Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with System Check (FakeHDD); made the mistake of running file cleaning programs


  • Please log in to reply
10 replies to this topic

#1 usernamehere

usernamehere

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 04 April 2012 - 12:28 PM

A few days ago (I know I should have sorted this sooner; I've had no choice but to use the computer for work, mostly using Word, etc. I've been careful not to attempt any online banking or shopping) I became infected with System Check. Having looked at this page, I'm absolutely sure I've got the right rogue. I can't be sure how I got the problem; I had VIPRE running, and, though I'm quite ignorant of computing generally, I've always thought VIPRE a decent program. If anyone can recommend better (free) alternatives, I'll gladly take your advice!

I'm running on Vista, FWIW. And I'm on quite a knackered Inspiron 1525 which I'd replace if I could afford it.

Here's what I've done:

- Panicked.
- Used my (apparently useless) VIPRE software to clear my temp files.
- Found this wonderful site and learned that I shouldn't have cleared my temp files.
- Followed the advice on this page: (1) ran RKill; (2) ran Malwarebytes' Anti-Malware; (3) ran Unhide.


Here's what I've found:

- I can't find programs. Despite having cleaned my files, most of my desktop icons came back. My Start Menu is useless, however. Internet Explorer is gone, though I mostly use Firefox. The Firefox icon returned. The Snipping Tool icon has gone. All the folders remain, but they are (or appear) empty. I tried to search to find Norton Utilities - ironically, to clean my temp files - and the search function can't locate it, or a host of other programs.
- In the last 24 hours (I was infected a few days ago), VIPRE has been alerting me to lots of attacks - mostly Trojans, if that tells you anything. Some of the files whose names I've been able to note down have been: gs30s.dll; vpcvmm.dll. VIPRE informs me: "VIPRE has encountered a condition that required a reboot. Please reboot to fully protect your computer." It not infrequently informs me of the need to reboot as soon as I've first logged in.
- Tabs are opening themselves in Firefox as I browse, often taking me to bogus eBay pages and the like. I'm guessing this is an effort to get me to enter my credit card details on a fake site. I also find that I'll open a page, e.g. bbc.co.uk, and find that it directs itself to one of these fake sites, and doesn't give me the option of clicking BACK.
- Odd behaviour on Amazon.co.uk. This could just be my tired computer, but I've noticed that I can type in the search box at Amazon, but when I click the button to search, or just press ENTER, the page is utterly unresponsive. I get no errors.
- Firefox has been crashing periodically.
- My computer is even slower than usual and I find that doing anything takes a great deal of time, partly because I have to wait as I get the 'Not Responding' message more often than I used to.


Bearing in mind that I'm pathetically ignorant of computers and computing, is there anything that can be done?

Sincere thanks to anyone who can offer advice.

Cheers!

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:47 AM

Posted 04 April 2012 - 01:08 PM

Hello.

I need to see the logs from your Malwarebytes scans. They can be retrieved by starting Malwarebytes, then clicking on the Logs tab. Select the relevant log(s) (they are organized by date and time) and click Open to view them. Copy and paste the contents in your next reply.

***************************************************

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Blade


In your next reply, please include the following:
Malwarebytes Log
TDSSKiller Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 usernamehere

usernamehere
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 04 April 2012 - 05:20 PM

It's so kind of you to get back - and so quickly. Cheers!

I hope I'm doing as you've asked...

I found two Malwarebytes logs, although I'm sure I only ran one scan. Here they are:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.28.07

Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19019
David :: DAVID-PC [administrator]

29/03/2012 01:36:26
mbam-log-2012-03-29 (01-36-26).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 562969
Time elapsed: 3 hour(s), 26 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qeSKkLWiSNH.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\qeSKkLWiSNH.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Detected: 2
C:\ProgramData\qeSKkLWiSNH.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

(end)

---

And:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.28.07

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19019
David :: DAVID-PC [administrator]

29/03/2012 19:08:56
mbam-log-2012-03-29 (19-08-56).txt

Scan type: Custom scan
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 1
Time elapsed: 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---

TDSSKiller logs (again, I found two files):

22:38:27.0611 2128 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
22:38:29.0614 2128 ============================================================
22:38:29.0614 2128 Current date / time: 2012/04/04 22:38:29.0614
22:38:29.0614 2128 SystemInfo:
22:38:29.0614 2128
22:38:29.0614 2128 OS Version: 6.0.6001 ServicePack: 1.0
22:38:29.0614 2128 Product type: Workstation
22:38:29.0614 2128 ComputerName: DAVID-PC
22:38:29.0615 2128 UserName: David
22:38:29.0615 2128 Windows directory: C:\Windows
22:38:29.0615 2128 System windows directory: C:\Windows
22:38:29.0615 2128 Processor architecture: Intel x86
22:38:29.0615 2128 Number of processors: 2
22:38:29.0615 2128 Page size: 0x1000
22:38:29.0615 2128 Boot type: Normal boot
22:38:29.0615 2128 ============================================================
22:38:32.0122 2128 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:38:32.0124 2128 \Device\Harddisk0\DR0:
22:38:32.0125 2128 MBR used
22:38:32.0125 2128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
22:38:32.0125 2128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x1B8957F8
22:38:32.0279 2128 Initialize success
22:38:32.0279 2128 ============================================================
22:39:26.0249 3240 Deinitialize success

---

and...

---

22:39:27.0449 3892 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
22:39:29.0453 3892 ============================================================
22:39:29.0453 3892 Current date / time: 2012/04/04 22:39:29.0453
22:39:29.0453 3892 SystemInfo:
22:39:29.0453 3892
22:39:29.0454 3892 OS Version: 6.0.6001 ServicePack: 1.0
22:39:29.0454 3892 Product type: Workstation
22:39:29.0454 3892 ComputerName: DAVID-PC
22:39:29.0454 3892 UserName: David
22:39:29.0454 3892 Windows directory: C:\Windows
22:39:29.0454 3892 System windows directory: C:\Windows
22:39:29.0454 3892 Processor architecture: Intel x86
22:39:29.0454 3892 Number of processors: 2
22:39:29.0454 3892 Page size: 0x1000
22:39:29.0454 3892 Boot type: Normal boot
22:39:29.0454 3892 ============================================================
22:39:30.0626 3892 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:39:30.0629 3892 \Device\Harddisk0\DR0:
22:39:30.0629 3892 MBR used
22:39:30.0629 3892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
22:39:30.0629 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x1B8957F8
22:39:30.0740 3892 Initialize success
22:39:30.0740 3892 ============================================================
22:40:11.0831 3688 ============================================================
22:40:11.0831 3688 Scan started
22:40:11.0831 3688 Mode: Manual;
22:40:11.0831 3688 ============================================================
22:40:14.0686 3688 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
22:40:14.0686 3688 ACPI - ok
22:40:14.0982 3688 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:40:14.0998 3688 AdobeFlashPlayerUpdateSvc - ok
22:40:15.0123 3688 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:40:15.0138 3688 adp94xx - ok
22:40:15.0247 3688 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:40:15.0263 3688 adpahci - ok
22:40:15.0310 3688 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:40:15.0325 3688 adpu160m - ok
22:40:15.0357 3688 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:40:15.0357 3688 adpu320 - ok
22:40:15.0419 3688 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:40:15.0419 3688 AeLookupSvc - ok
22:40:15.0497 3688 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
22:40:15.0513 3688 AFD - ok
22:40:15.0559 3688 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:40:15.0559 3688 agp440 - ok
22:40:15.0606 3688 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:40:15.0622 3688 aic78xx - ok
22:40:15.0653 3688 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:40:15.0653 3688 ALG - ok
22:40:15.0684 3688 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:40:15.0684 3688 aliide - ok
22:40:15.0731 3688 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:40:15.0747 3688 amdagp - ok
22:40:15.0778 3688 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:40:15.0778 3688 amdide - ok
22:40:15.0809 3688 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:40:15.0825 3688 AmdK7 - ok
22:40:15.0856 3688 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:40:15.0856 3688 AmdK8 - ok
22:40:15.0934 3688 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:40:15.0949 3688 ApfiltrService - ok
22:40:16.0012 3688 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:40:16.0012 3688 Appinfo - ok
22:40:16.0059 3688 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:40:16.0105 3688 arc - ok
22:40:16.0152 3688 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:40:16.0168 3688 arcsas - ok
22:40:16.0215 3688 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:16.0215 3688 AsyncMac - ok
22:40:16.0246 3688 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
22:40:16.0261 3688 atapi - ok
22:40:16.0293 3688 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
22:40:16.0293 3688 AudioEndpointBuilder - ok
22:40:16.0324 3688 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
22:40:16.0324 3688 Audiosrv - ok
22:40:16.0402 3688 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:40:16.0402 3688 Beep - ok
22:40:16.0495 3688 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
22:40:16.0511 3688 BITS - ok
22:40:16.0620 3688 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:40:16.0636 3688 blbdrive - ok
22:40:16.0698 3688 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
22:40:16.0714 3688 bowser - ok
22:40:16.0745 3688 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:40:16.0761 3688 BrFiltLo - ok
22:40:16.0807 3688 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:40:16.0807 3688 BrFiltUp - ok
22:40:16.0854 3688 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:40:16.0854 3688 Browser - ok
22:40:16.0885 3688 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:40:16.0963 3688 Brserid - ok
22:40:16.0995 3688 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:40:16.0995 3688 BrSerWdm - ok
22:40:17.0026 3688 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:40:17.0026 3688 BrUsbMdm - ok
22:40:17.0057 3688 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:40:17.0073 3688 BrUsbSer - ok
22:40:17.0166 3688 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
22:40:17.0182 3688 BthEnum - ok
22:40:17.0213 3688 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:40:17.0213 3688 BTHMODEM - ok
22:40:17.0260 3688 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:40:17.0260 3688 BthPan - ok
22:40:17.0353 3688 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
22:40:17.0369 3688 BTHPORT - ok
22:40:17.0431 3688 BthServ (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
22:40:17.0431 3688 BthServ - ok
22:40:18.0305 3688 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
22:40:18.0321 3688 BTHUSB - ok
22:40:18.0555 3688 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:40:18.0555 3688 cdfs - ok
22:40:18.0586 3688 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
22:40:18.0601 3688 cdrom - ok
22:40:18.0648 3688 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
22:40:18.0648 3688 CertPropSvc - ok
22:40:18.0679 3688 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:40:18.0695 3688 circlass - ok
22:40:18.0757 3688 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
22:40:18.0773 3688 CLFS - ok
22:40:18.0882 3688 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:18.0882 3688 clr_optimization_v2.0.50727_32 - ok
22:40:18.0991 3688 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:40:18.0991 3688 CmBatt - ok
22:40:19.0023 3688 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:40:19.0038 3688 cmdide - ok
22:40:19.0069 3688 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:40:19.0085 3688 Compbatt - ok
22:40:19.0101 3688 COMSysApp - ok
22:40:19.0163 3688 cqcpu - ok
22:40:19.0179 3688 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:40:19.0194 3688 crcdisk - ok
22:40:19.0241 3688 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:40:19.0241 3688 Crusoe - ok
22:40:19.0319 3688 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
22:40:19.0319 3688 CryptSvc - ok
22:40:19.0475 3688 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
22:40:19.0475 3688 DcomLaunch - ok
22:40:19.0631 3688 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
22:40:19.0631 3688 DfsC - ok
22:40:19.0818 3688 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
22:40:19.0881 3688 DFSR - ok
22:40:19.0943 3688 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
22:40:19.0959 3688 Dhcp - ok
22:40:20.0037 3688 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
22:40:20.0052 3688 disk - ok
22:40:20.0130 3688 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
22:40:20.0130 3688 Dnscache - ok
22:40:20.0349 3688 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
22:40:20.0349 3688 dot3svc - ok
22:40:20.0411 3688 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:40:20.0411 3688 DPS - ok
22:40:20.0489 3688 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:40:20.0505 3688 drmkaud - ok
22:40:20.0551 3688 drvmcdb - ok
22:40:20.0583 3688 DSI_SiUSBXp_3_1 - ok
22:40:20.0676 3688 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
22:40:20.0723 3688 DXGKrnl - ok
22:40:20.0785 3688 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:40:20.0801 3688 E1G60 - ok
22:40:20.0848 3688 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:40:20.0848 3688 EapHost - ok
22:40:21.0004 3688 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
22:40:21.0004 3688 Ecache - ok
22:40:21.0082 3688 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:40:21.0082 3688 ehRecvr - ok
22:40:21.0191 3688 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:40:21.0191 3688 ehSched - ok
22:40:21.0207 3688 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:40:21.0207 3688 ehstart - ok
22:40:21.0363 3688 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:40:21.0378 3688 elxstor - ok
22:40:21.0612 3688 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
22:40:21.0612 3688 EMDMgmt - ok
22:40:21.0721 3688 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:40:21.0737 3688 ErrDev - ok
22:40:21.0862 3688 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
22:40:21.0862 3688 EventSystem - ok
22:40:22.0018 3688 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
22:40:22.0033 3688 EvtEng - ok
22:40:22.0111 3688 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
22:40:22.0127 3688 exfat - ok
22:40:22.0189 3688 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
22:40:22.0189 3688 fastfat - ok
22:40:22.0236 3688 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:40:22.0236 3688 fdc - ok
22:40:22.0299 3688 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:40:22.0299 3688 fdPHost - ok
22:40:22.0314 3688 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:40:22.0314 3688 FDResPub - ok
22:40:22.0361 3688 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:40:22.0377 3688 FileInfo - ok
22:40:22.0423 3688 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:40:22.0423 3688 Filetrace - ok
22:40:22.0470 3688 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:40:22.0486 3688 flpydisk - ok
22:40:22.0517 3688 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
22:40:22.0533 3688 FltMgr - ok
22:40:22.0845 3688 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:40:22.0845 3688 FontCache3.0.0.0 - ok
22:40:22.0954 3688 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:40:22.0954 3688 Fs_Rec - ok
22:40:23.0032 3688 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:40:23.0032 3688 gagp30kx - ok
22:40:23.0079 3688 getPlusHelper - ok
22:40:23.0141 3688 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
22:40:23.0141 3688 gpsvc - ok
22:40:23.0266 3688 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:40:23.0266 3688 gupdate - ok
22:40:23.0281 3688 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:40:23.0281 3688 gupdatem - ok
22:40:23.0531 3688 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:40:23.0547 3688 HdAudAddService - ok
22:40:23.0593 3688 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:40:23.0593 3688 HDAudBus - ok
22:40:23.0625 3688 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:40:23.0625 3688 HidBth - ok
22:40:23.0656 3688 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:40:23.0671 3688 HidIr - ok
22:40:23.0718 3688 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
22:40:23.0718 3688 hidserv - ok
22:40:23.0734 3688 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
22:40:23.0749 3688 HidUsb - ok
22:40:23.0781 3688 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:40:23.0781 3688 hkmsvc - ok
22:40:23.0812 3688 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:40:23.0812 3688 HpCISSs - ok
22:40:23.0859 3688 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:40:23.0874 3688 HSFHWAZL - ok
22:40:23.0937 3688 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:40:23.0983 3688 HSF_DPV - ok
22:40:24.0030 3688 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
22:40:24.0061 3688 HTTP - ok
22:40:24.0093 3688 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:40:24.0108 3688 i2omp - ok
22:40:24.0155 3688 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:40:24.0171 3688 i8042prt - ok
22:40:24.0498 3688 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:40:24.0514 3688 iaStorV - ok
22:40:24.0561 3688 icsak - ok
22:40:25.0465 3688 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:40:25.0512 3688 idsvc - ok
22:40:25.0715 3688 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:40:25.0731 3688 iirsp - ok
22:40:25.0871 3688 IKEEXT (68e8c415e102e5d79fd7e4a765b8cba4) C:\Windows\System32\ikeext.dll
22:40:25.0871 3688 IKEEXT - ok
22:40:25.0949 3688 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:40:25.0965 3688 intelide - ok
22:40:25.0980 3688 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:40:25.0980 3688 intelppm - ok
22:40:26.0043 3688 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:40:26.0043 3688 IPBusEnum - ok
22:40:26.0105 3688 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:26.0105 3688 IpFilterDriver - ok
22:40:26.0121 3688 IpInIp - ok
22:40:26.0370 3688 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:40:26.0370 3688 IPMIDRV - ok
22:40:26.0573 3688 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:40:26.0698 3688 IPNAT - ok
22:40:26.0729 3688 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:40:26.0729 3688 IRENUM - ok
22:40:26.0760 3688 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:40:26.0776 3688 isapnp - ok
22:40:26.0838 3688 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
22:40:26.0838 3688 iScsiPrt - ok
22:40:26.0869 3688 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:40:26.0885 3688 iteatapi - ok
22:40:26.0932 3688 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:40:26.0932 3688 iteraid - ok
22:40:26.0979 3688 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:40:26.0994 3688 kbdclass - ok
22:40:27.0041 3688 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
22:40:27.0041 3688 kbdhid - ok
22:40:27.0119 3688 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
22:40:27.0119 3688 KeyIso - ok
22:40:27.0197 3688 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
22:40:27.0228 3688 KSecDD - ok
22:40:27.0291 3688 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:40:27.0291 3688 KtmRm - ok
22:40:27.0337 3688 LanmanServer (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\system32\srvsvc.dll
22:40:27.0337 3688 LanmanServer - ok
22:40:27.0587 3688 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
22:40:27.0587 3688 LanmanWorkstation - ok
22:40:27.0743 3688 LBTServ (a0f7dc0080e4f97dc97de08b699e231b) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
22:40:27.0759 3688 LBTServ - ok
22:40:27.0899 3688 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:40:27.0915 3688 LHidFilt - ok
22:40:27.0946 3688 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:40:27.0961 3688 lltdio - ok
22:40:28.0039 3688 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:40:28.0055 3688 lltdsvc - ok
22:40:28.0102 3688 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:40:28.0102 3688 lmhosts - ok
22:40:28.0133 3688 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:40:28.0133 3688 LMouFilt - ok
22:40:28.0180 3688 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:40:28.0211 3688 LSI_FC - ok
22:40:28.0258 3688 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:40:28.0273 3688 LSI_SAS - ok
22:40:28.0367 3688 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:40:28.0383 3688 LSI_SCSI - ok
22:40:28.0414 3688 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:40:28.0429 3688 luafv - ok
22:40:28.0507 3688 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
22:40:28.0523 3688 Mcx2Svc - ok
22:40:28.0570 3688 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:40:28.0585 3688 megasas - ok
22:40:28.0648 3688 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:40:28.0663 3688 MegaSR - ok
22:40:28.0679 3688 mksupdateint - ok
22:40:28.0726 3688 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:40:28.0726 3688 MMCSS - ok
22:40:28.0866 3688 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:40:28.0866 3688 Modem - ok
22:40:28.0991 3688 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:40:29.0007 3688 monitor - ok
22:40:29.0100 3688 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:40:29.0163 3688 mouclass - ok
22:40:29.0194 3688 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:40:29.0209 3688 mouhid - ok
22:40:29.0225 3688 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:40:29.0241 3688 MountMgr - ok
22:40:29.0287 3688 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:40:29.0303 3688 mpio - ok
22:40:29.0334 3688 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:40:29.0350 3688 mpsdrv - ok
22:40:29.0381 3688 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:40:29.0381 3688 Mraid35x - ok
22:40:29.0428 3688 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
22:40:29.0443 3688 MRxDAV - ok
22:40:29.0490 3688 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:40:29.0506 3688 mrxsmb - ok
22:40:29.0537 3688 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:40:29.0553 3688 mrxsmb10 - ok
22:40:29.0568 3688 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:40:29.0584 3688 mrxsmb20 - ok
22:40:29.0615 3688 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:40:29.0631 3688 msahci - ok
22:40:29.0662 3688 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:40:29.0662 3688 msdsm - ok
22:40:29.0709 3688 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:40:29.0724 3688 MSDTC - ok
22:40:29.0771 3688 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:40:29.0787 3688 Msfs - ok
22:40:29.0802 3688 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:40:29.0802 3688 msisadrv - ok
22:40:29.0849 3688 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:40:29.0865 3688 MSiSCSI - ok
22:40:29.0880 3688 msiserver - ok
22:40:29.0911 3688 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:40:29.0927 3688 MSKSSRV - ok
22:40:29.0974 3688 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:40:30.0052 3688 MSPCLOCK - ok
22:40:30.0083 3688 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:40:30.0083 3688 MSPQM - ok
22:40:30.0114 3688 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
22:40:30.0130 3688 MsRPC - ok
22:40:30.0161 3688 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:40:30.0161 3688 mssmbios - ok
22:40:30.0192 3688 MSTAPE - ok
22:40:30.0239 3688 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:40:30.0239 3688 MSTEE - ok
22:40:30.0270 3688 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
22:40:30.0286 3688 Mup - ok
22:40:30.0317 3688 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
22:40:30.0317 3688 napagent - ok
22:40:30.0411 3688 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
22:40:30.0426 3688 NativeWifiP - ok
22:40:30.0473 3688 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
22:40:30.0489 3688 NDIS - ok
22:40:30.0520 3688 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:40:30.0535 3688 NdisTapi - ok
22:40:30.0551 3688 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:40:30.0567 3688 Ndisuio - ok
22:40:30.0598 3688 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
22:40:30.0613 3688 NdisWan - ok
22:40:30.0629 3688 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:40:30.0645 3688 NDProxy - ok
22:40:30.0676 3688 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:40:30.0676 3688 NetBIOS - ok
22:40:30.0707 3688 netbt (9f18893e87728235d9d68ad524cbacbf) C:\Windows\system32\DRIVERS\netbt.sys
22:40:30.0801 3688 netbt ( Virus.Win32.ZAccess.k ) - infected
22:40:30.0801 3688 netbt - detected Virus.Win32.ZAccess.k (0)
22:40:30.0941 3688 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
22:40:30.0941 3688 Netlogon - ok
22:40:31.0003 3688 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:40:31.0003 3688 Netman - ok
22:40:31.0035 3688 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:40:31.0035 3688 netprofm - ok
22:40:31.0206 3688 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:40:31.0222 3688 NetTcpPortSharing - ok
22:40:31.0378 3688 NETw4v32 (dd194a025d1c0472f45f57de8d8388eb) C:\Windows\system32\DRIVERS\NETw4v32.sys
22:40:31.0487 3688 NETw4v32 - ok
22:40:31.0534 3688 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:40:31.0549 3688 nfrd960 - ok
22:40:31.0612 3688 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:40:31.0612 3688 NlaSvc - ok
22:40:31.0659 3688 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
22:40:31.0659 3688 Npfs - ok
22:40:31.0690 3688 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:40:31.0690 3688 nsi - ok
22:40:31.0737 3688 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:40:31.0737 3688 nsiproxy - ok
22:40:31.0799 3688 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
22:40:31.0846 3688 Ntfs - ok
22:40:31.0877 3688 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:40:31.0893 3688 ntrigdigi - ok
22:40:31.0924 3688 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:40:31.0939 3688 Null - ok
22:40:31.0971 3688 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:40:31.0986 3688 nvraid - ok
22:40:32.0017 3688 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:40:32.0033 3688 nvstor - ok
22:40:32.0064 3688 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:40:32.0080 3688 nv_agp - ok
22:40:32.0095 3688 NwlnkFlt - ok
22:40:32.0111 3688 NwlnkFwd - ok
22:40:32.0189 3688 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\Windows\system32\DRIVERS\OEM02Dev.sys
22:40:32.0205 3688 OEM02Dev - ok
22:40:32.0267 3688 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
22:40:32.0267 3688 OEM02Vfx - ok
22:40:32.0345 3688 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
22:40:32.0345 3688 ohci1394 - ok
22:40:32.0361 3688 ovmsmaccessmanager - ok
22:40:32.0423 3688 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
22:40:32.0423 3688 p2pimsvc - ok
22:40:32.0485 3688 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
22:40:32.0485 3688 p2psvc - ok
22:40:32.0548 3688 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:40:32.0548 3688 Parport - ok
22:40:32.0595 3688 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
22:40:32.0626 3688 partmgr - ok
22:40:32.0673 3688 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:40:32.0673 3688 Parvdm - ok
22:40:32.0719 3688 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:40:32.0719 3688 PcaSvc - ok
22:40:32.0751 3688 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
22:40:32.0751 3688 pci - ok
22:40:32.0797 3688 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:40:32.0797 3688 pciide - ok
22:40:32.0844 3688 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:40:32.0860 3688 pcmcia - ok
22:40:32.0938 3688 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
22:40:32.0953 3688 PCTCore - ok
22:40:33.0031 3688 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
22:40:33.0047 3688 pctDS - ok
22:40:33.0141 3688 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:40:33.0187 3688 PEAUTH - ok
22:40:33.0281 3688 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:40:33.0297 3688 pla - ok
22:40:33.0390 3688 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
22:40:33.0390 3688 PlugPlay - ok
22:40:33.0936 3688 pmem - ok
22:40:34.0108 3688 pnkbstra - ok
22:40:34.0186 3688 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
22:40:34.0201 3688 PNRPAutoReg - ok
22:40:34.0233 3688 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
22:40:34.0233 3688 PNRPsvc - ok
22:40:34.0794 3688 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
22:40:34.0810 3688 PolicyAgent - ok
22:40:34.0919 3688 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:40:34.0919 3688 PptpMiniport - ok
22:40:35.0028 3688 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:40:35.0044 3688 Processor - ok
22:40:35.0122 3688 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
22:40:35.0122 3688 ProfSvc - ok
22:40:35.0262 3688 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
22:40:35.0278 3688 ProtectedStorage - ok
22:40:35.0356 3688 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
22:40:35.0356 3688 PSched - ok
22:40:35.0449 3688 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
22:40:35.0465 3688 PxHelp20 - ok
22:40:35.0574 3688 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:40:35.0621 3688 ql2300 - ok
22:40:35.0668 3688 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:40:35.0683 3688 ql40xx - ok
22:40:35.0730 3688 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:40:35.0746 3688 QWAVE - ok
22:40:35.0761 3688 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:40:35.0777 3688 QWAVEdrv - ok
22:40:35.0793 3688 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:40:35.0793 3688 RasAcd - ok
22:40:35.0824 3688 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:40:35.0824 3688 RasAuto - ok
22:40:35.0839 3688 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:35.0855 3688 Rasl2tp - ok
22:40:35.0902 3688 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
22:40:35.0902 3688 RasMan - ok
22:40:35.0949 3688 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:35.0964 3688 RasPppoe - ok
22:40:36.0089 3688 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
22:40:36.0089 3688 RasSstp - ok
22:40:36.0136 3688 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
22:40:36.0151 3688 rdbss - ok
22:40:36.0167 3688 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:36.0183 3688 RDPCDD - ok
22:40:36.0214 3688 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:40:36.0229 3688 rdpdr - ok
22:40:36.0245 3688 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:40:36.0261 3688 RDPENCDD - ok
22:40:36.0292 3688 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
22:40:36.0323 3688 RDPWD - ok
22:40:36.0417 3688 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
22:40:36.0448 3688 RegSrvc - ok
22:40:36.0463 3688 RelevantKnowledge - ok
22:40:36.0510 3688 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:40:36.0510 3688 RemoteAccess - ok
22:40:36.0557 3688 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
22:40:36.0557 3688 RemoteRegistry - ok
22:40:36.0619 3688 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
22:40:36.0635 3688 RFCOMM - ok
22:40:36.0666 3688 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:40:36.0666 3688 RpcLocator - ok
22:40:36.0744 3688 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
22:40:36.0760 3688 RpcSs - ok
22:40:36.0807 3688 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:40:36.0807 3688 rspndr - ok
22:40:36.0947 3688 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
22:40:36.0947 3688 SamSs - ok
22:40:37.0165 3688 SBAMSvc (2977a3760a2780b467e92ffa6c92d426) C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
22:40:37.0181 3688 SBAMSvc - ok
22:40:37.0540 3688 sbapifs (3fff8cda4d2f29ca06f1557e85163c30) C:\Windows\system32\DRIVERS\sbapifs.sys
22:40:37.0555 3688 sbapifs - ok
22:40:37.0789 3688 SbFw (ccb027040eb4bd6066679ad5a249cdb3) C:\Windows\system32\drivers\SbFw.sys
22:40:37.0821 3688 SbFw - ok
22:40:37.0883 3688 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys
22:40:37.0883 3688 SBFWIMCL - ok
22:40:37.0899 3688 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys
22:40:37.0899 3688 SBFWIMCLMP - ok
22:40:37.0961 3688 SbHips (d9973a92e36b9677e4091f0f4db34872) C:\Windows\system32\drivers\sbhips.sys
22:40:37.0977 3688 SbHips - ok
22:40:38.0429 3688 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:40:38.0491 3688 sbp2port - ok
22:40:38.0741 3688 SBPIMSvc (7d7652fb094a4632b0314641de976855) C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
22:40:38.0757 3688 SBPIMSvc - ok
22:40:38.0944 3688 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
22:40:38.0944 3688 SBRE - ok
22:40:39.0037 3688 sbwtis (2d3e2c3222a4de4b64e5de9dcc3253b1) C:\Windows\system32\DRIVERS\sbwtis.sys
22:40:39.0037 3688 sbwtis - ok
22:40:39.0100 3688 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
22:40:39.0100 3688 SCardSvr - ok
22:40:39.0162 3688 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
22:40:39.0178 3688 Schedule - ok
22:40:39.0942 3688 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
22:40:39.0942 3688 SCPolicySvc - ok
22:40:40.0597 3688 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Program Files\PC Tools Security\pctsAuxs.exe
22:40:40.0644 3688 sdAuxService - ok
22:40:41.0221 3688 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
22:40:41.0268 3688 sdbus - ok
22:40:41.0471 3688 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) C:\Program Files\PC Tools Security\pctsSvc.exe
22:40:41.0596 3688 sdCoreService - ok
22:40:41.0643 3688 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:40:41.0658 3688 SDRSVC - ok
22:40:41.0689 3688 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:40:41.0689 3688 secdrv - ok
22:40:41.0752 3688 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:40:41.0752 3688 seclogon - ok
22:40:41.0783 3688 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
22:40:41.0783 3688 SENS - ok
22:40:41.0830 3688 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:40:41.0830 3688 Serenum - ok
22:40:41.0877 3688 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:40:41.0892 3688 Serial - ok
22:40:41.0923 3688 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:40:41.0939 3688 sermouse - ok
22:40:41.0970 3688 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:40:41.0970 3688 SessionEnv - ok
22:40:42.0017 3688 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:40:42.0033 3688 sffdisk - ok
22:40:42.0064 3688 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:40:42.0079 3688 sffp_mmc - ok
22:40:42.0111 3688 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:40:42.0111 3688 sffp_sd - ok
22:40:42.0157 3688 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:40:42.0173 3688 sfloppy - ok
22:40:42.0220 3688 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:40:42.0220 3688 SharedAccess - ok
22:40:42.0360 3688 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
22:40:42.0360 3688 ShellHWDetection - ok
22:40:42.0563 3688 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:40:42.0579 3688 sisagp - ok
22:40:42.0610 3688 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:40:42.0625 3688 SiSRaid2 - ok
22:40:42.0657 3688 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:40:42.0672 3688 SiSRaid4 - ok
22:40:42.0813 3688 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
22:40:42.0844 3688 slsvc - ok
22:40:42.0937 3688 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
22:40:42.0937 3688 SLUINotify - ok
22:40:43.0000 3688 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
22:40:43.0015 3688 Smb - ok
22:40:43.0062 3688 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:40:43.0062 3688 SNMPTRAP - ok
22:40:43.0093 3688 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:40:43.0093 3688 spldr - ok
22:40:43.0140 3688 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
22:40:43.0140 3688 Spooler - ok
22:40:43.0483 3688 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
22:40:43.0499 3688 srv - ok
22:40:43.0593 3688 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
22:40:43.0608 3688 srv2 - ok
22:40:43.0702 3688 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
22:40:43.0702 3688 srvnet - ok
22:40:43.0764 3688 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:40:43.0764 3688 SSDPSRV - ok
22:40:43.0811 3688 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:40:43.0827 3688 SstpSvc - ok
22:40:43.0873 3688 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
22:40:43.0889 3688 stisvc - ok
22:40:43.0967 3688 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:40:43.0967 3688 swenum - ok
22:40:44.0014 3688 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
22:40:44.0029 3688 swprv - ok
22:40:44.0076 3688 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:40:44.0092 3688 Symc8xx - ok
22:40:44.0997 3688 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:40:45.0043 3688 Sym_hi - ok
22:40:45.0480 3688 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:40:45.0480 3688 Sym_u3 - ok
22:40:46.0026 3688 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
22:40:46.0026 3688 SynTP - ok
22:40:46.0151 3688 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
22:40:46.0151 3688 SysMain - ok
22:40:46.0198 3688 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:40:46.0198 3688 TabletInputService - ok
22:40:46.0603 3688 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
22:40:46.0603 3688 taphss - ok
22:40:46.0759 3688 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
22:40:46.0775 3688 TapiSrv - ok
22:40:46.0837 3688 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:40:46.0837 3688 TBS - ok
22:40:46.0993 3688 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
22:40:47.0025 3688 Tcpip - ok
22:40:47.0071 3688 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
22:40:47.0071 3688 Tcpip6 - ok
22:40:47.0134 3688 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
22:40:47.0134 3688 tcpipreg - ok
22:40:47.0196 3688 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:40:47.0196 3688 TDPIPE - ok
22:40:47.0274 3688 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:40:47.0290 3688 TDTCP - ok
22:40:47.0321 3688 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
22:40:47.0321 3688 tdx - ok
22:40:47.0352 3688 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
22:40:47.0352 3688 TermDD - ok
22:40:47.0415 3688 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
22:40:47.0415 3688 TermService - ok
22:40:47.0477 3688 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
22:40:47.0493 3688 Themes - ok
22:40:47.0586 3688 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:40:47.0586 3688 THREADORDER - ok
22:40:47.0851 3688 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:40:47.0851 3688 TrkWks - ok
22:40:47.0898 3688 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
22:40:47.0898 3688 TrustedInstaller - ok
22:40:48.0148 3688 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:48.0148 3688 tssecsrv - ok
22:40:48.0226 3688 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:40:48.0226 3688 tunmp - ok
22:40:48.0273 3688 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
22:40:48.0273 3688 tunnel - ok
22:40:48.0319 3688 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:40:48.0335 3688 uagp35 - ok
22:40:48.0366 3688 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
22:40:48.0382 3688 udfs - ok
22:40:48.0429 3688 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:40:48.0429 3688 UI0Detect - ok
22:40:48.0475 3688 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:40:48.0491 3688 uliagpkx - ok
22:40:48.0553 3688 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:40:48.0569 3688 uliahci - ok
22:40:48.0600 3688 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:40:48.0616 3688 UlSata - ok
22:40:48.0663 3688 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:40:48.0678 3688 ulsata2 - ok
22:40:48.0725 3688 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:40:48.0741 3688 umbus - ok
22:40:48.0772 3688 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:40:48.0772 3688 upnphost - ok
22:40:48.0959 3688 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:48.0959 3688 usbccgp - ok
22:40:49.0006 3688 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:40:49.0021 3688 usbcir - ok
22:40:49.0068 3688 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
22:40:49.0068 3688 usbehci - ok
22:40:49.0084 3688 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
22:40:49.0099 3688 usbhub - ok
22:40:49.0162 3688 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:40:49.0162 3688 usbohci - ok
22:40:49.0224 3688 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
22:40:49.0224 3688 usbprint - ok
22:40:49.0302 3688 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:49.0318 3688 USBSTOR - ok
22:40:49.0333 3688 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:40:49.0349 3688 usbuhci - ok
22:40:49.0427 3688 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:40:49.0443 3688 usbvideo - ok
22:40:49.0505 3688 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
22:40:49.0505 3688 UxSms - ok
22:40:49.0536 3688 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
22:40:49.0536 3688 vds - ok
22:40:49.0739 3688 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:49.0770 3688 vga - ok
22:40:49.0879 3688 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:40:49.0895 3688 VgaSave - ok
22:40:49.0973 3688 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:40:49.0989 3688 viaagp - ok
22:40:50.0051 3688 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:40:50.0051 3688 ViaC7 - ok
22:40:50.0082 3688 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:40:50.0082 3688 viaide - ok
22:40:50.0113 3688 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:40:50.0129 3688 volmgr - ok
22:40:50.0160 3688 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
22:40:50.0176 3688 volmgrx - ok
22:40:50.0223 3688 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
22:40:50.0238 3688 volsnap - ok
22:40:50.0301 3688 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:40:50.0316 3688 vsmraid - ok
22:40:50.0410 3688 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
22:40:50.0410 3688 VSS - ok
22:40:50.0457 3688 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
22:40:50.0457 3688 W32Time - ok
22:40:50.0644 3688 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:40:50.0659 3688 WacomPen - ok
22:40:50.0722 3688 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:50.0737 3688 Wanarp - ok
22:40:50.0737 3688 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:50.0737 3688 Wanarpv6 - ok
22:40:50.0800 3688 wanminiportservice (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\avp.dll
22:40:50.0815 3688 Suspicious file (NoAccess): C:\Windows\system32\avp.dll. md5: 11028c6a84a967070cb1286550f2058f
22:40:50.0815 3688 wanminiportservice ( Backdoor.Multi.ZAccess.gen ) - infected
22:40:50.0815 3688 wanminiportservice - detected Backdoor.Multi.ZAccess.gen (0)
22:40:50.0909 3688 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
22:40:50.0925 3688 wcncsvc - ok
22:40:51.0096 3688 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:40:51.0096 3688 WcsPlugInService - ok
22:40:51.0377 3688 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:40:51.0424 3688 Wd - ok
22:40:51.0736 3688 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:40:51.0876 3688 Wdf01000 - ok
22:40:52.0095 3688 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:40:52.0095 3688 WdiServiceHost - ok
22:40:52.0095 3688 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:40:52.0095 3688 WdiSystemHost - ok
22:40:52.0141 3688 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
22:40:52.0141 3688 WebClient - ok
22:40:52.0204 3688 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
22:40:52.0204 3688 Wecsvc - ok
22:40:52.0251 3688 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:40:52.0251 3688 wercplsupport - ok
22:40:52.0282 3688 WerSvc (4081288554294f144e5a7d4ee20e3ce6) C:\Windows\System32\WerSvc.dll
22:40:52.0282 3688 WerSvc - ok
22:40:53.0155 3688 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:40:53.0202 3688 winachsf - ok
22:40:53.0218 3688 WinHttpAutoProxySvc - ok
22:40:54.0013 3688 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
22:40:54.0013 3688 Winmgmt - ok
22:40:54.0201 3688 WinRM (20fc93fdc916843cfdfcaa7a1b0db16f) C:\Windows\system32\WsmSvc.dll
22:40:54.0216 3688 WinRM - ok
22:40:54.0435 3688 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
22:40:54.0435 3688 Wlansvc - ok
22:40:54.0528 3688 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:40:54.0528 3688 WmiAcpi - ok
22:40:54.0669 3688 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
22:40:54.0669 3688 wmiApSrv - ok
22:40:54.0762 3688 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:40:54.0778 3688 WMPNetworkSvc - ok
22:40:54.0825 3688 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
22:40:54.0825 3688 WPCSvc - ok
22:40:54.0856 3688 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
22:40:54.0856 3688 WPDBusEnum - ok
22:40:54.0903 3688 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
22:40:54.0918 3688 WpdUsb - ok
22:40:54.0949 3688 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:40:54.0949 3688 ws2ifsl - ok
22:40:54.0965 3688 WSearch - ok
22:40:55.0074 3688 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
22:40:55.0090 3688 wuauserv - ok
22:40:55.0121 3688 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:55.0137 3688 WUDFRd - ok
22:40:55.0152 3688 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:40:55.0168 3688 wudfsvc - ok
22:40:55.0246 3688 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
22:40:55.0246 3688 yukonwlh - ok
22:40:55.0277 3688 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:40:55.0339 3688 \Device\Harddisk0\DR0 - ok
22:40:55.0355 3688 Boot (0x1200) (44a894552231d53b27b081ea5a5908bf) \Device\Harddisk0\DR0\Partition0
22:40:55.0355 3688 \Device\Harddisk0\DR0\Partition0 - ok
22:40:55.0371 3688 Boot (0x1200) (e58365fa2e40d15097d59d986c513433) \Device\Harddisk0\DR0\Partition1
22:40:55.0371 3688 \Device\Harddisk0\DR0\Partition1 - ok
22:40:55.0371 3688 ============================================================
22:40:55.0371 3688 Scan finished
22:40:55.0371 3688 ============================================================
22:40:55.0386 3892 Detected object count: 2
22:40:55.0386 3892 Actual detected object count: 2
22:41:37.0709 3892 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
22:41:37.0740 3892 C:\Windows\$NtUninstallKB63800$\3453039849\@ - copied to quarantine
22:41:37.0756 3892 C:\Windows\$NtUninstallKB63800$\3453039849\cfg.ini - copied to quarantine
22:41:37.0787 3892 C:\Windows\$NtUninstallKB63800$\3453039849\Desktop.ini - copied to quarantine
22:41:37.0818 3892 C:\Windows\$NtUninstallKB63800$\3453039849\L\qnbwvoto - copied to quarantine
22:41:37.0818 3892 C:\Windows\$NtUninstallKB63800$\3453039849\oemid - copied to quarantine
22:41:37.0865 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\00000001.@ - copied to quarantine
22:41:37.0990 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\00000002.@ - copied to quarantine
22:41:38.0005 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\00000004.@ - copied to quarantine
22:41:38.0052 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\80000000.@ - copied to quarantine
22:41:38.0083 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\80000004.@ - copied to quarantine
22:41:38.0115 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\80000032.@ - copied to quarantine
22:41:38.0130 3892 C:\Windows\$NtUninstallKB63800$\3453039849\version - copied to quarantine
22:41:38.0224 3892 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\netbt.sys) error 1813
22:41:48.0223 3892 Backup copy found, using it..
22:41:48.0255 3892 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
22:41:52.0139 3892 C:\Windows\$NtUninstallKB63800$\309367452 - will be deleted on reboot
22:41:52.0139 3892 C:\Windows\$NtUninstallKB63800$\3453039849\@ - will be deleted on reboot
22:41:52.0139 3892 C:\Windows\$NtUninstallKB63800$\3453039849\cfg.ini - will be deleted on reboot
22:41:52.0139 3892 C:\Windows\$NtUninstallKB63800$\3453039849\Desktop.ini - will be deleted on reboot
22:41:52.0155 3892 C:\Windows\$NtUninstallKB63800$\3453039849\oemid - will be deleted on reboot
22:41:52.0155 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\00000001.@ - will be deleted on reboot
22:41:52.0155 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\00000002.@ - will be deleted on reboot
22:41:52.0155 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\00000004.@ - will be deleted on reboot
22:41:52.0155 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\80000000.@ - will be deleted on reboot
22:41:52.0155 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\80000004.@ - will be deleted on reboot
22:41:52.0155 3892 C:\Windows\$NtUninstallKB63800$\3453039849\U\80000032.@ - will be deleted on reboot
22:41:52.0155 3892 C:\Windows\$NtUninstallKB63800$\3453039849\version - will be deleted on reboot
22:41:52.0155 3892 netbt ( Virus.Win32.ZAccess.k ) - User select action: Cure
22:41:52.0233 3892 C:\Windows\system32\avp.dll - copied to quarantine
22:41:52.0248 3892 HKLM\SYSTEM\ControlSet001\services\wanminiportservice - will be deleted on reboot
22:41:52.0279 3892 HKLM\SYSTEM\ControlSet003\services\wanminiportservice - will be deleted on reboot
22:41:52.0295 3892 C:\Windows\system32\avp.dll - will be deleted on reboot
22:41:52.0295 3892 wanminiportservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
22:42:19.0548 4056 Deinitialize success

---

I think that's everything. Let me know if there are any more details you want. If the unhide log would be any use, I've still got it.

Thanks again.

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:47 AM

Posted 04 April 2012 - 05:38 PM

Yes, please post the log from unhide.

Additionally, please see if you're still experiencing strange behavior in Firefox at this point.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 usernamehere

usernamehere
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 04 April 2012 - 06:21 PM

I'm still getting strange behaviour with Firefox - frequent Not Responding delays, inexplicable Amazon.co.uk unresponsiveness, etc. I can say, however, that VIPRE isn't informing me of Trojans and requesting reboots. I can't say that I'm not still getting the ads, because I'm trying only to use the computer when necessary. I'll try it more to see.

Here's my Unhide log:

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 03/30/2012 05:02:51 AM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 559870 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 11778 files processed.

Restoring the Start Menu.
* 0 Shortcuts and Desktop items were restored.


Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!

Program finished at: 03/30/2012 05:35:50 AM
Execution time: 0 hours(s), 32 minute(s), and 59 seconds(s)

---

I hope that's right. Let me know if there's any more info you need.

It's midnight here in England, so I'm afraid I've got to get to bed! If you post anything in the next few hours and don't get a prompt response, please don't think I'm being rude and unappreciative. It's very kind of you.

Cheers again.

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:47 AM

Posted 05 April 2012 - 04:03 PM

Unfortunately. . . since you cleared temp files before running unhide your shortcuts are gone. . . They'll have to be manually restored.

You can restore the defaults for the Start Menu and Administrative Tools as follows:

***************************************************

To manually recreate "All Programs" entries, follow these steps...

  • Download App Paths
  • Double click on AppPaths.exe to run the program.
  • Keep the program open.

In this example I'll recreate an entry for Avast antivirus program.
  • Go Start>All Programs.
  • Right click on Avast entry, click "Properties".

Posted Image
NOTE. Make sure, you right click on Avast program, NOT on Avast folder.

  • You'll see this window:

Posted Image

Due to the damage caused by the infection, you'll find "Target" box empty.

  • Go back to AppPaths window and find Avast entry.
  • Right click on Avast line, click "Edit".
  • A pop-up window will open:

Posted Image

  • Highlight everything in "Path" box, right click on it, click "Copy"
  • Go back to Avast "Properties" window, right click inside "Target" box, click "Paste".
  • IMPORTANT! Add quotation marks at the beginning of the path and at the end
  • Click OK and you're done.

Posted Image


In case, program's link shows as (empty):

Posted Image

  • Open Windows Explorer, navigate to Avast folder in Program Files
  • Right click on Avast ".exe" file, click "Create shortcut":

Posted Image

  • Copy that shortcut, go back to Start menu.
  • Right click on avast!Free Antivirus, click "Paste".
  • You'll see Avast shortcut recreated replacing (empty) entry.

Alternatively....
...you paste that shortcut in:
(XP) - C:\Documents and Settings\All Users\Start Menu\Programs\Avast
(Vista/7) - C:\Program Data\Start Menu\Programs\Avast

***************************************************

Let me know how Firefox continues running (any ads etc).

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 usernamehere

usernamehere
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 06 April 2012 - 11:27 PM

Again, thanks a bunch for helping out. I'll give the shortcut restoring a try and let you know how I get on.

I have good news and bad news.

The good news: VIPRE hasn't informed me of many more 'invasions,' and nor has it felt the need for me to reboot more than a couple of times. Of course, it's still disturbing that something is here that shouldn't be, but given that VIPRE was earlier insisting that I reboot every other minute, this is an improvement.

In case it's of any significance, the last Trojans to try to break in were called HFTT52~1.COM and HDtt52.com.

The bad news: the computer in general, and web browsing in particular, is agonisingly slow. Both Firefox and IE. My suspicions about Amazon.co.uk playing up have turned out to be well founded. As I was testing it this afternoon, after a few seconds of unresponsiveness, this message was presented to me:

Posted Image

Do you know what this is? Is it part of the original System Check infection? Any idea why the earlier scans didn't pick it up?

I'm getting an awful lot of the 'Not Responding' delays I mentioned earlier. At times it's almost comical: I can be reading a Wikipedia article and every time I attempt to scroll an inch down the page, the browser requires ~20 seconds to prepare itself. God knows what's going on.

Of course I'll abstain from using the computer for shopping and online banking until we've established that all's well.

Thanks again. :wink:

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:47 AM

Posted 07 April 2012 - 11:37 PM

Hmm.

Let's take a look at a couple things and see if we can get a handle on what's going on here.

Please download and run Process Explorer

Download

Under File, click Save As... and create a file. Copy and paste the contents of that file into your next reply.

***************************************************

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

~Blade


In your next reply, please include the following:
Process Explorer log
Result.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:47 AM

Posted 07 April 2012 - 11:42 PM

Oh, and DO NOT enter your credit card information on that page. It's very clearly a phishing attempt.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 usernamehere

usernamehere
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 10 April 2012 - 08:37 AM

Thanks again for getting back to me; I'm sorry to have been busy for the last couple of days - I hope you've not been bored with too little to do!

I ran Malwarebytes a few times to see if it would catch anything, and it has on two occasions - my PC has been running much better since, though I still don't feel entirely secure. In case the logs are of value, I hope you won't mind me posting them here. The Process Explorer log and Result.txt follow.

---

Malwarebytes log #1:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.07.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19019
David :: DAVID-PC [administrator]

07/04/2012 13:50:10
mbam-log-2012-04-07 (13-50-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173759
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\ProgramData\Windows\msdr.dll (Trojan.Sinowal) -> Delete on reboot.

Registry Keys Detected: 1
HKCR\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} (Trojan.Sinowal) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Detected: 3
C:\ProgramData\Windows\msdr.dll (Trojan.Sinowal) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\6F80F85A.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\82A0404C.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

(end)

---

Malwarebytes log #2:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.07.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19019
David :: DAVID-PC [administrator]

08/04/2012 14:39:35
mbam-log-2012-04-08 (14-39-35).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 635950
Time elapsed: 5 hour(s), 9 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\TDSSKiller_Quarantine\04.04.2012_22.39.29\rtkt0000\zafs0000\tsk0002.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\04.04.2012_22.39.29\zaea0000\svc0000\tsk0000.dta (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

---

Process Explorer log:

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 93.01 0 K 24 K
System 4 < 0.01 0 K 1,640 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 380 288 K 688 K Windows Session Manager Microsoft Corporation
csrss.exe 460 1,776 K 5,804 K Client Server Runtime Process Microsoft Corporation
wininit.exe 504 1,328 K 3,448 K Windows Start-Up Application Microsoft Corporation
services.exe 548 2,760 K 6,248 K Services and Controller app Microsoft Corporation
svchost.exe 744 2,364 K 5,124 K Host Process for Windows Services Microsoft Corporation
WmiPrvSE.exe 2548 2,996 K 5,564 K WMI Provider Host Microsoft Corporation
svchost.exe 836 3,188 K 5,768 K Host Process for Windows Services Microsoft Corporation
svchost.exe 896 11,768 K 8,924 K Host Process for Windows Services Microsoft Corporation
audiodg.exe 1112 12,212 K 9,508 K Windows Audio Device Graph Isolation Microsoft Corporation
svchost.exe 992 < 0.01 56,544 K 59,996 K Host Process for Windows Services Microsoft Corporation
wlanext.exe 1492 < 0.01 12,808 K 8,168 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
dwm.exe 2808 1,456 K 4,636 K Desktop Window Manager Microsoft Corporation
svchost.exe 1012 < 0.01 19,652 K 23,308 K Host Process for Windows Services Microsoft Corporation
taskeng.exe 2340 1,960 K 5,580 K Task Scheduler Engine Microsoft Corporation
taskeng.exe 2596 < 0.01 8,968 K 9,960 K Task Scheduler Engine Microsoft Corporation
svchost.exe 1140 1,816 K 4,304 K Host Process for Windows Services Microsoft Corporation
SLsvc.exe 1156 5,624 K 4,120 K Microsoft Software Licensing Service Microsoft Corporation
svchost.exe 1208 6,592 K 9,356 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1348 < 0.01 15,976 K 12,420 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1596 < 0.01 5,936 K 9,996 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1756 2,204 K 3,408 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1800 7,940 K 9,492 K Host Process for Windows Services Microsoft Corporation
EvtEng.exe 1828 10,416 K 7,392 K Intel® PROSet/Wireless Event Log Intel Corporation
RegSrvc.exe 128 1,208 K 3,696 K Intel® PROSet/Wireless Registry Service Intel Corporation
SBPIMSvc.exe 280 2,128 K 296 K Plug-in Manager Service GFI Software
svchost.exe 540 3,512 K 5,188 K Host Process for Windows Services Microsoft Corporation
svchost.exe 688 580 K 2,156 K Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 1304 < 0.01 43,484 K 35,912 K Microsoft Windows Search Indexer Microsoft Corporation
SBAMSvc.exe 3140 < 0.01 58,464 K 31,348 K GFI Software Anti Malware Service GFI Software
lsass.exe 560 3,080 K 2,064 K Local Security Authority Process Microsoft Corporation
lsm.exe 572 < 0.01 1,832 K 3,620 K Local Session Manager Service Microsoft Corporation
csrss.exe 516 0.78 1,600 K 6,808 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 644 1,904 K 4,628 K Windows Logon Application Microsoft Corporation
explorer.exe 2528 1.55 45,612 K 56,080 K Windows Explorer Microsoft Corporation
SBAMTray.exe 2592 < 0.01 3,340 K 7,468 K SBAMTray Application GFI Software
realsched.exe 2160 1,772 K 636 K RealNetworks Scheduler RealNetworks, Inc.
firefox.exe 1180 0.78 85,180 K 103,908 K Firefox Mozilla Corporation
plugin-container.exe 3684 15,604 K 23,964 K Plugin Container for Firefox Mozilla Corporation
procexp.exe 4092 3.88 20,400 K 26,696 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com

---

Result.txt:

MiniToolBox by Farbar Version: 18-01-2012
Ran by David (administrator) on 10-04-2012 at 14:26:17
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= IP Configuration: ================================

Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled
set subinterface interface=3 subinterface=wireless_0 mtu=1500


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : David-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-1D-09-57-78-ED
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-89-57-9B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 10 April 2012 13:58:43
Lease Expires . . . . . . . . . . : 11 April 2012 13:58:43
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-1F-E1-F0-57-B5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.34.97
173.194.34.98
173.194.34.100
173.194.34.102
173.194.34.101
173.194.34.104
173.194.34.103
173.194.34.99
173.194.34.96
173.194.34.110
173.194.34.105



Pinging google.com [173.194.34.101] with 32 bytes of data:

Reply from 173.194.34.101: bytes=32 time=27ms TTL=52

Reply from 173.194.34.101: bytes=32 time=22ms TTL=52



Ping statistics for 173.194.34.101:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 27ms, Average = 24ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=177ms TTL=48

Reply from 209.191.122.70: bytes=32 time=184ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 177ms, Maximum = 184ms, Average = 180ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
14 ...00 1d 09 57 78 ed ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
12 ...00 1f 3b 89 57 9b ...... Intel® Wireless WiFi Link 4965AGN
11 ...00 1f e1 f0 57 b5 ...... Bluetooth Device (Personal Area Network)
1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.12 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.12 281
192.168.1.12 255.255.255.255 On-link 192.168.1.12 281
192.168.1.255 255.255.255.255 On-link 192.168.1.12 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.12 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.12 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/10/2012 02:00:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2012 01:59:56 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Windows Application, SystemIndex Catalog

Error: (04/10/2012 02:02:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2012 00:25:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2012 08:16:06 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service getPlusHelper since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (04/09/2012 05:54:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2012 10:17:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2012 02:38:52 PM) (Source: Application Hang) (User: )
Description: The program sdsetup_revwire207_en_aff_dl.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: b00
Start Time: 01cd158cde0dee6a
Termination Time: 0

Error: (04/08/2012 02:38:36 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (04/08/2012 02:38:36 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (04/10/2012 02:01:17 PM) (Source: Service Control Manager) (User: )
Description: sbwtis%%1753

Error: (04/10/2012 02:01:17 PM) (Source: Service Control Manager) (User: )
Description: sbwtis%%1753

Error: (04/10/2012 02:00:04 PM) (Source: Service Control Manager) (User: )
Description: Besclient%%126

Error: (04/10/2012 02:00:04 PM) (Source: Service Control Manager) (User: )
Description: A016mgmt%%126

Error: (04/10/2012 02:00:04 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (04/10/2012 02:00:04 PM) (Source: Service Control Manager) (User: )
Description: Mcdbus%%126

Error: (04/10/2012 02:00:04 PM) (Source: Service Control Manager) (User: )
Description: W800bus%%126

Error: (04/10/2012 02:00:04 PM) (Source: Service Control Manager) (User: )
Description: Cics.region2%%126

Error: (04/10/2012 02:00:04 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (04/10/2012 02:00:04 PM) (Source: Service Control Manager) (User: )
Description: S125mdm%%126


Microsoft Office Sessions:
=========================
Error: (04/10/2012 02:00:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/10/2012 01:59:56 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Error: (04/10/2012 02:02:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2012 00:25:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2012 08:16:06 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddWin32ServiceFiles: Unable to back up image of service getPlusHelper since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (04/09/2012 05:54:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2012 10:17:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2012 02:38:52 PM) (Source: Application Hang)(User: )
Description: sdsetup_revwire207_en_aff_dl.tmp51.1052.0.0b0001cd158cde0dee6a0

Error: (04/08/2012 02:38:36 PM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (04/08/2012 02:38:36 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


=========================== Installed Programs ============================

Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Download Manager (Version: 1.6.2.60)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Flash Player 11 Plugin (Version: 11.2.202.228)
Adobe Reader 9.5.0 (Version: 9.5.0)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
CCleaner (Version: 3.17)
CDDRV_Installer (Version: 4.60)
Compatibility Pack for the 2007 Office system (Version: 12.0.4518.1014)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Resource CD (Version: 1.00.0000)
Dell Touchpad (Version: 7.1.103.4)
Dell Touchpad (Version: 9.1.18.6)
Dell Webcam Center
Dell Webcam Manager
GetFLV 9.0.7.1
Google Chrome (Version: 18.0.1025.152)
Google Update Helper (Version: 1.3.21.111)
Intel® PROSet/Wireless Software (Version: 11.01.0000)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
KhalInstallWrapper (Version: 4.60.122)
Laptop Integrated Webcam Driver (1.03.02.0719)
Logitech SetPoint (Version: 4.60)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
mCore (Version: 9.24.0000)
mDriver (Version: 9.24.0000)
mHelp (Version: 9.24.0000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Works (Version: 9.7.0621)
mMHouse (Version: 9.24.0000)
Modem Diagnostic Tool (Version: 1.0.20.0)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
mPfMgr (Version: 9.24.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
mWMI (Version: 9.24.0000)
Norton Utilities (Version: 14.5)
QuickTime (Version: 7.69.80.9)
RealPlayer
RealUpgrade 1.0 (Version: 1.0.0)
Sony Picture Utility (Version: 2.0.05.12060)
Spyware Doctor 8.0 (Version: 8.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VC 9.0 Runtime (Version: 1.0.0)
VIPRE Internet Security (Version: 5.0.5134)
VLC media player 1.0.3 (Version: 1.0.3)
WinRAR archiver

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp

Name: ACPI x86-based PC
Description: ACPI x86-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI

Name: Intel® Core™2 Duo CPU T8100 @ 2.10GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel® Core™2 Duo CPU T8100 @ 2.10GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci

Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Standard VGA Graphics Adapter
Description: Standard VGA Graphics Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel® ICH8 Family USB Universal Host Controller - 2834
Description: Intel® ICH8 Family USB Universal Host Controller - 2834
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® ICH8 Family USB Universal Host Controller - 2835
Description: Intel® ICH8 Family USB Universal Host Controller - 2835
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® ICH8 Family USB2 Enhanced Host Controller - 283A
Description: Intel® ICH8 Family USB2 Enhanced Host Controller - 283A
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: In-Build Conexant Type 2 modem
Description: In-Build Conexant Type 2 modem
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: Conexant
Service: Modem

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService

Name: Intel® ICH8 Family PCI Express Root Port 1 - 283F
Description: Intel® ICH8 Family PCI Express Root Port 1 - 283F
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonwlh

Name: Intel® ICH8 Family PCI Express Root Port 2 - 2841
Description: Intel® ICH8 Family PCI Express Root Port 2 - 2841
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Intel® Wireless WiFi Link 4965AGN
Description: Intel® Wireless WiFi Link 4965AGN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETw4v32

Name: Intel® ICH8 Family PCI Express Root Port 5 - 2847
Description: Intel® ICH8 Family PCI Express Root Port 5 - 2847
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Intel® ICH8 Family USB Universal Host Controller - 2830
Description: Intel® ICH8 Family USB Universal Host Controller - 2830
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: Logitech HID-Compliant Keyboard
Description: Logitech HID-Compliant Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: kbdhid

Name: Logitech Driver Interface
Description: Logitech Driver Interface
Class Guid: {d41dd63a-1395-4419-ae14-a534f5f2ad29}
Manufacturer: Logitech
Service:

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: Logitech HID-compliant Cordless Mouse
Description: Logitech HID-compliant Cordless Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: mouhid

Name: Logitech Pointing Device
Description: Logitech Pointing Device
Class Guid:
Manufacturer:
Service:

Name: Logitech HID Device
Description: Logitech HID Device
Class Guid:
Manufacturer:
Service:

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: Intel® ICH8 Family USB Universal Host Controller - 2831
Description: Intel® ICH8 Family USB Universal Host Controller - 2831
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® ICH8 Family USB Universal Host Controller - 2832
Description: Intel® ICH8 Family USB Universal Host Controller - 2832
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Dell Truemobile 355 Bluetooth + EDR
Description: Dell Truemobile 355 Bluetooth + EDR
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Dell
Service: BTHUSB

Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM

Name: Microsoft Bluetooth Enumerator
Description: Microsoft Bluetooth Enumerator
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Microsoft
Service: BthEnum

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid

Name: USB Human Interface Device
Description: USB Human Interface Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: Intel® ICH8 Family USB2 Enhanced Host Controller - 2836
Description: Intel® ICH8 Family USB2 Enhanced Host Controller - 2836
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 82801 PCI Bridge - 2448
Description: Intel® 82801 PCI Bridge - 2448
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: RICOH OHCI Compliant IEEE 1394 Host Controller
Description: RICOH OHCI Compliant IEEE 1394 Host Controller
Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Manufacturer: RICOH
Service: ohci1394

Name: SDA Standard Compliant SD Host Controller
Description: SDA Standard Compliant SD Host Controller
Class Guid: {a0a588a4-c46f-4b37-b7ea-c82fe89870c6}
Manufacturer: SDA Standard Compliant SD Host Controller Vendor
Service: sdbus

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel® ICH8M-E LPC Interface Controller - 2815
Description: Intel® ICH8M-E LPC Interface Controller - 2815
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Dell Touchpad
Description: Dell Touchpad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Alps Electric
Service: i8042prt

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® ICH8M Ultra ATA Storage Controllers - 2850
Description: Intel® ICH8M Ultra ATA Storage Controllers - 2850
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: intelide

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: TSSTcorp DVD+-RW TS-L632H ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: Standard AHCI 1.0 Serial ATA Controller
Description: Standard AHCI 1.0 Serial ATA Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Standard AHCI 1.0 Serial ATA Controller
Service: msahci

Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: WDC WD2500BEVS-75UST0 ATA Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: ATA Channel 2
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi

Name: Intel® ICH8 Family SMBus Controller - 283E
Description: Intel® ICH8 Family SMBus Controller - 283E
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Lid
Description: ACPI Lid
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Sleep Button
Description: ACPI Sleep Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft AC Adapter
Description: Microsoft AC Adapter
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: Direct Application Launch Button
Description: Direct Application Launch Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi

Name: Microsoft Composite Battery
Description: Microsoft Composite Battery
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Compbatt

Name: Microsoft iSCSI Initiator
Description: Microsoft iSCSI Initiator
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: iScsiPrt

Name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CLFS

Name: Crcdisk Filter Driver
Description: Crcdisk Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: crcdisk

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: icsak
Description: icsak
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: icsak

Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecDD

Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio

Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MountMgr

Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv

Name: ISA/EISA Class Driver
Description: ISA/EISA Class Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv

Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NativeWifiP

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: netbt

Name: NSI proxy service
Description: NSI proxy service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nsiproxy

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: PC Tools Data Store
Description: PC Tools Data Store
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pctDS

Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PSched

Name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RasAcd

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPENCDD

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr

Name: SbFw
Description: SbFw
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SbFw

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv

Name: Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
Description: Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Smb

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg

Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tdx

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volmgrx

Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volsnap

Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarpv6

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wdf01000

Name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Description: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ws2ifsl

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller - Sunbelt Software Firewall NDIS IM Filter Miniport
Description: GFI Software Firewall NDIS IM Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Sunbelt Software, Inc.
Service: SBFWIMCLMP

Name: Intel® Wireless WiFi Link 4965AGN - Sunbelt Software Firewall NDIS IM Filter Miniport
Description: GFI Software Firewall NDIS IM Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Sunbelt Software, Inc.
Service: SBFWIMCLMP

Name: WAN Miniport (Network Monitor) - Sunbelt Software Firewall NDIS IM Filter Miniport
Description: GFI Software Firewall NDIS IM Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Sunbelt Software, Inc.
Service: SBFWIMCLMP

Name: WAN Miniport (IP) - Sunbelt Software Firewall NDIS IM Filter Miniport
Description: GFI Software Firewall NDIS IM Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Sunbelt Software, Inc.
Service: SBFWIMCLMP

Name: WAN Miniport (IPv6) - Sunbelt Software Firewall NDIS IM Filter Miniport
Description: GFI Software Firewall NDIS IM Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Sunbelt Software, Inc.
Service: SBFWIMCLMP

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap


**** End of log ****

---

I hope that's right, mate - let me know if I've done anything wrong.

Thanks once more! :)

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:47 AM

Posted 12 April 2012 - 06:20 PM

I think the best thing to do at this point is get a more in depth look.

It appears that the issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information in this guide, and follow all the steps beginning with step 6. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The MRT is very busy, so it could be several days (3-5 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users