Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ukash metropolitan police virus - HELP!


  • Please log in to reply
11 replies to this topic

#1 kimmature

kimmature

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 05 July 2012 - 06:43 AM

My computer got infected by the UKash metropolitan police virus scam, and it has locked me out of my computer, except for safe mode. I still have access to networking via safe mode though. I've tried using malwarebytes and run a full scan, which detected one thing, which I got rid of, however I am still locked out of my computer and it is still infected. How can I fix this?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:21 PM

Posted 05 July 2012 - 06:46 AM

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 kimmature

kimmature
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 05 July 2012 - 05:52 PM

Results to the TDSS killer (no threats found)

22:18:58.0705 1588 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
22:18:58.0814 1588 ============================================================
22:18:58.0814 1588 Current date / time: 2012/07/05 22:18:58.0814
22:18:58.0814 1588 SystemInfo:
22:18:58.0814 1588
22:18:58.0814 1588 OS Version: 6.1.7601 ServicePack: 1.0
22:18:58.0814 1588 Product type: Workstation
22:18:58.0814 1588 ComputerName: KIMMI-PC
22:18:58.0814 1588 UserName: Kimmi
22:18:58.0814 1588 Windows directory: C:\Windows
22:18:58.0814 1588 System windows directory: C:\Windows
22:18:58.0814 1588 Running under WOW64
22:18:58.0814 1588 Processor architecture: Intel x64
22:18:58.0814 1588 Number of processors: 2
22:18:58.0814 1588 Page size: 0x1000
22:18:58.0814 1588 Boot type: Safe boot with network
22:18:58.0814 1588 ============================================================
22:18:59.0547 1588 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:18:59.0547 1588 ============================================================
22:18:59.0547 1588 \Device\Harddisk0\DR0:
22:18:59.0547 1588 MBR partitions:
22:18:59.0547 1588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
22:18:59.0547 1588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x38353000
22:18:59.0547 1588 ============================================================
22:18:59.0563 1588 C: <-> \Device\Harddisk0\DR0\Partition1
22:18:59.0563 1588 ============================================================
22:18:59.0563 1588 Initialize success
22:18:59.0563 1588 ============================================================
22:19:17.0175 1368 ============================================================
22:19:17.0175 1368 Scan started
22:19:17.0175 1368 Mode: Manual; TDLFS;
22:19:17.0175 1368 ============================================================
22:19:18.0018 1368 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:19:18.0033 1368 1394ohci - ok
22:19:18.0080 1368 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:19:18.0096 1368 ACPI - ok
22:19:18.0127 1368 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:19:18.0127 1368 AcpiPmi - ok
22:19:18.0252 1368 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:19:18.0267 1368 adp94xx - ok
22:19:18.0361 1368 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:19:18.0392 1368 adpahci - ok
22:19:18.0423 1368 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:19:18.0423 1368 adpu320 - ok
22:19:18.0486 1368 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:19:18.0486 1368 AeLookupSvc - ok
22:19:18.0610 1368 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:19:18.0642 1368 AFD - ok
22:19:18.0673 1368 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:19:18.0673 1368 agp440 - ok
22:19:18.0720 1368 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:19:18.0720 1368 ALG - ok
22:19:18.0735 1368 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:19:18.0735 1368 aliide - ok
22:19:18.0782 1368 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:19:18.0782 1368 amdide - ok
22:19:18.0829 1368 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:19:18.0829 1368 AmdK8 - ok
22:19:18.0860 1368 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:19:18.0860 1368 AmdPPM - ok
22:19:18.0938 1368 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:19:18.0938 1368 amdsata - ok
22:19:18.0969 1368 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:19:18.0985 1368 amdsbs - ok
22:19:19.0000 1368 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:19:19.0000 1368 amdxata - ok
22:19:19.0016 1368 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:19:19.0016 1368 AppID - ok
22:19:19.0047 1368 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:19:19.0047 1368 AppIDSvc - ok
22:19:19.0110 1368 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:19:19.0110 1368 Appinfo - ok
22:19:19.0156 1368 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:19:19.0156 1368 arc - ok
22:19:19.0188 1368 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:19:19.0188 1368 arcsas - ok
22:19:19.0250 1368 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:19:19.0250 1368 AsyncMac - ok
22:19:19.0312 1368 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:19:19.0312 1368 atapi - ok
22:19:19.0593 1368 athr (cc406da84e7dd3fa3ad20340dbc66cf2) C:\Windows\system32\DRIVERS\athrx.sys
22:19:19.0640 1368 athr - ok
22:19:19.0874 1368 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:19:19.0936 1368 AudioEndpointBuilder - ok
22:19:19.0936 1368 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:19:19.0936 1368 AudioSrv - ok
22:19:19.0983 1368 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:19:19.0983 1368 AxInstSV - ok
22:19:20.0061 1368 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:19:20.0077 1368 b06bdrv - ok
22:19:20.0108 1368 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:19:20.0124 1368 b57nd60a - ok
22:19:20.0233 1368 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:19:20.0248 1368 BBSvc - ok
22:19:20.0280 1368 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:19:20.0280 1368 BDESVC - ok
22:19:20.0295 1368 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:19:20.0295 1368 Beep - ok
22:19:20.0373 1368 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:19:20.0389 1368 BFE - ok
22:19:20.0482 1368 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:19:20.0514 1368 BITS - ok
22:19:20.0560 1368 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
22:19:20.0560 1368 blbdrive - ok
22:19:20.0607 1368 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:19:20.0607 1368 bowser - ok
22:19:20.0638 1368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:19:20.0638 1368 BrFiltLo - ok
22:19:20.0638 1368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:19:20.0638 1368 BrFiltUp - ok
22:19:20.0654 1368 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:19:20.0654 1368 Browser - ok
22:19:20.0685 1368 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:19:20.0685 1368 Brserid - ok
22:19:20.0701 1368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:19:20.0701 1368 BrSerWdm - ok
22:19:20.0701 1368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:19:20.0701 1368 BrUsbMdm - ok
22:19:20.0701 1368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:19:20.0716 1368 BrUsbSer - ok
22:19:20.0732 1368 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:19:20.0732 1368 BTHMODEM - ok
22:19:20.0748 1368 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:19:20.0748 1368 bthserv - ok
22:19:20.0779 1368 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:19:20.0779 1368 cdfs - ok
22:19:20.0794 1368 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:19:20.0794 1368 cdrom - ok
22:19:20.0826 1368 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:19:20.0826 1368 CertPropSvc - ok
22:19:20.0872 1368 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:19:20.0872 1368 circlass - ok
22:19:20.0904 1368 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:19:20.0919 1368 CLFS - ok
22:19:20.0997 1368 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:19:20.0997 1368 clr_optimization_v2.0.50727_32 - ok
22:19:21.0028 1368 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:19:21.0044 1368 clr_optimization_v2.0.50727_64 - ok
22:19:21.0153 1368 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:19:21.0200 1368 clr_optimization_v4.0.30319_32 - ok
22:19:21.0278 1368 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:19:21.0278 1368 clr_optimization_v4.0.30319_64 - ok
22:19:21.0325 1368 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
22:19:21.0325 1368 CmBatt - ok
22:19:21.0340 1368 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:19:21.0340 1368 cmdide - ok
22:19:21.0434 1368 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:19:21.0450 1368 CNG - ok
22:19:21.0465 1368 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:19:21.0465 1368 Compbatt - ok
22:19:21.0481 1368 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:19:21.0481 1368 CompositeBus - ok
22:19:21.0481 1368 COMSysApp - ok
22:19:21.0496 1368 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:19:21.0496 1368 crcdisk - ok
22:19:21.0574 1368 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:19:21.0590 1368 CryptSvc - ok
22:19:21.0746 1368 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:19:21.0762 1368 cvhsvc - ok
22:19:21.0840 1368 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:19:21.0840 1368 DcomLaunch - ok
22:19:21.0886 1368 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:19:21.0902 1368 defragsvc - ok
22:19:21.0964 1368 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:19:21.0964 1368 DfsC - ok
22:19:22.0027 1368 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:19:22.0042 1368 Dhcp - ok
22:19:22.0058 1368 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:19:22.0058 1368 discache - ok
22:19:22.0074 1368 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:19:22.0074 1368 Disk - ok
22:19:22.0120 1368 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:19:22.0136 1368 Dnscache - ok
22:19:22.0167 1368 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:19:22.0167 1368 dot3svc - ok
22:19:22.0183 1368 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:19:22.0183 1368 DPS - ok
22:19:22.0230 1368 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:19:22.0230 1368 drmkaud - ok
22:19:22.0323 1368 DsiWMIService (32c2cd16dc801aef9edaafea0dbd769e) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:19:22.0339 1368 DsiWMIService - ok
22:19:22.0401 1368 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:19:22.0417 1368 DXGKrnl - ok
22:19:22.0432 1368 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:19:22.0432 1368 EapHost - ok
22:19:22.0635 1368 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:19:22.0682 1368 ebdrv - ok
22:19:22.0807 1368 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:19:22.0807 1368 EFS - ok
22:19:22.0916 1368 EgisTec Ticket Service (03e6888da1a85acf14ac2a3c328a9e62) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
22:19:22.0932 1368 EgisTec Ticket Service - ok
22:19:23.0025 1368 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:19:23.0041 1368 ehRecvr - ok
22:19:23.0072 1368 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:19:23.0072 1368 ehSched - ok
22:19:23.0197 1368 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:19:23.0212 1368 elxstor - ok
22:19:23.0353 1368 ePowerSvc (eb1c213a8550f066b2ccc29c9f41e2ae) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
22:19:23.0384 1368 ePowerSvc - ok
22:19:23.0478 1368 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
22:19:23.0478 1368 EPSON_EB_RPCV4_01 - ok
22:19:23.0509 1368 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
22:19:23.0509 1368 EPSON_PM_RPCV4_01 - ok
22:19:23.0602 1368 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:19:23.0602 1368 ErrDev - ok
22:19:23.0680 1368 ETD (dbaa0c650c9549dc5c599d1e81dedaad) C:\Windows\system32\DRIVERS\ETD.sys
22:19:23.0680 1368 ETD - ok
22:19:23.0758 1368 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:19:23.0758 1368 EventSystem - ok
22:19:23.0790 1368 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:19:23.0805 1368 exfat - ok
22:19:23.0852 1368 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:19:23.0852 1368 fastfat - ok
22:19:23.0899 1368 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:19:23.0914 1368 Fax - ok
22:19:23.0930 1368 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:19:23.0946 1368 fdc - ok
22:19:23.0961 1368 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:19:23.0961 1368 fdPHost - ok
22:19:23.0977 1368 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:19:23.0977 1368 FDResPub - ok
22:19:23.0992 1368 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:19:23.0992 1368 FileInfo - ok
22:19:24.0008 1368 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:19:24.0008 1368 Filetrace - ok
22:19:24.0133 1368 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:19:24.0148 1368 FLEXnet Licensing Service - ok
22:19:24.0164 1368 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:19:24.0164 1368 flpydisk - ok
22:19:24.0195 1368 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:19:24.0211 1368 FltMgr - ok
22:19:24.0304 1368 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:19:24.0320 1368 FontCache - ok
22:19:24.0382 1368 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:19:24.0382 1368 FontCache3.0.0.0 - ok
22:19:24.0445 1368 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:19:24.0445 1368 FsDepends - ok
22:19:24.0460 1368 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:19:24.0460 1368 Fs_Rec - ok
22:19:24.0507 1368 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:19:24.0523 1368 fvevol - ok
22:19:24.0538 1368 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:19:24.0538 1368 gagp30kx - ok
22:19:24.0616 1368 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:19:24.0632 1368 gpsvc - ok
22:19:24.0679 1368 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
22:19:24.0679 1368 GREGService - ok
22:19:24.0710 1368 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:19:24.0710 1368 hcw85cir - ok
22:19:24.0757 1368 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:19:24.0757 1368 HdAudAddService - ok
22:19:24.0772 1368 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:19:24.0772 1368 HDAudBus - ok
22:19:24.0835 1368 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
22:19:24.0835 1368 HECIx64 - ok
22:19:24.0835 1368 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:19:24.0835 1368 HidBatt - ok
22:19:24.0850 1368 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:19:24.0850 1368 HidBth - ok
22:19:24.0850 1368 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:19:24.0850 1368 HidIr - ok
22:19:24.0913 1368 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:19:24.0913 1368 hidserv - ok
22:19:24.0944 1368 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:19:24.0944 1368 HidUsb - ok
22:19:24.0975 1368 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:19:24.0991 1368 hkmsvc - ok
22:19:25.0022 1368 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:19:25.0022 1368 HomeGroupListener - ok
22:19:25.0053 1368 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:19:25.0053 1368 HomeGroupProvider - ok
22:19:25.0069 1368 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:19:25.0069 1368 HpSAMD - ok
22:19:25.0131 1368 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:19:25.0131 1368 HTTP - ok
22:19:25.0147 1368 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:19:25.0147 1368 hwpolicy - ok
22:19:25.0162 1368 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:19:25.0162 1368 i8042prt - ok
22:19:25.0225 1368 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\drivers\iaStor.sys
22:19:25.0225 1368 iaStor - ok
22:19:25.0318 1368 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:19:25.0318 1368 IAStorDataMgrSvc - ok
22:19:25.0381 1368 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:19:25.0381 1368 iaStorV - ok
22:19:25.0552 1368 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:19:25.0584 1368 idsvc - ok
22:19:26.0130 1368 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:19:26.0317 1368 igfx - ok
22:19:26.0520 1368 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:19:26.0551 1368 iirsp - ok
22:19:26.0722 1368 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:19:26.0754 1368 IKEEXT - ok
22:19:26.0956 1368 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
22:19:26.0972 1368 Impcd - ok
22:19:27.0159 1368 IntcAzAudAddService (650d06e28a43e365a01ec4ee0946fc24) C:\Windows\system32\drivers\RTKVHD64.sys
22:19:27.0190 1368 IntcAzAudAddService - ok
22:19:27.0300 1368 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:19:27.0300 1368 intelide - ok
22:19:27.0315 1368 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:19:27.0315 1368 intelppm - ok
22:19:27.0346 1368 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:19:27.0346 1368 IPBusEnum - ok
22:19:27.0362 1368 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:19:27.0362 1368 IpFilterDriver - ok
22:19:27.0409 1368 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:19:27.0424 1368 iphlpsvc - ok
22:19:27.0424 1368 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:19:27.0440 1368 IPMIDRV - ok
22:19:27.0456 1368 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:19:27.0456 1368 IPNAT - ok
22:19:27.0487 1368 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:19:27.0487 1368 IRENUM - ok
22:19:27.0518 1368 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:19:27.0518 1368 isapnp - ok
22:19:27.0565 1368 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:19:27.0565 1368 iScsiPrt - ok
22:19:27.0658 1368 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
22:19:27.0658 1368 k57nd60a - ok
22:19:27.0674 1368 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:19:27.0674 1368 kbdclass - ok
22:19:27.0705 1368 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:19:27.0705 1368 kbdhid - ok
22:19:27.0736 1368 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:19:27.0736 1368 KeyIso - ok
22:19:27.0768 1368 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:19:27.0768 1368 KSecDD - ok
22:19:27.0799 1368 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:19:27.0799 1368 KSecPkg - ok
22:19:27.0799 1368 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:19:27.0799 1368 ksthunk - ok
22:19:27.0846 1368 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:19:27.0861 1368 KtmRm - ok
22:19:27.0908 1368 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:19:27.0908 1368 LanmanServer - ok
22:19:27.0939 1368 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:19:27.0955 1368 LanmanWorkstation - ok
22:19:28.0033 1368 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:19:28.0033 1368 Live Updater Service - ok
22:19:28.0064 1368 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:19:28.0064 1368 lltdio - ok
22:19:28.0126 1368 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:19:28.0142 1368 lltdsvc - ok
22:19:28.0173 1368 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:19:28.0173 1368 lmhosts - ok
22:19:28.0298 1368 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:19:28.0314 1368 LMS - ok
22:19:28.0345 1368 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:19:28.0345 1368 LSI_FC - ok
22:19:28.0376 1368 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:19:28.0376 1368 LSI_SAS - ok
22:19:28.0392 1368 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:19:28.0392 1368 LSI_SAS2 - ok
22:19:28.0392 1368 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:19:28.0407 1368 LSI_SCSI - ok
22:19:28.0423 1368 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:19:28.0423 1368 luafv - ok
22:19:28.0470 1368 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:19:28.0470 1368 Mcx2Svc - ok
22:19:28.0485 1368 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:19:28.0485 1368 megasas - ok
22:19:28.0516 1368 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:19:28.0532 1368 MegaSR - ok
22:19:28.0563 1368 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:19:28.0563 1368 MMCSS - ok
22:19:28.0579 1368 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:19:28.0579 1368 Modem - ok
22:19:28.0594 1368 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:19:28.0594 1368 monitor - ok
22:19:28.0641 1368 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:19:28.0641 1368 mouclass - ok
22:19:28.0641 1368 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:19:28.0641 1368 mouhid - ok
22:19:28.0657 1368 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:19:28.0672 1368 mountmgr - ok
22:19:28.0797 1368 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:19:28.0813 1368 MozillaMaintenance - ok
22:19:28.0828 1368 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
22:19:28.0844 1368 MpFilter - ok
22:19:28.0875 1368 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:19:28.0875 1368 mpio - ok
22:19:28.0906 1368 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:19:28.0906 1368 mpsdrv - ok
22:19:28.0984 1368 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:19:29.0000 1368 MpsSvc - ok
22:19:29.0016 1368 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:19:29.0016 1368 MRxDAV - ok
22:19:29.0047 1368 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:19:29.0047 1368 mrxsmb - ok
22:19:29.0078 1368 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:19:29.0078 1368 mrxsmb10 - ok
22:19:29.0109 1368 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:19:29.0109 1368 mrxsmb20 - ok
22:19:29.0109 1368 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:19:29.0109 1368 msahci - ok
22:19:29.0125 1368 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:19:29.0125 1368 msdsm - ok
22:19:29.0140 1368 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:19:29.0156 1368 MSDTC - ok
22:19:29.0187 1368 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:19:29.0187 1368 Msfs - ok
22:19:29.0187 1368 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:19:29.0187 1368 mshidkmdf - ok
22:19:29.0203 1368 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:19:29.0203 1368 msisadrv - ok
22:19:29.0265 1368 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:19:29.0281 1368 MSiSCSI - ok
22:19:29.0281 1368 msiserver - ok
22:19:29.0328 1368 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:19:29.0328 1368 MSKSSRV - ok
22:19:29.0374 1368 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:19:29.0374 1368 MsMpSvc - ok
22:19:29.0390 1368 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:19:29.0390 1368 MSPCLOCK - ok
22:19:29.0390 1368 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:19:29.0390 1368 MSPQM - ok
22:19:29.0437 1368 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:19:29.0437 1368 MsRPC - ok
22:19:29.0468 1368 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:19:29.0468 1368 mssmbios - ok
22:19:29.0468 1368 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:19:29.0468 1368 MSTEE - ok
22:19:29.0468 1368 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:19:29.0484 1368 MTConfig - ok
22:19:29.0484 1368 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:19:29.0484 1368 Mup - ok
22:19:29.0499 1368 mwlPSDFilter (9b1eac6faf6f37305e822f5588dc8056) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:19:29.0499 1368 mwlPSDFilter - ok
22:19:29.0499 1368 mwlPSDNServ (ad55c1524b296280ed9c6e0d730d35da) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:19:29.0499 1368 mwlPSDNServ - ok
22:19:29.0515 1368 mwlPSDVDisk (2b599e6ec8843637bdd62e7f8f3ba201) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:19:29.0515 1368 mwlPSDVDisk - ok
22:19:29.0577 1368 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:19:29.0593 1368 napagent - ok
22:19:29.0655 1368 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:19:29.0671 1368 NativeWifiP - ok
22:19:29.0749 1368 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:19:29.0764 1368 NDIS - ok
22:19:29.0780 1368 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:19:29.0780 1368 NdisCap - ok
22:19:29.0796 1368 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:19:29.0796 1368 NdisTapi - ok
22:19:29.0811 1368 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:19:29.0811 1368 Ndisuio - ok
22:19:29.0827 1368 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:19:29.0827 1368 NdisWan - ok
22:19:29.0842 1368 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:19:29.0842 1368 NDProxy - ok
22:19:29.0858 1368 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:19:29.0858 1368 NetBIOS - ok
22:19:29.0874 1368 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:19:29.0874 1368 NetBT - ok
22:19:29.0905 1368 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:19:29.0905 1368 Netlogon - ok
22:19:29.0983 1368 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:19:29.0998 1368 Netman - ok
22:19:30.0045 1368 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:19:30.0061 1368 netprofm - ok
22:19:30.0139 1368 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:19:30.0139 1368 NetTcpPortSharing - ok
22:19:30.0186 1368 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:19:30.0186 1368 nfrd960 - ok
22:19:30.0248 1368 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:19:30.0248 1368 NisDrv - ok
22:19:30.0342 1368 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:19:30.0357 1368 NisSrv - ok
22:19:30.0404 1368 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:19:30.0420 1368 NlaSvc - ok
22:19:30.0685 1368 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
22:19:30.0732 1368 NOBU - ok
22:19:30.0841 1368 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:19:30.0841 1368 Npfs - ok
22:19:30.0856 1368 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:19:30.0856 1368 nsi - ok
22:19:30.0872 1368 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:19:30.0872 1368 nsiproxy - ok
22:19:31.0012 1368 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:19:31.0044 1368 Ntfs - ok
22:19:31.0153 1368 NTI IScheduleSvc (773eed20bbf50809437373c0285bfa5e) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
22:19:31.0153 1368 NTI IScheduleSvc - ok
22:19:31.0262 1368 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
22:19:31.0262 1368 NTIDrvr - ok
22:19:31.0293 1368 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:19:31.0293 1368 Null - ok
22:19:31.0340 1368 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:19:31.0340 1368 nvraid - ok
22:19:31.0387 1368 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:19:31.0402 1368 nvstor - ok
22:19:31.0465 1368 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:19:31.0465 1368 nv_agp - ok
22:19:31.0480 1368 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:19:31.0480 1368 ohci1394 - ok
22:19:31.0558 1368 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:19:31.0558 1368 ose - ok
22:19:31.0855 1368 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:19:31.0933 1368 osppsvc - ok
22:19:32.0058 1368 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:19:32.0073 1368 p2pimsvc - ok
22:19:32.0136 1368 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:19:32.0136 1368 p2psvc - ok
22:19:32.0182 1368 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:19:32.0182 1368 Parport - ok
22:19:32.0214 1368 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:19:32.0214 1368 partmgr - ok
22:19:32.0245 1368 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:19:32.0245 1368 PcaSvc - ok
22:19:32.0276 1368 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:19:32.0292 1368 pci - ok
22:19:32.0307 1368 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:19:32.0307 1368 pciide - ok
22:19:32.0323 1368 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:19:32.0323 1368 pcmcia - ok
22:19:32.0338 1368 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:19:32.0338 1368 pcw - ok
22:19:32.0370 1368 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:19:32.0385 1368 PEAUTH - ok
22:19:32.0463 1368 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:19:32.0510 1368 PerfHost - ok
22:19:32.0635 1368 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:19:32.0666 1368 pla - ok
22:19:32.0760 1368 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:19:32.0760 1368 PlugPlay - ok
22:19:32.0775 1368 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:19:32.0775 1368 PNRPAutoReg - ok
22:19:32.0806 1368 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:19:32.0806 1368 PNRPsvc - ok
22:19:32.0869 1368 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:19:32.0884 1368 PolicyAgent - ok
22:19:32.0947 1368 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:19:32.0962 1368 Power - ok
22:19:33.0040 1368 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:19:33.0040 1368 PptpMiniport - ok
22:19:33.0150 1368 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:19:33.0181 1368 Processor - ok
22:19:33.0555 1368 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:19:33.0602 1368 ProfSvc - ok
22:19:33.0680 1368 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:19:33.0680 1368 ProtectedStorage - ok
22:19:34.0008 1368 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:19:34.0008 1368 Psched - ok
22:19:34.0195 1368 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:19:34.0226 1368 ql2300 - ok
22:19:34.0554 1368 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:19:34.0554 1368 ql40xx - ok
22:19:34.0632 1368 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:19:34.0663 1368 QWAVE - ok
22:19:34.0694 1368 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:19:34.0694 1368 QWAVEdrv - ok
22:19:34.0756 1368 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:19:34.0756 1368 RasAcd - ok
22:19:34.0944 1368 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:19:34.0944 1368 RasAgileVpn - ok
22:19:35.0178 1368 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:19:35.0209 1368 RasAuto - ok
22:19:35.0287 1368 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:19:35.0287 1368 Rasl2tp - ok
22:19:35.0396 1368 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:19:35.0427 1368 RasMan - ok
22:19:35.0536 1368 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:19:35.0536 1368 RasPppoe - ok
22:19:35.0583 1368 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:19:35.0583 1368 RasSstp - ok
22:19:35.0646 1368 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:19:35.0646 1368 rdbss - ok
22:19:35.0677 1368 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:19:35.0677 1368 rdpbus - ok
22:19:35.0692 1368 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:19:35.0692 1368 RDPCDD - ok
22:19:35.0724 1368 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:19:35.0724 1368 RDPENCDD - ok
22:19:35.0755 1368 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:19:35.0755 1368 RDPREFMP - ok
22:19:35.0817 1368 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:19:35.0817 1368 RDPWD - ok
22:19:35.0926 1368 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:19:35.0958 1368 rdyboost - ok
22:19:36.0004 1368 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:19:36.0004 1368 RemoteAccess - ok
22:19:36.0067 1368 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:19:36.0082 1368 RemoteRegistry - ok
22:19:36.0129 1368 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
22:19:36.0129 1368 RimUsb - ok
22:19:36.0160 1368 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:19:36.0160 1368 RpcEptMapper - ok
22:19:36.0223 1368 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:19:36.0223 1368 RpcLocator - ok
22:19:36.0316 1368 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:19:36.0316 1368 RpcSs - ok
22:19:36.0379 1368 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:19:36.0379 1368 rspndr - ok
22:19:36.0441 1368 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\Windows\System32\Drivers\RtsUStor.sys
22:19:36.0441 1368 RSUSBSTOR - ok
22:19:36.0504 1368 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:19:36.0504 1368 SamSs - ok
22:19:36.0519 1368 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:19:36.0535 1368 sbp2port - ok
22:19:36.0597 1368 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:19:36.0597 1368 SCardSvr - ok
22:19:36.0675 1368 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:19:36.0675 1368 scfilter - ok
22:19:36.0784 1368 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:19:36.0831 1368 Schedule - ok
22:19:36.0894 1368 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:19:36.0894 1368 SCPolicySvc - ok
22:19:36.0925 1368 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:19:36.0940 1368 SDRSVC - ok
22:19:37.0050 1368 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:19:37.0065 1368 SeaPort - ok
22:19:37.0128 1368 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:19:37.0128 1368 secdrv - ok
22:19:37.0190 1368 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:19:37.0190 1368 seclogon - ok
22:19:37.0206 1368 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:19:37.0206 1368 SENS - ok
22:19:37.0221 1368 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:19:37.0221 1368 SensrSvc - ok
22:19:37.0268 1368 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:19:37.0268 1368 Serenum - ok
22:19:37.0284 1368 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:19:37.0299 1368 Serial - ok
22:19:37.0299 1368 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:19:37.0315 1368 sermouse - ok
22:19:37.0346 1368 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:19:37.0362 1368 SessionEnv - ok
22:19:37.0362 1368 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:19:37.0362 1368 sffdisk - ok
22:19:37.0362 1368 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:19:37.0362 1368 sffp_mmc - ok
22:19:37.0377 1368 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:19:37.0377 1368 sffp_sd - ok
22:19:37.0393 1368 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:19:37.0393 1368 sfloppy - ok
22:19:37.0518 1368 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
22:19:37.0533 1368 Sftfs - ok
22:19:37.0689 1368 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:19:37.0720 1368 sftlist - ok
22:19:37.0798 1368 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:19:37.0798 1368 Sftplay - ok
22:19:37.0814 1368 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:19:37.0814 1368 Sftredir - ok
22:19:37.0845 1368 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
22:19:37.0845 1368 Sftvol - ok
22:19:37.0892 1368 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:19:37.0892 1368 sftvsa - ok
22:19:37.0954 1368 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:19:37.0970 1368 SharedAccess - ok
22:19:38.0017 1368 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:19:38.0017 1368 ShellHWDetection - ok
22:19:38.0048 1368 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:19:38.0048 1368 SiSRaid2 - ok
22:19:38.0064 1368 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:19:38.0064 1368 SiSRaid4 - ok
22:19:38.0095 1368 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:19:38.0095 1368 Smb - ok
22:19:38.0142 1368 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:19:38.0142 1368 SNMPTRAP - ok
22:19:38.0157 1368 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:19:38.0157 1368 spldr - ok
22:19:38.0204 1368 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:19:38.0220 1368 Spooler - ok
22:19:38.0407 1368 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:19:38.0469 1368 sppsvc - ok
22:19:38.0563 1368 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:19:38.0563 1368 sppuinotify - ok
22:19:38.0656 1368 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:19:38.0656 1368 srv - ok
22:19:38.0688 1368 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:19:38.0703 1368 srv2 - ok
22:19:38.0734 1368 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:19:38.0734 1368 srvnet - ok
22:19:38.0797 1368 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:19:38.0797 1368 SSDPSRV - ok
22:19:38.0812 1368 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:19:38.0812 1368 SstpSvc - ok
22:19:38.0828 1368 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:19:38.0828 1368 stexstor - ok
22:19:38.0906 1368 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:19:38.0922 1368 stisvc - ok
22:19:38.0922 1368 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:19:38.0922 1368 swenum - ok
22:19:38.0984 1368 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:19:39.0000 1368 swprv - ok
22:19:39.0109 1368 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:19:39.0156 1368 SysMain - ok
22:19:39.0234 1368 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:19:39.0249 1368 TabletInputService - ok
22:19:39.0280 1368 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:19:39.0296 1368 TapiSrv - ok
22:19:39.0312 1368 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:19:39.0312 1368 TBS - ok
22:19:39.0514 1368 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:19:39.0561 1368 Tcpip - ok
22:19:39.0795 1368 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:19:39.0795 1368 TCPIP6 - ok
22:19:39.0873 1368 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:19:39.0873 1368 tcpipreg - ok
22:19:39.0889 1368 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:19:39.0889 1368 TDPIPE - ok
22:19:39.0936 1368 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:19:39.0936 1368 TDTCP - ok
22:19:39.0951 1368 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:19:39.0951 1368 tdx - ok
22:19:39.0951 1368 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:19:39.0951 1368 TermDD - ok
22:19:40.0045 1368 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:19:40.0060 1368 TermService - ok
22:19:40.0060 1368 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:19:40.0060 1368 Themes - ok
22:19:40.0107 1368 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:19:40.0107 1368 THREADORDER - ok
22:19:40.0138 1368 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:19:40.0138 1368 TrkWks - ok
22:19:40.0216 1368 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:19:40.0216 1368 TrustedInstaller - ok
22:19:40.0263 1368 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:19:40.0263 1368 tssecsrv - ok
22:19:40.0279 1368 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:19:40.0279 1368 TsUsbFlt - ok
22:19:40.0294 1368 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:19:40.0294 1368 TsUsbGD - ok
22:19:40.0341 1368 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:19:40.0341 1368 tunnel - ok
22:19:40.0341 1368 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:19:40.0357 1368 uagp35 - ok
22:19:40.0357 1368 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
22:19:40.0357 1368 UBHelper - ok
22:19:40.0404 1368 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:19:40.0404 1368 udfs - ok
22:19:40.0450 1368 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:19:40.0450 1368 UI0Detect - ok
22:19:40.0497 1368 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:19:40.0497 1368 uliagpkx - ok
22:19:40.0497 1368 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:19:40.0497 1368 umbus - ok
22:19:40.0497 1368 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:19:40.0497 1368 UmPass - ok
22:19:40.0700 1368 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:19:40.0747 1368 UNS - ok
22:19:40.0856 1368 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:19:40.0872 1368 upnphost - ok
22:19:40.0918 1368 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:19:40.0918 1368 usbccgp - ok
22:19:40.0981 1368 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:19:40.0981 1368 usbcir - ok
22:19:41.0028 1368 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:19:41.0028 1368 usbehci - ok
22:19:41.0090 1368 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:19:41.0090 1368 usbhub - ok
22:19:41.0106 1368 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:19:41.0121 1368 usbohci - ok
22:19:41.0137 1368 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:19:41.0152 1368 usbprint - ok
22:19:41.0324 1368 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:19:41.0324 1368 usbscan - ok
22:19:41.0527 1368 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:19:41.0574 1368 USBSTOR - ok
22:19:41.0698 1368 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:19:41.0698 1368 usbuhci - ok
22:19:41.0745 1368 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:19:41.0745 1368 usbvideo - ok
22:19:41.0792 1368 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:19:41.0808 1368 UxSms - ok
22:19:41.0870 1368 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:19:41.0870 1368 VaultSvc - ok
22:19:41.0886 1368 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:19:41.0886 1368 vdrvroot - ok
22:19:41.0948 1368 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:19:41.0964 1368 vds - ok
22:19:42.0057 1368 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:19:42.0088 1368 vga - ok
22:19:42.0104 1368 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:19:42.0104 1368 VgaSave - ok
22:19:42.0151 1368 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:19:42.0151 1368 vhdmp - ok
22:19:42.0151 1368 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:19:42.0151 1368 viaide - ok
22:19:42.0166 1368 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:19:42.0166 1368 volmgr - ok
22:19:42.0229 1368 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:19:42.0244 1368 volmgrx - ok
22:19:42.0276 1368 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:19:42.0291 1368 volsnap - ok
22:19:42.0447 1368 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:19:42.0478 1368 vsmraid - ok
22:19:42.0712 1368 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:19:42.0744 1368 VSS - ok
22:19:42.0946 1368 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:19:42.0946 1368 vwifibus - ok
22:19:42.0993 1368 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:19:42.0993 1368 vwififlt - ok
22:19:43.0071 1368 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:19:43.0087 1368 W32Time - ok
22:19:43.0149 1368 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:19:43.0149 1368 WacomPen - ok
22:19:43.0149 1368 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:19:43.0149 1368 WANARP - ok
22:19:43.0165 1368 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:19:43.0165 1368 Wanarpv6 - ok
22:19:43.0336 1368 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:19:43.0352 1368 WatAdminSvc - ok
22:19:43.0524 1368 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:19:43.0555 1368 wbengine - ok
22:19:43.0648 1368 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:19:43.0664 1368 WbioSrvc - ok
22:19:43.0680 1368 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:19:43.0695 1368 wcncsvc - ok
22:19:43.0711 1368 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:19:43.0711 1368 WcsPlugInService - ok
22:19:43.0758 1368 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:19:43.0758 1368 Wd - ok
22:19:43.0820 1368 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:19:43.0820 1368 Wdf01000 - ok
22:19:43.0836 1368 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:19:43.0836 1368 WdiServiceHost - ok
22:19:43.0836 1368 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:19:43.0836 1368 WdiSystemHost - ok
22:19:43.0898 1368 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:19:43.0914 1368 WebClient - ok
22:19:43.0929 1368 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:19:43.0945 1368 Wecsvc - ok
22:19:43.0976 1368 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:19:43.0976 1368 wercplsupport - ok
22:19:43.0976 1368 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:19:43.0976 1368 WerSvc - ok
22:19:44.0038 1368 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:19:44.0038 1368 WfpLwf - ok
22:19:44.0054 1368 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:19:44.0054 1368 WIMMount - ok
22:19:44.0101 1368 WinDefend - ok
22:19:44.0101 1368 WinHttpAutoProxySvc - ok
22:19:44.0163 1368 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:19:44.0163 1368 Winmgmt - ok
22:19:44.0319 1368 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:19:44.0366 1368 WinRM - ok
22:19:44.0538 1368 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:19:44.0538 1368 WinUsb - ok
22:19:44.0662 1368 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:19:44.0694 1368 Wlansvc - ok
22:19:44.0834 1368 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:19:44.0865 1368 wlcrasvc - ok
22:19:45.0084 1368 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:19:45.0146 1368 wlidsvc - ok
22:19:45.0271 1368 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:19:45.0286 1368 WmiAcpi - ok
22:19:45.0364 1368 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:19:45.0380 1368 wmiApSrv - ok
22:19:45.0458 1368 WMPNetworkSvc - ok
22:19:45.0474 1368 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:19:45.0474 1368 WPCSvc - ok
22:19:45.0552 1368 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:19:45.0552 1368 WPDBusEnum - ok
22:19:45.0614 1368 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:19:45.0614 1368 ws2ifsl - ok
22:19:45.0630 1368 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:19:45.0630 1368 wscsvc - ok
22:19:45.0661 1368 WSearch - ok
22:19:45.0817 1368 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:19:45.0879 1368 wuauserv - ok
22:19:45.0988 1368 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:19:45.0988 1368 WudfPf - ok
22:19:46.0035 1368 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:19:46.0035 1368 WUDFRd - ok
22:19:46.0066 1368 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:19:46.0066 1368 wudfsvc - ok
22:19:46.0082 1368 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:19:46.0082 1368 WwanSvc - ok
22:19:46.0144 1368 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:19:46.0550 1368 \Device\Harddisk0\DR0 - ok
22:19:46.0550 1368 Boot (0x1200) (e59ef2e960f9e5c63bba18941529a5f7) \Device\Harddisk0\DR0\Partition0
22:19:46.0550 1368 \Device\Harddisk0\DR0\Partition0 - ok
22:19:46.0597 1368 Boot (0x1200) (510bf6d74d4c5218d6a48620f9f414fe) \Device\Harddisk0\DR0\Partition1
22:19:46.0597 1368 \Device\Harddisk0\DR0\Partition1 - ok
22:19:46.0597 1368 ============================================================
22:19:46.0597 1368 Scan finished
22:19:46.0597 1368 ============================================================
22:19:46.0597 1436 Detected object count: 0
22:19:46.0597 1436 Actual detected object count: 0

aswMBR scan

version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 22:22:42
-----------------------------
22:22:42.581 OS Version: Windows x64 6.1.7601 Service Pack 1
22:22:42.581 Number of processors: 2 586 0x2505
22:22:42.581 ComputerName: KIMMI-PC UserName: Kimmi
22:22:43.766 Initialize success
22:24:35.197 AVAST engine defs: 12070501
22:24:46.741 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:24:46.757 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
22:24:46.773 Disk 0 MBR read successfully
22:24:46.773 Disk 0 MBR scan
22:24:46.773 Disk 0 Windows 7 default MBR code
22:24:46.773 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
22:24:46.804 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
22:24:46.835 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460454 MB offset 33761280
22:24:46.851 Disk 0 scanning C:\Windows\system32\drivers
22:24:53.621 Service scanning
22:25:20.422 Modules scanning
22:25:20.422 Disk 0 trace - called modules:
22:25:20.437 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:25:20.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800587a400]
22:25:20.437 3 CLASSPNP.SYS[fffff88001ba043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800495a050]
22:25:22.231 AVAST engine scan C:\Windows
22:25:25.351 AVAST engine scan C:\Windows\system32
22:28:15.907 AVAST engine scan C:\Windows\system32\drivers
22:28:25.173 AVAST engine scan C:\Users\Kimmi
22:36:56.210 AVAST engine scan C:\ProgramData
22:38:30.068 Scan finished successfully
22:39:47.306 Disk 0 MBR has been saved successfully to "C:\Users\Kimmi\Documents\MBR.dat"
22:39:47.312 The log file has been saved successfully to "C:\Users\Kimmi\Documents\aswMBR.txt"

ESET online scan results


C:\ProgramData\dmenleca.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\ProgramData\nqugbaxs.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\Users\Kimmi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\39c2a5cf-21f2e561 Java/Exploit.Agent.NAP trojan deleted - quarantined
C:\Users\Kimmi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\6340513c-149db78c Java/Exploit.CVE-2011-3544.AX trojan deleted - quarantined



What should I do now? Than ks for your help so far!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:21 PM

Posted 05 July 2012 - 06:05 PM

Press Windows+R key and type

%HOMEPATH%\Start Menu\Programs\Startup

click ok

Delete CTFMON.LNK file from the folder if you have one

Reboot to normal mode


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 kimmature

kimmature
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 06 July 2012 - 10:02 AM

Results from the mini toolbox program.

MiniToolBox by Farbar Version: 25-06-2012
Ran by Kimmi (administrator) on 06-07-2012 at 16:01:04
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR5B95 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kimmi-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Ethernet
Physical Address. . . . . . . . . : B8-70-F4-AA-5E-45
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Atheros AR5B95 Wireless Network Adapter
Physical Address. . . . . . . . . : D0-DF-9A-60-0F-B8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3cc7:f90c:dc40:d52%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.68(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 06 July 2012 14:50:38
Lease Expires . . . . . . . . . . : 07 July 2012 14:50:40
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 186410397
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-AD-B0-DB-B8-70-F4-AA-5E-45
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:cf:3cde:a967:f7a7(Preferred)
Link-local IPv6 Address . . . . . : fe80::cf:3cde:a967:f7a7%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: api.home
Address: 192.168.1.254

Name: google.com
Addresses: 2a00:1450:4009:809::1007
173.194.41.165
173.194.41.166
173.194.41.169
173.194.41.168
173.194.41.167
173.194.41.174
173.194.41.160
173.194.41.163
173.194.41.161
173.194.41.162
173.194.41.164


Pinging google.com [173.194.41.166] with 32 bytes of data:
Reply from 173.194.41.166: bytes=32 time=27ms TTL=52
Reply from 173.194.41.166: bytes=32 time=26ms TTL=52

Ping statistics for 173.194.41.166:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 27ms, Average = 26ms
Server: api.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=302ms TTL=45
Reply from 72.30.38.140: bytes=32 time=275ms TTL=45

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 275ms, Maximum = 302ms, Average = 288ms
Server: api.home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...b8 70 f4 aa 5e 45 ......Broadcom NetLink ™ Ethernet
11...d0 df 9a 60 0f b8 ......Atheros AR5B95 Wireless Network Adapter
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.68 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.68 281
192.168.1.68 255.255.255.255 On-link 192.168.1.68 281
192.168.1.255 255.255.255.255 On-link 192.168.1.68 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.68 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.68 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:73b8:cf:3cde:a967:f7a7/128
On-link
11 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::cf:3cde:a967:f7a7/128
On-link
11 281 fe80::3cc7:f90c:dc40:d52/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/06/2012 02:50:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2012 02:47:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2012 02:17:12 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/06/2012 02:54:53 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2012 11:54:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2012 10:18:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2012 11:39:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2012 09:25:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2012 09:24:41 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (07/04/2012 08:47:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/06/2012 02:48:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2012 02:48:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2012 02:48:19 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2012 02:46:35 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2012 02:46:35 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2012 02:46:35 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2012 02:46:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2012 02:46:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2012 02:46:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/06/2012 02:46:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/06/2012 02:50:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2012 02:47:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2012 02:17:12 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (07/06/2012 02:54:53 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (07/05/2012 11:54:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2012 10:18:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/05/2012 11:39:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2012 09:25:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2012 09:24:41 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (07/04/2012 08:47:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
1912 Titanic Mystery
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Acer Backup Manager (Version: 3.0.0.85)
Acer Crystal Eye Webcam (Version: 1.0.1523)
Acer ePower Management (Version: 6.00.3006)
Acer eRecovery Management (Version: 5.00.3002)
Acer GameZone Console (Version: 6.1.0.40497)
Acer Registration (Version: 1.03.3004)
Acer ScreenSaver (Version: 1.1.0301.2011)
Acer Updater (Version: 1.02.3005)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader 9.2 MUI (Version: 9.2.0)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Backup Manager V3 (Version: 3.0.0.85)
Bejeweled 2 Deluxe
Belles Beauty Boutique
Bing Bar (Version: 7.0.610.0)
Broadcom Gigabit NetLink Controller (Version: 14.6.1.2)
Chicken Invaders 3
clear.fi (Version: 1.0.1422.00)
clear.fi (Version: 9.0.7418)
clear.fi Client (Version: 1.00.3008)
D3DX10 (Version: 15.4.2368.0902)
Dream Day First Home
eBay Worldwide (Version: 2.1.0901)
Epson Easy Photo Print 2 (Version: 2.1.0.0)
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX410 Series Printer Uninstall
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.6.3_WHQL (Version: 8.0.6.3)
Farm Frenzy 3 Ice Age
Flip Words
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Galapago
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 20.0.1132.47)
Identity Card (Version: 1.00.3006)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2182)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.5)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MediaEspresso (Version: 1.0.1418_35759)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 13.0.1 (x86 en-GB) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MyWinLocker (Version: 4.0.14.11)
MyWinLocker 4 (Version: 4.0.14.11)
MyWinLocker Suite (Version: 4.0.14.11)
newsXpresso (Version: 1.0.0.40)
Norton Online Backup (Version: 2.1.17869)
NTI Media Maker 9 (Version: 9.0.2.8942)
OpenOffice.org 3.3 (Version: 3.3.9567)
Origin (Version: 8.4.1.210)
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Pošta Windows Live (Version: 15.4.3502.0922)
QuickTime (Version: 7.71.80.42)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (Version: 6.0.1.6314)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30124)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Shredder (Version: 2.0.8.7)
Sims2Pack Clean Installer
Skype™ 5.5 (Version: 5.5.124)
Sprill and Ritchie
swMSM (Version: 12.0.0.1)
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
The Sims™ 3 (Version: 1.33.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Welcome Center (Version: 1.02.3102)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Argazki Galeria (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
World of Goo

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3766.7 MB
Available physical RAM: 2045.7 MB
Total Pagefile: 7531.6 MB
Available Pagefile: 5780.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.05 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:359.37 GB) NTFS
2 Drive d: (Sims2EP9) (CDROM) (Total:0.66 GB) (Free:0 GB) UDF
3 Drive e: () (Removable) (Total:3.69 GB) (Free:3.18 GB) FAT32

========================= Users: ========================================

User accounts for \\KIMMI-PC

Administrator Guest Kimmi


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:21 PM

Posted 07 July 2012 - 05:20 AM

MBAM log?

#7 HensyrWolf

HensyrWolf

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium (Europe)
  • Local time:11:21 PM

Posted 07 July 2012 - 03:00 PM

Hi,

Maybe this sounds foolish but i have a simular problem with my computer.
I'm new here and ask the people here on this forum if i should make a new topic or just can write it down here.
I don't realy now, for my englisch is very bad and try to understand what is writen here.

I'm livin in Europe country Belgium, and the language here is dutch also the software i use is sometimes englisch but for the most it is in dutch.
So i wonder if the logs are englisch or dutch, can you guys interpret these logs when i post them here?

First things first:

I was searching on a porno site www.uporn.com friday the 6 of july 2012 01:30 u (Brussels time)
suddenly my computer get blockted by the Belgium Cyber Crime unit of the Belgium Police and ask me to pay 100 € to unblock my computer with the Ukash method
Everything was blockted, even my taskbar, start button and desktop wallpaper and desktop icons dissapear.
I try to make a screenshot but that also didn't work

So i went to my second computer and find out that it was a hacker who takes over my computer.

I went back to my first computer who is infected and restart the computer to get in to save mode with network
i did system recovery and bring the computer back to an urly date (3 days) and restart in normal mode
that gives me the opportunity to get back my computer and download Malwarebytes and run it but nothing was found accept of some crack keys on other drives
so i'm pretty sure the hacker has stil some files in my computer and i like to have them removed of it

I have reed in previous topics here to do nothing with programs that go deep in to my computer without any asking to do so.

My question now is what sould i do next?

Thanks Sincerely

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:21 PM

Posted 07 July 2012 - 03:02 PM

HensyrWolf

Please create a new topic to avoid confusion

thanks

Edited by narenxp, 07 July 2012 - 03:03 PM.


#9 kimmature

kimmature
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 19 July 2012 - 09:28 AM

Sorry it took so long, was away for about a week with family. Anyway I couldn't find the old mbam log so I re-run MBAM today and this is the log from today.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kimmi :: KIMMI-PC [administrator]

19/07/2012 13:41:36
mbam-log-2012-07-19 (13-41-36).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391573
Time elapsed: 1 hour(s), 19 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:21 PM

Posted 19 July 2012 - 09:30 AM

Download

adware cleaner

Launch it click on Delete,system should reboot

post the generated log

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Any current issues?

#11 kimmature

kimmature
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 26 July 2012 - 12:39 PM

Adware cleaner log

# AdwCleaner v1.703 - Logfile created 07/26/2012 at 18:32:25
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kimmi - KIMMI-PC
# Running from : C:\Users\Kimmi\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-GB)

Profile name : default
File : C:\Users\Kimmi\AppData\Roaming\Mozilla\Firefox\Profiles\82kkoz6n.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Kimmi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [957 octets] - [26/07/2012 18:32:25]

########## EOF - C:\AdwCleaner[S1].txt - [1084 octets] ##########

FSS log

Farbar Service Scanner Version: 26-07-2012
Ran by Kimmi (administrator) on 26-07-2012 at 18:37:43
Running from "C:\Users\Kimmi\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

There are no current issues with my laptop at the minute, other than programs running slowly from time to time and windows defender refusing to turn on.
Thanks for alll your help so far!

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:21 PM

Posted 26 July 2012 - 01:41 PM

You dont need windows defender,you have MSE

Microsoft Security Essentials (Version: 4.0.1526.0)

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users