Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help removing a rootkit and sirefef.fb.gen


  • Please log in to reply
19 replies to this topic

#1 PatrickM.

PatrickM.

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 06 August 2012 - 09:20 PM

I need help removing what I think is a rootkit on my computer. I found this:

C:\Users\Patrick\AppData\Local\{592b4cac-6dda-08f8-729e-e69892c21e95}

Which contained:

-two folders each with a single character file name, one which contained nothing and one which contained three files
-a system file called "@" and a system file called "n".

I've encountered this kind of thing before and usually just force delete all files, but this time I can't force delete one of the files.

I force deleted all files except for "n." If I try to force delete "n" or unlock with fileassassin I get a blue screen. This occurs even in safe mode.

Other problem, not sure if it is related, is sirefef.fb.gen, which was found by ESET Online scanner which was unable to remove it.

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 PatrickM.

PatrickM.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 06 August 2012 - 10:53 PM

Update:

Ran Malwarebytes and it was able to remove "n" and the rest of the rootkit. Still having trouble with sirefef.fb.gen, though.

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:36 PM

Posted 06 August 2012 - 11:28 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 06 August 2012 - 11:29 PM.


#4 PatrickM.

PatrickM.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 08 August 2012 - 12:10 AM

Hi, thanks for replying.

Here is the TDSS Log:

00:06:14.0795 1136 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:06:15.0295 1136 ============================================================
00:06:15.0295 1136 Current date / time: 2012/08/08 00:06:15.0295
00:06:15.0295 1136 SystemInfo:
00:06:15.0295 1136
00:06:15.0295 1136 OS Version: 6.0.6002 ServicePack: 2.0
00:06:15.0295 1136 Product type: Workstation
00:06:15.0295 1136 ComputerName: PATRICK-PC
00:06:15.0295 1136 UserName: Patrick
00:06:15.0295 1136 Windows directory: C:\Windows
00:06:15.0295 1136 System windows directory: C:\Windows
00:06:15.0295 1136 Processor architecture: Intel x86
00:06:15.0295 1136 Number of processors: 2
00:06:15.0295 1136 Page size: 0x1000
00:06:15.0295 1136 Boot type: Safe boot with network
00:06:15.0295 1136 ============================================================
00:06:17.0479 1136 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:06:17.0479 1136 ============================================================
00:06:17.0479 1136 \Device\Harddisk0\DR0:
00:06:17.0479 1136 MBR partitions:
00:06:17.0479 1136 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000
00:06:17.0479 1136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0xC66C800
00:06:17.0525 1136 ============================================================
00:06:17.0557 1136 C: <-> \Device\Harddisk0\DR0\Partition1
00:06:17.0666 1136 D: <-> \Device\Harddisk0\DR0\Partition0
00:06:17.0666 1136 ============================================================
00:06:17.0666 1136 Initialize success
00:06:17.0666 1136 ============================================================
00:06:27.0525 1008 ============================================================
00:06:27.0525 1008 Scan started
00:06:27.0525 1008 Mode: Manual;
00:06:27.0525 1008 ============================================================
00:06:28.0664 1008 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:06:28.0679 1008 ACPI - ok
00:06:28.0898 1008 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:06:28.0898 1008 AdobeFlashPlayerUpdateSvc - ok
00:06:29.0054 1008 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
00:06:29.0054 1008 adp94xx - ok
00:06:29.0132 1008 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
00:06:29.0163 1008 adpahci - ok
00:06:29.0210 1008 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
00:06:29.0210 1008 adpu160m - ok
00:06:29.0303 1008 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
00:06:29.0303 1008 adpu320 - ok
00:06:29.0413 1008 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
00:06:29.0428 1008 AeLookupSvc - ok
00:06:29.0553 1008 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:06:29.0553 1008 AFD - ok
00:06:29.0647 1008 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
00:06:29.0647 1008 agp440 - ok
00:06:29.0693 1008 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:06:29.0693 1008 aic78xx - ok
00:06:29.0771 1008 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
00:06:29.0771 1008 ALG - ok
00:06:29.0803 1008 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
00:06:29.0803 1008 aliide - ok
00:06:29.0881 1008 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
00:06:29.0881 1008 amdagp - ok
00:06:29.0927 1008 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
00:06:29.0927 1008 amdide - ok
00:06:30.0005 1008 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
00:06:30.0021 1008 AmdK7 - ok
00:06:30.0099 1008 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
00:06:30.0099 1008 AmdK8 - ok
00:06:30.0239 1008 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
00:06:30.0239 1008 Appinfo - ok
00:06:30.0520 1008 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:06:30.0583 1008 Apple Mobile Device - ok
00:06:30.0707 1008 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
00:06:30.0707 1008 arc - ok
00:06:30.0895 1008 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
00:06:30.0895 1008 arcsas - ok
00:06:31.0113 1008 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
00:06:31.0113 1008 ASPI - ok
00:06:31.0191 1008 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:06:31.0207 1008 AsyncMac - ok
00:06:31.0269 1008 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:06:31.0269 1008 atapi - ok
00:06:31.0519 1008 ATTRcAppSvc (ca508aab721a1bd94561428bd222370e) C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
00:06:31.0565 1008 ATTRcAppSvc - ok
00:06:31.0799 1008 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:06:31.0831 1008 AudioEndpointBuilder - ok
00:06:31.0862 1008 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:06:31.0862 1008 Audiosrv - ok
00:06:32.0158 1008 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
00:06:32.0174 1008 BCM43XX - ok
00:06:32.0299 1008 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
00:06:32.0299 1008 bcm4sbxp - ok
00:06:32.0455 1008 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:06:32.0455 1008 Beep - ok
00:06:32.0798 1008 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
00:06:32.0829 1008 BFE - ok
00:06:32.0860 1008 blbdrive - ok
00:06:33.0266 1008 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
00:06:33.0422 1008 Bonjour Service - ok
00:06:33.0515 1008 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:06:33.0515 1008 bowser - ok
00:06:33.0609 1008 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:06:33.0609 1008 BrFiltLo - ok
00:06:33.0656 1008 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:06:33.0656 1008 BrFiltUp - ok
00:06:33.0734 1008 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
00:06:33.0749 1008 Browser - ok
00:06:33.0796 1008 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:06:33.0812 1008 Brserid - ok
00:06:33.0843 1008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:06:33.0843 1008 BrSerWdm - ok
00:06:33.0874 1008 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:06:33.0874 1008 BrUsbMdm - ok
00:06:33.0905 1008 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:06:33.0905 1008 BrUsbSer - ok
00:06:33.0968 1008 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:06:33.0983 1008 BTHMODEM - ok
00:06:34.0077 1008 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
00:06:34.0077 1008 BthServ - ok
00:06:34.0217 1008 CAATT (cc7939dcdad91b54e1a6409a2cf7bf65) C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
00:06:34.0217 1008 CAATT - ok
00:06:34.0342 1008 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:06:34.0389 1008 cdfs - ok
00:06:34.0451 1008 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:06:34.0451 1008 cdrom - ok
00:06:34.0529 1008 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:06:34.0529 1008 CertPropSvc - ok
00:06:34.0607 1008 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
00:06:34.0607 1008 circlass - ok
00:06:34.0748 1008 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:06:34.0779 1008 CLFS - ok
00:06:34.0966 1008 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:06:34.0966 1008 clr_optimization_v2.0.50727_32 - ok
00:06:35.0200 1008 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:06:35.0247 1008 clr_optimization_v4.0.30319_32 - ok
00:06:35.0309 1008 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:06:35.0309 1008 CmBatt - ok
00:06:35.0325 1008 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
00:06:35.0325 1008 cmdide - ok
00:06:35.0387 1008 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:06:35.0387 1008 Compbatt - ok
00:06:35.0419 1008 COMSysApp - ok
00:06:35.0419 1008 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
00:06:35.0434 1008 crcdisk - ok
00:06:35.0512 1008 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
00:06:35.0543 1008 Crusoe - ok
00:06:35.0653 1008 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
00:06:35.0653 1008 CryptSvc - ok
00:06:35.0731 1008 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\datunidr.sys
00:06:35.0731 1008 datunidr - ok
00:06:35.0887 1008 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:06:35.0933 1008 DcomLaunch - ok
00:06:36.0027 1008 DellAMBrokerService (ef501a60c5de659c02ef1fa8ee8b3998) C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
00:06:36.0027 1008 DellAMBrokerService - ok
00:06:36.0089 1008 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:06:36.0105 1008 DfsC - ok
00:06:36.0495 1008 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
00:06:36.0682 1008 DFSR - ok
00:06:36.0901 1008 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
00:06:36.0916 1008 Dhcp - ok
00:06:37.0010 1008 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:06:37.0010 1008 disk - ok
00:06:37.0041 1008 dlcx_device - ok
00:06:37.0088 1008 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
00:06:37.0088 1008 Dnscache - ok
00:06:37.0181 1008 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
00:06:37.0213 1008 dot3svc - ok
00:06:37.0291 1008 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
00:06:37.0322 1008 DPS - ok
00:06:37.0400 1008 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:06:37.0400 1008 drmkaud - ok
00:06:37.0571 1008 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:06:37.0727 1008 DXGKrnl - ok
00:06:37.0883 1008 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
00:06:37.0915 1008 e1express - ok
00:06:37.0961 1008 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:06:37.0993 1008 E1G60 - ok
00:06:38.0086 1008 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
00:06:38.0102 1008 EapHost - ok
00:06:38.0305 1008 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:06:38.0320 1008 Ecache - ok
00:06:38.0554 1008 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
00:06:38.0570 1008 elxstor - ok
00:06:39.0085 1008 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
00:06:39.0241 1008 EMDMgmt - ok
00:06:39.0506 1008 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
00:06:39.0568 1008 EventSystem - ok
00:06:39.0802 1008 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:06:39.0833 1008 exfat - ok
00:06:40.0005 1008 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:06:40.0036 1008 fastfat - ok
00:06:40.0114 1008 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
00:06:40.0114 1008 fdc - ok
00:06:40.0192 1008 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
00:06:40.0208 1008 fdPHost - ok
00:06:40.0301 1008 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
00:06:40.0317 1008 FDResPub - ok
00:06:40.0426 1008 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:06:40.0426 1008 FileInfo - ok
00:06:40.0489 1008 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:06:40.0489 1008 Filetrace - ok
00:06:40.0535 1008 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
00:06:40.0535 1008 flpydisk - ok
00:06:40.0723 1008 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:06:40.0769 1008 FltMgr - ok
00:06:41.0300 1008 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
00:06:41.0347 1008 FontCache - ok
00:06:41.0471 1008 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:06:41.0471 1008 FontCache3.0.0.0 - ok
00:06:41.0549 1008 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:06:41.0549 1008 Fs_Rec - ok
00:06:41.0627 1008 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
00:06:41.0643 1008 gagp30kx - ok
00:06:41.0705 1008 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
00:06:41.0705 1008 GEARAspiWDM - ok
00:06:41.0986 1008 GoogleDesktopManager-061008-081103 (6542dc2e93bce4d4289fa70a4d367dc2) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
00:06:41.0986 1008 GoogleDesktopManager-061008-081103 - ok
00:06:42.0657 1008 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
00:06:42.0704 1008 gpsvc - ok
00:06:42.0829 1008 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:06:42.0860 1008 gupdate - ok
00:06:42.0985 1008 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
00:06:42.0985 1008 gupdatem - ok
00:06:43.0265 1008 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:06:43.0265 1008 gusvc - ok
00:06:43.0468 1008 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:06:43.0468 1008 HDAudBus - ok
00:06:43.0515 1008 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:06:43.0515 1008 HidBth - ok
00:06:43.0531 1008 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:06:43.0531 1008 HidIr - ok
00:06:43.0624 1008 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
00:06:43.0624 1008 hidserv - ok
00:06:43.0702 1008 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:06:43.0702 1008 HidUsb - ok
00:06:43.0718 1008 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
00:06:43.0718 1008 hkmsvc - ok
00:06:43.0858 1008 hnmsvc (80d465483cecc76b6d1ee05c8fb6bd3f) C:\Program Files\Dell Network Assistant\hnm_svc.exe
00:06:43.0858 1008 hnmsvc - ok
00:06:43.0921 1008 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
00:06:43.0921 1008 HpCISSs - ok
00:06:43.0983 1008 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:06:43.0983 1008 HSFHWAZL - ok
00:06:44.0233 1008 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:06:44.0357 1008 HSF_DPV - ok
00:06:44.0357 1008 HSXHWAZL - ok
00:06:44.0513 1008 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
00:06:44.0560 1008 HTTP - ok
00:06:44.0623 1008 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
00:06:44.0638 1008 i2omp - ok
00:06:44.0716 1008 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:06:44.0732 1008 i8042prt - ok
00:06:44.0903 1008 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
00:06:44.0903 1008 iaStor - ok
00:06:45.0028 1008 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
00:06:45.0044 1008 iaStorV - ok
00:06:45.0465 1008 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:06:45.0512 1008 idsvc - ok
00:06:45.0621 1008 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:06:45.0637 1008 iirsp - ok
00:06:45.0949 1008 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
00:06:46.0042 1008 IKEEXT - ok
00:06:46.0136 1008 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
00:06:46.0151 1008 intelide - ok
00:06:46.0261 1008 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:06:46.0261 1008 intelppm - ok
00:06:46.0323 1008 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
00:06:46.0339 1008 IPBusEnum - ok
00:06:46.0401 1008 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:06:46.0417 1008 IpFilterDriver - ok
00:06:46.0479 1008 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
00:06:46.0495 1008 iphlpsvc - ok
00:06:46.0510 1008 IpInIp - ok
00:06:46.0573 1008 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
00:06:46.0573 1008 IPMIDRV - ok
00:06:46.0697 1008 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:06:46.0713 1008 IPNAT - ok
00:06:47.0087 1008 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
00:06:47.0290 1008 iPod Service - ok
00:06:47.0353 1008 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:06:47.0353 1008 IRENUM - ok
00:06:47.0462 1008 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys
00:06:47.0462 1008 is3srv - ok
00:06:47.0555 1008 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
00:06:47.0571 1008 isapnp - ok
00:06:47.0743 1008 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:06:47.0743 1008 iScsiPrt - ok
00:06:47.0774 1008 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:06:47.0774 1008 iteatapi - ok
00:06:47.0867 1008 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:06:47.0883 1008 iteraid - ok
00:06:47.0977 1008 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:06:47.0977 1008 kbdclass - ok
00:06:48.0070 1008 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
00:06:48.0086 1008 kbdhid - ok
00:06:48.0133 1008 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
00:06:48.0133 1008 KeyIso - ok
00:06:48.0351 1008 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
00:06:48.0476 1008 KSecDD - ok
00:06:48.0647 1008 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
00:06:48.0694 1008 KtmRm - ok
00:06:48.0803 1008 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
00:06:48.0819 1008 LanmanServer - ok
00:06:48.0959 1008 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
00:06:48.0991 1008 LanmanWorkstation - ok
00:06:49.0069 1008 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:06:49.0084 1008 lltdio - ok
00:06:49.0193 1008 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
00:06:49.0193 1008 lltdsvc - ok
00:06:49.0287 1008 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
00:06:49.0303 1008 lmhosts - ok
00:06:49.0349 1008 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
00:06:49.0349 1008 LSI_FC - ok
00:06:49.0427 1008 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
00:06:49.0443 1008 LSI_SAS - ok
00:06:49.0521 1008 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
00:06:49.0537 1008 LSI_SCSI - ok
00:06:49.0615 1008 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:06:49.0630 1008 luafv - ok
00:06:49.0677 1008 LVUSBSta - ok
00:06:50.0176 1008 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
00:06:50.0223 1008 McComponentHostService - ok
00:06:50.0426 1008 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
00:06:50.0441 1008 MDM - ok
00:06:50.0457 1008 mdmxsdk - ok
00:06:50.0504 1008 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
00:06:50.0504 1008 megasas - ok
00:06:50.0566 1008 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:06:50.0582 1008 MMCSS - ok
00:06:50.0691 1008 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:06:50.0691 1008 Modem - ok
00:06:50.0769 1008 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:06:50.0769 1008 monitor - ok
00:06:50.0831 1008 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:06:50.0831 1008 mouclass - ok
00:06:50.0894 1008 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:06:50.0909 1008 mouhid - ok
00:06:51.0081 1008 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:06:51.0097 1008 MountMgr - ok
00:06:51.0424 1008 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:06:51.0440 1008 MozillaMaintenance - ok
00:06:51.0596 1008 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
00:06:51.0611 1008 mpio - ok
00:06:51.0689 1008 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:06:51.0689 1008 mpsdrv - ok
00:06:51.0783 1008 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:06:51.0783 1008 Mraid35x - ok
00:06:51.0923 1008 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:06:51.0939 1008 MRxDAV - ok
00:06:52.0033 1008 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:06:52.0033 1008 mrxsmb - ok
00:06:52.0204 1008 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:06:52.0235 1008 mrxsmb10 - ok
00:06:52.0313 1008 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:06:52.0313 1008 mrxsmb20 - ok
00:06:52.0391 1008 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
00:06:52.0391 1008 msahci - ok
00:06:52.0438 1008 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
00:06:52.0469 1008 msdsm - ok
00:06:52.0547 1008 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
00:06:52.0563 1008 MSDTC - ok
00:06:52.0625 1008 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:06:52.0625 1008 Msfs - ok
00:06:52.0735 1008 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:06:52.0750 1008 msisadrv - ok
00:06:52.0875 1008 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
00:06:52.0906 1008 MSiSCSI - ok
00:06:52.0922 1008 msiserver - ok
00:06:53.0000 1008 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:06:53.0000 1008 MSKSSRV - ok
00:06:53.0047 1008 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:06:53.0047 1008 MSPCLOCK - ok
00:06:53.0062 1008 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:06:53.0062 1008 MSPQM - ok
00:06:53.0218 1008 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:06:53.0265 1008 MsRPC - ok
00:06:53.0327 1008 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:06:53.0327 1008 mssmbios - ok
00:06:53.0390 1008 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:06:53.0390 1008 MSTEE - ok
00:06:53.0468 1008 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:06:53.0468 1008 Mup - ok
00:06:53.0686 1008 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
00:06:53.0717 1008 napagent - ok
00:06:53.0936 1008 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:06:53.0951 1008 NativeWifiP - ok
00:06:54.0326 1008 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:06:54.0404 1008 NDIS - ok
00:06:54.0497 1008 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:06:54.0513 1008 NdisTapi - ok
00:06:54.0575 1008 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:06:54.0591 1008 Ndisuio - ok
00:06:54.0809 1008 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:06:54.0825 1008 NdisWan - ok
00:06:54.0934 1008 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:06:54.0950 1008 NDProxy - ok
00:06:55.0012 1008 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:06:55.0012 1008 NetBIOS - ok
00:06:55.0106 1008 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:06:55.0106 1008 netbt - ok
00:06:55.0184 1008 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
00:06:55.0184 1008 Netlogon - ok
00:06:55.0231 1008 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
00:06:55.0231 1008 Netman - ok
00:06:55.0293 1008 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
00:06:55.0293 1008 netprofm - ok
00:06:55.0418 1008 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:06:55.0418 1008 NetTcpPortSharing - ok
00:06:55.0449 1008 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:06:55.0465 1008 nfrd960 - ok
00:06:55.0496 1008 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
00:06:55.0496 1008 NlaSvc - ok
00:06:55.0543 1008 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:06:55.0543 1008 Npfs - ok
00:06:55.0589 1008 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
00:06:55.0605 1008 nsi - ok
00:06:55.0636 1008 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:06:55.0636 1008 nsiproxy - ok
00:06:55.0777 1008 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:06:55.0792 1008 Ntfs - ok
00:06:55.0823 1008 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:06:55.0823 1008 ntrigdigi - ok
00:06:55.0855 1008 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:06:55.0855 1008 Null - ok
00:06:56.0323 1008 nvlddmkm (615024cafe830d0bdccafddac8a23650) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:06:56.0541 1008 nvlddmkm - ok
00:06:56.0697 1008 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
00:06:56.0697 1008 nvraid - ok
00:06:56.0728 1008 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
00:06:56.0728 1008 nvstor - ok
00:06:56.0744 1008 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
00:06:56.0759 1008 nv_agp - ok
00:06:56.0759 1008 NwlnkFlt - ok
00:06:56.0806 1008 NwlnkFwd - ok
00:06:56.0853 1008 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:06:56.0869 1008 ohci1394 - ok
00:06:56.0931 1008 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:06:56.0947 1008 ose - ok
00:06:57.0056 1008 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:06:57.0071 1008 p2pimsvc - ok
00:06:57.0087 1008 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:06:57.0087 1008 p2psvc - ok
00:06:57.0118 1008 Packet (8f856dae19383bd69db444004d5d4f50) C:\Windows\system32\DRIVERS\packet.sys
00:06:57.0118 1008 Packet - ok
00:06:57.0149 1008 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:06:57.0149 1008 Parport - ok
00:06:57.0212 1008 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:06:57.0227 1008 partmgr - ok
00:06:57.0227 1008 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:06:57.0227 1008 Parvdm - ok
00:06:57.0259 1008 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
00:06:57.0259 1008 PcaSvc - ok
00:06:57.0305 1008 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:06:57.0321 1008 pci - ok
00:06:57.0321 1008 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
00:06:57.0321 1008 pciide - ok
00:06:57.0368 1008 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:06:57.0383 1008 pcmcia - ok
00:06:57.0430 1008 PCTINDIS5 (351bd8c80b2c411ea5a122fcfed4d7c8) C:\Windows\system32\PCTINDIS5.SYS
00:06:57.0430 1008 PCTINDIS5 - ok
00:06:57.0508 1008 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:06:57.0524 1008 PEAUTH - ok
00:06:57.0586 1008 PID_0928 - ok
00:06:57.0727 1008 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
00:06:57.0742 1008 pla - ok
00:06:57.0898 1008 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
00:06:57.0898 1008 PlugPlay - ok
00:06:58.0007 1008 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:06:58.0007 1008 PNRPAutoReg - ok
00:06:58.0023 1008 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:06:58.0023 1008 PNRPsvc - ok
00:06:58.0070 1008 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
00:06:58.0070 1008 PolicyAgent - ok
00:06:58.0132 1008 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:06:58.0132 1008 PptpMiniport - ok
00:06:58.0163 1008 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
00:06:58.0163 1008 Processor - ok
00:06:58.0226 1008 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
00:06:58.0226 1008 ProfSvc - ok
00:06:58.0273 1008 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
00:06:58.0288 1008 ProtectedStorage - ok
00:06:58.0335 1008 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:06:58.0351 1008 PSched - ok
00:06:58.0413 1008 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
00:06:58.0413 1008 PTproct - ok
00:06:58.0507 1008 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
00:06:58.0522 1008 ql2300 - ok
00:06:58.0538 1008 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:06:58.0538 1008 ql40xx - ok
00:06:58.0585 1008 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
00:06:58.0585 1008 QWAVE - ok
00:06:58.0631 1008 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:06:58.0631 1008 QWAVEdrv - ok
00:06:58.0803 1008 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
00:06:58.0834 1008 R300 - ok
00:06:58.0912 1008 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
00:06:58.0912 1008 RapiMgr - ok
00:06:59.0053 1008 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:06:59.0053 1008 RasAcd - ok
00:06:59.0099 1008 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
00:06:59.0099 1008 RasAuto - ok
00:06:59.0162 1008 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:06:59.0162 1008 Rasl2tp - ok
00:06:59.0240 1008 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
00:06:59.0255 1008 RasMan - ok
00:06:59.0318 1008 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:06:59.0318 1008 RasPppoe - ok
00:06:59.0333 1008 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:06:59.0333 1008 RasSstp - ok
00:06:59.0411 1008 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:06:59.0411 1008 rdbss - ok
00:06:59.0443 1008 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:06:59.0443 1008 RDPCDD - ok
00:06:59.0505 1008 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
00:06:59.0505 1008 rdpdr - ok
00:06:59.0521 1008 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:06:59.0521 1008 RDPENCDD - ok
00:06:59.0583 1008 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:06:59.0599 1008 RDPWD - ok
00:06:59.0661 1008 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
00:06:59.0661 1008 RemoteAccess - ok
00:06:59.0739 1008 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
00:06:59.0739 1008 RemoteRegistry - ok
00:06:59.0786 1008 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
00:06:59.0786 1008 rimmptsk - ok
00:06:59.0817 1008 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
00:06:59.0817 1008 rimsptsk - ok
00:06:59.0864 1008 RimVSerPort (12a2fd77e334b223531f1e2918480d49) C:\Windows\system32\DRIVERS\RimSerial.sys
00:06:59.0864 1008 RimVSerPort - ok
00:06:59.0879 1008 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
00:06:59.0879 1008 rismxdp - ok
00:06:59.0926 1008 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
00:06:59.0942 1008 ROOTMODEM - ok
00:06:59.0973 1008 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
00:06:59.0973 1008 RpcLocator - ok
00:07:00.0067 1008 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:07:00.0067 1008 RpcSs - ok
00:07:00.0098 1008 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:07:00.0113 1008 rspndr - ok
00:07:00.0160 1008 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
00:07:00.0160 1008 SamSs - ok
00:07:00.0207 1008 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:07:00.0207 1008 sbp2port - ok
00:07:00.0269 1008 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
00:07:00.0285 1008 SCardSvr - ok
00:07:00.0347 1008 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
00:07:00.0363 1008 Schedule - ok
00:07:00.0394 1008 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:07:00.0394 1008 SCPolicySvc - ok
00:07:00.0441 1008 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
00:07:00.0441 1008 sdbus - ok
00:07:00.0472 1008 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
00:07:00.0488 1008 SDRSVC - ok
00:07:00.0519 1008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:07:00.0519 1008 secdrv - ok
00:07:00.0550 1008 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
00:07:00.0566 1008 seclogon - ok
00:07:00.0566 1008 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
00:07:00.0581 1008 SENS - ok
00:07:00.0581 1008 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:07:00.0581 1008 Serenum - ok
00:07:00.0613 1008 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:07:00.0613 1008 Serial - ok
00:07:00.0644 1008 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:07:00.0644 1008 sermouse - ok
00:07:00.0706 1008 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
00:07:00.0706 1008 SessionEnv - ok
00:07:00.0722 1008 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
00:07:00.0722 1008 sffdisk - ok
00:07:00.0753 1008 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
00:07:00.0753 1008 sffp_mmc - ok
00:07:00.0753 1008 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
00:07:00.0753 1008 sffp_sd - ok
00:07:00.0769 1008 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:07:00.0769 1008 sfloppy - ok
00:07:00.0815 1008 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
00:07:00.0815 1008 ShellHWDetection - ok
00:07:00.0831 1008 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
00:07:00.0831 1008 sisagp - ok
00:07:00.0847 1008 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
00:07:00.0862 1008 SiSRaid2 - ok
00:07:00.0878 1008 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
00:07:00.0878 1008 SiSRaid4 - ok
00:07:01.0143 1008 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
00:07:01.0205 1008 slsvc - ok
00:07:01.0330 1008 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
00:07:01.0330 1008 SLUINotify - ok
00:07:01.0424 1008 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:07:01.0424 1008 Smb - ok
00:07:01.0471 1008 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
00:07:01.0471 1008 SNMPTRAP - ok
00:07:01.0502 1008 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:07:01.0502 1008 spldr - ok
00:07:01.0533 1008 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
00:07:01.0549 1008 Spooler - ok
00:07:01.0627 1008 sprtsvc_dellsupportcenter - ok
00:07:01.0673 1008 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:07:01.0689 1008 srv - ok
00:07:01.0720 1008 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:07:01.0736 1008 srv2 - ok
00:07:01.0751 1008 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:07:01.0751 1008 srvnet - ok
00:07:01.0814 1008 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
00:07:01.0814 1008 SSDPSRV - ok
00:07:01.0876 1008 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
00:07:01.0876 1008 SstpSvc - ok
00:07:01.0923 1008 STacSV (b218068eba6f46f102b4218bdb81be0b) C:\Windows\system32\STacSV.exe
00:07:01.0923 1008 STacSV - ok
00:07:01.0954 1008 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
00:07:01.0970 1008 STHDA - ok
00:07:02.0048 1008 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
00:07:02.0063 1008 stisvc - ok
00:07:02.0110 1008 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:07:02.0110 1008 swenum - ok
00:07:02.0141 1008 swmsflt (a184a1bab187809b144ba32509b9e731) C:\Windows\System32\drivers\swmsflt.sys
00:07:02.0141 1008 swmsflt - ok
00:07:02.0188 1008 SWNC8U56 (2f6f8b7f821c994de3d1caf399bf9cd3) C:\Windows\system32\DRIVERS\swnc8u56.sys
00:07:02.0188 1008 SWNC8U56 - ok
00:07:02.0266 1008 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
00:07:02.0266 1008 swprv - ok
00:07:02.0297 1008 SWUMX56 (903a5e596a3910cebfa33f3bd7d9c174) C:\Windows\system32\DRIVERS\swumx56.sys
00:07:02.0297 1008 SWUMX56 - ok
00:07:02.0344 1008 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:07:02.0344 1008 Symc8xx - ok
00:07:02.0360 1008 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:07:02.0360 1008 Sym_hi - ok
00:07:02.0375 1008 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:07:02.0375 1008 Sym_u3 - ok
00:07:02.0438 1008 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
00:07:02.0438 1008 SynTP - ok
00:07:02.0531 1008 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
00:07:02.0547 1008 SysMain - ok
00:07:02.0578 1008 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\DRIVERS\szkg.sys
00:07:02.0578 1008 szkg5 - ok
00:07:02.0625 1008 szkgfs (333175a9d6129315650ac743459dd176) C:\Windows\system32\drivers\szkgfs.sys
00:07:02.0625 1008 szkgfs - ok
00:07:02.0719 1008 szserver (b56a64ff3217145d5f1b5e20d8210c52) c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
00:07:02.0719 1008 szserver - ok
00:07:02.0750 1008 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
00:07:02.0750 1008 TabletInputService - ok
00:07:02.0828 1008 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
00:07:02.0828 1008 TapiSrv - ok
00:07:02.0875 1008 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
00:07:02.0875 1008 TBS - ok
00:07:02.0968 1008 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
00:07:02.0984 1008 Tcpip - ok
00:07:02.0984 1008 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
00:07:02.0999 1008 Tcpip6 - ok
00:07:03.0031 1008 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:07:03.0031 1008 tcpipreg - ok
00:07:03.0062 1008 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:07:03.0077 1008 TDPIPE - ok
00:07:03.0093 1008 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:07:03.0093 1008 TDTCP - ok
00:07:03.0155 1008 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:07:03.0171 1008 tdx - ok
00:07:03.0202 1008 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:07:03.0202 1008 TermDD - ok
00:07:03.0296 1008 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
00:07:03.0311 1008 TermService - ok
00:07:03.0343 1008 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
00:07:03.0343 1008 Themes - ok
00:07:03.0374 1008 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:07:03.0374 1008 THREADORDER - ok
00:07:03.0389 1008 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
00:07:03.0405 1008 TrkWks - ok
00:07:03.0483 1008 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
00:07:03.0499 1008 TrustedInstaller - ok
00:07:03.0514 1008 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:07:03.0514 1008 tssecsrv - ok
00:07:03.0561 1008 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:07:03.0577 1008 tunmp - ok
00:07:03.0592 1008 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:07:03.0592 1008 tunnel - ok
00:07:03.0655 1008 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
00:07:03.0655 1008 uagp35 - ok
00:07:03.0733 1008 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:07:03.0733 1008 udfs - ok
00:07:03.0779 1008 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
00:07:03.0795 1008 UI0Detect - ok
00:07:03.0826 1008 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
00:07:03.0826 1008 uliagpkx - ok
00:07:03.0857 1008 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
00:07:03.0857 1008 uliahci - ok
00:07:03.0920 1008 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:07:03.0920 1008 UlSata - ok
00:07:03.0967 1008 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:07:03.0967 1008 ulsata2 - ok
00:07:04.0013 1008 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:07:04.0013 1008 umbus - ok
00:07:04.0060 1008 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
00:07:04.0060 1008 upnphost - ok
00:07:04.0091 1008 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:07:04.0091 1008 USBAAPL - ok
00:07:04.0138 1008 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:07:04.0154 1008 usbaudio - ok
00:07:04.0185 1008 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:07:04.0201 1008 usbccgp - ok
00:07:04.0232 1008 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:07:04.0232 1008 usbcir - ok
00:07:04.0294 1008 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:07:04.0294 1008 usbehci - ok
00:07:04.0325 1008 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:07:04.0325 1008 usbhub - ok
00:07:04.0341 1008 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:07:04.0341 1008 usbohci - ok
00:07:04.0372 1008 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:07:04.0372 1008 usbprint - ok
00:07:04.0388 1008 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:07:04.0388 1008 usbscan - ok
00:07:04.0419 1008 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:07:04.0419 1008 USBSTOR - ok
00:07:04.0450 1008 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:07:04.0450 1008 usbuhci - ok
00:07:04.0513 1008 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
00:07:04.0528 1008 UxSms - ok
00:07:04.0606 1008 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
00:07:04.0622 1008 vds - ok
00:07:04.0653 1008 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
00:07:04.0653 1008 vga - ok
00:07:04.0684 1008 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:07:04.0684 1008 VgaSave - ok
00:07:04.0700 1008 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
00:07:04.0715 1008 viaagp - ok
00:07:04.0731 1008 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
00:07:04.0731 1008 ViaC7 - ok
00:07:04.0731 1008 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
00:07:04.0731 1008 viaide - ok
00:07:04.0762 1008 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:07:04.0778 1008 volmgr - ok
00:07:04.0856 1008 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:07:04.0856 1008 volmgrx - ok
00:07:04.0918 1008 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:07:04.0918 1008 volsnap - ok
00:07:04.0981 1008 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
00:07:04.0981 1008 vsmraid - ok
00:07:05.0105 1008 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
00:07:05.0121 1008 VSS - ok
00:07:05.0215 1008 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
00:07:05.0215 1008 W32Time - ok
00:07:05.0277 1008 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:07:05.0277 1008 WacomPen - ok
00:07:05.0308 1008 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:07:05.0308 1008 Wanarp - ok
00:07:05.0308 1008 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:07:05.0324 1008 Wanarpv6 - ok
00:07:05.0386 1008 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
00:07:05.0402 1008 WcesComm - ok
00:07:05.0495 1008 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
00:07:05.0511 1008 wcncsvc - ok
00:07:05.0558 1008 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
00:07:05.0558 1008 WcsPlugInService - ok
00:07:05.0573 1008 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
00:07:05.0573 1008 Wd - ok
00:07:05.0636 1008 Wdf01000 (bfc4993b195eb4618acf33f7150f091e) C:\Windows\system32\drivers\Wdf01000.sys
00:07:05.0667 1008 Wdf01000 - ok
00:07:05.0698 1008 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:07:05.0698 1008 WdiServiceHost - ok
00:07:05.0729 1008 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:07:05.0729 1008 WdiSystemHost - ok
00:07:05.0792 1008 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
00:07:05.0792 1008 WebClient - ok
00:07:05.0839 1008 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
00:07:05.0839 1008 Wecsvc - ok
00:07:05.0870 1008 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
00:07:05.0870 1008 wercplsupport - ok
00:07:05.0948 1008 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
00:07:05.0948 1008 WerSvc - ok
00:07:06.0010 1008 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:07:06.0026 1008 winachsf - ok
00:07:06.0135 1008 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
00:07:06.0151 1008 WinDefend - ok
00:07:06.0166 1008 WinHttpAutoProxySvc - ok
00:07:06.0260 1008 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
00:07:06.0260 1008 Winmgmt - ok
00:07:06.0369 1008 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
00:07:06.0385 1008 WinRM - ok
00:07:06.0478 1008 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
00:07:06.0478 1008 WinUSB - ok
00:07:06.0541 1008 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
00:07:06.0556 1008 Wlansvc - ok
00:07:06.0572 1008 wltrysvc - ok
00:07:06.0587 1008 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:07:06.0587 1008 WmiAcpi - ok
00:07:06.0681 1008 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
00:07:06.0681 1008 wmiApSrv - ok
00:07:06.0806 1008 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:07:06.0821 1008 WMPNetworkSvc - ok
00:07:06.0884 1008 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
00:07:06.0899 1008 WPCSvc - ok
00:07:06.0931 1008 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
00:07:06.0931 1008 WPDBusEnum - ok
00:07:07.0009 1008 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:07:07.0009 1008 WpdUsb - ok
00:07:07.0165 1008 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:07:07.0180 1008 WPFFontCache_v0400 - ok
00:07:07.0227 1008 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:07:07.0227 1008 ws2ifsl - ok
00:07:07.0305 1008 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
00:07:07.0305 1008 wscsvc - ok
00:07:07.0321 1008 WSearch - ok
00:07:07.0367 1008 WudfPf (492e9b6232af783173c8f0f612982f3b) C:\Windows\system32\drivers\WudfPf.sys
00:07:07.0367 1008 WudfPf - ok
00:07:07.0414 1008 WUDFRd (fbcc03fe3d9d8976931426f7ae2baae6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:07:07.0430 1008 WUDFRd - ok
00:07:07.0461 1008 wudfsvc (dc0fb85918973f63a48b944349b8ae5b) C:\Windows\System32\WUDFSvc.dll
00:07:07.0508 1008 wudfsvc - ok
00:07:07.0976 1008 ZuneNetworkSvc (bcc62ed44d85236f802efccda3fba457) c:\Program Files\Zune\ZuneNss.exe
00:07:08.0163 1008 ZuneNetworkSvc - ok
00:07:08.0303 1008 ZuneWlanCfgSvc (b10cc66b7947bb1a2a24ff563bf36021) c:\Windows\system32\ZuneWlanCfgSvc.exe
00:07:08.0350 1008 ZuneWlanCfgSvc - ok
00:07:08.0381 1008 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:07:08.0959 1008 \Device\Harddisk0\DR0 - ok
00:07:08.0974 1008 Boot (0x1200) (46d5ee61b40cc0e51e9134b7e791c1a9) \Device\Harddisk0\DR0\Partition0
00:07:08.0990 1008 \Device\Harddisk0\DR0\Partition0 - ok
00:07:08.0990 1008 Boot (0x1200) (9ace58f557046942b08dcfa2c154fdca) \Device\Harddisk0\DR0\Partition1
00:07:08.0990 1008 \Device\Harddisk0\DR0\Partition1 - ok
00:07:08.0990 1008 ============================================================
00:07:08.0990 1008 Scan finished
00:07:08.0990 1008 ============================================================
00:07:09.0005 1104 Detected object count: 0
00:07:09.0005 1104 Actual detected object count: 0

#5 PatrickM.

PatrickM.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 08 August 2012 - 12:44 AM

Here are the results of the aswMBR scan:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-08 00:15:01
-----------------------------
00:15:01.358 OS Version: Windows 6.0.6002 Service Pack 2
00:15:01.358 Number of processors: 2 586 0xF0D
00:15:01.358 ComputerName: PATRICK-PC UserName: Patrick
00:15:43.961 Initialize success
00:18:57.651 AVAST engine defs: 12080701
00:20:32.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:20:32.234 Disk 0 Vendor: Hitachi_ BB2O Size: 114473MB BusType: 3
00:20:32.249 Disk 0 MBR read successfully
00:20:32.265 Disk 0 MBR scan
00:20:32.265 Disk 0 Windows VISTA default MBR code
00:20:32.312 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
00:20:32.327 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
00:20:32.359 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 101593 MB offset 21133312
00:20:32.359 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 229195776
00:20:32.437 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 229197824
00:20:32.437 Disk 0 scanning sectors +234438656
00:20:32.499 Disk 0 scanning C:\Windows\system32\drivers
00:20:44.776 Service scanning
00:21:19.221 Modules scanning
00:21:31.311 Disk 0 trace - called modules:
00:21:31.358 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
00:21:31.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859167c8]
00:21:31.358 3 CLASSPNP.SYS[8859e8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e02030]
00:21:37.021 AVAST engine scan C:\Windows
00:21:43.931 AVAST engine scan C:\Windows\system32
00:25:31.613 AVAST engine scan C:\Windows\system32\drivers
00:25:46.995 AVAST engine scan C:\Users\Patrick
00:34:13.480 AVAST engine scan C:\ProgramData
00:37:13.925 Scan finished successfully
00:43:26.391 Disk 0 MBR has been saved successfully to "C:\Users\Patrick\Desktop\MBR.dat"
00:43:26.391 The log file has been saved successfully to "C:\Users\Patrick\Desktop\aswMBR.txt"

#6 PatrickM.

PatrickM.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 08 August 2012 - 01:33 AM

running ESET, will post results in the morning.

#7 PatrickM.

PatrickM.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 08 August 2012 - 08:50 AM

Results of ESET scan:

C:\Windows\System32\services.exe Win32/Sirefef.FB.Gen trojan unable to clean

#8 PatrickM.

PatrickM.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 08 August 2012 - 08:52 AM

Update:

I seem to have acquired an even stronger rootkit. It is comprised of two empty folders called "L" and "U", a system file called "@" and a system file called "n". All files but "n" were deleted. Any attempt to unlock or delete "n" results in blue screen and malwarebytes is unable to remove it.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:36 PM

Posted 08 August 2012 - 08:53 AM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{592b4cac-6dda-08f8-729e-e69892c21e95}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#10 PatrickM.

PatrickM.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 08 August 2012 - 11:23 AM

Results of Systemlook scan:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:04 on 08/08/2012 by Patrick
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 279552 bytes [04:59 20/10/2009] [06:27 11/04/2009] 8737764F4FD36D6808EE80578409C843
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe --a---- 279552 bytes [08:35 02/11/2006] [09:45 02/11/2006] 329CF3C97CE4C19375C8ABCABAE258B0
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [11:31 11/09/2008] [07:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [04:59 20/10/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

========== folderfind ==========

Searching for "{592b4cac-6dda-08f8-729e-e69892c21e95}"
No folders found.

-= EOF =-

#11 PatrickM.

PatrickM.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 08 August 2012 - 03:52 PM

Results from Minitoolbox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Patrick (administrator) on 08-08-2012 at 15:50:13
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 1

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1390 WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Patrick-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : austin.rr.com
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1D-09-B8-29-3C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1390 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-1E-4C-67-C9-3B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f459:4439:e246:547b%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 08, 2012 3:48:11 PM
Lease Expires . . . . . . . . . . : Wednesday, August 08, 2012 4:48:10 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 167779916
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-F7-46-52-00-1D-09-B8-29-3C
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.austin.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{3E55B4B0-58AE-4F0C-B472-423C1B180D46}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4000:801::1003
74.125.227.73
74.125.227.78
74.125.227.64
74.125.227.65
74.125.227.66
74.125.227.67
74.125.227.68
74.125.227.69
74.125.227.70
74.125.227.71
74.125.227.72



Pinging google.com [74.125.227.7] with 32 bytes of data:

Reply from 74.125.227.7: bytes=32 time=35ms TTL=51

Reply from 74.125.227.7: bytes=32 time=31ms TTL=51



Ping statistics for 74.125.227.7:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 35ms, Average = 33ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=26ms TTL=54

Reply from 209.191.122.70: bytes=32 time=17ms TTL=54



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 26ms, Average = 21ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1d 09 b8 29 3c ...... Broadcom 440x 10/100 Integrated Controller
10 ...00 1e 4c 67 c9 3b ...... Dell Wireless 1390 WLAN Mini-Card
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
26 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
28 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
22 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
18 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
19 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
23 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
24 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
25 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
29 ...00 00 00 00 00 00 00 e0 isatap.austin.rr.com
30 ...00 00 00 00 00 00 00 e0 isatap.{3E55B4B0-58AE-4F0C-B472-423C1B180D46}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.10 281
192.168.0.10 255.255.255.255 On-link 192.168.0.10 281
192.168.0.255 255.255.255.255 On-link 192.168.0.10 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.10 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.10 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::f459:4439:e246:547b/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/08/2012 03:48:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2012 03:48:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2012 03:48:39 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/08/2012 00:58:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2012 00:58:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2012 00:57:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2012 00:53:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2012 00:53:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2012 00:51:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2012 11:28:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/08/2012 03:48:49 PM) (Source: Service Control Manager) (User: )
Description: aswSnx
aswSP
aswTdi
is3srv
spldr
Wanarpv6

Error: (08/08/2012 03:48:49 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (08/08/2012 03:48:43 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/08/2012 03:48:39 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/08/2012 03:48:30 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/08/2012 00:57:16 PM) (Source: Print) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Dell Photo AIO Printer 926 with shared resource name Dell Photo AIO Printer 926. Error 1753. The printer cannot be used by others on the network.

Error: (08/08/2012 00:56:51 PM) (Source: Service Control Manager) (User: )
Description: is3srv

Error: (08/08/2012 00:56:51 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (08/08/2012 00:55:12 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:54:08 PM on 8/8/2012 was unexpected.

Error: (08/08/2012 00:50:54 PM) (Source: Service Control Manager) (User: )
Description: is3srv


Microsoft Office Sessions:
=========================
Error: (08/08/2012 03:48:52 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\AVAST Software\Avast\AvastUI.exe

Error: (08/08/2012 03:48:52 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\AVAST Software\Avast\AvastUI.exe

Error: (08/08/2012 03:48:39 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/08/2012 00:58:56 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\AVAST Software\Avast\AvastUI.exe

Error: (08/08/2012 00:58:56 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\AVAST Software\Avast\AvastUI.exe

Error: (08/08/2012 00:57:27 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\AVAST Software\Avast\AvastUI.exe

Error: (08/08/2012 00:53:27 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\AVAST Software\Avast\AvastUI.exe

Error: (08/08/2012 00:53:27 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\AVAST Software\Avast\AvastUI.exe

Error: (08/08/2012 00:51:47 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\AVAST Software\Avast\AvastUI.exe

Error: (08/08/2012 11:28:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\AVAST Software\Avast\AvastUI.exe


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.1784.41616)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Adobe Reader 8.3.0 (Version: 8.3.0)
Alarm Clock v1.0
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (Version: 1.2.0.20007)
ASPCA TriMini Reminder by We-Care.com v5.0.2.1 (Version: 5.0.2.1)
AT&T Communication Manager (Version: 6.6.10.0)
avast! Free Antivirus (Version: 7.0.1456.0)
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
BitTorrent (Version: 6.0.3)
BitTorrent (Version: 7.2.1)
Bonjour (Version: 3.0.0.2)
Broadcom Management Programs (Version: 10.15.03)
Browser Address Error Redirector (Version: 1.00.0000)
Canon MF4100 Series
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Dell Automated PC TuneUp (Version: 1.0.3085)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Network Assistant (Version: 3.0.0.0)
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell Touchpad (Version: 9.1.18.6)
Dell Wireless WLAN Card (Version: 4.102.15.61)
Digital Line Detect (Version: 1.21)
ESET Online Scanner v3
FileASSASSIN (Version: 1.06)
Freeciv 2.3.2 (GTK+ client)
FreeKapture 2.00 - Freeware
GOM Player (Version: 2.1.33.5071)
Google Chrome (Version: 21.0.1180.60)
Google Desktop (Version: 5.7.0806.10245)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 7 (Version: 2.1.6860)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
Google Update Helper (Version: 1.3.21.115)
Google Updater (Version: 2.4.2432.1652)
iS3 STOPzilla Toolbar (Version: 1.0.0)
iTunes (Version: 10.4.1.10)
Japanese Fonts Support For Adobe Reader 8 (Version: 8.0)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee Security Scan Plus (Version: 2.0.181.2)
MediaDirect (Version: 4.7)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Compatibility Toolkit 5.5 (Version: 5.5.0)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 08.05.0818)
Modem Diagnostic Tool (Version: 1.0.20.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MP3Torpedo (Version: 5.6.4.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.44)
Nokia Connectivity Adapter Cable DKU-5
NVIDIA Drivers
OutlookAddinSetup (Version: 1.0.0)
PlayItAll media player 1.0.5 (Version: 1.0.5)
Product Documentation Launcher (Version: 1.00.0000)
QualxServ Service Agreement (Version: 1.11.0000)
QuickSet (Version: 8.0.13)
QuickTime (Version: 7.70.80.34)
Safari (Version: 5.31.22.7)
Sid Meier's Civilization 4 (Version: 1.61)
Sid Meier's Civilization 4 (Version: 1.74)
Starcraft
STOPzilla (Version: 5.0.69.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Videora iPod Converter 6 (Version: 6)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
WinRAR archiver
Xvid Video Codec (Version: 1.3.2)
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)
YouTube Downloader App 3.00 (Version: 3.00)
Zune (Version: 04.02.0202.00)
Zune Language Pack (DE) (Version: 04.02.0202.00)
Zune Language Pack (ES) (Version: 04.02.0202.00)
Zune Language Pack (FR) (Version: 04.02.0202.00)
Zune Language Pack (IT) (Version: 04.02.0202.00)

========================= Memory info: ===================================

Percentage of memory in use: 23%
Total physical RAM: 2045.45 MB
Available physical RAM: 1561.43 MB
Total Pagefile: 4326.18 MB
Available Pagefile: 4017.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.13 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:99.21 GB) (Free:18.16 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.19 GB) NTFS

========================= Users: ========================================

User accounts for \\PATRICK-PC

Administrator Guest Patrick


**** End of log ****

#12 PatrickM.

PatrickM.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 08 August 2012 - 03:54 PM

FSS Log:

Farbar Service Scanner Version: 06-08-2012
Ran by Patrick (administrator) on 08-08-2012 at 15:53:35
Running from "C:\Users\Patrick\Downloads"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-09-11 06:31] - [2008-01-19 02:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#13 PatrickM.

PatrickM.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 08 August 2012 - 06:20 PM

Adware Cleaner results:

# AdwCleaner v1.800 - Logfile created 08/08/2012 at 18:07:53
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Patrick - PATRICK-PC
# Running from : C:\Users\Patrick\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19154

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\bg8xv7bo.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [25759 octets] - [08/08/2012 15:55:10]
AdwCleaner[S2].txt - [1056 octets] - [08/08/2012 17:56:03]
AdwCleaner[S3].txt - [1116 octets] - [08/08/2012 18:03:11]
AdwCleaner[S4].txt - [1048 octets] - [08/08/2012 18:07:53]

########## EOF - C:\AdwCleaner[S4].txt - [1176 octets] ##########

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:36 PM

Posted 09 August 2012 - 12:44 AM

Press Windows+R key and type

notepad and click ok
copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:services.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Restart the PC

Download

http://download.bleepingcomputer.com/win-services/vista/MpsSvc.reg
http://download.bleepingcomputer.com/win-services/vista/BITS.reg
http://download.bleepingcomputer.com/win-services/vista/wuauserv.reg
http://download.bleepingcomputer.com/win-services/vista/SharedAccess.reg

Launch them ,click YES

Restart the PC

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#15 PatrickM.

PatrickM.
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 09 August 2012 - 10:57 PM

Here is the FSS Log after following the steps:

Farbar Service Scanner Version: 06-08-2012
Ran by Patrick (administrator) on 09-08-2012 at 22:56:25
Running from "C:\Users\Patrick\Downloads"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-09-11 06:31] - [2008-01-19 02:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users