Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Luhe.Sirefef.A & Trojan Generic_r.BAT


  • This topic is locked This topic is locked
34 replies to this topic

#1 bombus

bombus

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 11 August 2012 - 06:28 AM

Yesterday, during surfing on the web, the Anti virus (AVG free) reported the presence of some malwares and with Process explorer I noticed that two new and strange processes were running. I suddenly killed them but the subsequent scanning with AVG reported the infection with three malwares:

C:\Windows\explorer.exe (3720)";"Trojan Generic_r.BAT";"Eliminato"
C:\Windows\explorer.exe (3720):\memory_04150000";"Rilevato Luhe.Sirefef.A";"Infetto
C:\Windows\explorer.exe (3720):\memory_02da0000";"Trojan Generic_r.BAT";"Infetto"

Unfortunately AVG didn't suceed in removing the last two

AVG anti-Rootkit free didn't find anything so far.

Apparently the pc is working normally without any apparent signs of malfunction.

VISTA Home Premium Service Pack2
Internet Explorer 9.08.8112,16421
Java Version 6 Update 31 (build 1.6.0_31-b05)
AV: AVG Anti-Virus Free Edition 2012 Enabled/Updated

Could you be so polite to give me a hand?

Thanks

BC AdBot (Login to Remove)

 


#2 bombus

bombus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 11 August 2012 - 07:20 AM

A little update:

Scanning again the pc with AVG free reported the following infections:

C:\Windows\explorer.exe (3456):\memory_04700000";"Rilevato Luhe.Sirefef.A";"L'oggetto non è accessibile." (the object is not accessible)
C:\Windows\explorer.exe (3456):\memory_046f0000";"Trojan Generic_r.BAT";"L'oggetto non è accessibile." (the object is not accessible)
C:\Windows\explorer.exe (3456)";"Trojan BackDoor.Generic15.BPXK";"Infetto" (Infected)
C:\Users\User\AppData\Local\{37e92e47-8005-8f16-6f41-aa9eb173f049}\n";"Trojan BackDoor.Generic15.BPXK";"Infetto" (Infected)
C:\Users\User\AppData\Local\{37e92e47-8005-8f16-6f41-aa9eb173f049}\n";"Trojan BackDoor.Generic15.BPXK";"Infetto" (Infected)

I am asking what is happening in my pc?

Thanks again

Edited by bombus, 11 August 2012 - 07:21 AM.


#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:32 AM

Posted 11 August 2012 - 08:45 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 bombus

bombus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 11 August 2012 - 10:58 AM

First of all many thanks.
Then I have to stress that approximately one hour ago 4 pop-ups from Windows appeared telling that the host process for Windows services has stopped working! Moreover, Process Explorer reported a svchost process starting running again and again and now also the process conime.exe has appeared. Can it be in relation to the infection?

TDSS KILLER LOG:

15:51:51.0820 4792 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:51:52.0023 4792 ============================================================
15:51:52.0023 4792 Current date / time: 2012/08/11 15:51:52.0023
15:51:52.0023 4792 SystemInfo:
15:51:52.0023 4792
15:51:52.0023 4792 OS Version: 6.0.6002 ServicePack: 2.0
15:51:52.0023 4792 Product type: Workstation
15:51:52.0023 4792 ComputerName: PC-USER
15:51:52.0023 4792 UserName: User
15:51:52.0023 4792 Windows directory: C:\Windows
15:51:52.0023 4792 System windows directory: C:\Windows
15:51:52.0023 4792 Processor architecture: Intel x86
15:51:52.0023 4792 Number of processors: 2
15:51:52.0023 4792 Page size: 0x1000
15:51:52.0023 4792 Boot type: Normal boot
15:51:52.0023 4792 ============================================================
15:51:52.0507 4792 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:51:52.0507 4792 ============================================================
15:51:52.0507 4792 \Device\Harddisk0\DR0:
15:51:52.0507 4792 MBR partitions:
15:51:52.0507 4792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x12AD4000
15:51:52.0507 4792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12DC2800, BlocksNum 0x1266B800
15:51:52.0507 4792 ============================================================
15:51:52.0538 4792 C: <-> \Device\Harddisk0\DR0\Partition0
15:51:52.0600 4792 E: <-> \Device\Harddisk0\DR0\Partition1
15:51:52.0600 4792 ============================================================
15:51:52.0600 4792 Initialize success
15:51:52.0600 4792 ============================================================
15:52:09.0760 1388 ============================================================
15:52:09.0760 1388 Scan started
15:52:09.0760 1388 Mode: Manual; TDLFS;
15:52:09.0760 1388 ============================================================
15:52:11.0960 1388 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:52:11.0976 1388 ACPI - ok
15:52:12.0054 1388 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:52:12.0069 1388 AdobeFlashPlayerUpdateSvc - ok
15:52:12.0194 1388 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:52:12.0194 1388 adp94xx - ok
15:52:12.0241 1388 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:52:12.0241 1388 adpahci - ok
15:52:12.0272 1388 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:52:12.0272 1388 adpu160m - ok
15:52:12.0319 1388 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:52:12.0319 1388 adpu320 - ok
15:52:12.0366 1388 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:52:12.0366 1388 AeLookupSvc - ok
15:52:12.0397 1388 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:52:12.0397 1388 AFD - ok
15:52:12.0444 1388 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
15:52:12.0444 1388 AgereModemAudio - ok
15:52:12.0522 1388 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
15:52:12.0537 1388 AgereSoftModem - ok
15:52:12.0584 1388 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:52:12.0584 1388 agp440 - ok
15:52:12.0615 1388 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:52:12.0615 1388 aic78xx - ok
15:52:12.0646 1388 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:52:12.0646 1388 ALG - ok
15:52:12.0678 1388 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:52:12.0678 1388 aliide - ok
15:52:12.0709 1388 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:52:12.0709 1388 amdagp - ok
15:52:12.0740 1388 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:52:12.0740 1388 amdide - ok
15:52:12.0756 1388 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:52:12.0756 1388 AmdK7 - ok
15:52:12.0802 1388 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:52:12.0802 1388 AmdK8 - ok
15:52:12.0849 1388 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:52:12.0849 1388 Appinfo - ok
15:52:12.0880 1388 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:52:12.0880 1388 arc - ok
15:52:12.0912 1388 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:52:12.0912 1388 arcsas - ok
15:52:13.0021 1388 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:52:13.0021 1388 aspnet_state - ok
15:52:13.0052 1388 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:52:13.0052 1388 AsyncMac - ok
15:52:13.0068 1388 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:52:13.0068 1388 atapi - ok
15:52:13.0161 1388 athr (997e25f5b7d53c94c0ad2dc080f6868e) C:\Windows\system32\DRIVERS\athr.sys
15:52:13.0177 1388 athr - ok
15:52:13.0224 1388 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:52:13.0239 1388 AudioEndpointBuilder - ok
15:52:13.0239 1388 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:52:13.0239 1388 Audiosrv - ok
15:52:13.0302 1388 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\Windows\system32\DRIVERS\avgarkt.sys
15:52:13.0302 1388 AVG Anti-Rootkit - ok
15:52:13.0333 1388 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\Windows\system32\DRIVERS\AvgArCln.sys
15:52:13.0333 1388 AvgArCln - ok
15:52:13.0598 1388 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
15:52:13.0692 1388 AVGIDSAgent - ok
15:52:13.0816 1388 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:52:13.0816 1388 AVGIDSDriver - ok
15:52:13.0848 1388 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:52:13.0863 1388 AVGIDSEH - ok
15:52:13.0879 1388 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:52:13.0894 1388 AVGIDSFilter - ok
15:52:13.0910 1388 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
15:52:13.0910 1388 AVGIDSShim - ok
15:52:13.0972 1388 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
15:52:13.0972 1388 Avgldx86 - ok
15:52:13.0988 1388 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
15:52:13.0988 1388 Avgmfx86 - ok
15:52:14.0050 1388 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
15:52:14.0050 1388 Avgrkx86 - ok
15:52:14.0082 1388 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
15:52:14.0082 1388 Avgtdix - ok
15:52:14.0160 1388 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:52:14.0160 1388 avgwd - ok
15:52:14.0206 1388 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:52:14.0206 1388 Beep - ok
15:52:14.0253 1388 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:52:14.0253 1388 BFE - ok
15:52:14.0331 1388 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
15:52:14.0331 1388 BITS - ok
15:52:14.0362 1388 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:52:14.0362 1388 blbdrive - ok
15:52:14.0394 1388 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:52:14.0394 1388 bowser - ok
15:52:14.0440 1388 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:52:14.0440 1388 BrFiltLo - ok
15:52:14.0456 1388 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:52:14.0456 1388 BrFiltUp - ok
15:52:14.0503 1388 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:52:14.0503 1388 Browser - ok
15:52:14.0534 1388 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:52:14.0534 1388 Brserid - ok
15:52:14.0565 1388 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:52:14.0565 1388 BrSerWdm - ok
15:52:14.0581 1388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:52:14.0596 1388 BrUsbMdm - ok
15:52:14.0612 1388 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:52:14.0612 1388 BrUsbSer - ok
15:52:14.0643 1388 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:52:14.0643 1388 BTHMODEM - ok
15:52:14.0690 1388 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:52:14.0690 1388 cdfs - ok
15:52:14.0706 1388 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:52:14.0721 1388 cdrom - ok
15:52:14.0752 1388 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:52:14.0752 1388 CertPropSvc - ok
15:52:14.0799 1388 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:52:14.0799 1388 circlass - ok
15:52:14.0830 1388 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:52:14.0846 1388 CLFS - ok
15:52:14.0908 1388 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:52:14.0924 1388 clr_optimization_v2.0.50727_32 - ok
15:52:14.0986 1388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:52:14.0986 1388 clr_optimization_v4.0.30319_32 - ok
15:52:15.0049 1388 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:52:15.0049 1388 CmBatt - ok
15:52:15.0096 1388 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:52:15.0096 1388 cmdide - ok
15:52:15.0111 1388 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:52:15.0111 1388 Compbatt - ok
15:52:15.0111 1388 COMSysApp - ok
15:52:15.0205 1388 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
15:52:15.0205 1388 ConfigFree Service - ok
15:52:15.0236 1388 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:52:15.0236 1388 crcdisk - ok
15:52:15.0252 1388 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:52:15.0252 1388 Crusoe - ok
15:52:15.0298 1388 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:52:15.0314 1388 CryptSvc - ok
15:52:15.0361 1388 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:52:15.0376 1388 DcomLaunch - ok
15:52:15.0408 1388 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:52:15.0408 1388 DfsC - ok
15:52:15.0517 1388 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:52:15.0532 1388 DFSR - ok
15:52:15.0657 1388 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:52:15.0657 1388 Dhcp - ok
15:52:15.0720 1388 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:52:15.0720 1388 disk - ok
15:52:15.0751 1388 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:52:15.0751 1388 Dnscache - ok
15:52:15.0798 1388 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:52:15.0798 1388 dot3svc - ok
15:52:15.0844 1388 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:52:15.0844 1388 DPS - ok
15:52:15.0876 1388 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:52:15.0876 1388 drmkaud - ok
15:52:15.0907 1388 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:52:15.0907 1388 dtsoftbus01 - ok
15:52:15.0969 1388 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:52:15.0985 1388 DXGKrnl - ok
15:52:16.0016 1388 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:52:16.0016 1388 E1G60 - ok
15:52:16.0063 1388 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:52:16.0078 1388 EapHost - ok
15:52:16.0125 1388 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:52:16.0125 1388 Ecache - ok
15:52:16.0188 1388 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:52:16.0203 1388 ehRecvr - ok
15:52:16.0219 1388 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:52:16.0219 1388 ehSched - ok
15:52:16.0234 1388 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:52:16.0234 1388 ehstart - ok
15:52:16.0281 1388 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:52:16.0297 1388 elxstor - ok
15:52:16.0359 1388 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:52:16.0375 1388 EMDMgmt - ok
15:52:16.0406 1388 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:52:16.0406 1388 ErrDev - ok
15:52:16.0437 1388 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:52:16.0453 1388 EventSystem - ok
15:52:16.0500 1388 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:52:16.0500 1388 exfat - ok
15:52:16.0531 1388 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:52:16.0531 1388 fastfat - ok
15:52:16.0578 1388 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:52:16.0578 1388 fdc - ok
15:52:16.0593 1388 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:52:16.0609 1388 fdPHost - ok
15:52:16.0609 1388 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:52:16.0609 1388 FDResPub - ok
15:52:16.0640 1388 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:52:16.0640 1388 FileInfo - ok
15:52:16.0671 1388 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:52:16.0671 1388 Filetrace - ok
15:52:16.0702 1388 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:16.0702 1388 flpydisk - ok
15:52:16.0734 1388 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:52:16.0734 1388 FltMgr - ok
15:52:16.0827 1388 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:52:16.0843 1388 FontCache - ok
15:52:16.0921 1388 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:52:16.0921 1388 FontCache3.0.0.0 - ok
15:52:16.0952 1388 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
15:52:16.0952 1388 fssfltr - ok
15:52:17.0139 1388 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:52:17.0170 1388 fsssvc - ok
15:52:17.0280 1388 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:52:17.0280 1388 Fs_Rec - ok
15:52:17.0326 1388 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
15:52:17.0326 1388 FwLnk - ok
15:52:17.0358 1388 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:52:17.0358 1388 gagp30kx - ok
15:52:17.0404 1388 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
15:52:17.0404 1388 giveio - ok
15:52:17.0467 1388 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:52:17.0482 1388 gpsvc - ok
15:52:17.0576 1388 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:52:17.0576 1388 gupdate - ok
15:52:17.0607 1388 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:52:17.0607 1388 gupdatem - ok
15:52:17.0654 1388 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:52:17.0670 1388 gusvc - ok
15:52:17.0716 1388 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:52:17.0732 1388 HdAudAddService - ok
15:52:17.0779 1388 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:52:17.0794 1388 HDAudBus - ok
15:52:17.0826 1388 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:52:17.0826 1388 HidBth - ok
15:52:17.0841 1388 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:52:17.0841 1388 HidIr - ok
15:52:17.0872 1388 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
15:52:17.0872 1388 hidserv - ok
15:52:17.0904 1388 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:52:17.0904 1388 HidUsb - ok
15:52:17.0935 1388 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:52:17.0935 1388 hkmsvc - ok
15:52:17.0982 1388 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:52:17.0982 1388 HpCISSs - ok
15:52:18.0013 1388 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:52:18.0028 1388 HTTP - ok
15:52:18.0044 1388 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:52:18.0044 1388 i2omp - ok
15:52:18.0091 1388 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:52:18.0091 1388 i8042prt - ok
15:52:18.0138 1388 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
15:52:18.0153 1388 iaStor - ok
15:52:18.0169 1388 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:52:18.0169 1388 iaStorV - ok
15:52:18.0278 1388 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:52:18.0294 1388 idsvc - ok
15:52:18.0434 1388 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:52:18.0481 1388 igfx - ok
15:52:18.0574 1388 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:52:18.0574 1388 iirsp - ok
15:52:18.0621 1388 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:52:18.0637 1388 IKEEXT - ok
15:52:18.0762 1388 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
15:52:18.0777 1388 IntcAzAudAddService - ok
15:52:18.0886 1388 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:52:18.0902 1388 intelide - ok
15:52:18.0933 1388 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:52:18.0933 1388 intelppm - ok
15:52:18.0964 1388 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:52:18.0964 1388 IPBusEnum - ok
15:52:18.0996 1388 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:18.0996 1388 IpFilterDriver - ok
15:52:19.0027 1388 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
15:52:19.0027 1388 iphlpsvc - ok
15:52:19.0042 1388 IpInIp - ok
15:52:19.0074 1388 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:52:19.0074 1388 IPMIDRV - ok
15:52:19.0105 1388 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:52:19.0105 1388 IPNAT - ok
15:52:19.0136 1388 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:52:19.0136 1388 IRENUM - ok
15:52:19.0152 1388 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:52:19.0152 1388 isapnp - ok
15:52:19.0198 1388 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:52:19.0198 1388 iScsiPrt - ok
15:52:19.0230 1388 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:52:19.0230 1388 iteatapi - ok
15:52:19.0261 1388 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:52:19.0261 1388 iteraid - ok
15:52:19.0386 1388 jswpsapi (957135960e7533ea5c7ea0bfb34f8efd) C:\Program Files\Jumpstart\jswpsapi.exe
15:52:19.0401 1388 jswpsapi - ok
15:52:19.0432 1388 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
15:52:19.0432 1388 jswpslwf - ok
15:52:19.0448 1388 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:52:19.0448 1388 kbdclass - ok
15:52:19.0464 1388 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
15:52:19.0464 1388 kbdhid - ok
15:52:19.0495 1388 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:52:19.0495 1388 KeyIso - ok
15:52:19.0542 1388 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:52:19.0542 1388 KSecDD - ok
15:52:19.0588 1388 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:52:19.0588 1388 KtmRm - ok
15:52:19.0620 1388 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
15:52:19.0635 1388 LanmanServer - ok
15:52:19.0682 1388 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:52:19.0682 1388 LanmanWorkstation - ok
15:52:19.0713 1388 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:52:19.0713 1388 lltdio - ok
15:52:19.0744 1388 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:52:19.0760 1388 lltdsvc - ok
15:52:19.0776 1388 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:52:19.0776 1388 lmhosts - ok
15:52:19.0807 1388 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:52:19.0807 1388 LSI_FC - ok
15:52:19.0822 1388 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:52:19.0838 1388 LSI_SAS - ok
15:52:19.0869 1388 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:52:19.0869 1388 LSI_SCSI - ok
15:52:19.0900 1388 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:52:19.0900 1388 luafv - ok
15:52:19.0932 1388 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:52:19.0932 1388 Mcx2Svc - ok
15:52:19.0963 1388 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:52:19.0963 1388 megasas - ok
15:52:20.0025 1388 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:52:20.0041 1388 MegaSR - ok
15:52:20.0150 1388 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:52:20.0150 1388 Microsoft Office Groove Audit Service - ok
15:52:20.0181 1388 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:52:20.0181 1388 MMCSS - ok
15:52:20.0197 1388 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:52:20.0197 1388 Modem - ok
15:52:20.0228 1388 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:52:20.0228 1388 monitor - ok
15:52:20.0244 1388 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:52:20.0244 1388 mouclass - ok
15:52:20.0259 1388 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:52:20.0259 1388 mouhid - ok
15:52:20.0306 1388 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:52:20.0306 1388 MountMgr - ok
15:52:20.0322 1388 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:52:20.0322 1388 mpio - ok
15:52:20.0337 1388 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:52:20.0337 1388 mpsdrv - ok
15:52:20.0400 1388 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:52:20.0400 1388 MpsSvc - ok
15:52:20.0431 1388 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:52:20.0431 1388 Mraid35x - ok
15:52:20.0462 1388 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:52:20.0462 1388 MRxDAV - ok
15:52:20.0493 1388 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:52:20.0493 1388 mrxsmb - ok
15:52:20.0524 1388 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:52:20.0540 1388 mrxsmb10 - ok
15:52:20.0540 1388 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:52:20.0556 1388 mrxsmb20 - ok
15:52:20.0587 1388 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
15:52:20.0587 1388 msahci - ok
15:52:20.0602 1388 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:52:20.0618 1388 msdsm - ok
15:52:20.0649 1388 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:52:20.0649 1388 MSDTC - ok
15:52:20.0696 1388 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:52:20.0696 1388 Msfs - ok
15:52:20.0727 1388 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:52:20.0727 1388 msisadrv - ok
15:52:20.0758 1388 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:52:20.0758 1388 MSiSCSI - ok
15:52:20.0774 1388 msiserver - ok
15:52:20.0821 1388 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:52:20.0821 1388 MSKSSRV - ok
15:52:20.0836 1388 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:52:20.0836 1388 MSPCLOCK - ok
15:52:20.0852 1388 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:52:20.0852 1388 MSPQM - ok
15:52:20.0899 1388 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:52:20.0899 1388 MsRPC - ok
15:52:20.0930 1388 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:52:20.0930 1388 mssmbios - ok
15:52:20.0977 1388 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:52:20.0977 1388 MSTEE - ok
15:52:21.0008 1388 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:52:21.0008 1388 Mup - ok
15:52:21.0039 1388 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:52:21.0055 1388 napagent - ok
15:52:21.0086 1388 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:52:21.0086 1388 NativeWifiP - ok
15:52:21.0164 1388 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:52:21.0164 1388 NDIS - ok
15:52:21.0195 1388 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:52:21.0195 1388 NdisTapi - ok
15:52:21.0211 1388 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:52:21.0211 1388 Ndisuio - ok
15:52:21.0258 1388 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:52:21.0258 1388 NdisWan - ok
15:52:21.0289 1388 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:52:21.0289 1388 NDProxy - ok
15:52:21.0304 1388 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:52:21.0304 1388 NetBIOS - ok
15:52:21.0336 1388 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:52:21.0351 1388 netbt - ok
15:52:21.0367 1388 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:52:21.0367 1388 Netlogon - ok
15:52:21.0398 1388 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:52:21.0398 1388 Netman - ok
15:52:21.0492 1388 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:52:21.0507 1388 NetMsmqActivator - ok
15:52:21.0507 1388 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:52:21.0507 1388 NetPipeActivator - ok
15:52:21.0554 1388 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:52:21.0554 1388 netprofm - ok
15:52:21.0554 1388 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:52:21.0554 1388 NetTcpActivator - ok
15:52:21.0570 1388 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:52:21.0570 1388 NetTcpPortSharing - ok
15:52:21.0601 1388 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:52:21.0601 1388 nfrd960 - ok
15:52:21.0632 1388 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:52:21.0648 1388 NlaSvc - ok
15:52:21.0679 1388 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:52:21.0679 1388 Npfs - ok
15:52:21.0710 1388 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:52:21.0710 1388 nsi - ok
15:52:21.0741 1388 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:52:21.0741 1388 nsiproxy - ok
15:52:21.0804 1388 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:52:21.0819 1388 Ntfs - ok
15:52:21.0835 1388 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:52:21.0835 1388 ntrigdigi - ok
15:52:21.0850 1388 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:52:21.0850 1388 Null - ok
15:52:21.0882 1388 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:52:21.0882 1388 nvraid - ok
15:52:21.0913 1388 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:52:21.0913 1388 nvstor - ok
15:52:21.0928 1388 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:52:21.0928 1388 nv_agp - ok
15:52:21.0944 1388 NwlnkFlt - ok
15:52:21.0944 1388 NwlnkFwd - ok
15:52:22.0053 1388 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:52:22.0053 1388 odserv - ok
15:52:22.0100 1388 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:52:22.0100 1388 ohci1394 - ok
15:52:22.0147 1388 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:52:22.0147 1388 ose - ok
15:52:22.0240 1388 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:52:22.0240 1388 p2pimsvc - ok
15:52:22.0256 1388 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:52:22.0256 1388 p2psvc - ok
15:52:22.0303 1388 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:52:22.0303 1388 Parport - ok
15:52:22.0334 1388 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:52:22.0334 1388 partmgr - ok
15:52:22.0350 1388 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:52:22.0350 1388 Parvdm - ok
15:52:22.0381 1388 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:52:22.0381 1388 PcaSvc - ok
15:52:22.0412 1388 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:52:22.0412 1388 pci - ok
15:52:22.0443 1388 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
15:52:22.0443 1388 pciide - ok
15:52:22.0459 1388 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:52:22.0474 1388 pcmcia - ok
15:52:22.0521 1388 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:52:22.0537 1388 PEAUTH - ok
15:52:22.0646 1388 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:52:22.0677 1388 pla - ok
15:52:22.0771 1388 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:52:22.0786 1388 PlugPlay - ok
15:52:22.0833 1388 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:52:22.0833 1388 PNRPAutoReg - ok
15:52:22.0849 1388 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:52:22.0849 1388 PNRPsvc - ok
15:52:22.0896 1388 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:52:22.0911 1388 PolicyAgent - ok
15:52:22.0974 1388 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:52:22.0974 1388 PptpMiniport - ok
15:52:22.0989 1388 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:52:22.0989 1388 Processor - ok
15:52:23.0036 1388 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:52:23.0052 1388 ProfSvc - ok
15:52:23.0083 1388 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:52:23.0083 1388 ProtectedStorage - ok
15:52:23.0114 1388 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:52:23.0114 1388 PSched - ok
15:52:23.0145 1388 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
15:52:23.0145 1388 PxHelp20 - ok
15:52:23.0239 1388 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:52:23.0254 1388 ql2300 - ok
15:52:23.0286 1388 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:52:23.0286 1388 ql40xx - ok
15:52:23.0332 1388 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:52:23.0332 1388 QWAVE - ok
15:52:23.0348 1388 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:52:23.0348 1388 QWAVEdrv - ok
15:52:23.0364 1388 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:52:23.0364 1388 RasAcd - ok
15:52:23.0395 1388 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:52:23.0410 1388 RasAuto - ok
15:52:23.0426 1388 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:23.0442 1388 Rasl2tp - ok
15:52:23.0473 1388 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:52:23.0488 1388 RasMan - ok
15:52:23.0520 1388 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:23.0520 1388 RasPppoe - ok
15:52:23.0535 1388 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:52:23.0535 1388 RasSstp - ok
15:52:23.0566 1388 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:52:23.0582 1388 rdbss - ok
15:52:23.0613 1388 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:23.0613 1388 RDPCDD - ok
15:52:23.0644 1388 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:52:23.0644 1388 rdpdr - ok
15:52:23.0644 1388 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:52:23.0660 1388 RDPENCDD - ok
15:52:23.0707 1388 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:52:23.0707 1388 RDPWD - ok
15:52:23.0754 1388 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:52:23.0769 1388 RemoteAccess - ok
15:52:23.0800 1388 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:52:23.0800 1388 RemoteRegistry - ok
15:52:23.0832 1388 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:52:23.0832 1388 RpcLocator - ok
15:52:23.0878 1388 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:52:23.0894 1388 RpcSs - ok
15:52:23.0925 1388 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:52:23.0925 1388 rspndr - ok
15:52:23.0956 1388 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:52:23.0972 1388 RTL8169 - ok
15:52:23.0988 1388 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
15:52:23.0988 1388 RTSTOR - ok
15:52:24.0003 1388 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:52:24.0019 1388 SamSs - ok
15:52:24.0034 1388 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:52:24.0034 1388 sbp2port - ok
15:52:24.0066 1388 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:52:24.0081 1388 SCardSvr - ok
15:52:24.0128 1388 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:52:24.0144 1388 Schedule - ok
15:52:24.0175 1388 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:52:24.0175 1388 SCPolicySvc - ok
15:52:24.0206 1388 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:52:24.0206 1388 SDRSVC - ok
15:52:24.0237 1388 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:52:24.0237 1388 secdrv - ok
15:52:24.0268 1388 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:52:24.0268 1388 seclogon - ok
15:52:24.0284 1388 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:52:24.0284 1388 SENS - ok
15:52:24.0300 1388 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:52:24.0300 1388 Serenum - ok
15:52:24.0346 1388 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:52:24.0346 1388 Serial - ok
15:52:24.0362 1388 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:52:24.0362 1388 sermouse - ok
15:52:24.0409 1388 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:52:24.0409 1388 SessionEnv - ok
15:52:24.0440 1388 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:52:24.0440 1388 sffdisk - ok
15:52:24.0471 1388 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:52:24.0471 1388 sffp_mmc - ok
15:52:24.0487 1388 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:52:24.0487 1388 sffp_sd - ok
15:52:24.0502 1388 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:52:24.0502 1388 sfloppy - ok
15:52:24.0549 1388 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:52:24.0549 1388 SharedAccess - ok
15:52:24.0596 1388 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:52:24.0596 1388 ShellHWDetection - ok
15:52:24.0627 1388 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:52:24.0627 1388 sisagp - ok
15:52:24.0674 1388 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:52:24.0674 1388 SiSRaid2 - ok
15:52:24.0705 1388 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:52:24.0705 1388 SiSRaid4 - ok
15:52:24.0939 1388 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:52:25.0002 1388 Skype C2C Service - ok
15:52:25.0095 1388 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
15:52:25.0095 1388 SkypeUpdate - ok
15:52:25.0360 1388 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:52:25.0438 1388 slsvc - ok
15:52:25.0563 1388 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:52:25.0563 1388 SLUINotify - ok
15:52:25.0672 1388 SmartFaceVWatchSrv (3566310df25ea5c3b2e9f50f5b50eac1) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
15:52:25.0672 1388 SmartFaceVWatchSrv - ok
15:52:25.0735 1388 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:52:25.0735 1388 Smb - ok
15:52:25.0782 1388 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:52:25.0782 1388 SNMPTRAP - ok
15:52:25.0828 1388 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
15:52:25.0828 1388 speedfan - ok
15:52:25.0860 1388 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:52:25.0860 1388 spldr - ok
15:52:25.0891 1388 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:52:25.0891 1388 Spooler - ok
15:52:25.0953 1388 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:52:25.0953 1388 srv - ok
15:52:25.0969 1388 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:52:25.0984 1388 srv2 - ok
15:52:26.0000 1388 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:52:26.0000 1388 srvnet - ok
15:52:26.0031 1388 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:52:26.0031 1388 SSDPSRV - ok
15:52:26.0094 1388 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:52:26.0094 1388 SstpSvc - ok
15:52:26.0140 1388 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:52:26.0156 1388 stisvc - ok
15:52:26.0172 1388 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:52:26.0187 1388 swenum - ok
15:52:26.0203 1388 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:52:26.0218 1388 swprv - ok
15:52:26.0250 1388 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:52:26.0250 1388 Symc8xx - ok
15:52:26.0265 1388 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:52:26.0281 1388 Sym_hi - ok
15:52:26.0296 1388 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:52:26.0296 1388 Sym_u3 - ok
15:52:26.0328 1388 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
15:52:26.0343 1388 SynTP - ok
15:52:26.0390 1388 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:52:26.0406 1388 SysMain - ok
15:52:26.0437 1388 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:52:26.0437 1388 TabletInputService - ok
15:52:26.0484 1388 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:52:26.0484 1388 TapiSrv - ok
15:52:26.0515 1388 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:52:26.0515 1388 TBS - ok
15:52:26.0577 1388 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:52:26.0593 1388 Tcpip - ok
15:52:26.0608 1388 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:52:26.0608 1388 Tcpip6 - ok
15:52:26.0640 1388 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:52:26.0640 1388 tcpipreg - ok
15:52:26.0671 1388 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
15:52:26.0686 1388 tdcmdpst - ok
15:52:26.0702 1388 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:52:26.0702 1388 TDPIPE - ok
15:52:26.0718 1388 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:52:26.0718 1388 TDTCP - ok
15:52:26.0764 1388 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:52:26.0764 1388 tdx - ok
15:52:26.0842 1388 TemproMonitoringService (e0a1a413fff2eac4950699d74a37bba8) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
15:52:26.0858 1388 TemproMonitoringService - ok
15:52:26.0874 1388 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:52:26.0889 1388 TermDD - ok
15:52:26.0936 1388 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:52:26.0936 1388 TermService - ok
15:52:26.0983 1388 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:52:26.0983 1388 Themes - ok
15:52:27.0014 1388 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:52:27.0014 1388 THREADORDER - ok
15:52:27.0092 1388 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
15:52:27.0092 1388 TNaviSrv - ok
15:52:27.0139 1388 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
15:52:27.0139 1388 TODDSrv - ok
15:52:27.0186 1388 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
15:52:27.0201 1388 TosCoSrv - ok
15:52:27.0217 1388 TOSHIBA SMART Log Service (dca621ce31ca604c762001883e385df8) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
15:52:27.0217 1388 TOSHIBA SMART Log Service - ok
15:52:27.0279 1388 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
15:52:27.0279 1388 tos_sps32 - ok
15:52:27.0310 1388 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:52:27.0310 1388 TrkWks - ok
15:52:27.0357 1388 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:52:27.0373 1388 TrustedInstaller - ok
15:52:27.0388 1388 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:27.0404 1388 tssecsrv - ok
15:52:27.0420 1388 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:52:27.0435 1388 tunmp - ok
15:52:27.0435 1388 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
15:52:27.0435 1388 tunnel - ok
15:52:27.0466 1388 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
15:52:27.0466 1388 TVALZ - ok
15:52:27.0498 1388 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:52:27.0513 1388 uagp35 - ok
15:52:27.0544 1388 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:52:27.0544 1388 udfs - ok
15:52:27.0591 1388 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:52:27.0591 1388 UI0Detect - ok
15:52:27.0654 1388 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
15:52:27.0654 1388 UleadBurningHelper - ok
15:52:27.0700 1388 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:52:27.0700 1388 uliagpkx - ok
15:52:27.0716 1388 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:52:27.0732 1388 uliahci - ok
15:52:27.0747 1388 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:52:27.0747 1388 UlSata - ok
15:52:27.0794 1388 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:52:27.0794 1388 ulsata2 - ok
15:52:27.0825 1388 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:52:27.0825 1388 umbus - ok
15:52:27.0872 1388 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:52:27.0872 1388 upnphost - ok
15:52:27.0919 1388 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:27.0934 1388 usbccgp - ok
15:52:27.0950 1388 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:52:27.0966 1388 usbcir - ok
15:52:27.0997 1388 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:52:27.0997 1388 usbehci - ok
15:52:28.0012 1388 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:52:28.0012 1388 usbhub - ok
15:52:28.0044 1388 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:52:28.0044 1388 usbohci - ok
15:52:28.0075 1388 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:52:28.0075 1388 usbprint - ok
15:52:28.0106 1388 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:28.0106 1388 USBSTOR - ok
15:52:28.0137 1388 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:52:28.0137 1388 usbuhci - ok
15:52:28.0168 1388 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:52:28.0184 1388 usbvideo - ok
15:52:28.0231 1388 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
15:52:28.0231 1388 UVCFTR - ok
15:52:28.0262 1388 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:52:28.0262 1388 UxSms - ok
15:52:28.0309 1388 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:52:28.0309 1388 vds - ok
15:52:28.0340 1388 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:28.0340 1388 vga - ok
15:52:28.0356 1388 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:52:28.0371 1388 VgaSave - ok
15:52:28.0387 1388 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:52:28.0387 1388 viaagp - ok
15:52:28.0418 1388 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:52:28.0418 1388 ViaC7 - ok
15:52:28.0449 1388 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:52:28.0449 1388 viaide - ok
15:52:28.0480 1388 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:52:28.0496 1388 volmgr - ok
15:52:28.0543 1388 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:52:28.0543 1388 volmgrx - ok
15:52:28.0590 1388 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:52:28.0590 1388 volsnap - ok
15:52:28.0621 1388 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:52:28.0636 1388 vsmraid - ok
15:52:28.0714 1388 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:52:28.0730 1388 VSS - ok
15:52:28.0995 1388 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
15:52:29.0026 1388 vToolbarUpdater11.2.0 - ok
15:52:29.0151 1388 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:52:29.0167 1388 W32Time - ok
15:52:29.0229 1388 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:52:29.0229 1388 WacomPen - ok
15:52:29.0245 1388 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:29.0245 1388 Wanarp - ok
15:52:29.0260 1388 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:29.0260 1388 Wanarpv6 - ok
15:52:29.0292 1388 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:52:29.0307 1388 wcncsvc - ok
15:52:29.0338 1388 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:52:29.0338 1388 WcsPlugInService - ok
15:52:29.0385 1388 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:52:29.0385 1388 Wd - ok
15:52:29.0416 1388 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:52:29.0432 1388 Wdf01000 - ok
15:52:29.0463 1388 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:52:29.0463 1388 WdiServiceHost - ok
15:52:29.0479 1388 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:52:29.0479 1388 WdiSystemHost - ok
15:52:29.0510 1388 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:52:29.0510 1388 WebClient - ok
15:52:29.0541 1388 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:52:29.0557 1388 Wecsvc - ok
15:52:29.0588 1388 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:52:29.0588 1388 wercplsupport - ok
15:52:29.0619 1388 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:52:29.0619 1388 WerSvc - ok
15:52:29.0713 1388 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:52:29.0713 1388 WinDefend - ok
15:52:29.0728 1388 WinHttpAutoProxySvc - ok
15:52:29.0822 1388 WinisoCDBus (2e099c98a64f891de47a28fb8b9455fc) C:\Windows\system32\drivers\WinisoCDBus.sys
15:52:29.0838 1388 WinisoCDBus - ok
15:52:29.0884 1388 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:52:29.0884 1388 Winmgmt - ok
15:52:29.0994 1388 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:52:30.0025 1388 WinRM - ok
15:52:30.0103 1388 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:52:30.0118 1388 Wlansvc - ok
15:52:30.0196 1388 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:52:30.0196 1388 wlcrasvc - ok
15:52:30.0446 1388 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:52:30.0493 1388 wlidsvc - ok
15:52:30.0602 1388 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
15:52:30.0602 1388 WmiAcpi - ok
15:52:30.0696 1388 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:52:30.0711 1388 wmiApSrv - ok
15:52:30.0820 1388 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:52:30.0836 1388 WMPNetworkSvc - ok
15:52:30.0883 1388 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:52:30.0883 1388 WPCSvc - ok
15:52:30.0930 1388 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:52:30.0930 1388 WPDBusEnum - ok
15:52:31.0070 1388 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:52:31.0086 1388 WPFFontCache_v0400 - ok
15:52:31.0148 1388 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:52:31.0148 1388 ws2ifsl - ok
15:52:31.0179 1388 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
15:52:31.0195 1388 wscsvc - ok
15:52:31.0195 1388 WSearch - ok
15:52:31.0351 1388 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:52:31.0382 1388 wuauserv - ok
15:52:31.0507 1388 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:31.0507 1388 WUDFRd - ok
15:52:31.0554 1388 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:52:31.0554 1388 wudfsvc - ok
15:52:31.0585 1388 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:52:32.0864 1388 \Device\Harddisk0\DR0 - ok
15:52:32.0895 1388 Boot (0x1200) (6e07e123bdd6644ab0cb85b98b00516f) \Device\Harddisk0\DR0\Partition0
15:52:32.0895 1388 \Device\Harddisk0\DR0\Partition0 - ok
15:52:32.0926 1388 Boot (0x1200) (d512637949e0752c3168cad457935d4f) \Device\Harddisk0\DR0\Partition1
15:52:32.0926 1388 \Device\Harddisk0\DR0\Partition1 - ok
15:52:32.0926 1388 ============================================================
15:52:32.0926 1388 Scan finished
15:52:32.0926 1388 ============================================================
15:52:32.0942 7124 Detected object count: 0
15:52:32.0942 7124 Actual detected object count: 0

aswMBR LOG:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 15:55:18
-----------------------------
15:55:18.710 OS Version: Windows 6.0.6002 Service Pack 2
15:55:18.710 Number of processors: 2 586 0x170A
15:55:18.710 ComputerName: PC-USER UserName: User
15:55:23.047 Initialize success
15:57:24.064 AVAST engine defs: 12081100
15:57:37.090 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:57:37.090 Disk 0 Vendor: TOSHIBA_ FG00 Size: 305245MB BusType: 3
15:57:37.122 Disk 0 MBR read successfully
15:57:37.122 Disk 0 MBR scan
15:57:37.122 Disk 0 Windows VISTA default MBR code
15:57:37.153 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:57:37.168 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 153000 MB offset 3074048
15:57:37.215 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150743 MB offset 316418048
15:57:37.246 Disk 0 scanning sectors +625139712
15:57:37.496 Disk 0 scanning C:\Windows\system32\drivers
15:57:50.148 Service scanning
15:58:37.930 Modules scanning
15:58:53.328 Disk 0 trace - called modules:
15:58:53.889 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:58:53.905 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869adac8]
15:58:53.905 3 CLASSPNP.SYS[82f128b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858be028]
15:58:54.732 AVAST engine scan C:\Windows
15:58:57.852 AVAST engine scan C:\Windows\system32
16:03:09.887 AVAST engine scan C:\Windows\system32\drivers
16:03:31.961 AVAST engine scan C:\Users\User
16:05:10.766 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\virus agosto\MBR.dat"
16:05:10.781 The log file has been saved successfully to "C:\Users\User\Desktop\virus agosto\aswMBRlog 11.08.2012 16.05.txt"

#5 bombus

bombus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 11 August 2012 - 11:00 AM

ESET online scanner LOG:

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N48L3Z58\remove-luhe-sirefef-a-removal-guide-how-to-remove-luhe-sirefef-a[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OFRJLAXA\download[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\User\AppData\Local\{37e92e47-8005-8f16-6f41-aa9eb173f049}\n Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\User\AppData\Local\{37e92e47-8005-8f16-6f41-aa9eb173f049}\U\00000004.@ Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\Users\User\AppData\Local\{37e92e47-8005-8f16-6f41-aa9eb173f049}\U\000000cb.@ Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\Users\User\AppData\Local\{37e92e47-8005-8f16-6f41-aa9eb173f049}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Users\User\AppData\Local\{37e92e47-8005-8f16-6f41-aa9eb173f049}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
E:\dati salvati\c\installer vari\Discjuggler\installer_discjuggler_6_00_1400_Italian.exe Win32/Toggle application cleaned by deleting - quarantined
E:\dati salvati\c\installer vari\YouTube Downloader\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
E:\dati salvati\c\installer vari\YouTube Downloader\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.FD trojan

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:32 AM

Posted 11 August 2012 - 11:07 AM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{37e92e47-8005-8f16-6f41-aa9eb173f049}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 bombus

bombus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 11 August 2012 - 11:15 AM

SystemLook LOG:


SystemLook 30.07.11 by jpshortstuff
Log created at 18:11 on 11/08/2012 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 279552 bytes [15:41 17/10/2010] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:24 21/01/2008] [02:24 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [15:41 17/10/2010] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

========== folderfind ==========

Searching for "{37e92e47-8005-8f16-6f41-aa9eb173f049}"
C:\Users\User\AppData\Local\{37e92e47-8005-8f16-6f41-aa9eb173f049} d--hs-- [10:12 11/01/2012]

-= EOF =-

#8 bombus

bombus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 11 August 2012 - 02:08 PM

MINI TOOLBOX LOG:

MiniToolBox by Farbar Version: 23-07-2012
Ran by User (administrator) on 11-08-2012 at 21:05:41
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configurazione IP di Windows

Cache del resolver DNS svuotata.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5007EG Wireless Network Adapter = Connessione rete wireless (Connected)
Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Connessione alla rete locale (LAN) (Media disconnected)


# ----------------------------------
# Configurazione IPv4
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Connessione alla rete locale (LAN)" nexthop=193.206.225.1
add address name="Connessione alla rete locale (LAN)" address=193.206.225.216


popd
# Fine configurazione IPv4



Configurazione IP di Windows

Nome host . . . . . . . . . . . . . . : PC-User
Suffisso DNS primario . . . . . . . . :
Tipo nodo . . . . . . . . . . . . . . : Ibrido
Routing IP abilitato. . . . . . . . . : No
Proxy WINS abilitato . . . . . . . . : No
Elenco di ricerca suffissi DNS. . . . : lan

Scheda LAN wireless Connessione rete wireless:

Suffisso DNS specifico per connessione: lan
Descrizione . . . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Indirizzo fisico. . . . . . . . . . . : 00-24-D2-4A-6B-9C
DHCP abilitato. . . . . . . . . . . . : S¨
Configurazione automatica abilitata : S¨
Indirizzo IPv6 locale rispetto al collegamento . : fe80::4c76:ce53:aabb:51c6%11(Preferenziale)
Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.74(Preferenziale)
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Lease ottenuto. . . . . . . . . . . . : sabato 11 agosto 2012 20.51.55
Scadenza lease . . . . . . . . . . . : domenica 12 agosto 2012 20.51.55
Gateway predefinito . . . . . . . . . : 192.168.1.254
Server DHCP . . . . . . . . . . . . . : 192.168.1.254
IAID DHCPv6 . . . . . . . . . . . : 268444882
DUID Client DHCPv6. . . . . . . . : 00-01-00-01-14-37-A9-C5-00-1E-33-AF-A1-B5
Server DNS . . . . . . . . . . . . . : 192.168.1.254
NetBIOS su TCP/IP . . . . . . . . . . : Attivato

Scheda Ethernet Connessione alla rete locale (LAN):

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Indirizzo fisico. . . . . . . . . . . : 00-1E-33-AF-A1-B5
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)*:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : isatap.homenet.telecomitalia.it
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)* 2:

Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Indirizzo fisico. . . . . . . . . . . : 02-00-54-55-4E-01
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨
Indirizzo IPv6 . . . . . . . . . . . . . . . . . : 2001:0:5ef5:79fb:3c35:3f2a:b1f0:5935(Preferenziale)
Indirizzo IPv6 locale rispetto al collegamento . : fe80::3c35:3f2a:b1f0:5935%12(Preferenziale)
Gateway predefinito . . . . . . . . . : ::
NetBIOS su TCP/IP . . . . . . . . . . : Disattivato

Scheda Tunnel Connessione alla rete locale (LAN)* 6:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione: lan
Descrizione . . . . . . . . . . . . . : isatap.lan
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)* 7:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : isatap.{319DFFAD-45BC-446E-8677-E3A769DE2AC0}
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨

Scheda Tunnel Connessione alla rete locale (LAN)* 11:

Stato supporto. . . . . . . . . . . . : Supporto disconnesso
Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : 6TO4 Adapter
Indirizzo fisico. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : S¨
Server: dsldevice.lan
Address: 192.168.1.254

Nome: google.com
Addresses: 2a00:1450:4002:802::1006
173.194.35.35
173.194.35.32
173.194.35.38
173.194.35.37
173.194.35.40
173.194.35.33
173.194.35.36
173.194.35.34
173.194.35.41
173.194.35.39
173.194.35.46



Esecuzione di Ping google.com [173.194.35.35] con 32 byte di dati:

Risposta da 173.194.35.35: byte=32 durata=28ms TTL=53

Risposta da 173.194.35.35: byte=32 durata=27ms TTL=53



Statistiche Ping per 173.194.35.35:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 27ms, Massimo = 28ms, Medio = 27ms

Server: dsldevice.lan
Address: 192.168.1.254

Nome: yahoo.com
Addresses: 72.30.38.140
209.191.122.70
98.139.183.24



Esecuzione di Ping yahoo.com [209.191.122.70] con 32 byte di dati:

Risposta da 209.191.122.70: byte=32 durata=190ms TTL=46

Risposta da 209.191.122.70: byte=32 durata=192ms TTL=47



Statistiche Ping per 209.191.122.70:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 190ms, Massimo = 192ms, Medio = 191ms

Server: dsldevice.lan
Address: 192.168.1.254

Nome: bleepingcomputer.com
Address: 208.43.87.2



Esecuzione di Ping bleepingcomputer.com [208.43.87.2] con 32 byte di dati:

Risposta da 208.43.87.2: Host di destinazione non raggiungibile.

Risposta da 208.43.87.2: Host di destinazione non raggiungibile.



Statistiche Ping per 208.43.87.2:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),



Esecuzione di Ping 127.0.0.1 con 32 byte di dati:

Risposta da 127.0.0.1: byte=32 durata=11ms TTL=128

Risposta da 127.0.0.1: byte=32 durata=2ms TTL=128



Statistiche Ping per 127.0.0.1:

Pacchetti: Trasmessi = 2, Ricevuti = 2,

Persi = 0 (0% persi),

Tempo approssimativo percorsi andata/ritorno in millisecondi:

Minimo = 2ms, Massimo = 11ms, Medio = 6ms

===========================================================================
Elenco interfacce
11 ...00 24 d2 4a 6b 9c ...... Atheros AR5007EG Wireless Network Adapter
10 ...00 1e 33 af a1 b5 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.homenet.telecomitalia.it
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.lan
14 ...00 00 00 00 00 00 00 e0 isatap.{319DFFAD-45BC-446E-8677-E3A769DE2AC0}
15 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Tabella route
===========================================================================
Route attive:
Indirizzo rete Mask Gateway Interfaccia Metrica
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.74 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.74 281
192.168.1.74 255.255.255.255 On-link 192.168.1.74 281
192.168.1.255 255.255.255.255 On-link 192.168.1.74 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.74 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.74 281
===========================================================================
Route permanenti:
Indirizzo rete Mask Indir. gateway Metrica
0.0.0.0 0.0.0.0 193.206.225.1 Predefinito
===========================================================================

IPv6 Tabella route
===========================================================================
Route attive:
Interf Metrica Rete Destinazione Gateway
12 18 ::/0 On-link
1 306 ::1/128 On-link
12 18 2001::/32 On-link
12 266 2001:0:5ef5:79fb:3c35:3f2a:b1f0:5935/128
On-link
11 281 fe80::/64 On-link
12 266 fe80::/64 On-link
12 266 fe80::3c35:3f2a:b1f0:5935/128
On-link
11 281 fe80::4c76:ce53:aabb:51c6/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Route permanenti:
Nessuna
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/11/2012 08:50:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2012 08:48:05 PM) (Source: Application Error) (User: )
Description: Applicazione che ha generato l'errore svchost.exe, versione 6.0.6001.18000, timestamp 0x47918b89, modulo che ha generato l'errore unknown, versione 0.0.0.0, timestamp 0x00000000, codice eccezione 0xc0000005, offset errore 0x00000000,
ID processo 0x1a14, data e ora di avvio dell'applicazione 0xsvchost.exe0.

Error: (08/11/2012 08:42:48 PM) (Source: Application Error) (User: )
Description: Applicazione che ha generato l'errore svchost.exe, versione 6.0.6001.18000, timestamp 0x47918b89, modulo che ha generato l'errore unknown, versione 0.0.0.0, timestamp 0x00000000, codice eccezione 0xc0000005, offset errore 0x00000000,
ID processo 0x128c, data e ora di avvio dell'applicazione 0xsvchost.exe0.

Error: (08/11/2012 08:41:43 PM) (Source: Application Error) (User: )
Description: Applicazione che ha generato l'errore svchost.exe, versione 6.0.6001.18000, timestamp 0x47918b89, modulo che ha generato l'errore unknown, versione 0.0.0.0, timestamp 0x00000000, codice eccezione 0xc0000005, offset errore 0x00000000,
ID processo 0x1f84, data e ora di avvio dell'applicazione 0xsvchost.exe0.

Error: (08/11/2012 08:40:31 PM) (Source: Application Error) (User: )
Description: Applicazione che ha generato l'errore svchost.exe, versione 6.0.6001.18000, timestamp 0x47918b89, modulo che ha generato l'errore unknown, versione 0.0.0.0, timestamp 0x00000000, codice eccezione 0xc0000005, offset errore 0x00000000,
ID processo 0x1a6c, data e ora di avvio dell'applicazione 0xsvchost.exe0.

Error: (08/11/2012 08:39:28 PM) (Source: Application Error) (User: )
Description: Applicazione che ha generato l'errore svchost.exe, versione 6.0.6001.18000, timestamp 0x47918b89, modulo che ha generato l'errore unknown, versione 0.0.0.0, timestamp 0x00000000, codice eccezione 0xc0000005, offset errore 0x00000000,
ID processo 0xdb8, data e ora di avvio dell'applicazione 0xsvchost.exe0.

Error: (08/11/2012 08:38:26 PM) (Source: Application Error) (User: )
Description: Applicazione che ha generato l'errore svchost.exe, versione 6.0.6001.18000, timestamp 0x47918b89, modulo che ha generato l'errore unknown, versione 0.0.0.0, timestamp 0x00000000, codice eccezione 0xc0000005, offset errore 0x00000000,
ID processo 0x334, data e ora di avvio dell'applicazione 0xsvchost.exe0.

Error: (08/11/2012 08:37:23 PM) (Source: Application Error) (User: )
Description: Applicazione che ha generato l'errore svchost.exe, versione 6.0.6001.18000, timestamp 0x47918b89, modulo che ha generato l'errore unknown, versione 0.0.0.0, timestamp 0x00000000, codice eccezione 0xc0000005, offset errore 0x00000000,
ID processo 0x1ce0, data e ora di avvio dell'applicazione 0xsvchost.exe0.

Error: (08/11/2012 08:36:20 PM) (Source: Application Error) (User: )
Description: Applicazione che ha generato l'errore svchost.exe, versione 6.0.6001.18000, timestamp 0x47918b89, modulo che ha generato l'errore unknown, versione 0.0.0.0, timestamp 0x00000000, codice eccezione 0xc0000005, offset errore 0x00000000,
ID processo 0x1534, data e ora di avvio dell'applicazione 0xsvchost.exe0.

Error: (08/11/2012 08:35:03 PM) (Source: Application Error) (User: )
Description: Applicazione che ha generato l'errore svchost.exe, versione 6.0.6001.18000, timestamp 0x47918b89, modulo che ha generato l'errore unknown, versione 0.0.0.0, timestamp 0x00000000, codice eccezione 0xc0000005, offset errore 0x00000000,
ID processo 0x1a8c, data e ora di avvio dell'applicazione 0xsvchost.exe0.


System errors:
=============
Error: (08/11/2012 04:40:18 PM) (Source: Server) (User: )
Description: Il server non ha potuto effettuare il binding del trasporto \Device\NetbiosSmb perché un altro computer sulla rete ha lo stesso nome. Impossibile avviare il server.

Error: (08/10/2012 00:42:33 AM) (Source: DCOM) (User: PC-User)
Description: predefinite del computerLocaleAttivazione{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC-UserUserS-1-5-21-2669234122-3877283839-4119543516-1000LocalHost (tramite LRPC)

Error: (08/10/2012 00:42:32 AM) (Source: DCOM) (User: PC-User)
Description: predefinite del computerLocaleAttivazione{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC-UserUserS-1-5-21-2669234122-3877283839-4119543516-1000LocalHost (tramite LRPC)

Error: (08/10/2012 00:42:31 AM) (Source: DCOM) (User: PC-User)
Description: predefinite del computerLocaleAttivazione{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC-UserUserS-1-5-21-2669234122-3877283839-4119543516-1000LocalHost (tramite LRPC)

Error: (08/10/2012 00:42:31 AM) (Source: DCOM) (User: PC-User)
Description: predefinite del computerLocaleAttivazione{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC-UserUserS-1-5-21-2669234122-3877283839-4119543516-1000LocalHost (tramite LRPC)

Error: (08/08/2012 00:02:13 AM) (Source: DCOM) (User: PC-User)
Description: predefinite del computerLocaleAttivazione{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC-UserUserS-1-5-21-2669234122-3877283839-4119543516-1000LocalHost (tramite LRPC)

Error: (08/08/2012 00:02:11 AM) (Source: DCOM) (User: PC-User)
Description: predefinite del computerLocaleAttivazione{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC-UserUserS-1-5-21-2669234122-3877283839-4119543516-1000LocalHost (tramite LRPC)

Error: (08/08/2012 00:02:10 AM) (Source: DCOM) (User: PC-User)
Description: predefinite del computerLocaleAttivazione{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC-UserUserS-1-5-21-2669234122-3877283839-4119543516-1000LocalHost (tramite LRPC)

Error: (08/08/2012 00:02:10 AM) (Source: DCOM) (User: PC-User)
Description: predefinite del computerLocaleAttivazione{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PC-UserUserS-1-5-21-2669234122-3877283839-4119543516-1000LocalHost (tramite LRPC)

Error: (08/04/2012 06:30:56 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}


Microsoft Office Sessions:
=========================
Error: (08/11/2012 04:07:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 881 seconds with 240 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.228)
AGwaK3 (Version: 1.0)
Apple Application Support (Version: 1.4.1)
Apple Software Update (Version: 2.1.1.116)
Asteroids (remove only)
Atheros Driver Installation Program (Version: 5.0)
Atheros Wi-Fi Protected Setup Library
µTorrent (Version: 3.1.3)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.1913)
AVG Anti-Rootkit Free
AVS Video Converter 7
BitTorrent (Version: 7.2.1)
blueMSX (Version: 2.8.2)
BOH
Camera Assistant Software for Toshiba (Version: 1.7.193.0508L)
CDBurnerXP (Version: 4.3.9.2762)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
CrimzonClover
CutePDF Writer 2.8
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.40.2.0131)
DAEMON Tools Toolbar (Version: 1.1.4.0024)
DVD MovieFactory for TOSHIBA (Version: 5.51)
ESET Online Scanner v3
EtherVaporRemaster (Version: 1.0.0.0)
Fractalus 0.5.0
Free YouTube Download version 3.0.16.923
Friking Shark 3D v1.01 Beta
GIMP 2.6.4
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
HiJackThis (Version: 1.0.0)
Hurrican 1.0.0.4 (Version: 1.0.0.4)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intkey
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 6 (Version: 1.6.0.60)
Junk Mail filter update (Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows)
LIMBO
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Manuali TOSHIBA (Version: 7.40)
Medieval CUE Splitter (Version: 1.2.0)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
Microsoft .NET Framework 3.5 Language Pack SP1 - ita (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile ITA Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended ITA Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Italian) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office OneNote MUI (Italian) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Italian) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (Italian) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Italian) 2007 (Version: 12.0.4518.1018)
Microsoft Office Shared MUI (Italian) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Italian) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft XML Parser (Version: 8.20.8730.4)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
myphotobook 3.6 (Version: 3.6)
NVIDIA PhysX (Version: 9.09.0203)
Oolite 1.76.0.4679
OpenAL
OpenOffice.org 3.2 (Version: 3.2.9502)
Pacchetto di compatibilitą per Office System 2007 (Version: 12.0.6425.1000)
PDF-Viewer (Version: 2.5.201.0)
PDF24 Creator 3.7.0
Picasa 2 (Version: 2.0)
QuickTime (Version: 7.69.80.9)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5599)
Realtek USB 2.0 Card Reader (Version: )
Recovery Toolbox for RAR 1.1
Segoe UI (Version: 15.4.2271.0615)
Silenziatore unitą CD/DVD (Version: 2.02.03)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.8 (Version: 5.8.158)
SpeedFan (remove only)
Stellarium 0.10.6.1
Synaptics Pointing Device Driver (Version: 10.1.8.0)
TOSHIBA Assist (Version: 2.01.08)
TOSHIBA ConfigFree (Version: 7.2.20)
Toshiba Connect
TOSHIBA Disc Creator (Version: 2.0.1.3)
TOSHIBA DVD PLAYER (Version: 1.31.14)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 2.0.2.32)
TOSHIBA Hardware Setup (Version: 2.00.08)
Toshiba Online Product Information (Version: 1.00.0012)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Supervisor Password (Version: 2.00.04)
Toshiba TEMPRO (Version: 2.0)
TOSHIBA Value Added Package (Version: 1.1.24)
TRDCReminder (Version: 1.00.0015)
TRORDCLauncher (Version: 1.0.0.1)
Universal Document Converter (Demo) (Version: 5.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
VLC media player 1.1.8 (Version: 1.1.8)
Vlc versione 1.1.8 (Version: 1.1.8)
WinAce Archiver (Version: 2.69)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.3374)
WinISO (Version: 6.2.0.4512)
WinRAR gestione archivi
YouTube Downloader 3.4

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 2939.06 MB
Available physical RAM: 1669.27 MB
Total Pagefile: 6088.4 MB
Available Pagefile: 4544.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.45 MB

========================= Partitions: =====================================

1 Drive c: (Vista) (Fixed) (Total:149.41 GB) (Free:47.45 GB) NTFS
2 Drive d: (EDEL_0001_110719) (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS
3 Drive e: (Data) (Fixed) (Total:147.21 GB) (Free:64.52 GB) NTFS

========================= Users: ========================================

Account utente per \\PC-USER

Administrator Guest User
Esecuzione comando riuscita.


**** End of log ****

#9 bombus

bombus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 11 August 2012 - 02:17 PM

FSS LOG:

Farbar Service Scanner Version: 06-08-2012
Ran by User (administrator) on 11-08-2012 at 21:15:22
Running from "E:\dati salvati\c\installer vari\virus agosto\07 FSS"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 bombus

bombus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 11 August 2012 - 02:24 PM

ADWCLEANER LOG:

# AdwCleaner v1.800 - Logfile created 08/11/2012 at 21:19:13
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : User - PC-USER
# Running from : E:\dati salvati\c\installer vari\virus agosto\08 adware cleaner\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\OfferBox
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Offerbox
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Offerbox
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={BD2CAC45-0F4B-4E2B-B20D-3DB07FE7DE46}&mid=bb829437685447d1a028d157754b4846-77d7ded331f0c291f48c0f33b743475a6c02f163&lang=it&ds=AVG&pr=fr&d=2012-01-03 21:56:41&v=9.0.0.23&sap=nt --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

*************************

AdwCleaner[S1].txt - [5965 octets] - [11/08/2012 21:19:13]

########## EOF - C:\AdwCleaner[S1].txt - [6093 octets] ##########

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:32 AM

Posted 11 August 2012 - 02:24 PM

MBAM log?

Edited by narenxp, 11 August 2012 - 02:24 PM.


#12 bombus

bombus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 11 August 2012 - 02:31 PM

MBAM log?


Excuse me, I forgot

Here it is:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: PC-USER [administrator]

Protection: Enabled

11/08/2012 18.20.36
mbam-log-2012-08-11 (18-20-36).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413856
Time elapsed: 2 hour(s), 22 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\User\AppData\Local\{37e92e47-8005-8f16-6f41-aa9eb173f049}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\User\AppData\Local\Temp\NODBF7E.tmp (Trojan.Sirefef) -> Delete on reboot.
C:\Users\User\AppData\Local\{37e92e47-8005-8f16-6f41-aa9eb173f049}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:32 AM

Posted 11 August 2012 - 02:43 PM

Restart the PC and run MBAM once again and post the new log

#14 bombus

bombus
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:32 AM

Posted 11 August 2012 - 05:14 PM

The new MBAM LOG:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: PC-USER [administrator]

Protection: Enabled

11/08/2012 21.48.25
mbam-log-2012-08-11 (21-48-25).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 412950
Time elapsed: 2 hour(s), 24 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:32 AM

Posted 11 August 2012 - 05:39 PM

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\User\AppData\Local\{37e92e47-8005-8f16-6f41-aa9eb173f049}

delete the folder

Let me know if you have any current issues




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users