56.0785 3844 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:09:56.0796 3844 Wdf01000 - ok
09:09:56.0828 3844 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:09:56.0830 3844 WfpLwf - ok
09:09:56.0845 3844 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:09:56.0847 3844 WIMMount - ok
09:09:56.0909 3844 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
09:09:56.0913 3844 WinUsb - ok
09:09:56.0955 3844 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:09:56.0957 3844 WmiAcpi - ok
09:09:56.0985 3844 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:09:56.0986 3844 ws2ifsl - ok
09:09:57.0045 3844 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
09:09:57.0049 3844 WudfPf - ok
09:09:57.0076 3844 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:09:57.0080 3844 WUDFRd - ok
09:09:57.0114 3844 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
09:09:57.0142 3844 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
09:09:57.0143 3844 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
09:09:57.0281 3844 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:09:57.0281 3844 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:09:57.0288 3844 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
09:09:57.0386 3844 \Device\Harddisk1\DR1 - ok
09:09:57.0410 3844 Boot (0x1200) (ec8238ec0d526c3c8fbd42e890223d8d) \Device\Harddisk0\DR0\Partition0
09:09:57.0411 3844 \Device\Harddisk0\DR0\Partition0 - ok
09:09:57.0425 3844 Boot (0x1200) (2f28321f1a1044e2f6fa23c9b53d6d09) \Device\Harddisk0\DR0\Partition1
09:09:57.0427 3844 \Device\Harddisk0\DR0\Partition1 - ok
09:09:57.0433 3844 Boot (0x1200) (3ffb5790c0f402f00b1b2d51aa28958e) \Device\Harddisk1\DR1\Partition0
09:09:57.0434 3844 \Device\Harddisk1\DR1\Partition0 - ok
09:09:57.0435 3844 ============================================================
09:09:57.0435 3844 Scan finished
09:09:57.0435 3844 ============================================================
09:09:57.0450 4588 Detected object count: 2
09:09:57.0450 4588 Actual detected object count: 2
09:12:04.0094 4588 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
09:12:04.0094 4588 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
09:12:04.0096 4588 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:12:04.0096 4588 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip




GMER log:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-11 09:48:10
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD32 rev.01.0
Running: l0mryy38.exe; Driver: C:\Users\ALENKA~1\AppData\Local\Temp\uwloauob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xADF71F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xADF71FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xADF72080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xADF7211C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C7D5D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA2092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 518 82CA9B58 4 Bytes [3C, 1F, F7, AD]
.text ntkrnlpa.exe!RtlSidHashLookup + 7E8 82CA9E28 8 Bytes [E4, 1F, F7, AD, 80, 20, F7, ...] {IN AL, 0x1f; IMUL DWORD [EBP-0x5208df80]}
.text ntkrnlpa.exe!RtlSidHashLookup + 85C 82CA9E9C 4 Bytes [1C, 21, F7, AD]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1516] kernel32.dll!WriteFile 75FB116C 5 Bytes JMP 0037000A
.text C:\Windows\system32\svchost.exe[1516] USER32.dll!GetCursorPos 7734C198 5 Bytes JMP 0105000A
.text C:\Windows\system32\svchost.exe[1516] USER32.dll!GetForegroundWindow 7735565D 5 Bytes JMP 0107000A
.text C:\Windows\system32\svchost.exe[1516] USER32.dll!WindowFromPoint 77376D0C 5 Bytes JMP 0106000A
.text C:\Windows\system32\svchost.exe[1516] ole32.dll!CoCreateInstance 7631590C 5 Bytes JMP 009C000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3280] USER32.dll!SetWindowLongA 7734B1E3 5 Bytes JMP 5EF80A32 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3280] USER32.dll!SetWindowLongW 77356614 5 Bytes JMP 5EF809C4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3280] USER32.dll!GetWindowInfo 77356A82 5 Bytes JMP 5ED1142A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3280] USER32.dll!TrackPopupMenu 77374B3B 5 Bytes JMP 5ED119DE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6248] ntdll.dll!LdrLoadDll 77C7F425 5 Bytes JMP 5EB964D0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVG\AVG2012\avgui.exe[1464] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG2012\avgui.exe[1464] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG2012\avgui.exe[1464] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG2012\avgui.exe[1464] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG2012\avgui.exe[1464] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG2012\avgui.exe[1464] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2052] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [754C5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys

Device \Driver\usbehci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-2 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-3 hcmon.sys

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbhub \Device\USBPDO-5 hcmon.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\00000082 hcmon.sys
Device \Driver\usbhub \Device\00000083 hcmon.sys

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbehci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbhub \Device\0000007b hcmon.sys
Device \Driver\usbhub \Device\0000007d hcmon.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c659d0126d8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c659d0126d8 (not active ControlSet)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----





aswMBR log:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 09:51:39
-----------------------------
09:51:39.147 OS Version: Windows 6.1.7600
09:51:39.147 Number of processors: 4 586 0x2502
09:51:39.148 ComputerName: ALENKA213-PC UserName: alenka213
09:51:43.457 Initialize success
09:53:17.143 AVAST engine defs: 12021100
09:53:41.184 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:53:41.190 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
09:53:41.313 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007c
09:53:41.317 Disk 1 Vendor: RICOH 01 Size: 3776MB BusType: 0
09:53:41.664 Disk 0 MBR read error 0
09:53:41.669 Disk 0 MBR scan
09:53:41.794 Disk 0 unknown MBR code
09:53:41.798 MBR BIOS signature not found 0
09:53:41.802 Disk 0 scanning sectors +625140400
09:53:42.618 Disk 0 scanning C:\Windows\system32\drivers
09:58:01.365 Service scanning
09:58:02.471 Modules scanning
09:58:53.401 Disk 0 trace - called modules:
09:58:53.868 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8860849f]<<
09:58:53.874 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8814c030]
09:58:53.879 3 CLASSPNP.SYS[8b38f59e] -> nt!IofCallDriver -> [0x8814b6e0]
09:58:53.885 5 stdfltn.sys[8b5f870c] -> nt!IofCallDriver -> [0x8660ff08]
09:58:53.891 7 ACPI.sys[834463b2] -> nt!IofCallDriver -> \IAAStorageDevice-1[0x865b7028]
09:58:53.897 \Driver\iaStor[0x884fcab8] -> IRP_MJ_CREATE -> 0x8860849f
09:58:55.476 AVAST engine scan C:\Windows
09:59:14.549 AVAST engine scan C:\Windows\system32
10:03:44.395 AVAST engine scan C:\Windows\system32\drivers
10:04:02.684 AVAST engine scan C:\Users\alenka213
10:11:35.387 AVAST engine scan C:\ProgramData
10:12:20.975 File: C:\ProgramData\Microsoft\Windows\DRM\72CB.tmp **INFECTED** Win32:Malware-gen
10:12:29.949 Scan finished successfully
10:14:30.639 Disk 0 MBR has been saved successfully to "C:\Users\alenka213\Desktop\Virus Removal Software\MBR.dat"
10:14:30.644 The log file has been saved successfully to "C:\Users\alenka213\Desktop\Virus Removal Software\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:38 AM

Posted 11 February 2012 - 10:31 AM

09:09:57.0450 4588 Actual detected object count: 2
09:12:04.0094 4588 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
09:12:04.0094 4588 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
09:12:04.0096 4588 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:12:04.0096 4588 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



Download a new copy of TDSSkiller,launch it,click on SCAN,make sure to CURE OR DELETE both of them,do not skip them

Restart your PC and run aswmbr again and post the log

#5 GroovieUV

GroovieUV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:38 AM

Posted 11 February 2012 - 11:17 AM

Done. Here is the report:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 11:07:40
-----------------------------
11:07:40.114 OS Version: Windows 6.1.7600
11:07:40.114 Number of processors: 4 586 0x2502
11:07:40.115 ComputerName: ALENKA213-PC UserName: alenka213
11:07:41.816 Initialize success
11:07:48.227 AVAST engine defs: 12021100
11:07:49.358 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:07:49.364 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
11:07:49.370 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000082
11:07:49.375 Disk 1 Vendor: RICOH 01 Size: 3776MB BusType: 0
11:07:49.396 Disk 0 MBR read successfully
11:07:49.403 Disk 0 MBR scan
11:07:49.438 Disk 0 Windows VISTA default MBR code
11:07:49.447 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:07:49.486 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:07:49.509 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
11:07:49.524 Disk 0 scanning sectors +625140400
11:07:49.612 Disk 0 scanning C:\Windows\system32\drivers
11:08:01.401 Service scanning
11:08:03.110 Modules scanning
11:08:09.028 Disk 0 trace - called modules:
11:08:09.053 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys halmacpi.dll iaStor.sys
11:08:09.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d4c448]
11:08:09.078 3 CLASSPNP.SYS[8b3c559e] -> nt!IofCallDriver -> [0x87d4c9a0]
11:08:09.087 5 stdfltn.sys[8b5cc70c] -> nt!IofCallDriver -> [0x86209950]
11:08:09.096 7 ACPI.sys[8ac303b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861b1028]
11:08:10.457 AVAST engine scan C:\Windows
11:08:13.166 AVAST engine scan C:\Windows\system32
11:10:32.789 AVAST engine scan C:\Windows\system32\drivers
11:10:58.658 AVAST engine scan C:\Users\alenka213
11:15:24.476 AVAST engine scan C:\ProgramData
11:16:12.766 File: C:\ProgramData\Microsoft\Windows\DRM\72CB.tmp **INFECTED** Win32:Malware-gen
11:16:20.026 Scan finished successfully
11:17:10.751 Disk 0 MBR has been saved successfully to "C:\Users\alenka213\Desktop\Virus Removal Software\MBR.dat"
11:17:10.758 The log file has been saved successfully to "C:\Users\alenka213\Desktop\Virus Removal Software\aswMBR2.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:38 AM

Posted 11 February 2012 - 11:30 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Post the clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 GroovieUV

GroovieUV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:38 AM

Posted 11 February 2012 - 01:24 PM

Done.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
alenka213 :: ALENKA213-PC [administrator]

Protection: Enabled

2/11/2012 11:36:07 AM
mbam-log-2012-02-11 (11-36-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266396
Time elapsed: 38 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\Microsoft\Windows\DRM\72CB.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.

(end)




ESET:

C:\Qoobox\Quarantine\C\Users\alenka213\AppData\Roaming\Mozilla\Firefox\Profiles\su9ercpx.default\extensions\{8e6427a0-abbe-4184-937d-169b917b61c6}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\tdlfs0000\tsk0003.dta Win32/Olmarik.AYG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\tdlfs0000\tsk0005.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.02.2012_11.02.36\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\alenka213\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\d50c015-2af15786 Java/Agent.BV trojan deleted - quarantined
C:\Users\alenka213\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2f31845f-1f12f69b Java/Agent.BV trojan deleted - quarantined
C:\Users\alenka213\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\121b07f9-23b9c31c multiple threats deleted - quarantined
C:\Windows\Temp\jar_cache9101296375946125300.tmp a variant of Java/TrojanDownloader.OpenStream.NCD trojan deleted - quarantined






MiniToolBox by Farbar Version: 18-01-2012
Ran by alenka213 (administrator) on 11-02-2012 at 13:19:13
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
add address name="VMware Network Adapter VMnet1" address=192.168.242.1
add address name="VMware Network Adapter VMnet8" address=192.168.150.1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : alenka213-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physical Address. . . . . . . . . : 00-FF-70-DB-8C-88
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 1C-65-9D-01-26-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 70-F1-A1-EA-52-96
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::35cf:2f2f:8784:b2bf%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, February 11, 2012 12:20:04 PM
Lease Expires . . . . . . . . . . : Sunday, February 12, 2012 12:20:04 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 225505697
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-E4-F9-52-F0-4D-A2-7B-79-AA
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : F0-4D-A2-C8-A3-1E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9dc6:1ba8:213c:d97a%19(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.242.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 553668694
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-E4-F9-52-F0-4D-A2-7B-79-AA
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::688c:3900:7e78:5e03%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.150.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 587223126
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-E4-F9-52-F0-4D-A2-7B-79-AA
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FEBED2E7-FD6D-4E35-AADE-711ED763B9CB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{974368E0-199C-4927-9062-C26000C58000}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.113.105
74.125.113.103
74.125.113.99
74.125.113.106
74.125.113.104
74.125.113.147


Pinging google.com [74.125.113.106] with 32 bytes of data:
Reply from 74.125.113.106: bytes=32 time=28ms TTL=252
Reply from 74.125.113.106: bytes=32 time=25ms TTL=252

Ping statistics for 74.125.113.106:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 28ms, Average = 26ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=91ms TTL=250
Reply from 98.137.149.56: bytes=32 time=93ms TTL=250

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 91ms, Maximum = 93ms, Average = 92ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 4ms, Average = 3ms
===========================================================================
Interface List
16...00 ff 70 db 8c 88 ......Juniper Network Connect Virtual Adapter
13...1c 65 9d 01 26 d8 ......Bluetooth Device (Personal Area Network)
12...70 f1 a1 ea 52 96 ......DW1501 Wireless-N WLAN Half-Mini Card
11...f0 4d a2 c8 a3 1e ......Broadcom NetXtreme 57xx Gigabit Controller
19...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
20...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 281
192.168.1.3 255.255.255.255 On-link 192.168.1.3 281
192.168.1.255 255.255.255.255 On-link 192.168.1.3 281
192.168.150.0 255.255.255.0 On-link 192.168.150.1 276
192.168.150.1 255.255.255.255 On-link 192.168.150.1 276
192.168.150.255 255.255.255.255 On-link 192.168.150.1 276
192.168.242.0 255.255.255.0 On-link 192.168.242.1 276
192.168.242.1 255.255.255.255 On-link 192.168.242.1 276
192.168.242.255 255.255.255.255 On-link 192.168.242.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.242.1 276
224.0.0.0 240.0.0.0 On-link 192.168.150.1 276
224.0.0.0 240.0.0.0 On-link 192.168.1.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.242.1 276
255.255.255.255 255.255.255.255 On-link 192.168.150.1 276
255.255.255.255 255.255.255.255 On-link 192.168.1.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
19 276 fe80::/64 On-link
20 276 fe80::/64 On-link
12 281 fe80::/64 On-link
12 281 fe80::35cf:2f2f:8784:b2bf/128
On-link
20 276 fe80::688c:3900:7e78:5e03/128
On-link
19 276 fe80::9dc6:1ba8:213c:d97a/128
On-link
1 306 ff00::/8 On-link
19 276 ff00::/8 On-link
20 276 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Program Files\VMware\VMware View\Client\Local Mode\vsocklib.dll [346736] (VMware, Inc.)
Catalog9 13 C:\Program Files\VMware\VMware View\Client\Local Mode\vsocklib.dll [346736] (VMware, Inc.)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/11/2012 01:16:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d6878c3
Faulting module name: TdmIconOverlay.dll, version: 3.3.0.396, time stamp: 0x4b0c7063
Exception code: 0x40000015
Fault offset: 0x0000313b
Faulting process id: 0x87c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (02/11/2012 00:18:58 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription

Error: (02/09/2012 10:12:24 PM) (Source: EventSystem) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/09/2012 09:38:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070008, Not enough storage is available to process this command.
]

Error: (02/09/2012 09:38:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070008, Not enough storage is available to process this command.
]

Error: (02/09/2012 05:45:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (02/08/2012 11:00:59 PM) (Source: EventSystem) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/08/2012 09:36:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d6878c3
Faulting module name: TdmIconOverlay.dll, version: 3.3.0.396, time stamp: 0x4b0c7063
Exception code: 0x40000015
Fault offset: 0x0000313b
Faulting process id: 0x9fc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (02/07/2012 07:04:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/07/2012 07:44:09 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription


System errors:
=============
Error: (02/11/2012 00:20:47 PM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/11/2012 00:20:04 PM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/11/2012 11:05:31 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/11/2012 11:04:48 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/11/2012 11:04:47 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:03:15 AM on ?2/?11/?2012 was unexpected.

Error: (02/10/2012 06:16:03 PM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/10/2012 06:13:42 PM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (02/10/2012 06:13:18 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:48:51 PM on ?2/?9/?2012 was unexpected.

Error: (02/09/2012 11:47:45 PM) (Source: Service Control Manager) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1054

Error: (02/09/2012 11:47:45 PM) (Source: Service Control Manager) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1054


Microsoft Office Sessions:
=========================
Error: (02/11/2012 01:16:33 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.167684d6878c3TdmIconOverlay.dll3.3.0.3964b0c7063400000150000313b87c01cce8e16ac15d34C:\Windows\Explorer.EXEC:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll8685d0f9-54dc-11e1-8311-1c659d0126d8

Error: (02/11/2012 00:18:58 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription

Error: (02/09/2012 10:12:24 PM) (Source: EventSystem)(User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/09/2012 09:38:50 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070008, Not enough storage is available to process this command.

Error: (02/09/2012 09:38:50 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070008, Not enough storage is available to process this command.

Error: (02/09/2012 05:45:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\system32\NetCfgx.dllC:\Windows\system32\NetCfgx.dll0

Error: (02/08/2012 11:00:59 PM) (Source: EventSystem)(User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/08/2012 09:36:50 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.167684d6878c3TdmIconOverlay.dll3.3.0.3964b0c7063400000150000313b9fc01cce5966f621236C:\Windows\Explorer.EXEC:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dlleaf58d6a-52c6-11e1-a8a4-1c659d0126d8

Error: (02/07/2012 07:04:56 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files\VMware\vmware view\Client\local mode\vssSnapVista64.exe

Error: (02/07/2012 07:44:09 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription


=========================== Installed Programs ============================

7-Zip 4.65
AccelerometerP11 (Version: 2.00.00.12)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.23)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.4.7 (Version: 9.4.7)
AuthenTec Fingerprint Software (Version: 8.4.4.20)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
BioAPI Framework (Version: 1.0.1)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.55.04)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
D3DX10 (Version: 15.4.2368.0902)
DCP32MMWrapper (Version: 1.6.455.70)
Dell Backup and Recovery Manager (Version: 1.2.3)
Dell Control Point (Version: 1.6.455.70)
Dell ControlPoint Security Manager (Version: 1.6.455.70)
Dell ControlPoint System Manager (Version: 1.4.00000)
Dell Edoc Viewer (Version: 1.0.0)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.00.085)
Dell Security Device Driver Pack (Version: 1.4.055)
Dell Touchpad (Version: 7.1006.101.118)
Dell Webcam Central (Version: 1.40.28)
Document Manager Lite (Version: 06.09.00.147)
DW WLAN Card Utility (Version: 5.60.48.35)
EMBASSY Security Center (Version: 04.00.00.075)
EMBASSY Security Setup (Version: 04.00.00.066)
ESC Home Page Plugin (Version: 04.00.00.010)
ESET Online Scanner v3
Gemalto (Version: 01.01.00.0000)
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.5801)
H&R Block Maryland 2011 (Version: 1.11.5401)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.0.334.0)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)
HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.0.334.0)
HP Photo Creations (Version: 1.0.0.3341)
HP Update (Version: 5.002.005.003)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2104)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Juniper Networks Network Connect 6.5.0 (Version: 6.5.0.15551)
Juniper Networks Setup Client (Version: 2.1.3.6931)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Reader
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 10.0.1 (x86 en-US) (Version: 10.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTRU TCG Software Stack (Version: 2.1.29)
O2Micro OZ776 SCR Driver (Version: 1.1.4.209GS)
Opera 11.60 (Version: 11.60.1185)
Picasa 3 (Version: 3.8)
PowerDVD DX (Version: 8.3.6029)
Preboot Manager (Version: 03.00.00.089)
Private Information Manager (Version: 06.04.00.057)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Security Wizards (Version: 01.07.00.023)
Skype™ 5.5 (Version: 5.5.124)
SO32MMWrapper (Version: 1.6.455.70)
Trusted Drive Manager (Version: 3.3.0.396)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wmdiper (Version: 010.000.1238)
TurboTax 2010 wrapper (Version: 010.000.0157)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0)
VMware View Client (Version: 4.6.0.366101)
Wave Infrastructure Installer (Version: 07.01.21.0015)
Wave Support Software (Version: 05.10.00.062)
WIDCOMM Bluetooth Software (Version: 6.3.0.3102)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0) (Version: 05/13/2009 8.4.2.0)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 2933.85 MB
Available physical RAM: 1703.21 MB
Total Pagefile: 5865.98 MB
Available Pagefile: 4355.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.65 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:225.7 GB) NTFS
2 Drive d: (DVDIRECT_DISC_00140FDA46D) (CDROM) (Total:0.51 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\ALENKA213-PC

__vmware_user__ Administrator alenka213
Guest


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:38 AM

Posted 11 February 2012 - 04:17 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 GroovieUV

GroovieUV
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:38 AM

Posted 11 February 2012 - 04:39 PM

Thanks so much! The problem appears to be fixed!

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:38 AM

Posted 11 February 2012 - 05:05 PM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users