Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue.Fakealert Trojan.Agent


  • This topic is locked This topic is locked
18 replies to this topic

#1 mcspam

mcspam

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 25 May 2012 - 09:16 AM

My computer (Vista Home Premium SP1 64 Bit) was infected with Rogue.Fakealert Trojan.Agent PUM.Hijack.StartMenu PUP.Casino.Gen
I discovered this after running the Malwarebytes Anti-Malware program which detected and quarantined these.
I ran Malwarebytes becasue I was getting a whole heap of system warning messages highlighted on your website.
This was about a week ago and I though the PC was ok.
I have now rebooted my machine and cannot get access to my netgear router.
If I go into Network and Sharing Center, it shows Unknown and The specified service does not exist as an installed service.
If I go into Services, when trying to start the DHCP service I get the error "Error 1075: The dependency service does not exist or has been marked for deletion."
Looking at the regsitry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp in the DependOnService key it has NSI Tdx Afd
When I go to a command prompt and try to Net start each service, the Tdx and Afd come up as already started but the NSI one comes up with "The service name is invalid"
If I go into Services under Administrative Services, I cannot indeed see Network Store Interface in the list of services.
Another issue I get is an error message "No ATI graphics driver is installed or the ATI driver is not functioning properly. Please install the ATI driver appropriate for your ATI hardware" when logging onto the computer.
I also cannot access Windows Firewall settings as it comes up with an error "Due to an unidentified problem, Windows cannot display Windows Firewall settings".

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.6001.19088
Run by peter at 22:37:31 on 2012-05-25
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/ig
uDefault_Page_URL = hxxp://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120423074545.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Boxoft Tools] "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
StartupFolder: C:\Users\peter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\peter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLRE~1.LNK - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\Windows\system32\wpclsp.dll
LSP: mswsock.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: sagenorthamerica.com\partners
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} - hxxps://crm.microchannel.com.au/mcscrm/Plugin/eWarePluginX.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {57A994A8-47AB-4994-8EA4-5B8F839F9844} - hxxp://203.45.68.243/crm/CustomPages/Accpac/AccpacUI/eCRMARInvoiceUI.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxp://virtualtech.helmat.com.au/inc/kaxRemote.dll
DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} - hxxps://203.213.2.10:10443/sslvpn.cab
DPF: {B65B1DCC-D421-4F3C-8F8F-909BDD967120} - hxxp://virtualtech.helmat.com.au/inc/PluginManager/PluginManager.cab
DPF: {B9C02A20-13CD-4879-928A-87A7014D5A5B} - hxxp://203.45.68.243/crm/CustomPages/Accpac/AccpacUI/eCRMOEOrderUI.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {DE64E08D-8F19-4D75-A277-855E9DE74AA5} - hxxps://203.213.2.10:10443/forticachecleaner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120423074545.dll
BHO-X64: scriptproxy - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun-x64: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 93.113.196.124 www.google.com
Hosts: 93.113.196.125 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-16 14:11:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-16 12:44:21 -------- d-----w- C:\Users\peter\AppData\Roaming\Malwarebytes
2012-05-16 12:44:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-16 12:44:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-16 12:44:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-05 13:16:57 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 06:58:51 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-05-05 13:17:04 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-10 05:40:25 249856 ------w- C:\Windows\Setup1.exe
2012-04-10 05:40:23 73216 ----a-w- C:\Windows\ST6UNST.EXE
.
============= FINISH: 22:39:23.22 ===============

Attached Files


Edited by mcspam, 25 May 2012 - 09:24 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 30 May 2012 - 12:14 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mcspam

mcspam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 30 May 2012 - 02:28 AM

Thanks for the help Gringo

I received an error
AutoIt Error
Lin -1:
Error: Variable must be of type "Object"
when running Security Check.
It did continue to run though and results as follows followed by Combofix log

Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 1 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 21
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

ComboFix 12-05-30.01 - peter 30/05/2012 16:28:26.1.8 - x64
Running from: c:\users\peter\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Allison\AppData\Roaming\DataSafeDotNet.exe
c:\users\Allison\Documents\~WRL0003.tmp
c:\users\peter\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-16 14:11 . 2012-05-16 14:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-16 12:44 . 2012-05-16 12:44 -------- d-----w- c:\users\peter\AppData\Roaming\Malwarebytes
2012-05-16 12:44 . 2012-05-16 12:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-16 12:44 . 2012-05-16 12:44 -------- d-----w- c:\programdata\Malwarebytes
2012-05-16 12:44 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-05 13:16 . 2012-05-05 13:16 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 06:42 . 2012-05-04 06:44 -------- d-----w- c:\users\Jackson
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 13:17 . 2012-04-27 06:58 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 13:17 . 2011-05-18 13:15 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-10 05:40 . 2012-04-10 05:40 249856 ------w- c:\windows\Setup1.exe
2012-04-10 05:40 . 2012-04-10 05:40 73216 ----a-w- c:\windows\ST6UNST.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]
"Boxoft Tools"="c:\programdata\Boxtools\Boxofttoolbox.exe" [2010-12-15 514048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-12 61440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-04 128232]
"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112]
.
c:\users\Allison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 981808]
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe [2009-8-12 53248]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 a4wnetMgrService;Sage Accpac .NET Remoting Service;c:\program files (x86)\Common Files\Sage\Sage Accpac\a4wnetMgrService.exe [2008-03-24 20480]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 13:17]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-14 09:44]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-14 09:44]
.
2012-05-30 c:\windows\Tasks\User_Feed_Synchronization-{F0D09FB7-AE90-425C-A6ED-561FFCB6A5A9}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth HCI Monitor"="CHECKHCIMODE" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: sagenorthamerica.com\partners
TCP: DhcpNameServer = 192.168.0.1
DPF: {3DFD2B52-C6E9-11D4-8226-005004F658FC} - hxxps://crm.microchannel.com.au/mcscrm/Plugin/eWarePluginX.cab
DPF: {57A994A8-47AB-4994-8EA4-5B8F839F9844} - hxxp://203.45.68.243/crm/CustomPages/Accpac/AccpacUI/eCRMARInvoiceUI.CAB
DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} - hxxps://203.213.2.10:10443/sslvpn.cab
DPF: {B65B1DCC-D421-4F3C-8F8F-909BDD967120} - hxxp://virtualtech.helmat.com.au/inc/PluginManager/PluginManager.cab
DPF: {B9C02A20-13CD-4879-928A-87A7014D5A5B} - hxxp://203.45.68.243/crm/CustomPages/Accpac/AccpacUI/eCRMOEOrderUI.CAB
DPF: {DE64E08D-8F19-4D75-A277-855E9DE74AA5} - hxxps://203.213.2.10:10443/forticachecleaner.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-itype - TELLITYPE PRO\ITYPE.EXE
HKLM-Run-IntelliPoint - T.EXE
HKLM-Run-Win7_Upgrade - 7_UPGRADE_START.EXE
HKLM-Run-WPCUMI - DOWS\SYSTEM32\WPCUMI.EXE
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
AddRemove-MetaFrame Presentation Server Web Client for Win32 - c:\windows\system32\ctxsetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
c:\windows\SysWOW64\FortiSslvpnDaemon.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
c:\pvsw\bin\w3sqlmgr.exe
c:\pvsw\bin\ntbtrv.exe
c:\pvsw\bin\NTDBSMGR.EXE
c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe
c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\programdata\Boxtools\Toolbox.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2012-05-30 16:55:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-30 06:55
.
Pre-Run: 637,698,306,048 bytes free
Post-Run: 638,311,014,400 bytes free
.
- - End Of File - - 22062E400026D2001FB9BB57993A6EC1

Computer Now:

I am still unable to connect to my Netgear Router as the DHCP service will not start due to missing NSI service.
I am still getting an error "No ATI graphics driver is installed or the ATI driver is not functioning properly. Please install the ATI driver appropriate for your ATI hardware" when logging onto the computer.
One thing I didn't mention before and that is still happening is that the computer is very slow, (for instance when I click on the Start button, it takes about 12 seconds to respond, opening control panel takes over 20 seconds).

One thing that does seem to be resolved is that I can now get into the Windows Firewall settings.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 30 May 2012 - 02:29 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mcspam

mcspam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 31 May 2012 - 01:33 AM

16:09:40.0358 5964 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:09:40.0436 5964 ============================================================
16:09:40.0436 5964 Current date / time: 2012/05/31 16:09:40.0436
16:09:40.0436 5964 SystemInfo:
16:09:40.0436 5964
16:09:40.0436 5964 OS Version: 6.0.6001 ServicePack: 1.0
16:09:40.0436 5964 Product type: Workstation
16:09:40.0436 5964 ComputerName: MACS-PC
16:09:40.0436 5964 UserName: peter
16:09:40.0436 5964 Windows directory: C:\Windows
16:09:40.0436 5964 System windows directory: C:\Windows
16:09:40.0436 5964 Running under WOW64
16:09:40.0436 5964 Processor architecture: Intel x64
16:09:40.0436 5964 Number of processors: 8
16:09:40.0436 5964 Page size: 0x1000
16:09:40.0436 5964 Boot type: Normal boot
16:09:40.0436 5964 ============================================================
16:09:41.0747 5964 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:09:41.0809 5964 Drive \Device\Harddisk6\DR6 - Size: 0xEFF4FE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:09:41.0825 5964 ============================================================
16:09:41.0825 5964 \Device\Harddisk0\DR0:
16:09:41.0825 5964 MBR partitions:
16:09:41.0825 5964 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
16:09:41.0825 5964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x728E6800
16:09:41.0825 5964 \Device\Harddisk6\DR6:
16:09:41.0825 5964 MBR partitions:
16:09:41.0825 5964 \Device\Harddisk6\DR6\Partition0: MBR, Type 0xB, StartLBA 0x26, BlocksNum 0x779FC2
16:09:41.0825 5964 ============================================================
16:09:41.0856 5964 C: <-> \Device\Harddisk0\DR0\Partition1
16:09:41.0887 5964 D: <-> \Device\Harddisk0\DR0\Partition0
16:09:41.0887 5964 ============================================================
16:09:41.0887 5964 Initialize success
16:09:41.0887 5964 ============================================================
16:09:58.0189 6916 ============================================================
16:09:58.0189 6916 Scan started
16:09:58.0189 6916 Mode: Manual;
16:09:58.0189 6916 ============================================================
16:09:59.0765 6916 a4wnetMgrService (5ef81684f87c679a5af661361bbf0109) C:\Program Files (x86)\Common Files\Sage\Sage Accpac\a4wnetMgrService.exe
16:09:59.0780 6916 a4wnetMgrService - ok
16:09:59.0858 6916 ACPI (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
16:09:59.0874 6916 ACPI - ok
16:10:00.0077 6916 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:10:00.0077 6916 AdobeFlashPlayerUpdateSvc - ok
16:10:00.0139 6916 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:10:00.0155 6916 adp94xx - ok
16:10:00.0217 6916 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:10:00.0233 6916 adpahci - ok
16:10:00.0248 6916 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:10:00.0248 6916 adpu160m - ok
16:10:00.0264 6916 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:10:00.0280 6916 adpu320 - ok
16:10:00.0311 6916 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
16:10:00.0311 6916 AeLookupSvc - ok
16:10:00.0373 6916 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
16:10:00.0373 6916 AFD - ok
16:10:00.0389 6916 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:10:00.0389 6916 agp440 - ok
16:10:00.0404 6916 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:10:00.0404 6916 aic78xx - ok
16:10:00.0482 6916 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
16:10:00.0482 6916 ALG - ok
16:10:00.0498 6916 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
16:10:00.0560 6916 aliide - ok
16:10:00.0623 6916 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
16:10:00.0670 6916 AMD External Events Utility - ok
16:10:00.0685 6916 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:10:00.0685 6916 amdide - ok
16:10:00.0716 6916 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:10:00.0716 6916 AmdK8 - ok
16:10:01.0231 6916 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
16:10:01.0340 6916 amdkmdag - ok
16:10:01.0840 6916 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
16:10:01.0840 6916 amdkmdap - ok
16:10:01.0886 6916 Apache2.2 (ea504a3e708a37cda81d214d09b8a62f) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
16:10:01.0886 6916 Apache2.2 - ok
16:10:01.0949 6916 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:10:01.0949 6916 Apple Mobile Device - ok
16:10:02.0011 6916 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:10:02.0011 6916 arc - ok
16:10:02.0027 6916 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:10:02.0027 6916 arcsas - ok
16:10:02.0058 6916 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:10:02.0058 6916 AsyncMac - ok
16:10:02.0058 6916 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
16:10:02.0058 6916 atapi - ok
16:10:02.0495 6916 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
16:10:02.0526 6916 atikmdag - ok
16:10:02.0588 6916 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
16:10:02.0604 6916 AudioEndpointBuilder - ok
16:10:02.0604 6916 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
16:10:02.0604 6916 AudioSrv - ok
16:10:02.0604 6916 Beep - ok
16:10:02.0729 6916 BFE (bc4737aaffa5964e4f8827c9b8c0eb8e) C:\Windows\System32\bfe.dll
16:10:02.0729 6916 BFE - ok
16:10:02.0791 6916 BITS (d896a0d43f8ab81ecb1fc6c24decfd58) C:\Windows\system32\qmgr.dll
16:10:02.0807 6916 BITS - ok
16:10:02.0838 6916 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:10:02.0838 6916 blbdrive - ok
16:10:02.0963 6916 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:10:03.0010 6916 Bonjour Service - ok
16:10:03.0088 6916 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
16:10:03.0119 6916 bowser - ok
16:10:03.0134 6916 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:10:03.0134 6916 BrFiltLo - ok
16:10:03.0150 6916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:10:03.0150 6916 BrFiltUp - ok
16:10:03.0166 6916 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
16:10:03.0181 6916 Browser - ok
16:10:03.0197 6916 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:10:03.0212 6916 Brserid - ok
16:10:03.0228 6916 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:10:03.0228 6916 BrSerWdm - ok
16:10:03.0244 6916 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:10:03.0244 6916 BrUsbMdm - ok
16:10:03.0275 6916 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:10:03.0275 6916 BrUsbSer - ok
16:10:03.0290 6916 BthEnum (12b275fd8ea054a719d024d7017eb932) C:\Windows\system32\DRIVERS\BthEnum.sys
16:10:03.0337 6916 BthEnum - ok
16:10:03.0368 6916 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:10:03.0368 6916 BTHMODEM - ok
16:10:03.0384 6916 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
16:10:03.0384 6916 BthPan - ok
16:10:03.0415 6916 BTHPORT (516cdda5b7f6c6999db7eb7425337a19) C:\Windows\system32\Drivers\BTHport.sys
16:10:03.0462 6916 BTHPORT - ok
16:10:03.0462 6916 BthServ (e53aa49695b7bd95808b7c6da170a40e) C:\Windows\System32\bthserv.dll
16:10:03.0462 6916 BthServ - ok
16:10:03.0478 6916 BTHUSB (264cc52d69337ce5d12d13d71220b612) C:\Windows\system32\Drivers\BTHUSB.sys
16:10:03.0524 6916 BTHUSB - ok
16:10:03.0587 6916 btwaudio (a44ad9ab3bf98a65eb58662e3c78eae0) C:\Windows\system32\drivers\btwaudio.sys
16:10:03.0634 6916 btwaudio - ok
16:10:03.0649 6916 btwavdt (a441d453821a6336f516f97f79bbfa17) C:\Windows\system32\drivers\btwavdt.sys
16:10:03.0696 6916 btwavdt - ok
16:10:03.0805 6916 btwdins (6f3fbeed370d644622bd0de8c030edfe) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
16:10:03.0805 6916 btwdins - ok
16:10:03.0821 6916 btwrchid (b550c75397d96251a92391555fe5534c) C:\Windows\system32\DRIVERS\btwrchid.sys
16:10:03.0883 6916 btwrchid - ok
16:10:03.0899 6916 catchme - ok
16:10:03.0914 6916 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:10:03.0914 6916 cdfs - ok
16:10:03.0930 6916 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
16:10:03.0946 6916 cdrom - ok
16:10:03.0946 6916 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
16:10:03.0946 6916 CertPropSvc - ok
16:10:03.0992 6916 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
16:10:03.0992 6916 cfwids - ok
16:10:03.0992 6916 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
16:10:04.0008 6916 circlass - ok
16:10:04.0039 6916 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
16:10:04.0133 6916 CLFS - ok
16:10:04.0195 6916 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:04.0242 6916 clr_optimization_v2.0.50727_32 - ok
16:10:04.0273 6916 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:10:04.0351 6916 clr_optimization_v2.0.50727_64 - ok
16:10:04.0445 6916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:10:04.0445 6916 clr_optimization_v4.0.30319_32 - ok
16:10:04.0663 6916 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:10:04.0663 6916 clr_optimization_v4.0.30319_64 - ok
16:10:04.0710 6916 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:10:04.0710 6916 cmdide - ok
16:10:04.0726 6916 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\drivers\compbatt.sys
16:10:04.0788 6916 Compbatt - ok
16:10:04.0788 6916 COMSysApp - ok
16:10:04.0804 6916 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:10:04.0804 6916 crcdisk - ok
16:10:04.0835 6916 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
16:10:04.0835 6916 CryptSvc - ok
16:10:04.0897 6916 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
16:10:04.0913 6916 DcomLaunch - ok
16:10:04.0960 6916 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
16:10:05.0022 6916 DfsC - ok
16:10:05.0178 6916 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
16:10:05.0240 6916 DFSR - ok
16:10:05.0365 6916 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
16:10:05.0365 6916 Dhcp - ok
16:10:05.0381 6916 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
16:10:05.0381 6916 disk - ok
16:10:05.0459 6916 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
16:10:05.0459 6916 DockLoginService - ok
16:10:05.0506 6916 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
16:10:05.0506 6916 dot3svc - ok
16:10:05.0568 6916 dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
16:10:05.0584 6916 dot4 - ok
16:10:05.0599 6916 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:10:05.0599 6916 Dot4Print - ok
16:10:05.0615 6916 Dot4Scan (8b73ca3010d7c5c5cb939686c637e5d1) C:\Windows\system32\DRIVERS\Dot4Scan.sys
16:10:05.0630 6916 Dot4Scan - ok
16:10:05.0646 6916 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
16:10:05.0662 6916 dot4usb - ok
16:10:05.0677 6916 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
16:10:05.0677 6916 DPS - ok
16:10:05.0708 6916 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
16:10:05.0755 6916 drmkaud - ok
16:10:06.0098 6916 dsl-db (0bb913f9f02677bd4ae96d4967cacfee) C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
16:10:06.0145 6916 dsl-db - ok
16:10:06.0176 6916 dsl-fs-sync (e9949205d0b0dbaf153fa968adda9efa) C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
16:10:06.0239 6916 dsl-fs-sync - ok
16:10:06.0410 6916 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
16:10:06.0410 6916 DXGKrnl - ok
16:10:06.0457 6916 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
16:10:06.0457 6916 e1express - ok
16:10:06.0520 6916 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:10:06.0520 6916 E1G60 - ok
16:10:06.0551 6916 e1yexpress (b37f6853d6e0c6f5f8efde33e831b5f8) C:\Windows\system32\DRIVERS\e1y60x64.sys
16:10:06.0613 6916 e1yexpress - ok
16:10:06.0629 6916 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
16:10:06.0629 6916 EapHost - ok
16:10:06.0629 6916 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
16:10:06.0644 6916 Ecache - ok
16:10:06.0707 6916 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
16:10:06.0707 6916 ehRecvr - ok
16:10:06.0722 6916 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
16:10:06.0722 6916 ehSched - ok
16:10:06.0738 6916 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
16:10:06.0738 6916 ehstart - ok
16:10:06.0769 6916 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:10:06.0785 6916 elxstor - ok
16:10:06.0863 6916 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
16:10:06.0878 6916 EMDMgmt - ok
16:10:06.0894 6916 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
16:10:06.0941 6916 ErrDev - ok
16:10:06.0972 6916 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
16:10:06.0988 6916 EventSystem - ok
16:10:07.0019 6916 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
16:10:07.0019 6916 exfat - ok
16:10:07.0050 6916 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
16:10:07.0050 6916 fastfat - ok
16:10:07.0081 6916 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:10:07.0081 6916 fdc - ok
16:10:07.0097 6916 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
16:10:07.0097 6916 fdPHost - ok
16:10:07.0112 6916 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
16:10:07.0112 6916 FDResPub - ok
16:10:07.0128 6916 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:10:07.0128 6916 FileInfo - ok
16:10:07.0144 6916 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:10:07.0144 6916 Filetrace - ok
16:10:07.0159 6916 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:10:07.0159 6916 flpydisk - ok
16:10:07.0175 6916 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
16:10:07.0190 6916 FltMgr - ok
16:10:07.0315 6916 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:10:07.0315 6916 FontCache3.0.0.0 - ok
16:10:07.0331 6916 FortiSslvpnDaemon - ok
16:10:07.0346 6916 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:10:07.0346 6916 Fs_Rec - ok
16:10:07.0362 6916 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:10:07.0378 6916 gagp30kx - ok
16:10:07.0409 6916 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:10:07.0456 6916 GEARAspiWDM - ok
16:10:07.0596 6916 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
16:10:07.0612 6916 gpsvc - ok
16:10:07.0939 6916 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:10:07.0955 6916 gupdate - ok
16:10:07.0955 6916 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:10:07.0955 6916 gupdatem - ok
16:10:07.0986 6916 hcmon (d5fa01185a7d5a65724fd87b34e53f5b) C:\Windows\system32\drivers\hcmon.sys
16:10:08.0048 6916 hcmon - ok
16:10:08.0158 6916 HCW85BDA (b01225208d7ee6af0b04d23600fe38af) C:\Windows\system32\drivers\HCW85BDA.sys
16:10:08.0236 6916 HCW85BDA - ok
16:10:08.0376 6916 hcw85cir (6f79e97b71060abd19e6ae5c3ac70f4b) C:\Windows\system32\drivers\hcw85cir.sys
16:10:08.0438 6916 hcw85cir - ok
16:10:08.0485 6916 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
16:10:08.0501 6916 HdAudAddService - ok
16:10:08.0516 6916 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:10:08.0516 6916 HDAudBus - ok
16:10:08.0532 6916 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:10:08.0532 6916 HidBth - ok
16:10:08.0563 6916 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
16:10:08.0579 6916 HidIr - ok
16:10:08.0594 6916 hidserv (77e34697087cfdbcfd9e0009704fb5af) C:\Windows\System32\hidserv.dll
16:10:08.0594 6916 hidserv - ok
16:10:08.0594 6916 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
16:10:08.0594 6916 HidUsb - ok
16:10:08.0626 6916 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
16:10:08.0626 6916 hkmsvc - ok
16:10:08.0704 6916 hnmsvc (853babc289f2b46f8150df0e0cf0b537) c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
16:10:08.0719 6916 hnmsvc - ok
16:10:08.0750 6916 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:10:08.0750 6916 HpCISSs - ok
16:10:08.0860 6916 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
16:10:08.0875 6916 HTTP - ok
16:10:08.0906 6916 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:10:08.0906 6916 i2omp - ok
16:10:08.0922 6916 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:10:08.0922 6916 i8042prt - ok
16:10:08.0953 6916 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\drivers\iastor.sys
16:10:09.0016 6916 iaStor - ok
16:10:09.0047 6916 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:10:09.0062 6916 iaStorV - ok
16:10:09.0172 6916 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:10:09.0187 6916 idsvc - ok
16:10:09.0218 6916 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:10:09.0218 6916 iirsp - ok
16:10:09.0250 6916 IKEEXT (3a3b232140c33376e134e7b61a0eaa44) C:\Windows\System32\ikeext.dll
16:10:09.0265 6916 IKEEXT - ok
16:10:09.0281 6916 IntcAzAudAddService - ok
16:10:09.0296 6916 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
16:10:09.0312 6916 intelide - ok
16:10:09.0312 6916 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:10:09.0312 6916 intelppm - ok
16:10:09.0343 6916 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:10:09.0359 6916 IpFilterDriver - ok
16:10:09.0437 6916 iphlpsvc (3a0427f35e7f8c16bbc5b1be32b8de76) C:\Windows\System32\iphlpsvc.dll
16:10:09.0437 6916 iphlpsvc - ok
16:10:09.0452 6916 IpInIp - ok
16:10:09.0468 6916 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:10:09.0468 6916 IPMIDRV - ok
16:10:09.0499 6916 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:10:09.0499 6916 IPNAT - ok
16:10:09.0593 6916 iPod Service (fdf57f795098ab29af780824315c9859) C:\Program Files\iPod\bin\iPodService.exe
16:10:09.0608 6916 iPod Service - ok
16:10:09.0608 6916 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:10:09.0624 6916 IRENUM - ok
16:10:09.0640 6916 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:10:09.0640 6916 isapnp - ok
16:10:09.0671 6916 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
16:10:09.0671 6916 iScsiPrt - ok
16:10:09.0686 6916 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:10:09.0686 6916 iteatapi - ok
16:10:09.0702 6916 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:10:09.0718 6916 iteraid - ok
16:10:09.0780 6916 JLTECH0227 (cd91d1bd200d9f39682a08e987f0dbe2) C:\Windows\system32\Drivers\jl2005c.sys
16:10:09.0842 6916 JLTECH0227 - ok
16:10:09.0874 6916 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:10:09.0874 6916 kbdclass - ok
16:10:09.0874 6916 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:10:09.0874 6916 kbdhid - ok
16:10:09.0905 6916 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
16:10:09.0905 6916 KeyIso - ok
16:10:09.0952 6916 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
16:10:09.0967 6916 KSecDD - ok
16:10:09.0967 6916 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:10:09.0983 6916 ksthunk - ok
16:10:10.0014 6916 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
16:10:10.0030 6916 KtmRm - ok
16:10:10.0092 6916 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\System32\srvsvc.dll
16:10:10.0092 6916 LanmanServer - ok
16:10:10.0154 6916 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
16:10:10.0154 6916 LanmanWorkstation - ok
16:10:10.0170 6916 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:10:10.0170 6916 lltdio - ok
16:10:10.0217 6916 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
16:10:10.0232 6916 lltdsvc - ok
16:10:10.0248 6916 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
16:10:10.0248 6916 lmhosts - ok
16:10:10.0279 6916 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:10:10.0279 6916 LSI_FC - ok
16:10:10.0310 6916 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:10:10.0310 6916 LSI_SAS - ok
16:10:10.0326 6916 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:10:10.0342 6916 LSI_SCSI - ok
16:10:10.0342 6916 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:10:10.0342 6916 luafv - ok
16:10:10.0466 6916 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:10.0482 6916 McMPFSvc - ok
16:10:10.0482 6916 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:10.0482 6916 mcmscsvc - ok
16:10:10.0482 6916 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:10.0498 6916 McNaiAnn - ok
16:10:10.0498 6916 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:10.0498 6916 McNASvc - ok
16:10:10.0607 6916 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
16:10:10.0607 6916 McODS - ok
16:10:10.0622 6916 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:10.0622 6916 McProxy - ok
16:10:10.0685 6916 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:10:10.0700 6916 McShield - ok
16:10:10.0716 6916 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
16:10:10.0716 6916 Mcx2Svc - ok
16:10:10.0732 6916 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:10:10.0732 6916 megasas - ok
16:10:10.0778 6916 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:10:10.0794 6916 MegaSR - ok
16:10:11.0028 6916 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
16:10:11.0028 6916 mfeapfk - ok
16:10:11.0075 6916 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
16:10:11.0137 6916 mfeavfk - ok
16:10:11.0137 6916 mfeavfk01 - ok
16:10:11.0153 6916 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:10:11.0215 6916 mfefire - ok
16:10:11.0278 6916 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
16:10:11.0356 6916 mfefirek - ok
16:10:11.0434 6916 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
16:10:11.0496 6916 mfehidk - ok
16:10:11.0543 6916 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
16:10:11.0605 6916 mfenlfk - ok
16:10:11.0636 6916 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
16:10:11.0636 6916 mferkdet - ok
16:10:11.0777 6916 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
16:10:11.0777 6916 mfevtp - ok
16:10:11.0839 6916 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
16:10:11.0902 6916 mfewfpk - ok
16:10:11.0933 6916 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
16:10:11.0933 6916 MMCSS - ok
16:10:11.0980 6916 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:10:11.0980 6916 Modem - ok
16:10:12.0011 6916 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:10:12.0011 6916 monitor - ok
16:10:12.0011 6916 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:10:12.0011 6916 mouclass - ok
16:10:12.0042 6916 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:10:12.0042 6916 mouhid - ok
16:10:12.0058 6916 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:10:12.0058 6916 MountMgr - ok
16:10:12.0089 6916 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:10:12.0089 6916 mpio - ok
16:10:12.0120 6916 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:10:12.0120 6916 mpsdrv - ok
16:10:12.0182 6916 MpsSvc (8a670648c755867a3aa38da50ba569aa) C:\Windows\system32\mpssvc.dll
16:10:12.0182 6916 MpsSvc - ok
16:10:12.0229 6916 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:10:12.0245 6916 Mraid35x - ok
16:10:12.0260 6916 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
16:10:12.0276 6916 MRxDAV - ok
16:10:12.0323 6916 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:10:12.0401 6916 mrxsmb - ok
16:10:12.0463 6916 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:10:12.0526 6916 mrxsmb10 - ok
16:10:12.0541 6916 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:10:12.0604 6916 mrxsmb20 - ok
16:10:12.0635 6916 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
16:10:12.0697 6916 msahci - ok
16:10:12.0713 6916 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:10:12.0713 6916 msdsm - ok
16:10:12.0728 6916 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
16:10:12.0728 6916 MSDTC - ok
16:10:12.0853 6916 MsDtsServer (8b6be9a0c37a741f8a7ec604d6dce9a7) C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
16:10:12.0853 6916 MsDtsServer - ok
16:10:12.0853 6916 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:10:12.0869 6916 Msfs - ok
16:10:12.0916 6916 msftesql (64149160ccbae488d61abe3f46e8a95f) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
16:10:12.0916 6916 msftesql - ok
16:10:12.0931 6916 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:10:12.0947 6916 msisadrv - ok
16:10:13.0087 6916 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
16:10:13.0103 6916 MSiSCSI - ok
16:10:13.0103 6916 msiserver - ok
16:10:13.0243 6916 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
16:10:13.0243 6916 MSK80Service - ok
16:10:13.0243 6916 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:10:13.0243 6916 MSKSSRV - ok
16:10:13.0259 6916 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:10:13.0259 6916 MSPCLOCK - ok
16:10:13.0274 6916 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:10:13.0274 6916 MSPQM - ok
16:10:13.0306 6916 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
16:10:13.0306 6916 MsRPC - ok
16:10:13.0384 6916 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:10:13.0384 6916 mssmbios - ok
16:10:13.0384 6916 MSSQLSERVER - ok
16:10:13.0399 6916 MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:10:13.0493 6916 MSSQLServerADHelper - ok
16:10:14.0335 6916 MSSQLServerOLAPService (0d85a542737cb25314caf92af896dd0d) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
16:10:14.0398 6916 MSSQLServerOLAPService - ok
16:10:14.0585 6916 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:10:14.0600 6916 MSTEE - ok
16:10:14.0600 6916 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
16:10:14.0600 6916 Mup - ok
16:10:14.0647 6916 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
16:10:14.0647 6916 napagent - ok
16:10:14.0694 6916 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
16:10:14.0756 6916 NativeWifiP - ok
16:10:14.0834 6916 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
16:10:14.0834 6916 NDIS - ok
16:10:14.0850 6916 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:10:14.0850 6916 NdisTapi - ok
16:10:14.0866 6916 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:10:14.0866 6916 Ndisuio - ok
16:10:14.0897 6916 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
16:10:14.0897 6916 NdisWan - ok
16:10:14.0912 6916 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:10:14.0912 6916 NDProxy - ok
16:10:14.0928 6916 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:10:14.0944 6916 NetBIOS - ok
16:10:15.0068 6916 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
16:10:15.0068 6916 netbt - ok
16:10:15.0115 6916 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
16:10:15.0131 6916 Netlogon - ok
16:10:15.0178 6916 NetTcpPortSharing (b84613b469b98e09f50a748c1d02e132) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:10:15.0256 6916 NetTcpPortSharing - ok
16:10:15.0287 6916 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:10:15.0287 6916 nfrd960 - ok
16:10:15.0318 6916 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
16:10:15.0334 6916 NlaSvc - ok
16:10:15.0380 6916 nmwcdcx64 (2c761cc067acf0fb4ea13930b09bfeea) C:\Windows\system32\drivers\ccdcmbox64.sys
16:10:15.0412 6916 nmwcdcx64 - ok
16:10:15.0427 6916 nmwcdnsucx64 (ce90d1dd60db810a45e13fccea47e890) C:\Windows\system32\drivers\nmwcdnsucx64.sys
16:10:15.0490 6916 nmwcdnsucx64 - ok
16:10:15.0521 6916 nmwcdnsux64 (f5a8219ea8a6b67280308fae169b65c0) C:\Windows\system32\drivers\nmwcdnsux64.sys
16:10:15.0583 6916 nmwcdnsux64 - ok
16:10:15.0661 6916 nmwcdx64 (63051819d5cac0fa49c425fc5e1a2b5c) C:\Windows\system32\drivers\ccdcmbx64.sys
16:10:15.0708 6916 nmwcdx64 - ok
16:10:15.0724 6916 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
16:10:15.0724 6916 Npfs - ok
16:10:15.0724 6916 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:10:15.0724 6916 nsiproxy - ok
16:10:15.0833 6916 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
16:10:15.0864 6916 Ntfs - ok
16:10:15.0926 6916 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:10:15.0973 6916 NuidFltr - ok
16:10:15.0973 6916 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:10:15.0973 6916 Null - ok
16:10:16.0004 6916 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:10:16.0004 6916 nvraid - ok
16:10:16.0020 6916 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:10:16.0020 6916 nvstor - ok
16:10:16.0051 6916 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:10:16.0051 6916 nv_agp - ok
16:10:16.0051 6916 NwlnkFlt - ok
16:10:16.0051 6916 NwlnkFwd - ok
16:10:16.0160 6916 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:10:16.0176 6916 odserv - ok
16:10:16.0223 6916 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
16:10:16.0223 6916 ohci1394 - ok
16:10:16.0270 6916 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:10:16.0270 6916 ose - ok
16:10:16.0332 6916 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
16:10:16.0348 6916 p2pimsvc - ok
16:10:16.0348 6916 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
16:10:16.0363 6916 p2psvc - ok
16:10:16.0394 6916 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
16:10:16.0457 6916 Packet - ok
16:10:16.0504 6916 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:10:16.0504 6916 Parport - ok
16:10:16.0535 6916 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
16:10:16.0535 6916 partmgr - ok
16:10:16.0550 6916 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
16:10:16.0550 6916 PcaSvc - ok
16:10:16.0597 6916 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:10:16.0660 6916 pccsmcfd - ok
16:10:16.0675 6916 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
16:10:16.0675 6916 pci - ok
16:10:16.0675 6916 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
16:10:16.0691 6916 pciide - ok
16:10:16.0706 6916 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:10:16.0706 6916 pcmcia - ok
16:10:16.0753 6916 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:10:16.0769 6916 PEAUTH - ok
16:10:16.0831 6916 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
16:10:16.0831 6916 PerfHost - ok
16:10:16.0940 6916 Pervasive.SQL (relational) (8f87c76e7b48b5716f38eccd1b5181dd) C:\PVSW\bin\w3sqlmgr.exe
16:10:16.0940 6916 Pervasive.SQL (relational) - ok
16:10:16.0940 6916 Pervasive.SQL (transactional) (517f9886fea0fbe49b0e3893ba37e3ce) C:\PVSW\bin\ntbtrv.exe
16:10:16.0940 6916 Pervasive.SQL (transactional) - ok
16:10:17.0003 6916 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
16:10:17.0034 6916 pla - ok
16:10:17.0081 6916 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
16:10:17.0081 6916 PNRPAutoReg - ok
16:10:17.0096 6916 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
16:10:17.0096 6916 PNRPsvc - ok
16:10:17.0128 6916 Point64 (147938da9605668ec48b8419e819caf1) C:\Windows\system32\DRIVERS\point64k.sys
16:10:17.0159 6916 Point64 - ok
16:10:17.0455 6916 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
16:10:17.0502 6916 PolicyAgent - ok
16:10:17.0549 6916 pppop (adcb0e48d9ca816255ac0999f433c9c8) C:\Windows\system32\DRIVERS\pppop64.sys
16:10:17.0611 6916 pppop - ok
16:10:17.0627 6916 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
16:10:17.0627 6916 PptpMiniport - ok
16:10:17.0642 6916 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:10:17.0642 6916 Processor - ok
16:10:17.0658 6916 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
16:10:17.0658 6916 ProfSvc - ok
16:10:17.0689 6916 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
16:10:17.0689 6916 ProtectedStorage - ok
16:10:17.0736 6916 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
16:10:17.0736 6916 PSched - ok
16:10:17.0767 6916 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
16:10:17.0830 6916 PxHlpa64 - ok
16:10:17.0892 6916 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:10:17.0923 6916 ql2300 - ok
16:10:17.0939 6916 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:10:17.0939 6916 ql40xx - ok
16:10:17.0970 6916 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:10:17.0970 6916 QWAVEdrv - ok
16:10:18.0516 6916 R300 (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
16:10:18.0547 6916 R300 - ok
16:10:18.0656 6916 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:10:18.0656 6916 RasAcd - ok
16:10:18.0672 6916 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
16:10:18.0672 6916 RasAuto - ok
16:10:18.0703 6916 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:10:18.0703 6916 Rasl2tp - ok
16:10:18.0734 6916 RasMan (d0c346d7df0df9b4899631796f177d56) C:\Windows\System32\rasmans.dll
16:10:18.0766 6916 RasMan - ok
16:10:18.0812 6916 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
16:10:18.0812 6916 RasPppoe - ok
16:10:18.0828 6916 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
16:10:18.0828 6916 RasSstp - ok
16:10:18.0844 6916 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
16:10:18.0859 6916 rdbss - ok
16:10:18.0859 6916 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:10:18.0859 6916 RDPCDD - ok
16:10:18.0906 6916 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:10:18.0906 6916 rdpdr - ok
16:10:18.0922 6916 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:10:18.0922 6916 RDPENCDD - ok
16:10:18.0937 6916 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
16:10:18.0953 6916 RDPWD - ok
16:10:18.0968 6916 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
16:10:18.0984 6916 RemoteAccess - ok
16:10:19.0000 6916 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
16:10:19.0000 6916 RemoteRegistry - ok
16:10:19.0031 6916 RFCOMM (a5fd55b4ccd5307f71c2c246f56c4d4f) C:\Windows\system32\DRIVERS\rfcomm.sys
16:10:19.0078 6916 RFCOMM - ok
16:10:19.0093 6916 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
16:10:19.0093 6916 RpcLocator - ok
16:10:19.0140 6916 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
16:10:19.0140 6916 RpcSs - ok
16:10:19.0156 6916 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:10:19.0156 6916 rspndr - ok
16:10:19.0202 6916 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
16:10:19.0202 6916 SamSs - ok
16:10:19.0234 6916 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:10:19.0234 6916 sbp2port - ok
16:10:19.0280 6916 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
16:10:19.0280 6916 SCardSvr - ok
16:10:19.0374 6916 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
16:10:19.0374 6916 Schedule - ok
16:10:19.0421 6916 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
16:10:19.0421 6916 SCPolicySvc - ok
16:10:19.0436 6916 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
16:10:19.0436 6916 SDRSVC - ok
16:10:19.0436 6916 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:10:19.0452 6916 secdrv - ok
16:10:19.0468 6916 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
16:10:19.0468 6916 seclogon - ok
16:10:19.0483 6916 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
16:10:19.0483 6916 Serenum - ok
16:10:19.0499 6916 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
16:10:19.0514 6916 Serial - ok
16:10:19.0530 6916 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:10:19.0546 6916 sermouse - ok
16:10:19.0655 6916 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
16:10:19.0655 6916 ServiceLayer - ok
16:10:19.0686 6916 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:10:19.0686 6916 sffdisk - ok
16:10:19.0702 6916 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:10:19.0702 6916 sffp_mmc - ok
16:10:19.0717 6916 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:10:19.0717 6916 sffp_sd - ok
16:10:19.0733 6916 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:10:19.0733 6916 sfloppy - ok
16:10:19.0764 6916 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
16:10:19.0764 6916 SharedAccess - ok
16:10:19.0826 6916 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
16:10:19.0826 6916 ShellHWDetection - ok
16:10:19.0858 6916 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:10:19.0858 6916 SiSRaid2 - ok
16:10:19.0873 6916 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:10:19.0873 6916 SiSRaid4 - ok
16:10:19.0982 6916 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
16:10:20.0014 6916 slsvc - ok
16:10:20.0092 6916 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
16:10:20.0107 6916 Smb - ok
16:10:20.0107 6916 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
16:10:20.0107 6916 SNMPTRAP - ok
16:10:20.0123 6916 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
16:10:20.0123 6916 spldr - ok
16:10:20.0185 6916 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
16:10:20.0185 6916 Spooler - ok
16:10:20.0263 6916 SQLBrowser (3612108d36ea74f6f9fc5005e88e353b) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:10:20.0341 6916 SQLBrowser - ok
16:10:20.0700 6916 SQLSERVERAGENT (7847ef1db2e289be82cbc70cf4d98ff8) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
16:10:20.0716 6916 SQLSERVERAGENT - ok
16:10:20.0794 6916 SQLWriter (27a547b061c44d72afa6c1e71665d4a5) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:10:20.0856 6916 SQLWriter - ok
16:10:20.0950 6916 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
16:10:21.0012 6916 srv - ok
16:10:21.0059 6916 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
16:10:21.0106 6916 srv2 - ok
16:10:21.0215 6916 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
16:10:21.0277 6916 srvnet - ok
16:10:21.0324 6916 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
16:10:21.0324 6916 SSDPSRV - ok
16:10:21.0355 6916 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
16:10:21.0355 6916 SstpSvc - ok
16:10:21.0402 6916 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
16:10:21.0418 6916 stisvc - ok
16:10:21.0464 6916 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
16:10:21.0542 6916 stllssvr - ok
16:10:21.0605 6916 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:10:21.0605 6916 swenum - ok
16:10:21.0652 6916 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
16:10:21.0652 6916 swprv - ok
16:10:21.0683 6916 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:10:21.0683 6916 Symc8xx - ok
16:10:21.0698 6916 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:10:21.0714 6916 Sym_hi - ok
16:10:21.0714 6916 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:10:21.0714 6916 Sym_u3 - ok
16:10:21.0745 6916 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
16:10:21.0761 6916 TabletInputService - ok
16:10:21.0776 6916 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
16:10:21.0792 6916 TapiSrv - ok
16:10:21.0808 6916 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
16:10:21.0808 6916 TBS - ok
16:10:21.0917 6916 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
16:10:21.0917 6916 Tcpip - ok
16:10:21.0932 6916 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
16:10:21.0948 6916 Tcpip6 - ok
16:10:21.0995 6916 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
16:10:21.0995 6916 tcpipreg - ok
16:10:22.0010 6916 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:10:22.0010 6916 TDPIPE - ok
16:10:22.0042 6916 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:10:22.0042 6916 TDTCP - ok
16:10:22.0073 6916 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
16:10:22.0073 6916 tdx - ok
16:10:22.0088 6916 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
16:10:22.0088 6916 TermDD - ok
16:10:22.0135 6916 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
16:10:22.0135 6916 TermService - ok
16:10:22.0198 6916 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
16:10:22.0198 6916 Themes - ok
16:10:22.0229 6916 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
16:10:22.0229 6916 THREADORDER - ok
16:10:22.0229 6916 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
16:10:22.0244 6916 TrkWks - ok
16:10:22.0291 6916 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
16:10:22.0291 6916 TrustedInstaller - ok
16:10:22.0307 6916 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:10:22.0307 6916 tssecsrv - ok
16:10:22.0354 6916 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:10:22.0354 6916 tunmp - ok
16:10:22.0416 6916 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
16:10:22.0416 6916 tunnel - ok
16:10:22.0432 6916 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:10:22.0447 6916 uagp35 - ok
16:10:22.0463 6916 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
16:10:22.0478 6916 udfs - ok
16:10:22.0603 6916 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
16:10:22.0619 6916 ufad-ws60 - ok
16:10:22.0619 6916 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
16:10:22.0619 6916 UI0Detect - ok
16:10:22.0650 6916 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:10:22.0650 6916 uliagpkx - ok
16:10:22.0681 6916 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:10:22.0681 6916 uliahci - ok
16:10:22.0712 6916 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:10:22.0712 6916 UlSata - ok
16:10:22.0744 6916 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:10:22.0759 6916 ulsata2 - ok
16:10:22.0775 6916 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:10:22.0790 6916 umbus - ok
16:10:22.0822 6916 upperdev (bcd611d240604ceee7f90805361fab50) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
16:10:22.0884 6916 upperdev - ok
16:10:22.0962 6916 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:10:23.0024 6916 USBAAPL64 - ok
16:10:23.0071 6916 usbccgp (ae3dea342f01249317b2bb3df0424238) C:\Windows\system32\DRIVERS\usbccgp.sys
16:10:23.0134 6916 usbccgp - ok
16:10:23.0165 6916 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
16:10:23.0165 6916 usbcir - ok
16:10:23.0180 6916 usbehci (b89f9fe9fc1e7c9cb03acb8819eb511d) C:\Windows\system32\DRIVERS\usbehci.sys
16:10:23.0212 6916 usbehci - ok
16:10:23.0243 6916 usbhub (f2c1d8eff9c7cf84ff0235408acd3f4b) C:\Windows\system32\DRIVERS\usbhub.sys
16:10:23.0243 6916 usbhub - ok
16:10:23.0258 6916 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
16:10:23.0258 6916 usbohci - ok
16:10:23.0290 6916 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:10:23.0290 6916 usbprint - ok
16:10:23.0321 6916 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:10:23.0321 6916 usbscan - ok
16:10:23.0352 6916 usbser (5a8d98330f21e69d19459ed65847111d) C:\Windows\system32\DRIVERS\usbser.sys
16:10:23.0352 6916 usbser - ok
16:10:23.0383 6916 UsbserFilt (d91be2644b18b4e3c69982fe0e1e97d6) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
16:10:23.0446 6916 UsbserFilt - ok
16:10:23.0602 6916 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:10:23.0633 6916 USBSTOR - ok
16:10:23.0680 6916 usbuhci (225e107785315874ba5c1abc7dda7bfc) C:\Windows\system32\DRIVERS\usbuhci.sys
16:10:23.0680 6916 usbuhci - ok
16:10:23.0711 6916 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
16:10:23.0711 6916 UxSms - ok
16:10:23.0726 6916 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
16:10:23.0742 6916 vds - ok
16:10:23.0758 6916 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:10:23.0773 6916 vga - ok
16:10:23.0789 6916 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:10:23.0804 6916 VgaSave - ok
16:10:23.0820 6916 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:10:23.0820 6916 viaide - ok
16:10:23.0929 6916 VMAuthdService (11dcd7a2a0b1f8532b80f5aa98f9903e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
16:10:23.0929 6916 VMAuthdService - ok
16:10:23.0976 6916 vmci (4c8a14dbd410b510a88f77cb645f2c2a) C:\Windows\system32\drivers\vmci.sys
16:10:24.0038 6916 vmci - ok
16:10:24.0085 6916 vmkbd (ffc30caeeb2fc5fee8568cff74edeaed) C:\Windows\system32\drivers\VMkbd.sys
16:10:24.0148 6916 vmkbd - ok
16:10:24.0179 6916 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:10:24.0226 6916 VMnetAdapter - ok
16:10:24.0335 6916 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:10:24.0397 6916 VMnetBridge - ok
16:10:24.0397 6916 VMnetDHCP - ok
16:10:24.0460 6916 VMnetuserif (d0b809f6a9fb437c2b880c3ca8c10780) C:\Windows\system32\drivers\vmnetuserif.sys
16:10:24.0506 6916 VMnetuserif - ok
16:10:24.0553 6916 VMUSBArbService (19368f7c4dc6ef444b826249fc8a0e30) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
16:10:24.0553 6916 VMUSBArbService - ok
16:10:24.0569 6916 VMware NAT Service - ok
16:10:24.0584 6916 vmx86 (541a6d6536710fd0602ec3aa24a81756) C:\Windows\system32\drivers\vmx86.sys
16:10:24.0631 6916 vmx86 - ok
16:10:24.0647 6916 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
16:10:24.0662 6916 volmgr - ok
16:10:24.0694 6916 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
16:10:24.0725 6916 volmgrx - ok
16:10:24.0740 6916 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
16:10:24.0740 6916 volsnap - ok
16:10:24.0772 6916 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:10:24.0772 6916 vsmraid - ok
16:10:24.0865 6916 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
16:10:24.0896 6916 VSS - ok
16:10:25.0006 6916 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
16:10:25.0068 6916 vstor2-ws60 - ok
16:10:25.0177 6916 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
16:10:25.0177 6916 W32Time - ok
16:10:25.0255 6916 W3SVC (4195cee6f4cb89403296f547091b1dde) C:\Windows\system32\inetsrv\iisw3adm.dll
16:10:25.0302 6916 W3SVC - ok
16:10:25.0349 6916 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:10:25.0349 6916 WacomPen - ok
16:10:25.0364 6916 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
16:10:25.0380 6916 Wanarp - ok
16:10:25.0380 6916 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
16:10:25.0380 6916 Wanarpv6 - ok
16:10:25.0380 6916 WAS (4195cee6f4cb89403296f547091b1dde) C:\Windows\system32\inetsrv\iisw3adm.dll
16:10:25.0396 6916 WAS - ok
16:10:25.0411 6916 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:10:25.0411 6916 Wd - ok
16:10:25.0474 6916 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:10:25.0489 6916 Wdf01000 - ok
16:10:25.0567 6916 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
16:10:25.0567 6916 WdiServiceHost - ok
16:10:25.0567 6916 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
16:10:25.0583 6916 WdiSystemHost - ok
16:10:25.0630 6916 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
16:10:25.0645 6916 Wecsvc - ok
16:10:25.0645 6916 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
16:10:25.0645 6916 wercplsupport - ok
16:10:25.0692 6916 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
16:10:25.0692 6916 WerSvc - ok
16:10:25.0692 6916 WinDefend - ok
16:10:25.0708 6916 WinHttpAutoProxySvc - ok
16:10:25.0754 6916 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
16:10:25.0770 6916 Winmgmt - ok
16:10:25.0910 6916 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
16:10:25.0942 6916 WinRM - ok
16:10:26.0082 6916 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
16:10:26.0098 6916 Wlansvc - ok
16:10:26.0129 6916 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\drivers\wmiacpi.sys
16:10:26.0191 6916 WmiAcpi - ok
16:10:26.0238 6916 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
16:10:26.0254 6916 wmiApSrv - ok
16:10:26.0254 6916 WMPNetworkSvc - ok
16:10:26.0285 6916 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
16:10:26.0300 6916 WPCSvc - ok
16:10:26.0347 6916 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
16:10:26.0347 6916 WpdUsb - ok
16:10:26.0534 6916 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:10:26.0550 6916 WPFFontCache_v0400 - ok
16:10:26.0612 6916 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:10:26.0612 6916 ws2ifsl - ok
16:10:26.0628 6916 wscsvc (cb8ea6d95949384925ccfca21cc6dfd8) C:\Windows\system32\wscsvc.dll
16:10:26.0628 6916 wscsvc - ok
16:10:26.0644 6916 WSearch - ok
16:10:26.0987 6916 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
16:10:27.0018 6916 wuauserv - ok
16:10:27.0080 6916 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:10:27.0080 6916 WUDFRd - ok
16:10:27.0096 6916 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
16:10:27.0096 6916 wudfsvc - ok
16:10:27.0127 6916 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:10:27.0314 6916 \Device\Harddisk0\DR0 - ok
16:10:27.0314 6916 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6
16:10:27.0314 6916 \Device\Harddisk6\DR6 - ok
16:10:27.0330 6916 Boot (0x1200) (039a5abed33c4d82793f37c5afb70694) \Device\Harddisk0\DR0\Partition0
16:10:27.0330 6916 \Device\Harddisk0\DR0\Partition0 - ok
16:10:27.0330 6916 Boot (0x1200) (16681e6fed7707f14e909cbadaad2b0e) \Device\Harddisk0\DR0\Partition1
16:10:27.0330 6916 \Device\Harddisk0\DR0\Partition1 - ok
16:10:27.0346 6916 Boot (0x1200) (67865c5dea949e237a6ff3b099310654) \Device\Harddisk6\DR6\Partition0
16:10:27.0346 6916 \Device\Harddisk6\DR6\Partition0 - ok
16:10:27.0346 6916 ============================================================
16:10:27.0346 6916 Scan finished
16:10:27.0346 6916 ============================================================
16:10:27.0346 6364 Detected object count: 0
16:10:27.0346 6364 Actual detected object count: 0
16:13:50.0255 7144 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-31 16:16:56
-----------------------------
16:16:56.098 OS Version: Windows x64 6.0.6001 Service Pack 1
16:16:56.098 Number of processors: 8 586 0x1A05
16:16:56.098 ComputerName: MACS-PC UserName: peter
16:16:58.079 Initialize success
16:17:39.590 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:17:39.590 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
16:17:39.606 Disk 0 MBR read successfully
16:17:39.606 Disk 0 MBR scan
16:17:39.606 Disk 0 Windows VISTA default MBR code
16:17:39.606 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
16:17:39.622 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
16:17:39.622 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 938445 MB offset 31586304
16:17:39.637 Disk 0 scanning C:\Windows\system32\drivers
16:17:49.184 Service scanning
16:18:02.975 Modules scanning
16:18:02.975 Disk 0 trace - called modules:
16:18:03.006 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:18:03.022 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006884060]
16:18:03.022 3 CLASSPNP.SYS[fffffa6001001b3a] -> nt!IofCallDriver -> [0xfffffa800656e510]
16:18:03.037 5 acpi.sys[fffffa60008c6fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800656f520]
16:18:03.037 Scan finished successfully
16:18:42.084 Disk 0 MBR has been saved successfully to "K:\MBR.dat"
16:18:42.100 The log file has been saved successfully to "K:\aswMBR.txt"

I couldnt download the extra definition for aswMBR as I cannot connect to the Internet.
I get the feeling I may have to concede defeat and reformat the machine.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 31 May 2012 - 01:52 AM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mcspam

mcspam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 31 May 2012 - 05:24 AM

I can't connect to my router though as the DHCP service is not started.
The internet connection is fine from other computers as I have a laptop that connects ok and this is what I am using now.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 31 May 2012 - 07:26 AM

greetings


run the fss scanner for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mcspam

mcspam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 31 May 2012 - 08:03 AM

Farbar Service Scanner Version: 27-05-2012
Ran by peter (administrator) on 31-05-2012 at 22:59:59
Running from "C:\Users\peter\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.


Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

PlugPlay Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-21 12:49] - [2008-01-21 12:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2008-01-21 12:50] - [2008-01-21 12:50] - 0268288 ____A (Microsoft Corporation) FDAA0EDFCFB70CD529589AD654651B40

C:\Windows\System32\drivers\afd.sys
[2011-06-16 11:37] - [2011-04-21 23:42] - 0407552 ____A (Microsoft Corporation) 9BB97042FA331A0FB4BDD98B9280A50A

C:\Windows\System32\drivers\tdx.sys
[2008-01-21 12:49] - [2008-01-21 12:49] - 0094208 ____A (Microsoft Corporation) 8C39C72E0E853DE04748C0337D9B9216

C:\Windows\System32\Drivers\tcpip.sys
[2010-08-12 13:52] - [2010-06-17 02:40] - 1420176 ____A (Microsoft Corporation) 7D86275FB640011B372FD566C0EAFA8D

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 14:16] - [2011-03-03 01:10] - 0117760 ____A (Microsoft Corporation) DAF05293C1264E251D3A25E7E24B2DDF

C:\Windows\System32\mpssvc.dll
[2008-01-21 12:49] - [2008-01-21 12:49] - 0601088 ____A (Microsoft Corporation) 8A670648C755867A3AA38DA50BA569AA

C:\Windows\System32\bfe.dll
[2008-01-21 12:50] - [2008-01-21 12:50] - 0458240 ____A (Microsoft Corporation) BC4737AAFFA5964E4F8827C9B8C0EB8E

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-01-21 12:47] - [2008-01-21 12:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2008-01-21 12:50] - [2008-01-21 12:50] - 1432576 ____A (Microsoft Corporation) 186BD53F8A408AD20F5A056C05678629

C:\Windows\System32\wscsvc.dll
[2008-01-21 12:47] - [2008-01-21 12:47] - 0074752 ____A (Microsoft Corporation) CB8EA6D95949384925CCFCA21CC6DFD8

C:\Windows\System32\wbem\WMIsvc.dll
[2008-01-21 12:50] - [2008-01-21 12:50] - 0221696 ____A (Microsoft Corporation) AC98F38FEAB066A8F983D54FF3F4FD4C

C:\Windows\System32\wuaueng.dll
[2009-10-27 07:34] - [2009-08-07 12:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2008-01-21 12:50] - [2008-01-21 12:50] - 1082368 ____A (Microsoft Corporation) D896A0D43F8AB81ECB1FC6C24DECFD58

C:\Windows\System32\es.dll
[2009-04-25 13:50] - [2009-04-25 13:50] - 0361984 ____A (Microsoft Corporation) 6B1A97BF9FEFBDC83F3C7C7D0F826C66

C:\Windows\System32\cryptsvc.dll
[2008-01-21 12:49] - [2008-01-21 12:49] - 0165376 ____A (Microsoft Corporation) 4374F784121D8B3BB466B03F5E5EBD33

C:\Program Files\Windows Defender\MpSvc.dll
[2008-01-21 12:47] - [2008-01-21 12:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-08-13 08:23] - [2009-08-13 08:23] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C



**** End of log ****

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 01 June 2012 - 01:36 AM

Hello

here is what I want you to try next

1. Locate the file - C:\Windows\inf\Nettcpip.inf
  • It's important that you first make a copy of the file. Place the copy on your Desktop.
  • Once you have done that, use Notepad open the original file for editing.

Posted Image

2. Locate the [MS_TCPIP.PrimaryInstall] section.

3. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.

Posted Image

4. Save the file, and then exit Notepad.

Posted Image

5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.

Posted Image Posted Image

6. On the General tab, click Install, select Protocol, and then click Add.

Posted Image

7. In the Select Network Protocols window, click Have Disk.

Posted Image

8. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.

Posted Image

9. Select Internet Protocol (TCP/IP), and then click OK.

Posted Image

Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

10. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.

11. It is important that you restart the computer to complete the uninstall.

------------

Step #2 - Reinstall of TCP/IP

Posted Image

Take the nettcpip.inf which you have earlier copied to Desktop. Move it back to the directory C:\Windows\INF\ overwriting the existing copy. The file shall now look exactly like the sample above.

Redo sub-steps 4-11 to re-install TCP/IP
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mcspam

mcspam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 01 June 2012 - 04:49 AM

Hi There

I am logged onto the machine as a user with administrative rights.
I try to edit the file Nettcpip.inf but get the error "Cannot create the C:\Windows\inf\nettcpip.inf file. Make sure the path and the file name are correct." when saving.
I then copied the file to another location, made the changes and tried to copy back in but got the error.
"Detination Folder Access Denied. You need permission to peform this action."
I then tried to edit the security on the file to give myself full control but got an "Access is denied" error.
I would try using the dos editor but, being a 64 bit machine, it doesn't have this.

#12 mcspam

mcspam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 01 June 2012 - 08:12 AM

I managed to take ownership of the file and change the setting.

I cant get to the properties of the network however. I cannot see any connection details.

In Netwrok and Sharing centre, I see the status

Unknown and The specified service does not exist as an installed service

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 03 June 2012 - 07:22 AM

Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image

On the start repairs tab select advanced mode and click start
Posted Image

Select the items below (remove the ticks from the rest ) and tick restart system when finished
Reset Registry permisions
reset File permisions
repair WMI
repair windows firewall
repair internet explorer
remove policies set by infection
repair winsock & DNS cache
remove temp files
repair proxy settings
repair windows update
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:20 PM

Posted 05 June 2012 - 11:51 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mcspam

mcspam
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 06 June 2012 - 07:33 PM

Hi Gringo

Thanks for your help.
I tried the tools above but still had no luck.
I ended up doing a system restore from about 2 months ago and that seems to have resolved all my issues.
I have since ensured my Windows updates have all been installed, made sure my McAfee is up to date, turned on UAC and am doing other things to help protect the pc a bit more.
If you have any other hints to make a computer more immmune to infection, would love to hear them.
Thanks again for all your assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users