Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

isecurity virus


  • Please log in to reply
15 replies to this topic

#1 psychedelic__

psychedelic__

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 12 February 2012 - 01:24 AM

In the last day 36 hours or so, I have noticed that I may have a redirect virus. It doesn't happen all the time, but I have read that these things tend to increase in frequency as time passes.

On two occasions, I clicked on a link from a Google search and was redirected to different sites. The sites were all about planning parties (I have made recent Google searches about planning parties so maybe the two are somehow related?). I used the back button on my browser and tried again, the same thing happened. A little while later, the link worked just fine.

I didn't really think too much of it until, today, I was reading a blog and clicked on an entry and I saw an "Internal server error" message which seemed legit but then when I tried to click on the same entry again a few minutes later, it worked fine.

So I think I do have some sort of redirect virus but I don't know how to fix it.

I use AVG (I know, I know, I really should buy proper anti-virus software which I am planning to do very soon). I did a full computer scan yesterday and currently have a warning, three infections and one malware in the 'Virus vault' of AVG. I don't know if I'm supposed to delete them?

I did try (as some websites have suggested) to find "TDSSserve.sys" but it is not there under the Device Manager in Control Panel. I read that this means that my computer is clean but I don't think it is.

I currently have a Dell Inspiron 1318. I use Windows Vista Home Premium. The browser I use is Firefox 10.0 and I don't use other browsers so I don't know if it is affecting other browsers.

What should I do? If there is any other information I should give, just let me know :)

PS. Another question - if I backup my files on a USB, will the virus carry onto the USB? I'm really scared of losing my files since I haven't backed up in a while.

Edited by psychedelic__, 12 February 2012 - 01:27 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:46 PM

Posted 12 February 2012 - 01:30 PM

Hi

Lets see if we can remove the redirect virus


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 psychedelic__

psychedelic__
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 February 2012 - 08:32 AM

narenxp, thank you very much for your help. Sorry for the delay in replying to your post but I have done as you have requested, my results are below.

I thought I should also let you know that it appears that the redirect virus is no longer there which I don't understand. The redirect virus hasn't done anything since the 12th of February (my last post) and I don't understand why. It almost seems that the virus is not present.




TDDSSkiller:

22:20:39.0814 3732 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
22:20:42.0468 3732 ============================================================
22:20:42.0469 3732 Current date / time: 2012/02/25 22:20:42.0468
22:20:42.0469 3732 SystemInfo:
22:20:42.0469 3732
22:20:42.0469 3732 OS Version: 6.0.6001 ServicePack: 1.0
22:20:42.0469 3732 Product type: Workstation
22:20:42.0469 3732 ComputerName: DEFAULT-PC
22:20:42.0470 3732 UserName: default
22:20:42.0470 3732 Windows directory: C:\Windows
22:20:42.0470 3732 System windows directory: C:\Windows
22:20:42.0470 3732 Processor architecture: Intel x86
22:20:42.0470 3732 Number of processors: 2
22:20:42.0470 3732 Page size: 0x1000
22:20:42.0470 3732 Boot type: Normal boot
22:20:42.0470 3732 ============================================================
22:20:49.0912 3732 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:20:49.0914 3732 \Device\Harddisk0\DR0:
22:20:49.0914 3732 MBR used
22:20:49.0914 3732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
22:20:49.0914 3732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x1167D6B0
22:20:51.0139 3732 Initialize success
22:20:51.0139 3732 ============================================================
22:21:09.0207 5676 ============================================================
22:21:09.0207 5676 Scan started
22:21:09.0207 5676 Mode: Manual; TDLFS;
22:21:09.0207 5676 ============================================================
22:21:13.0728 5676 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
22:21:13.0736 5676 ACPI - ok
22:21:14.0470 5676 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:21:14.0979 5676 adp94xx - ok
22:21:15.0542 5676 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:21:15.0833 5676 adpahci - ok
22:21:16.0132 5676 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:21:16.0288 5676 adpu160m - ok
22:21:16.0572 5676 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:21:16.0576 5676 adpu320 - ok
22:21:16.0919 5676 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
22:21:17.0042 5676 AFD - ok
22:21:17.0292 5676 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:21:17.0315 5676 agp440 - ok
22:21:17.0507 5676 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:21:17.0511 5676 aic78xx - ok
22:21:17.0635 5676 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:21:17.0637 5676 aliide - ok
22:21:17.0786 5676 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:21:17.0806 5676 amdagp - ok
22:21:17.0935 5676 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:21:18.0002 5676 amdide - ok
22:21:18.0681 5676 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:21:18.0803 5676 AmdK7 - ok
22:21:19.0043 5676 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:21:19.0410 5676 AmdK8 - ok
22:21:19.0714 5676 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:21:19.0717 5676 arc - ok
22:21:19.0879 5676 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:21:19.0882 5676 arcsas - ok
22:21:20.0497 5676 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:20.0575 5676 AsyncMac - ok
22:21:20.0785 5676 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
22:21:20.0787 5676 atapi - ok
22:21:20.0942 5676 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
22:21:20.0998 5676 Avgfwfd - ok
22:21:21.0387 5676 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:21:21.0393 5676 AVGIDSDriver - ok
22:21:21.0731 5676 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:21:21.0732 5676 AVGIDSEH - ok
22:21:21.0913 5676 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:21:21.0915 5676 AVGIDSFilter - ok
22:21:22.0281 5676 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
22:21:22.0282 5676 AVGIDSShim - ok
22:21:22.0563 5676 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
22:21:22.0567 5676 Avgldx86 - ok
22:21:22.0801 5676 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
22:21:22.0803 5676 Avgmfx86 - ok
22:21:23.0152 5676 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
22:21:23.0154 5676 Avgrkx86 - ok
22:21:23.0613 5676 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
22:21:23.0624 5676 Avgtdix - ok
22:21:23.0795 5676 b57nd60x (f17463eddb3b6a988f939ff403e067c3) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:21:23.0873 5676 b57nd60x - ok
22:21:24.0387 5676 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:21:24.0408 5676 Beep - ok
22:21:24.0750 5676 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:21:24.0764 5676 blbdrive - ok
22:21:24.0953 5676 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
22:21:25.0010 5676 bowser - ok
22:21:25.0461 5676 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:21:25.0496 5676 BrFiltLo - ok
22:21:25.0549 5676 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:21:25.0565 5676 BrFiltUp - ok
22:21:25.0639 5676 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:21:25.0680 5676 Brserid - ok
22:21:25.0830 5676 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:21:25.0870 5676 BrSerWdm - ok
22:21:26.0160 5676 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:21:26.0305 5676 BrUsbMdm - ok
22:21:26.0423 5676 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:21:26.0487 5676 BrUsbSer - ok
22:21:26.0587 5676 BthEnum (e5145a9dec2a863de262d40eff7d793a) C:\Windows\system32\DRIVERS\BthEnum.sys
22:21:26.0646 5676 BthEnum - ok
22:21:26.0847 5676 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
22:21:26.0849 5676 BTHMODEM - ok
22:21:27.0103 5676 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:21:27.0192 5676 BthPan - ok
22:21:27.0289 5676 BTHPORT (9f299c5274672900591e7c616d725f56) C:\Windows\system32\Drivers\BTHport.sys
22:21:27.0294 5676 BTHPORT - ok
22:21:27.0395 5676 BTHUSB (31c9453df130b4b89eafcdc97319ccc2) C:\Windows\system32\Drivers\BTHUSB.sys
22:21:27.0431 5676 BTHUSB - ok
22:21:27.0606 5676 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
22:21:27.0610 5676 btwaudio - ok
22:21:27.0738 5676 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
22:21:27.0742 5676 btwavdt - ok
22:21:27.0847 5676 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
22:21:27.0849 5676 btwrchid - ok
22:21:28.0084 5676 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:21:28.0262 5676 cdfs - ok
22:21:28.0438 5676 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
22:21:28.0500 5676 cdrom - ok
22:21:28.0701 5676 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:21:28.0703 5676 circlass - ok
22:21:28.0893 5676 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
22:21:28.0897 5676 CLFS - ok
22:21:29.0357 5676 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:21:29.0359 5676 CmBatt - ok
22:21:29.0495 5676 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:21:29.0498 5676 cmdide - ok
22:21:29.0639 5676 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:21:29.0641 5676 Compbatt - ok
22:21:29.0819 5676 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:21:29.0821 5676 crcdisk - ok
22:21:29.0951 5676 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:21:29.0954 5676 Crusoe - ok
22:21:30.0322 5676 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
22:21:30.0324 5676 ctxusbm - ok
22:21:30.0502 5676 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
22:21:30.0504 5676 DfsC - ok
22:21:30.0713 5676 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
22:21:30.0715 5676 disk - ok
22:21:30.0924 5676 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:21:30.0969 5676 drmkaud - ok
22:21:31.0176 5676 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
22:21:31.0199 5676 DXGKrnl - ok
22:21:31.0441 5676 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
22:21:31.0742 5676 e1express - ok
22:21:31.0997 5676 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:21:32.0264 5676 E1G60 - ok
22:21:32.0810 5676 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
22:21:32.0814 5676 Ecache - ok
22:21:33.0402 5676 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:21:33.0658 5676 elxstor - ok
22:21:33.0810 5676 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:21:33.0879 5676 ErrDev - ok
22:21:34.0788 5676 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
22:21:34.0803 5676 exfat - ok
22:21:35.0086 5676 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
22:21:35.0398 5676 fastfat - ok
22:21:35.0729 5676 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:21:35.0779 5676 fdc - ok
22:21:35.0954 5676 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:21:35.0955 5676 FileInfo - ok
22:21:36.0599 5676 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:21:36.0601 5676 Filetrace - ok
22:21:36.0873 5676 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:21:36.0886 5676 flpydisk - ok
22:21:37.0362 5676 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
22:21:37.0367 5676 FltMgr - ok
22:21:37.0502 5676 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:21:37.0532 5676 Fs_Rec - ok
22:21:37.0681 5676 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:21:37.0683 5676 gagp30kx - ok
22:21:37.0834 5676 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:37.0836 5676 GEARAspiWDM - ok
22:21:38.0447 5676 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:21:38.0467 5676 HDAudBus - ok
22:21:38.0719 5676 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:21:38.0723 5676 HidBth - ok
22:21:38.0867 5676 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:21:39.0234 5676 HidIr - ok
22:21:39.0872 5676 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
22:21:39.0874 5676 HidUsb - ok
22:21:40.0579 5676 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:21:40.0581 5676 HpCISSs - ok
22:21:40.0769 5676 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
22:21:40.0776 5676 HTTP - ok
22:21:40.0981 5676 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:21:41.0092 5676 i2omp - ok
22:21:41.0427 5676 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:21:41.0429 5676 i8042prt - ok
22:21:41.0650 5676 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
22:21:41.0654 5676 iaStor - ok
22:21:42.0017 5676 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:21:42.0274 5676 iaStorV - ok
22:21:42.0687 5676 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:21:42.0963 5676 igfx - ok
22:21:44.0156 5676 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:21:44.0158 5676 iirsp - ok
22:21:44.0640 5676 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
22:21:44.0641 5676 intelide - ok
22:21:45.0039 5676 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:21:45.0041 5676 intelppm - ok
22:21:45.0396 5676 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:45.0500 5676 IpFilterDriver - ok
22:21:45.0579 5676 IpInIp - ok
22:21:45.0871 5676 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:21:45.0874 5676 IPMIDRV - ok
22:21:46.0081 5676 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:21:46.0117 5676 IPNAT - ok
22:21:46.0315 5676 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:21:46.0319 5676 IRENUM - ok
22:21:46.0521 5676 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:21:46.0525 5676 isapnp - ok
22:21:46.0886 5676 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
22:21:46.0896 5676 iScsiPrt - ok
22:21:47.0370 5676 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:21:47.0372 5676 iteatapi - ok
22:21:47.0567 5676 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:21:47.0569 5676 iteraid - ok
22:21:47.0709 5676 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:47.0711 5676 kbdclass - ok
22:21:47.0842 5676 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
22:21:47.0876 5676 kbdhid - ok
22:21:48.0084 5676 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
22:21:48.0093 5676 KSecDD - ok
22:21:48.0678 5676 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:21:48.0728 5676 lltdio - ok
22:21:49.0413 5676 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:21:49.0970 5676 LSI_FC - ok
22:21:50.0596 5676 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:21:50.0599 5676 LSI_SAS - ok
22:21:50.0891 5676 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:21:50.0894 5676 LSI_SCSI - ok
22:21:51.0517 5676 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:21:51.0640 5676 luafv - ok
22:21:52.0203 5676 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:21:52.0448 5676 megasas - ok
22:21:52.0613 5676 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:21:52.0622 5676 MegaSR - ok
22:21:52.0672 5676 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:21:52.0674 5676 Modem - ok
22:21:52.0744 5676 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:21:52.0746 5676 monitor - ok
22:21:52.0980 5676 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:21:52.0983 5676 mouclass - ok
22:21:53.0469 5676 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:21:53.0490 5676 mouhid - ok
22:21:53.0869 5676 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:21:53.0871 5676 MountMgr - ok
22:21:54.0168 5676 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:21:54.0172 5676 mpio - ok
22:21:54.0541 5676 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:21:54.0564 5676 mpsdrv - ok
22:21:55.0121 5676 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:21:55.0141 5676 Mraid35x - ok
22:21:55.0726 5676 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
22:21:55.0730 5676 MRxDAV - ok
22:21:56.0709 5676 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:56.0715 5676 mrxsmb - ok
22:21:57.0191 5676 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:57.0196 5676 mrxsmb10 - ok
22:21:57.0374 5676 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:57.0377 5676 mrxsmb20 - ok
22:21:57.0449 5676 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:21:57.0471 5676 msahci - ok
22:21:59.0453 5676 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:21:59.0469 5676 msdsm - ok
22:21:59.0718 5676 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:21:59.0874 5676 Msfs - ok
22:22:00.0116 5676 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:22:00.0117 5676 msisadrv - ok
22:22:00.0289 5676 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:22:00.0302 5676 MSKSSRV - ok
22:22:00.0544 5676 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:22:00.0546 5676 MSPCLOCK - ok
22:22:00.0747 5676 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:22:00.0762 5676 MSPQM - ok
22:22:01.0047 5676 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
22:22:01.0051 5676 MsRPC - ok
22:22:01.0232 5676 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:22:01.0234 5676 mssmbios - ok
22:22:01.0626 5676 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:22:01.0671 5676 MSTEE - ok
22:22:01.0907 5676 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
22:22:01.0910 5676 Mup - ok
22:22:02.0601 5676 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
22:22:02.0611 5676 NativeWifiP - ok
22:22:03.0299 5676 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
22:22:03.0329 5676 NDIS - ok
22:22:03.0618 5676 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:22:03.0697 5676 NdisTapi - ok
22:22:03.0934 5676 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:22:03.0937 5676 Ndisuio - ok
22:22:04.0589 5676 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
22:22:04.0607 5676 NdisWan - ok
22:22:04.0805 5676 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:22:04.0839 5676 NDProxy - ok
22:22:05.0367 5676 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:22:05.0369 5676 NetBIOS - ok
22:22:05.0524 5676 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
22:22:05.0530 5676 netbt - ok
22:22:05.0794 5676 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
22:22:05.0877 5676 NETw4v32 - ok
22:22:06.0035 5676 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:22:06.0037 5676 nfrd960 - ok
22:22:06.0468 5676 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
22:22:06.0470 5676 Npfs - ok
22:22:06.0732 5676 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:22:06.0822 5676 nsiproxy - ok
22:22:07.0289 5676 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
22:22:07.0435 5676 Ntfs - ok
22:22:07.0886 5676 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:22:07.0889 5676 ntrigdigi - ok
22:22:08.0623 5676 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:22:08.0666 5676 Null - ok
22:22:09.0002 5676 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:22:09.0005 5676 nvraid - ok
22:22:09.0300 5676 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:22:09.0302 5676 nvstor - ok
22:22:09.0549 5676 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:22:09.0554 5676 nv_agp - ok
22:22:09.0677 5676 NwlnkFlt - ok
22:22:09.0895 5676 NwlnkFwd - ok
22:22:10.0130 5676 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
22:22:10.0183 5676 OEM02Dev - ok
22:22:10.0456 5676 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
22:22:10.0469 5676 OEM02Vfx - ok
22:22:10.0617 5676 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
22:22:10.0622 5676 ohci1394 - ok
22:22:10.0967 5676 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:22:11.0056 5676 Parport - ok
22:22:12.0212 5676 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
22:22:12.0214 5676 partmgr - ok
22:22:12.0693 5676 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:22:12.0718 5676 Parvdm - ok
22:22:12.0999 5676 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
22:22:13.0003 5676 pci - ok
22:22:13.0178 5676 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:22:13.0179 5676 pciide - ok
22:22:13.0341 5676 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:22:13.0347 5676 pcmcia - ok
22:22:13.0512 5676 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:22:13.0555 5676 PEAUTH - ok
22:22:13.0808 5676 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:22:13.0811 5676 PptpMiniport - ok
22:22:13.0963 5676 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:22:13.0978 5676 Processor - ok
22:22:14.0455 5676 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
22:22:14.0457 5676 PSched - ok
22:22:14.0852 5676 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
22:22:14.0855 5676 PxHelp20 - ok
22:22:15.0087 5676 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:22:15.0154 5676 ql2300 - ok
22:22:15.0716 5676 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:22:15.0723 5676 ql40xx - ok
22:22:16.0228 5676 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:22:16.0231 5676 QWAVEdrv - ok
22:22:17.0079 5676 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
22:22:17.0201 5676 R300 - ok
22:22:19.0227 5676 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:22:19.0231 5676 RasAcd - ok
22:22:19.0441 5676 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:22:19.0509 5676 Rasl2tp - ok
22:22:20.0029 5676 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
22:22:20.0033 5676 RasPppoe - ok
22:22:20.0794 5676 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
22:22:20.0823 5676 RasSstp - ok
22:22:21.0000 5676 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
22:22:21.0068 5676 rdbss - ok
22:22:22.0025 5676 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:22:22.0029 5676 RDPCDD - ok
22:22:23.0117 5676 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:22:23.0815 5676 rdpdr - ok
22:22:24.0793 5676 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:22:24.0796 5676 RDPENCDD - ok
22:22:25.0003 5676 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
22:22:25.0009 5676 RDPWD - ok
22:22:26.0019 5676 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
22:22:26.0079 5676 RFCOMM - ok
22:22:26.0270 5676 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:22:26.0282 5676 rimmptsk - ok
22:22:26.0412 5676 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:22:26.0513 5676 rimsptsk - ok
22:22:26.0717 5676 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:22:26.0778 5676 rismxdp - ok
22:22:27.0250 5676 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:22:27.0255 5676 rspndr - ok
22:22:27.0536 5676 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:22:27.0541 5676 sbp2port - ok
22:22:28.0010 5676 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
22:22:28.0058 5676 sdbus - ok
22:22:28.0468 5676 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:22:28.0472 5676 secdrv - ok
22:22:29.0133 5676 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:22:29.0178 5676 Serenum - ok
22:22:31.0149 5676 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:22:31.0166 5676 Serial - ok
22:22:31.0565 5676 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:22:31.0571 5676 sermouse - ok
22:22:31.0869 5676 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
22:22:31.0872 5676 sffdisk - ok
22:22:32.0072 5676 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:22:32.0074 5676 sffp_mmc - ok
22:22:32.0351 5676 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:22:32.0369 5676 sffp_sd - ok
22:22:32.0589 5676 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:22:32.0656 5676 sfloppy - ok
22:22:32.0853 5676 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:22:32.0892 5676 sisagp - ok
22:22:33.0192 5676 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:22:33.0196 5676 SiSRaid2 - ok
22:22:34.0022 5676 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:22:34.0027 5676 SiSRaid4 - ok
22:22:34.0982 5676 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
22:22:34.0987 5676 Smb - ok
22:22:35.0842 5676 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:22:35.0846 5676 spldr - ok
22:22:36.0265 5676 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
22:22:36.0276 5676 srv - ok
22:22:36.0678 5676 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
22:22:36.0685 5676 srv2 - ok
22:22:37.0112 5676 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
22:22:37.0118 5676 srvnet - ok
22:22:37.0505 5676 STHDA (2449940565c8590961b4b1e9402ea43e) C:\Windows\system32\DRIVERS\stwrt.sys
22:22:37.0546 5676 STHDA - ok
22:22:38.0505 5676 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:22:38.0506 5676 swenum - ok
22:22:39.0073 5676 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:22:39.0075 5676 Symc8xx - ok
22:22:40.0117 5676 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:22:40.0140 5676 Sym_hi - ok
22:22:41.0457 5676 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:22:41.0460 5676 Sym_u3 - ok
22:22:41.0813 5676 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
22:22:41.0820 5676 SynTP - ok
22:22:42.0195 5676 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
22:22:42.0252 5676 Tcpip - ok
22:22:42.0384 5676 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
22:22:42.0399 5676 Tcpip6 - ok
22:22:43.0071 5676 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
22:22:43.0075 5676 tcpipreg - ok
22:22:43.0514 5676 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:22:43.0518 5676 TDPIPE - ok
22:22:43.0709 5676 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:22:43.0736 5676 TDTCP - ok
22:22:43.0963 5676 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
22:22:44.0031 5676 tdx - ok
22:22:44.0297 5676 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
22:22:44.0299 5676 TermDD - ok
22:22:44.0440 5676 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:22:44.0470 5676 tssecsrv - ok
22:22:44.0737 5676 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:22:44.0738 5676 tunmp - ok
22:22:44.0992 5676 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
22:22:44.0994 5676 tunnel - ok
22:22:45.0241 5676 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:22:45.0243 5676 uagp35 - ok
22:22:45.0409 5676 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
22:22:45.0414 5676 udfs - ok
22:22:45.0603 5676 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:22:45.0607 5676 uliagpkx - ok
22:22:46.0000 5676 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:22:46.0008 5676 uliahci - ok
22:22:46.0423 5676 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:22:46.0490 5676 UlSata - ok
22:22:46.0859 5676 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:22:46.0865 5676 ulsata2 - ok
22:22:48.0009 5676 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:22:48.0013 5676 umbus - ok
22:22:48.0209 5676 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
22:22:48.0248 5676 usbccgp - ok
22:22:48.0395 5676 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:22:48.0400 5676 usbcir - ok
22:22:48.0690 5676 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
22:22:48.0713 5676 usbehci - ok
22:22:48.0864 5676 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
22:22:48.0932 5676 usbhub - ok
22:22:49.0210 5676 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:22:49.0213 5676 usbohci - ok
22:22:49.0431 5676 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:22:49.0476 5676 usbprint - ok
22:22:49.0701 5676 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:22:49.0705 5676 USBSTOR - ok
22:22:50.0000 5676 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:22:50.0064 5676 usbuhci - ok
22:22:50.0339 5676 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:22:50.0361 5676 vga - ok
22:22:51.0139 5676 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:22:51.0141 5676 VgaSave - ok
22:22:51.0573 5676 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:22:51.0577 5676 viaagp - ok
22:22:51.0887 5676 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:22:51.0891 5676 ViaC7 - ok
22:22:52.0022 5676 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:22:52.0026 5676 viaide - ok
22:22:52.0228 5676 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:22:52.0231 5676 volmgr - ok
22:22:53.0030 5676 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
22:22:53.0037 5676 volmgrx - ok
22:22:53.0410 5676 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
22:22:53.0417 5676 volsnap - ok
22:22:53.0667 5676 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:22:53.0673 5676 vsmraid - ok
22:22:54.0097 5676 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:22:54.0153 5676 WacomPen - ok
22:22:54.0370 5676 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:22:54.0374 5676 Wanarp - ok
22:22:54.0392 5676 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:22:54.0395 5676 Wanarpv6 - ok
22:22:54.0827 5676 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:22:54.0829 5676 Wd - ok
22:22:55.0386 5676 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:22:55.0389 5676 Wdf01000 - ok
22:22:55.0805 5676 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:22:55.0807 5676 WmiAcpi - ok
22:22:56.0100 5676 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
22:22:56.0167 5676 WpdUsb - ok
22:22:56.0474 5676 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:22:56.0477 5676 ws2ifsl - ok
22:22:56.0923 5676 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:22:56.0927 5676 WUDFRd - ok
22:22:57.0023 5676 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
22:22:58.0946 5676 \Device\Harddisk0\DR0 - ok
22:22:58.0996 5676 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
22:22:58.0999 5676 \Device\Harddisk0\DR0\Partition0 - ok
22:22:59.0017 5676 Boot (0x1200) (35b012aeac420842f8daa840250dd96a) \Device\Harddisk0\DR0\Partition1
22:22:59.0018 5676 \Device\Harddisk0\DR0\Partition1 - ok
22:22:59.0018 5676 ============================================================
22:22:59.0018 5676 Scan finished
22:22:59.0018 5676 ============================================================
22:22:59.0029 6108 Detected object count: 0
22:22:59.0029 6108 Actual detected object count: 0
22:24:25.0072 0276 Deinitialize success





GMER:
I was able to download it and start scanning. However, in the middle of scanning, this message showed up and I was forced to close it. This happened three times with the same message. For reference, I have a 32 bit OS.





aswMBR:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-25 22:27:28
-----------------------------
22:27:28.898 OS Version: Windows 6.0.6001 Service Pack 1
22:27:28.898 Number of processors: 2 586 0x1706
22:27:28.899 ComputerName: DEFAULT-PC UserName: default
22:27:29.665 Initialize success
22:29:29.502 AVAST engine defs: 12022500
22:29:38.864 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:29:38.869 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
22:29:38.909 Disk 0 MBR read successfully
22:29:38.915 Disk 0 MBR scan
22:29:38.926 Disk 0 Windows VISTA default MBR code
22:29:38.933 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:29:38.959 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
22:29:39.024 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142586 MB offset 20561920
22:29:39.039 Disk 0 scanning sectors +312579760
22:29:39.719 Disk 0 scanning C:\Windows\system32\drivers
22:29:51.485 Service scanning
22:29:52.683 Modules scanning
22:29:59.354 Disk 0 trace - called modules:
22:29:59.743 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:29:59.749 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855080f0]
22:29:59.754 3 CLASSPNP.SYS[883ab745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84a0c030]
22:30:00.890 AVAST engine scan C:\Windows
22:30:05.815 AVAST engine scan C:\Windows\system32
22:34:17.122 AVAST engine scan C:\Windows\system32\drivers
22:34:34.347 AVAST engine scan C:\Users\default.default-PC
22:35:13.120 Disk 0 MBR has been saved successfully to "C:\Users\default.default-PC\Documents\MBR.dat"
22:35:13.131 The log file has been saved successfully to "C:\Users\default.default-PC\Documents\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-25 23:04:28
-----------------------------
23:04:28.310 OS Version: Windows 6.0.6001 Service Pack 1
23:04:28.310 Number of processors: 2 586 0x1706
23:04:28.311 ComputerName: DEFAULT-PC UserName: default
23:04:29.341 Initialize success
23:04:41.300 AVAST engine defs: 12022500
23:04:46.864 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:04:46.870 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
23:04:47.025 Disk 0 MBR read successfully
23:04:47.033 Disk 0 MBR scan
23:04:47.038 Disk 0 Windows VISTA default MBR code
23:04:47.055 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:04:47.090 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
23:04:47.110 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142586 MB offset 20561920
23:04:47.141 Disk 0 scanning sectors +312579760
23:04:47.283 Disk 0 scanning C:\Windows\system32\drivers
23:05:15.158 Service scanning
23:05:16.335 Modules scanning
23:05:40.134 Disk 0 trace - called modules:
23:05:40.527 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll tcpip.sys NETIO.SYS
23:05:40.533 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855080f0]
23:05:40.539 3 CLASSPNP.SYS[883ab745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84a0c030]
23:05:41.184 AVAST engine scan C:\Windows
23:05:56.000 AVAST engine scan C:\Windows\system32
23:12:44.031 AVAST engine scan C:\Windows\system32\drivers
23:13:35.683 AVAST engine scan C:\Users\default.default-PC
23:51:04.860 File: C:\Users\default.default-PC\AppData\Local\Temp\err.log90071966 **INFECTED** Win32:FakeAV-BMF [Trj]
23:51:26.793 File: C:\Users\default.default-PC\AppData\Local\Temp\ms0cfg32.exe **INFECTED** Win32:Sefnit-GN [Drp]
00:24:26.075 AVAST engine scan C:\ProgramData
00:29:51.085 Scan finished successfully
00:31:42.110 Disk 0 MBR has been saved successfully to "C:\Users\default.default-PC\Documents\MBR.dat"
00:31:42.141 The log file has been saved successfully to "C:\Users\default.default-PC\Documents\aswMBR.txt"

#4 psychedelic__

psychedelic__
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 February 2012 - 08:47 AM

I already have some other virus issues here and I suspect these are all from my cousin downloading torrents onto my laptop, using a program called 'utorrent'. I have since uninstalled the program and deleted any files and torrents that I could find on my hard drive.

Today, I was using Mozilla Firefox 10.0.2 when it suddenly closed down and I had an "Internet Security" program open up and tell me that my computer was infected. The message displayed was something along the lines of "Malicious threat detected, click here to protect your computer". The messages were almost constant, telling me that most programs could not open because they were infected. I then had a possible incoming threat that wanted access to my computer, for which it wanted me to register the product in order to protect my computer.

It had a desktop icon and an icon in the system tray (a shield with blue, red, green and yellow squares on it). The program could not be exited through the system tray. There was no such program installed in my start menu or in my Program Files folder in C drive. It also is not in Programs and Features in the control panel. The desktop icon took me to the filepath for a file called "isecurity.exe". I don't have the filepath, but I went to the folder and I could not delete it manually.

I restarted my laptop and this time I could delete isecurity.exe manually. I also deleted the shortcut. What I found surprising was that it did not start up when Windows did and no messages came up.

I don't know if it has gone away completely but I can't be sure. The virus hit my computer just under 3 hours ago and my laptop has been running fine since I restarted it. All programs work and it is not sluggish at all.

What should I do?

(Dell Inspiron 1318, Windows Vista Home Premium)

Edited by psychedelic__, 25 February 2012 - 08:47 AM.


#5 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:46 PM

Posted 25 February 2012 - 08:52 AM

Download malware bytes antimalware from www.malwarebytes.org update and run a full scan then post the log
Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:46 PM

Posted 25 February 2012 - 09:24 AM

Why are abondoning the other topic?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 psychedelic__

psychedelic__
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 February 2012 - 06:09 PM

I'm not abandoning it, I just thought that I would need a new topic for a different issue. If I've done something stupid by opening a new topic, I'm so sorry :(

#8 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:46 PM

Posted 25 February 2012 - 06:27 PM

ok post the log if you scanned
Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#9 psychedelic__

psychedelic__
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 February 2012 - 06:41 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.25.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
default :: DEFAULT-PC [administrator]

26/02/2012 10:13:34 AM
mbam-log-2012-02-26 (10-39-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234429
Time elapsed: 25 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\default.default-PC\AppData\Local\Temp\0.2227121491475013767f76.exe (Trojan.Agent) -> No action taken.
C:\Users\default.default-PC\AppData\Local\Temp\err.log90071966 (Trojan.FakeAlert) -> No action taken.
C:\Users\default.default-PC\AppData\Local\Temp\93BE.tmp (Trojan.Agent) -> No action taken.
C:\Users\default.default-PC\AppData\Local\Temp\0.7503179157109633.exe (Exploit.Drop.2) -> No action taken.
C:\Users\default.default-PC\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> No action taken.

(end)

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:46 PM

Posted 25 February 2012 - 07:47 PM

It's better to keep all malware issues on the same machine in the same post. This prevents 2 people from running over each other.

I have merged this with the original.
Your MBAm shows "No action taken"
Did you Click Remove Selected?

Edited by boopme, 25 February 2012 - 07:49 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 psychedelic__

psychedelic__
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 February 2012 - 08:50 PM

That makes sense, sorry!

I did click on Remove Selected and the files are currently in quarantine. I don't know why that wasn't on the log.

Edited by psychedelic__, 25 February 2012 - 08:51 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:46 PM

Posted 25 February 2012 - 09:40 PM

5 Files + 1 Registry key
Registry Keys Detected: 1
HKCU\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor)

Lets do a last scan and see if anything is left.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 psychedelic__

psychedelic__
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 27 February 2012 - 04:03 PM

C:\ProgramData\ReviverSoft\RegistryReviver\InstallCache\{E31E4E05-4B6B-42A5-8623-EB530F8147F5}\RegistryReviver.msi a variant of Win32/SlowPCfighter application deleted - quarantined
C:\Users\default.default-PC\AppData\Local\Temp\jar_cache3214231445436162506.tmp multiple threats deleted - quarantined
C:\Users\default.default-PC\AppData\Local\Temp\jar_cache7795494803916435983.tmp multiple threats deleted - quarantined
C:\Users\default.default-PC\AppData\Local\Temp\jar_cache8721167372389485678.tmp a variant of Java/TrojanDownloader.OpenStream.NBU trojan deleted - quarantined
C:\Users\default.default-PC\AppData\Roaming\C7C45A9C9277D169988BCD16C1BA2FC3\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Users\default.default-PC\AppData\Roaming\C7C45A9C9277D169988BCD16C1BA2FC3\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Users\default.default-PC\Documents\happyland_install.exe Win32/OpenCandy application deleted - quarantined

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,344 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:46 PM

Posted 27 February 2012 - 10:54 PM

I think we got it all. How is it running. Lets start the mop up.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 psychedelic__

psychedelic__
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 01 March 2012 - 08:12 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by default (administrator) on 02-03-2012 at 12:11:30
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
Broadcom NetLink ™ Fast Ethernet = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : default-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-22-69-BF-27-7B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-21-5C-80-B4-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ac52:ce14:3228:f251%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, 2 March 2012 11:37:00 AM
Lease Expires . . . . . . . . . . : Saturday, 3 March 2012 11:36:59 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Fast Ethernet
Physical Address. . . . . . . . . : 00-21-9B-E0-3F-46
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{19B0805C-1485-44CD-AD85-3872E97AB571}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.vic.bigpond.net.au
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.vic.bigpond.net.au
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.vic.bigpond.net.au
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{EA3D080C-67D8-47F6-A176-155EF8A24098}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1BA459C3-3FA0-4BA2-9B48-85E840174DF2}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{EA3D080C-67D8-47F6-A176-155EF8A24098}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{EA3D080C-67D8-47F6-A176-155EF8A24098}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.237.41
74.125.237.46
74.125.237.32
74.125.237.33
74.125.237.34
74.125.237.35
74.125.237.36
74.125.237.37
74.125.237.38
74.125.237.39
74.125.237.40



Pinging google.com [74.125.237.38] with 32 bytes of data:

Reply from 74.125.237.38: bytes=32 time=34ms TTL=55

Reply from 74.125.237.38: bytes=32 time=39ms TTL=55



Ping statistics for 74.125.237.38:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 34ms, Maximum = 39ms, Average = 36ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
98.139.127.62



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=240ms TTL=49

Reply from 209.191.122.70: bytes=32 time=236ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 236ms, Maximum = 240ms, Average = 238ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
14 ...00 22 69 bf 27 7b ...... Bluetooth Device (Personal Area Network)
12 ...00 21 5c 80 b4 55 ...... Intel® Wireless WiFi Link 4965AGN
11 ...00 21 9b e0 3f 46 ...... Broadcom NetLink ™ Fast Ethernet
1 ........................... Software Loopback Interface 1
16 ...00 00 00 00 00 00 00 e0 isatap.{19B0805C-1485-44CD-AD85-3872E97AB571}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
18 ...00 00 00 00 00 00 00 e0 isatap.vic.bigpond.net.au
17 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
23 ...00 00 00 00 00 00 00 e0 isatap.vic.bigpond.net.au
24 ...00 00 00 00 00 00 00 e0 isatap.vic.bigpond.net.au
25 ...00 00 00 00 00 00 00 e0 isatap.{EA3D080C-67D8-47F6-A176-155EF8A24098}
27 ...00 00 00 00 00 00 00 e0 isatap.{1BA459C3-3FA0-4BA2-9B48-85E840174DF2}
28 ...00 00 00 00 00 00 00 e0 isatap.{EA3D080C-67D8-47F6-A176-155EF8A24098}
29 ...00 00 00 00 00 00 00 e0 isatap.{EA3D080C-67D8-47F6-A176-155EF8A24098}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 286
192.168.1.2 255.255.255.255 On-link 192.168.1.2 286
192.168.1.255 255.255.255.255 On-link 192.168.1.2 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 286 fe80::/64 On-link
12 286 fe80::ac52:ce14:3228:f251/128
On-link
1 306 ff00::/8 On-link
12 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Reader 9.4.1 (Version: 9.4.1)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
µTorrent (Version: 3.1.2)
Audacity 1.3.14 (Unicode)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2114)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.2)
Broadcom Management Programs (Version: 10.15.01)
Brother HL-2140 (Version: 1.00)
Browser Address Error Redirector (Version: 1.00.0000)
CamStudio
Canon MG6100 series MP Drivers
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 2.1.08060)
Dell Touchpad (Version: 10.1.2.0)
Dell Video Chat (remove only) (Version: 6.0 (6534))
Dell Webcam Center
Dell Webcam Manager
DriverFinder (Version: 2.0.4)
Dropbox (Version: 1.1.45)
EDocs
ESET Online Scanner v3
EViews 4 SV
FLV Player (Version: 2.0.25)
FLV to MP4 Converter 2009.2.20
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 17.0.963.56)
Google Desktop (Version: 5.9.1005.12335)
Google Talk Plugin (Version: 2.6.1.5251)
GoToAssist 8.0.0.514
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software (Version: 11.01.0000)
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 5 (Version: 1.6.0.50)
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator (Version: 4.6.0817.1)
Live! Cam Avatar v1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
mCore (Version: 9.24.0000)
mHelp (Version: 9.24.0000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
mMHouse (Version: 9.24.0000)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
mPfMgr (Version: 9.24.0000)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
mWMI (Version: 9.24.0000)
PMB (Version: 5.5.02.12220)
PowerDVD (Version: 8.0)
QuickSet (Version: 9.0.9)
QuickTime (Version: 7.69.80.9)
RAR Password Cracker 4.12
RAR Password Recovery v1.1 RC17 (remove only)
RegistryReviver (Version: 1.3.26)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.154)
Stickies 7.0b
SyncBack
Tunatic
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentControl2 Toolbar (Version: 6.8.5.1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.1.10 (Version: 1.1.10)
WIDCOMM Bluetooth Software 6.0.1.3100 (Version: 6.0.1.3100)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
WordWeb (Version: 6)

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 2037.31 MB
Available physical RAM: 1017.92 MB
Total Pagefile: 4315.66 MB
Available Pagefile: 2983.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1957.06 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:139.24 GB) (Free:55.76 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.27 GB) NTFS

========================= Users: ========================================

User accounts for \\DEFAULT-PC

Administrator default Guest


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users