Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit??


  • Please log in to reply
7 replies to this topic

#1 subguy

subguy

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 28 August 2012 - 07:18 PM

My sons coputer is acting up, getting redirected to different web sites and adaware keeps showing it blocked a rootkit. I ran MBAM, need help please. I have included a copy of the mbam scan. Thanks

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.28.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Michael :: MICHAEL-MSI [administrator]

Protection: Enabled

8/29/2012 12:10:30 AM
mbam-log-2012-08-29 (00-10-30).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317251
Time elapsed: 1 hour(s), 39 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 45
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{8C788AA2-7530-43BE-97B7-4D491F13BEA3} (Adware.Softomate) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75FBE4E8-EA86-4BA6-9527-1D74E820D631} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75FBE4E8-EA86-4BA6-9527-1D74E820D631} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\HotbarWeather.WeatherController (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\HotbarWeather.WeatherController.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
HKCU\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\BarDiscover Service (Adware.BarDiscover) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Michael\AppData\Local\{aa010b53-c38a-e52e-7ef6-c0422181a127}\n. -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|Hotbar@Hotbar.com (Adware.Hotbar) -> Data: C:\Program Files\Hotbar\bin\11.0.120.0\firefox\extensions -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\n.) Good: (wbemess.dll) -> Quarantined and repaired successfully.

Folders Detected: 17
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> No action taken.
C:\ProgramData\93439230 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\97520124 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\BarDiscover (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7} (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Detected: 42
C:\Program Files\BarDiscover\bardiscover.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\{aa010b53-c38a-e52e-7ef6-c0422181a127}\n (Rootkit.0Access) -> Delete on reboot.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\n (Rootkit.0Access) -> Delete on reboot.
C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000000.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\ProgramData\93439230\93439230.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherStartup.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherDPA\Links (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherDPA\radar-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherDPA\radar-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherDPA\satellite-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherDPA\satellite-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherDPA\WeatherPreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\WeatherDPA\Weather_XML\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\Weather_XML\Default (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\Weather_XML\Genera1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Roaming\Hotbar\Weather\Weather_XML\General (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome.manifest (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\install.rdf (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome\bardiscover.jar (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences\prefs.js (Adware.BarDiscover) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

(end)

2012/08/29 00:08:47 +0300 MICHAEL-MSI Michael MESSAGE Starting protection
2012/08/29 00:08:50 +0300 MICHAEL-MSI Michael MESSAGE Protection started successfully
2012/08/29 00:08:53 +0300 MICHAEL-MSI Michael MESSAGE Starting IP protection
2012/08/29 00:08:53 +0300 MICHAEL-MSI Michael ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/08/29 00:08:54 +0300 MICHAEL-MSI Michael MESSAGE Starting IP protection
2012/08/29 00:08:54 +0300 MICHAEL-MSI Michael ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/08/29 00:09:31 +0300 MICHAEL-MSI Michael MESSAGE Starting database refresh
2012/08/29 00:09:35 +0300 MICHAEL-MSI Michael MESSAGE Database refreshed successfully
2012/08/29 00:11:09 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access QUARANTINE
2012/08/29 00:13:21 +0300 MICHAEL-MSI Michael DETECTION c:\windows\installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\u\80000032.@ Rootkit.0Access DENY
2012/08/29 00:13:22 +0300 MICHAEL-MSI Michael DETECTION c:\windows\installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\u\80000032.@ Rootkit.0Access DENY
2012/08/29 00:15:32 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:16:00 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:16:01 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:18:00 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:18:00 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:18:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:18:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:19:02 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:19:02 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:20:02 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:20:02 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:20:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:20:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:21:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:21:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:22:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:22:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:22:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:22:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:23:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:23:04 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:24:04 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:24:04 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:24:04 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:25:04 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:25:04 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:26:04 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:26:04 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:26:04 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:27:04 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:27:05 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:28:04 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:28:05 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:29:05 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:29:05 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:30:05 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:30:06 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:31:06 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:31:06 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:32:06 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:32:06 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:32:29 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:33:06 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:33:06 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:34:06 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:34:07 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:35:07 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:35:07 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:36:07 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:36:07 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:37:07 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:37:07 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:38:07 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:38:08 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:39:08 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:39:08 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:40:08 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:40:08 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:40:55 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:41:08 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:41:08 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:41:35 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:41:56 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:42:08 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:42:09 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:42:30 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:43:09 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:43:09 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:44:09 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:44:09 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:45:09 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:45:09 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:46:09 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:46:10 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:47:10 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:47:10 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:48:10 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:48:10 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:49:10 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:49:10 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:49:49 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:49:51 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:49:53 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:50:10 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:50:11 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:51:10 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:51:11 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:52:11 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:52:11 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:53:11 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:53:11 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:54:11 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:54:12 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:55:11 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:55:12 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:56:12 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:56:12 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:57:12 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:57:12 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:58:12 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:58:13 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:59:12 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 00:59:13 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:00:13 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:00:13 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:01:13 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:01:13 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:02:13 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:02:14 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:03:13 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:03:14 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:04:14 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:04:14 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:05:14 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:05:14 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:05:25 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:06:14 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:06:15 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:07:14 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:07:15 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:07:47 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:08:15 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:08:15 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:09:15 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:09:15 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:09:19 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:10:15 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:10:16 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:11:16 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:11:16 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:11:57 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:12:09 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:12:16 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:12:17 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:13:16 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:13:16 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:14:16 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:14:20 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:15:17 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:15:17 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:15:34 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:16:10 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:16:17 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:16:17 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:17:17 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:17:18 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:17:20 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:18:17 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:18:18 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:19:18 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:19:18 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:20:18 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:20:18 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:21:18 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:21:18 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:22:18 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:22:19 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:23:19 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:23:19 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:24:19 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:24:19 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:25:19 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:25:19 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:26:19 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:26:20 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:27:20 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:27:20 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:28:20 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:28:20 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:28:40 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:28:50 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:29:18 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:29:20 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:29:20 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:30:20 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:30:21 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:31:21 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:31:21 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:32:21 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:32:21 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:33:21 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:33:21 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:34:21 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:34:22 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:35:22 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:35:22 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:36:22 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:36:22 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:37:22 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:37:22 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:38:22 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:38:23 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:38:54 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:38:58 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:39:17 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:39:23 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:39:23 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:39:28 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:39:30 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:39:39 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:40:23 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:40:24 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:41:23 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:41:24 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:42:23 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:42:24 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:42:30 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:42:34 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:42:38 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:42:40 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:43:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:43:24 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:43:24 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:44:24 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:44:24 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:44:25 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:44:26 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:44:34 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:45:24 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:45:25 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:45:32 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:45:36 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:45:39 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:45:41 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:45:47 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:46:25 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:46:25 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:46:30 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:46:32 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:46:34 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:46:35 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:46:41 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:47:25 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:47:25 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:47:52 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:47:55 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:48:06 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:48:25 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:48:26 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:49:26 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:49:26 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:49:30 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:49:31 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:49:52 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:50:26 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:50:26 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:51:26 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:51:26 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:54:58 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:54:59 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:56:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\00000004.@ Rootkit.Zaccess QUARANTINE
2012/08/29 01:56:03 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:56:05 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000000.@ Rootkit.0Access QUARANTINE
2012/08/29 01:56:05 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:56:07 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\000000cb.@ Rootkit.0Access QUARANTINE
2012/08/29 01:56:07 +0300 MICHAEL-MSI Michael DETECTION C:\Windows\Installer\{aa010b53-c38a-e52e-7ef6-c0422181a127}\U\80000032.@ Rootkit.0Access DENY
2012/08/29 01:58:53 +0300 MICHAEL-MSI Michael MESSAGE Starting protection
2012/08/29 01:58:58 +0300 MICHAEL-MSI Michael MESSAGE Protection started successfully
2012/08/29 01:59:01 +0300 MICHAEL-MSI Michael MESSAGE Starting IP protection
2012/08/29 01:59:01 +0300 MICHAEL-MSI Michael ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/08/29 02:13:21 +0300 MICHAEL-MSI Michael MESSAGE Starting protection
2012/08/29 02:13:26 +0300 MICHAEL-MSI Michael MESSAGE Protection started successfully
2012/08/29 02:13:29 +0300 MICHAEL-MSI Michael MESSAGE Starting IP protection
2012/08/29 02:13:29 +0300 MICHAEL-MSI Michael ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/08/29 02:21:42 +0300 MICHAEL-MSI Michael MESSAGE Starting protection
2012/08/29 02:21:45 +0300 MICHAEL-MSI Michael MESSAGE Protection started successfully
2012/08/29 02:21:48 +0300 MICHAEL-MSI Michael MESSAGE Starting IP protection
2012/08/29 02:21:48 +0300 MICHAEL-MSI Michael ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:14 PM

Posted 28 August 2012 - 07:20 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 subguy

subguy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 28 August 2012 - 08:59 PM

Narenxp, thanks for your quick reply, below are the scans you requested.
1. tdss
03:32:18.0882 2052 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
03:32:19.0288 2052 ============================================================
03:32:19.0288 2052 Current date / time: 2012/08/29 03:32:19.0288
03:32:19.0288 2052 SystemInfo:
03:32:19.0288 2052
03:32:19.0288 2052 OS Version: 6.1.7601 ServicePack: 1.0
03:32:19.0288 2052 Product type: Workstation
03:32:19.0288 2052 ComputerName: MICHAEL-MSI
03:32:19.0288 2052 UserName: Michael
03:32:19.0288 2052 Windows directory: C:\windows
03:32:19.0288 2052 System windows directory: C:\windows
03:32:19.0288 2052 Processor architecture: Intel x86
03:32:19.0288 2052 Number of processors: 2
03:32:19.0288 2052 Page size: 0x1000
03:32:19.0288 2052 Boot type: Normal boot
03:32:19.0288 2052 ============================================================
03:32:20.0582 2052 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:32:20.0582 2052 ============================================================
03:32:20.0582 2052 \Device\Harddisk0\DR0:
03:32:20.0582 2052 MBR partitions:
03:32:20.0582 2052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1432800, BlocksNum 0x10B58000
03:32:20.0582 2052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11F8A800, BlocksNum 0xB23A800
03:32:20.0582 2052 ============================================================
03:32:20.0614 2052 C: <-> \Device\Harddisk0\DR0\Partition1
03:32:20.0645 2052 D: <-> \Device\Harddisk0\DR0\Partition2
03:32:20.0645 2052 ============================================================
03:32:20.0645 2052 Initialize success
03:32:20.0645 2052 ============================================================
03:32:25.0278 3956 ============================================================
03:32:25.0278 3956 Scan started
03:32:25.0278 3956 Mode: Manual;
03:32:25.0278 3956 ============================================================
03:32:26.0432 3956 ================ Scan system memory ========================
03:32:26.0432 3956 System memory - ok
03:32:26.0432 3956 ================ Scan services =============================
03:32:26.0557 3956 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
03:32:26.0573 3956 1394ohci - ok
03:32:26.0666 3956 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
03:32:26.0666 3956 ACDaemon - ok
03:32:26.0729 3956 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
03:32:26.0744 3956 ACPI - ok
03:32:26.0791 3956 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
03:32:26.0791 3956 AcpiPmi - ok
03:32:26.0885 3956 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
03:32:26.0885 3956 AdobeARMservice - ok
03:32:26.0963 3956 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:32:26.0963 3956 AdobeFlashPlayerUpdateSvc - ok
03:32:27.0010 3956 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
03:32:27.0010 3956 adp94xx - ok
03:32:27.0041 3956 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
03:32:27.0041 3956 adpahci - ok
03:32:27.0072 3956 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
03:32:27.0072 3956 adpu320 - ok
03:32:27.0103 3956 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
03:32:27.0103 3956 AeLookupSvc - ok
03:32:27.0181 3956 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
03:32:27.0197 3956 AFD - ok
03:32:27.0228 3956 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
03:32:27.0244 3956 agp440 - ok
03:32:27.0275 3956 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
03:32:27.0275 3956 aic78xx - ok
03:32:27.0306 3956 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
03:32:27.0306 3956 ALG - ok
03:32:27.0353 3956 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
03:32:27.0353 3956 aliide - ok
03:32:27.0384 3956 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
03:32:27.0415 3956 amdagp - ok
03:32:27.0431 3956 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
03:32:27.0431 3956 amdide - ok
03:32:27.0446 3956 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
03:32:27.0446 3956 AmdK8 - ok
03:32:27.0462 3956 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
03:32:27.0462 3956 AmdPPM - ok
03:32:27.0509 3956 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
03:32:27.0509 3956 amdsata - ok
03:32:27.0556 3956 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
03:32:27.0556 3956 amdsbs - ok
03:32:27.0571 3956 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
03:32:27.0571 3956 amdxata - ok
03:32:27.0602 3956 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
03:32:27.0602 3956 AppID - ok
03:32:27.0649 3956 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
03:32:27.0649 3956 AppIDSvc - ok
03:32:27.0696 3956 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
03:32:27.0696 3956 Appinfo - ok
03:32:27.0805 3956 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:32:27.0805 3956 Apple Mobile Device - ok
03:32:27.0836 3956 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
03:32:27.0836 3956 arc - ok
03:32:27.0852 3956 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
03:32:27.0852 3956 arcsas - ok
03:32:27.0899 3956 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
03:32:27.0899 3956 AsyncMac - ok
03:32:27.0946 3956 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
03:32:27.0946 3956 atapi - ok
03:32:28.0008 3956 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\windows\system32\DRIVERS\athr.sys
03:32:28.0024 3956 athr - ok
03:32:28.0070 3956 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
03:32:28.0086 3956 AudioEndpointBuilder - ok
03:32:28.0086 3956 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
03:32:28.0102 3956 Audiosrv - ok
03:32:28.0133 3956 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
03:32:28.0148 3956 AxInstSV - ok
03:32:28.0180 3956 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
03:32:28.0180 3956 b06bdrv - ok
03:32:28.0226 3956 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
03:32:28.0226 3956 b57nd60x - ok
03:32:28.0273 3956 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
03:32:28.0273 3956 BDESVC - ok
03:32:28.0289 3956 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
03:32:28.0289 3956 Beep - ok
03:32:28.0336 3956 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
03:32:28.0336 3956 BFE - ok
03:32:28.0382 3956 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
03:32:28.0382 3956 blbdrive - ok
03:32:28.0445 3956 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
03:32:28.0445 3956 bowser - ok
03:32:28.0460 3956 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
03:32:28.0460 3956 BrFiltLo - ok
03:32:28.0492 3956 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
03:32:28.0492 3956 BrFiltUp - ok
03:32:28.0523 3956 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\windows\System32\browser.dll
03:32:28.0523 3956 Browser - ok
03:32:28.0554 3956 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
03:32:28.0554 3956 Brserid - ok
03:32:28.0570 3956 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
03:32:28.0585 3956 BrSerWdm - ok
03:32:28.0601 3956 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
03:32:28.0601 3956 BrUsbMdm - ok
03:32:28.0632 3956 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
03:32:28.0632 3956 BrUsbSer - ok
03:32:28.0679 3956 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
03:32:28.0679 3956 BthEnum - ok
03:32:28.0710 3956 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
03:32:28.0710 3956 BTHMODEM - ok
03:32:28.0726 3956 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
03:32:28.0726 3956 BthPan - ok
03:32:28.0772 3956 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
03:32:28.0772 3956 BTHPORT - ok
03:32:28.0804 3956 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
03:32:28.0804 3956 bthserv - ok
03:32:28.0850 3956 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
03:32:28.0850 3956 BTHUSB - ok
03:32:28.0882 3956 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
03:32:28.0882 3956 cdfs - ok
03:32:28.0928 3956 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
03:32:28.0928 3956 cdrom - ok
03:32:28.0975 3956 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
03:32:28.0975 3956 CertPropSvc - ok
03:32:28.0991 3956 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
03:32:28.0991 3956 circlass - ok
03:32:29.0038 3956 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
03:32:29.0053 3956 CLFS - ok
03:32:29.0131 3956 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:32:29.0131 3956 clr_optimization_v2.0.50727_32 - ok
03:32:29.0225 3956 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:32:29.0225 3956 clr_optimization_v4.0.30319_32 - ok
03:32:29.0256 3956 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
03:32:29.0256 3956 CmBatt - ok
03:32:29.0303 3956 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
03:32:29.0303 3956 cmdide - ok
03:32:29.0365 3956 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
03:32:29.0365 3956 CNG - ok
03:32:29.0381 3956 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
03:32:29.0396 3956 Compbatt - ok
03:32:29.0443 3956 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
03:32:29.0443 3956 CompositeBus - ok
03:32:29.0459 3956 COMSysApp - ok
03:32:29.0490 3956 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
03:32:29.0490 3956 crcdisk - ok
03:32:29.0537 3956 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\windows\system32\cryptsvc.dll
03:32:29.0537 3956 CryptSvc - ok
03:32:29.0584 3956 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
03:32:29.0584 3956 DcomLaunch - ok
03:32:29.0615 3956 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
03:32:29.0615 3956 defragsvc - ok
03:32:29.0677 3956 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
03:32:29.0677 3956 DfsC - ok
03:32:29.0724 3956 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
03:32:29.0724 3956 Dhcp - ok
03:32:29.0755 3956 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
03:32:29.0755 3956 discache - ok
03:32:29.0771 3956 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
03:32:29.0771 3956 Disk - ok
03:32:29.0833 3956 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
03:32:29.0833 3956 Dnscache - ok
03:32:29.0864 3956 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
03:32:29.0864 3956 dot3svc - ok
03:32:29.0927 3956 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
03:32:29.0927 3956 Dot4 - ok
03:32:29.0989 3956 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\windows\system32\drivers\Dot4Prt.sys
03:32:29.0989 3956 Dot4Print - ok
03:32:30.0036 3956 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
03:32:30.0036 3956 dot4usb - ok
03:32:30.0083 3956 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
03:32:30.0083 3956 DPS - ok
03:32:30.0130 3956 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
03:32:30.0130 3956 drmkaud - ok
03:32:30.0192 3956 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
03:32:30.0208 3956 DXGKrnl - ok
03:32:30.0223 3956 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
03:32:30.0223 3956 EapHost - ok
03:32:30.0332 3956 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
03:32:30.0379 3956 ebdrv - ok
03:32:30.0426 3956 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
03:32:30.0426 3956 EFS - ok
03:32:30.0488 3956 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
03:32:30.0488 3956 ehRecvr - ok
03:32:30.0520 3956 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
03:32:30.0520 3956 ehSched - ok
03:32:30.0566 3956 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
03:32:30.0582 3956 elxstor - ok
03:32:30.0598 3956 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
03:32:30.0598 3956 ErrDev - ok
03:32:30.0629 3956 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
03:32:30.0644 3956 EventSystem - ok
03:32:30.0676 3956 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
03:32:30.0676 3956 exfat - ok
03:32:30.0691 3956 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
03:32:30.0707 3956 fastfat - ok
03:32:30.0769 3956 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
03:32:30.0769 3956 Fax - ok
03:32:30.0800 3956 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
03:32:30.0800 3956 fdc - ok
03:32:30.0832 3956 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
03:32:30.0832 3956 fdPHost - ok
03:32:30.0832 3956 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
03:32:30.0847 3956 FDResPub - ok
03:32:30.0878 3956 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
03:32:30.0878 3956 FileInfo - ok
03:32:30.0910 3956 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
03:32:30.0910 3956 Filetrace - ok
03:32:30.0941 3956 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
03:32:30.0941 3956 flpydisk - ok
03:32:30.0956 3956 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
03:32:30.0956 3956 FltMgr - ok
03:32:31.0019 3956 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
03:32:31.0034 3956 FontCache - ok
03:32:31.0081 3956 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
03:32:31.0081 3956 FontCache3.0.0.0 - ok
03:32:31.0159 3956 [ C96C52D0D80666AF585516FFA97B7C00 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
03:32:31.0159 3956 ForceWare Intelligent Application Manager (IAM) - ok
03:32:31.0190 3956 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
03:32:31.0190 3956 FsDepends - ok
03:32:31.0253 3956 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
03:32:31.0253 3956 Fs_Rec - ok
03:32:31.0315 3956 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
03:32:31.0315 3956 fvevol - ok
03:32:31.0346 3956 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
03:32:31.0346 3956 gagp30kx - ok
03:32:31.0424 3956 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
03:32:31.0424 3956 GEARAspiWDM - ok
03:32:31.0471 3956 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
03:32:31.0471 3956 gpsvc - ok
03:32:31.0580 3956 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
03:32:31.0580 3956 gupdate - ok
03:32:31.0580 3956 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
03:32:31.0580 3956 gupdatem - ok
03:32:31.0627 3956 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
03:32:31.0627 3956 hcw85cir - ok
03:32:31.0674 3956 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
03:32:31.0674 3956 HdAudAddService - ok
03:32:31.0721 3956 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
03:32:31.0721 3956 HDAudBus - ok
03:32:31.0752 3956 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
03:32:31.0752 3956 HidBatt - ok
03:32:31.0768 3956 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
03:32:31.0768 3956 HidBth - ok
03:32:31.0783 3956 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
03:32:31.0799 3956 HidIr - ok
03:32:31.0814 3956 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
03:32:31.0814 3956 hidserv - ok
03:32:31.0861 3956 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
03:32:31.0861 3956 HidUsb - ok
03:32:31.0908 3956 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
03:32:31.0908 3956 hkmsvc - ok
03:32:31.0924 3956 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
03:32:31.0924 3956 HomeGroupListener - ok
03:32:31.0955 3956 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
03:32:31.0970 3956 HomeGroupProvider - ok
03:32:32.0002 3956 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
03:32:32.0002 3956 HpSAMD - ok
03:32:32.0064 3956 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
03:32:32.0064 3956 HTTP - ok
03:32:32.0095 3956 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
03:32:32.0095 3956 hwpolicy - ok
03:32:32.0158 3956 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
03:32:32.0158 3956 i8042prt - ok
03:32:32.0220 3956 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
03:32:32.0220 3956 iaStorV - ok
03:32:32.0298 3956 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:32:32.0314 3956 idsvc - ok
03:32:32.0345 3956 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
03:32:32.0345 3956 iirsp - ok
03:32:32.0423 3956 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
03:32:32.0423 3956 IKEEXT - ok
03:32:32.0516 3956 [ 8B27C21412AE4404EB0ACFE1D98579EC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
03:32:32.0548 3956 IntcAzAudAddService - ok
03:32:32.0579 3956 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
03:32:32.0579 3956 intelide - ok
03:32:32.0626 3956 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
03:32:32.0626 3956 intelppm - ok
03:32:32.0657 3956 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
03:32:32.0657 3956 IPBusEnum - ok
03:32:32.0688 3956 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
03:32:32.0688 3956 IpFilterDriver - ok
03:32:32.0719 3956 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
03:32:32.0719 3956 IPMIDRV - ok
03:32:32.0735 3956 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
03:32:32.0750 3956 IPNAT - ok
03:32:32.0813 3956 [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
03:32:32.0828 3956 iPod Service - ok
03:32:32.0844 3956 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
03:32:32.0860 3956 IRENUM - ok
03:32:32.0906 3956 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
03:32:32.0906 3956 isapnp - ok
03:32:32.0922 3956 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
03:32:32.0938 3956 iScsiPrt - ok
03:32:32.0953 3956 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
03:32:32.0969 3956 kbdclass - ok
03:32:32.0984 3956 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
03:32:32.0984 3956 kbdhid - ok
03:32:33.0000 3956 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
03:32:33.0000 3956 KeyIso - ok
03:32:33.0062 3956 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
03:32:33.0062 3956 KSecDD - ok
03:32:33.0078 3956 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
03:32:33.0078 3956 KSecPkg - ok
03:32:33.0125 3956 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
03:32:33.0140 3956 KtmRm - ok
03:32:33.0187 3956 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
03:32:33.0187 3956 LanmanServer - ok
03:32:33.0234 3956 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
03:32:33.0234 3956 LanmanWorkstation - ok
03:32:33.0281 3956 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
03:32:33.0281 3956 lltdio - ok
03:32:33.0328 3956 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
03:32:33.0328 3956 lltdsvc - ok
03:32:33.0359 3956 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
03:32:33.0359 3956 lmhosts - ok
03:32:33.0390 3956 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
03:32:33.0406 3956 LSI_FC - ok
03:32:33.0406 3956 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
03:32:33.0406 3956 LSI_SAS - ok
03:32:33.0421 3956 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
03:32:33.0421 3956 LSI_SAS2 - ok
03:32:33.0437 3956 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
03:32:33.0452 3956 LSI_SCSI - ok
03:32:33.0484 3956 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
03:32:33.0484 3956 luafv - ok
03:32:33.0530 3956 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
03:32:33.0530 3956 MBAMProtector - ok
03:32:33.0577 3956 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
03:32:33.0577 3956 MBAMService - ok
03:32:33.0671 3956 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
03:32:33.0686 3956 McComponentHostService - ok
03:32:33.0718 3956 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
03:32:33.0718 3956 Mcx2Svc - ok
03:32:33.0749 3956 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
03:32:33.0749 3956 megasas - ok
03:32:33.0764 3956 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
03:32:33.0764 3956 MegaSR - ok
03:32:33.0842 3956 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files\System Control Manager\MSIService.exe
03:32:33.0842 3956 Micro Star SCM - ok
03:32:33.0874 3956 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
03:32:33.0874 3956 MMCSS - ok
03:32:33.0889 3956 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
03:32:33.0889 3956 Modem - ok
03:32:33.0936 3956 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
03:32:33.0936 3956 monitor - ok
03:32:33.0983 3956 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
03:32:33.0983 3956 mouclass - ok
03:32:34.0014 3956 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
03:32:34.0014 3956 mouhid - ok
03:32:34.0045 3956 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
03:32:34.0045 3956 mountmgr - ok
03:32:34.0076 3956 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
03:32:34.0076 3956 mpio - ok
03:32:34.0108 3956 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
03:32:34.0123 3956 mpsdrv - ok
03:32:34.0154 3956 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
03:32:34.0154 3956 MRxDAV - ok
03:32:34.0186 3956 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
03:32:34.0201 3956 mrxsmb - ok
03:32:34.0264 3956 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
03:32:34.0264 3956 mrxsmb10 - ok
03:32:34.0326 3956 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
03:32:34.0326 3956 mrxsmb20 - ok
03:32:34.0373 3956 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
03:32:34.0373 3956 msahci - ok
03:32:34.0404 3956 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
03:32:34.0404 3956 msdsm - ok
03:32:34.0435 3956 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
03:32:34.0451 3956 MSDTC - ok
03:32:34.0498 3956 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
03:32:34.0498 3956 Msfs - ok
03:32:34.0513 3956 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
03:32:34.0513 3956 mshidkmdf - ok
03:32:34.0560 3956 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
03:32:34.0560 3956 msisadrv - ok
03:32:34.0591 3956 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
03:32:34.0591 3956 MSiSCSI - ok
03:32:34.0607 3956 msiserver - ok
03:32:34.0638 3956 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
03:32:34.0638 3956 MSKSSRV - ok
03:32:34.0638 3956 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
03:32:34.0638 3956 MSPCLOCK - ok
03:32:34.0654 3956 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
03:32:34.0669 3956 MSPQM - ok
03:32:34.0685 3956 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
03:32:34.0685 3956 MsRPC - ok
03:32:34.0732 3956 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
03:32:34.0732 3956 mssmbios - ok
03:32:34.0747 3956 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
03:32:34.0763 3956 MSTEE - ok
03:32:34.0778 3956 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
03:32:34.0778 3956 MTConfig - ok
03:32:34.0794 3956 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
03:32:34.0794 3956 Mup - ok
03:32:34.0841 3956 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
03:32:34.0841 3956 napagent - ok
03:32:34.0872 3956 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
03:32:34.0872 3956 NativeWifiP - ok
03:32:34.0934 3956 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\windows\system32\drivers\ndis.sys
03:32:34.0934 3956 NDIS - ok
03:32:34.0966 3956 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
03:32:34.0966 3956 NdisCap - ok
03:32:34.0981 3956 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
03:32:34.0981 3956 NdisTapi - ok
03:32:35.0044 3956 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
03:32:35.0044 3956 Ndisuio - ok
03:32:35.0106 3956 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
03:32:35.0106 3956 NdisWan - ok
03:32:35.0137 3956 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
03:32:35.0137 3956 NDProxy - ok
03:32:35.0184 3956 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
03:32:35.0184 3956 Net Driver HPZ12 - ok
03:32:35.0215 3956 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
03:32:35.0215 3956 NetBIOS - ok
03:32:35.0293 3956 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
03:32:35.0293 3956 NetBT - ok
03:32:35.0309 3956 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
03:32:35.0309 3956 Netlogon - ok
03:32:35.0356 3956 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
03:32:35.0356 3956 Netman - ok
03:32:35.0387 3956 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
03:32:35.0387 3956 netprofm - ok
03:32:35.0434 3956 [ 596E25B4631DF2BE98FD2BADE8BCC625 ] netr28 C:\windows\system32\DRIVERS\netr28.sys
03:32:35.0449 3956 netr28 - ok
03:32:35.0480 3956 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:32:35.0480 3956 NetTcpPortSharing - ok
03:32:35.0512 3956 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
03:32:35.0512 3956 nfrd960 - ok
03:32:35.0574 3956 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\windows\System32\nlasvc.dll
03:32:35.0574 3956 NlaSvc - ok
03:32:35.0605 3956 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
03:32:35.0605 3956 Npfs - ok
03:32:35.0636 3956 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
03:32:35.0652 3956 nsi - ok
03:32:35.0668 3956 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
03:32:35.0668 3956 nsiproxy - ok
03:32:35.0699 3956 [ B6C48D01147EC020DE7F1856734127F8 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
03:32:35.0699 3956 nSvcIp - ok
03:32:35.0777 3956 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\windows\system32\drivers\Ntfs.sys
03:32:35.0792 3956 Ntfs - ok
03:32:35.0824 3956 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
03:32:35.0824 3956 Null - ok
03:32:35.0855 3956 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\windows\system32\DRIVERS\nvm62x32.sys
03:32:35.0855 3956 NVENETFD - ok
03:32:35.0902 3956 [ 603B0C9BB86F7B3EFB88A482C6663EC4 ] NVHDA C:\windows\system32\drivers\nvhda32v.sys
03:32:35.0902 3956 NVHDA - ok
03:32:36.0136 3956 [ 6369C7702E931EC4B495A8930A8149F2 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
03:32:36.0338 3956 nvlddmkm - ok
03:32:36.0401 3956 [ 5BF9C11586F4764446407F509F1BECA8 ] NVNET C:\windows\system32\DRIVERS\nvmf6232.sys
03:32:36.0401 3956 NVNET - ok
03:32:36.0416 3956 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
03:32:36.0416 3956 nvraid - ok
03:32:36.0448 3956 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\windows\system32\DRIVERS\nvsmu.sys
03:32:36.0448 3956 nvsmu - ok
03:32:36.0494 3956 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
03:32:36.0494 3956 nvstor - ok
03:32:36.0526 3956 [ 3FF57A9A657C9690ECBC8B1E3B6E3979 ] nvstor32 C:\windows\system32\DRIVERS\nvstor32.sys
03:32:36.0526 3956 nvstor32 - ok
03:32:36.0541 3956 [ 9643C9605474558721D2B3D00D3E7F7C ] nvsvc C:\windows\system32\nvvsvc.exe
03:32:36.0557 3956 nvsvc - ok
03:32:36.0588 3956 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
03:32:36.0588 3956 nv_agp - ok
03:32:36.0666 3956 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:32:36.0682 3956 odserv - ok
03:32:36.0713 3956 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
03:32:36.0713 3956 ohci1394 - ok
03:32:36.0760 3956 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:32:36.0760 3956 ose - ok
03:32:36.0791 3956 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
03:32:36.0791 3956 p2pimsvc - ok
03:32:36.0806 3956 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
03:32:36.0822 3956 p2psvc - ok
03:32:36.0838 3956 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
03:32:36.0853 3956 Parport - ok
03:32:36.0884 3956 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
03:32:36.0884 3956 partmgr - ok
03:32:36.0900 3956 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
03:32:36.0900 3956 Parvdm - ok
03:32:36.0931 3956 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
03:32:36.0947 3956 PcaSvc - ok
03:32:36.0994 3956 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
03:32:36.0994 3956 pci - ok
03:32:37.0009 3956 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
03:32:37.0009 3956 pciide - ok
03:32:37.0056 3956 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
03:32:37.0056 3956 pcmcia - ok
03:32:37.0087 3956 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
03:32:37.0087 3956 pcw - ok
03:32:37.0134 3956 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
03:32:37.0150 3956 PEAUTH - ok
03:32:37.0228 3956 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
03:32:37.0259 3956 pla - ok
03:32:37.0306 3956 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
03:32:37.0306 3956 PlugPlay - ok
03:32:37.0368 3956 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
03:32:37.0368 3956 Pml Driver HPZ12 - ok
03:32:37.0384 3956 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
03:32:37.0399 3956 PNRPAutoReg - ok
03:32:37.0415 3956 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
03:32:37.0415 3956 PNRPsvc - ok
03:32:37.0462 3956 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
03:32:37.0462 3956 PolicyAgent - ok
03:32:37.0508 3956 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
03:32:37.0508 3956 Power - ok
03:32:37.0540 3956 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
03:32:37.0540 3956 PptpMiniport - ok
03:32:37.0571 3956 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
03:32:37.0571 3956 Processor - ok
03:32:37.0602 3956 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
03:32:37.0618 3956 ProfSvc - ok
03:32:37.0618 3956 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
03:32:37.0633 3956 ProtectedStorage - ok
03:32:37.0680 3956 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
03:32:37.0680 3956 Psched - ok
03:32:37.0742 3956 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
03:32:37.0758 3956 ql2300 - ok
03:32:37.0789 3956 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
03:32:37.0789 3956 ql40xx - ok
03:32:37.0820 3956 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
03:32:37.0836 3956 QWAVE - ok
03:32:37.0852 3956 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
03:32:37.0852 3956 QWAVEdrv - ok
03:32:37.0867 3956 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
03:32:37.0867 3956 RasAcd - ok
03:32:37.0898 3956 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
03:32:37.0898 3956 RasAgileVpn - ok
03:32:37.0930 3956 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
03:32:37.0930 3956 RasAuto - ok
03:32:37.0961 3956 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
03:32:37.0976 3956 Rasl2tp - ok
03:32:38.0023 3956 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
03:32:38.0023 3956 RasMan - ok
03:32:38.0039 3956 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
03:32:38.0039 3956 RasPppoe - ok
03:32:38.0054 3956 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
03:32:38.0054 3956 RasSstp - ok
03:32:38.0101 3956 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
03:32:38.0101 3956 rdbss - ok
03:32:38.0132 3956 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
03:32:38.0132 3956 rdpbus - ok
03:32:38.0164 3956 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
03:32:38.0164 3956 RDPCDD - ok
03:32:38.0179 3956 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
03:32:38.0179 3956 RDPENCDD - ok
03:32:38.0195 3956 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
03:32:38.0195 3956 RDPREFMP - ok
03:32:38.0242 3956 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
03:32:38.0242 3956 RDPWD - ok
03:32:38.0273 3956 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
03:32:38.0288 3956 rdyboost - ok
03:32:38.0320 3956 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
03:32:38.0320 3956 RemoteAccess - ok
03:32:38.0335 3956 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
03:32:38.0335 3956 RemoteRegistry - ok
03:32:38.0366 3956 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
03:32:38.0366 3956 RFCOMM - ok
03:32:38.0382 3956 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
03:32:38.0398 3956 RpcEptMapper - ok
03:32:38.0413 3956 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
03:32:38.0429 3956 RpcLocator - ok
03:32:38.0444 3956 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
03:32:38.0444 3956 RpcSs - ok
03:32:38.0476 3956 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
03:32:38.0476 3956 rspndr - ok
03:32:38.0522 3956 [ 434DCF7AE4300C876AA40873E3113983 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
03:32:38.0522 3956 RSUSBSTOR - ok
03:32:38.0554 3956 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
03:32:38.0554 3956 RTL8167 - ok
03:32:38.0569 3956 RtsUIR - ok
03:32:38.0585 3956 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
03:32:38.0585 3956 SamSs - ok
03:32:38.0647 3956 [ 5BF35C4EA3F00FA8D3F1E5BF03D24584 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
03:32:38.0647 3956 SASDIFSV - ok
03:32:38.0710 3956 [ A22F08C98AC2F44587BF3A1FB52BF8CD ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
03:32:38.0710 3956 SASENUM - ok
03:32:38.0725 3956 [ C7D81C10D3BEFEEE41F3408714637438 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
03:32:38.0725 3956 SASKUTIL - ok
03:32:38.0756 3956 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
03:32:38.0756 3956 sbp2port - ok
03:32:38.0788 3956 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
03:32:38.0788 3956 SCardSvr - ok
03:32:38.0803 3956 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
03:32:38.0803 3956 scfilter - ok
03:32:38.0850 3956 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
03:32:38.0866 3956 Schedule - ok
03:32:38.0881 3956 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
03:32:38.0881 3956 SCPolicySvc - ok
03:32:38.0928 3956 [ 21ABB8D3D85E33C206B10F7629D7433C ] SCR3XX2K C:\windows\system32\DRIVERS\SCR3XX2K.sys
03:32:38.0944 3956 SCR3XX2K - ok
03:32:38.0975 3956 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\windows\system32\drivers\sdbus.sys
03:32:38.0990 3956 sdbus - ok
03:32:39.0022 3956 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
03:32:39.0022 3956 SDRSVC - ok
03:32:39.0100 3956 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
03:32:39.0100 3956 SeaPort - ok
03:32:39.0146 3956 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
03:32:39.0146 3956 secdrv - ok
03:32:39.0193 3956 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
03:32:39.0193 3956 seclogon - ok
03:32:39.0209 3956 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
03:32:39.0209 3956 SENS - ok
03:32:39.0224 3956 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
03:32:39.0224 3956 SensrSvc - ok
03:32:39.0256 3956 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
03:32:39.0256 3956 Serenum - ok
03:32:39.0287 3956 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
03:32:39.0287 3956 Serial - ok
03:32:39.0318 3956 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
03:32:39.0318 3956 sermouse - ok
03:32:39.0365 3956 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
03:32:39.0380 3956 SessionEnv - ok
03:32:39.0396 3956 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
03:32:39.0412 3956 sffdisk - ok
03:32:39.0427 3956 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
03:32:39.0427 3956 sffp_mmc - ok
03:32:39.0427 3956 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
03:32:39.0443 3956 sffp_sd - ok
03:32:39.0458 3956 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
03:32:39.0458 3956 sfloppy - ok
03:32:39.0505 3956 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
03:32:39.0505 3956 ShellHWDetection - ok
03:32:39.0536 3956 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
03:32:39.0536 3956 sisagp - ok
03:32:39.0568 3956 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
03:32:39.0568 3956 SiSRaid2 - ok
03:32:39.0583 3956 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
03:32:39.0583 3956 SiSRaid4 - ok
03:32:39.0614 3956 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
03:32:39.0614 3956 Smb - ok
03:32:39.0661 3956 [ 19301C27F3425DC39F6C599F527E507D ] smserial C:\windows\system32\DRIVERS\smserial.sys
03:32:39.0677 3956 smserial - ok
03:32:39.0724 3956 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
03:32:39.0724 3956 SNMPTRAP - ok
03:32:39.0739 3956 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
03:32:39.0739 3956 spldr - ok
03:32:39.0786 3956 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\windows\System32\spoolsv.exe
03:32:39.0786 3956 Spooler - ok
03:32:39.0895 3956 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
03:32:39.0958 3956 sppsvc - ok
03:32:40.0004 3956 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
03:32:40.0004 3956 sppuinotify - ok
03:32:40.0036 3956 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
03:32:40.0051 3956 srv - ok
03:32:40.0082 3956 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
03:32:40.0082 3956 srv2 - ok
03:32:40.0098 3956 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
03:32:40.0114 3956 srvnet - ok
03:32:40.0145 3956 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\windows\system32\DRIVERS\sscdbus.sys
03:32:40.0145 3956 sscdbus - ok
03:32:40.0192 3956 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\windows\system32\DRIVERS\sscdmdfl.sys
03:32:40.0192 3956 sscdmdfl - ok
03:32:40.0223 3956 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\windows\system32\DRIVERS\sscdmdm.sys
03:32:40.0223 3956 sscdmdm - ok
03:32:40.0254 3956 [ 751E66EB32EFA80633B80F5D7FF0A1D8 ] sscdserd C:\windows\system32\DRIVERS\sscdserd.sys
03:32:40.0254 3956 sscdserd - ok
03:32:40.0285 3956 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
03:32:40.0285 3956 SSDPSRV - ok
03:32:40.0316 3956 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
03:32:40.0332 3956 SstpSvc - ok
03:32:40.0348 3956 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
03:32:40.0348 3956 stexstor - ok
03:32:40.0394 3956 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
03:32:40.0410 3956 StiSvc - ok
03:32:40.0441 3956 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
03:32:40.0441 3956 swenum - ok
03:32:40.0488 3956 [ 2712CC6D42F1C620E3B5D81B215B942D ] SWMX00 C:\windows\system32\DRIVERS\swmx00.sys
03:32:40.0488 3956 SWMX00 - ok
03:32:40.0519 3956 [ 47EDCD5FDD249E5273CB90E56BE97A5D ] SWNC5E00 C:\windows\system32\DRIVERS\SWNC5E00.sys
03:32:40.0519 3956 SWNC5E00 - ok
03:32:40.0550 3956 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
03:32:40.0566 3956 swprv - ok
03:32:40.0628 3956 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
03:32:40.0644 3956 SysMain - ok
03:32:40.0675 3956 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
03:32:40.0691 3956 TabletInputService - ok
03:32:40.0738 3956 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
03:32:40.0753 3956 TapiSrv - ok
03:32:40.0784 3956 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
03:32:40.0784 3956 TBS - ok
03:32:40.0847 3956 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\windows\system32\drivers\tcpip.sys
03:32:40.0878 3956 Tcpip - ok
03:32:40.0925 3956 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
03:32:40.0940 3956 TCPIP6 - ok
03:32:40.0987 3956 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
03:32:41.0003 3956 tcpipreg - ok
03:32:41.0050 3956 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
03:32:41.0050 3956 TDPIPE - ok
03:32:41.0096 3956 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
03:32:41.0096 3956 TDTCP - ok
03:32:41.0128 3956 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
03:32:41.0128 3956 tdx - ok
03:32:41.0159 3956 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
03:32:41.0159 3956 TermDD - ok
03:32:41.0206 3956 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
03:32:41.0221 3956 TermService - ok
03:32:41.0237 3956 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
03:32:41.0237 3956 Themes - ok
03:32:41.0252 3956 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
03:32:41.0252 3956 THREADORDER - ok
03:32:41.0284 3956 [ 85B6FF02491B6DB3572B4F93E56CAB7C ] toshidpt C:\windows\system32\drivers\Toshidpt.sys
03:32:41.0284 3956 toshidpt - ok
03:32:41.0299 3956 [ 90AFA1A4451BBBEE87C9F18A665D8121 ] tosporte C:\windows\system32\DRIVERS\tosporte.sys
03:32:41.0299 3956 tosporte - ok
03:32:41.0330 3956 [ 00371CE4DA09B68BA0FF953E61820981 ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
03:32:41.0330 3956 tosrfbd - ok
03:32:41.0346 3956 [ 74392BAB3F0D4810DA8436EC79D6955D ] tosrfbnp C:\windows\system32\Drivers\tosrfbnp.sys
03:32:41.0346 3956 tosrfbnp - ok
03:32:41.0377 3956 [ 1AD9EB1B5ABD0AEEE4084C8153476F1E ] Tosrfcom C:\windows\system32\Drivers\tosrfcom.sys
03:32:41.0377 3956 Tosrfcom - ok
03:32:41.0393 3956 [ A72A3473180F378CC07D342803FFD580 ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
03:32:41.0393 3956 Tosrfhid - ok
03:32:41.0424 3956 [ B2A1A6538245FD69578224BBF2FD4677 ] tosrfnds C:\windows\system32\DRIVERS\tosrfnds.sys
03:32:41.0424 3956 tosrfnds - ok
03:32:41.0455 3956 [ F1CA74CCA8241D8B8A024AECC643C547 ] TosRfSnd C:\windows\system32\drivers\tosrfsnd.sys
03:32:41.0455 3956 TosRfSnd - ok
03:32:41.0471 3956 [ F400FB9616261A1B66E6D2E04B6C3538 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
03:32:41.0471 3956 Tosrfusb - ok
03:32:41.0518 3956 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
03:32:41.0518 3956 TrkWks - ok
03:32:41.0580 3956 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
03:32:41.0580 3956 TrustedInstaller - ok
03:32:41.0596 3956 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
03:32:41.0596 3956 tssecsrv - ok
03:32:41.0674 3956 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
03:32:41.0674 3956 TsUsbFlt - ok
03:32:41.0705 3956 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
03:32:41.0705 3956 tunnel - ok
03:32:41.0736 3956 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
03:32:41.0752 3956 uagp35 - ok
03:32:41.0783 3956 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
03:32:41.0783 3956 udfs - ok
03:32:41.0830 3956 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
03:32:41.0830 3956 UI0Detect - ok
03:32:41.0861 3956 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
03:32:41.0861 3956 uliagpkx - ok
03:32:41.0892 3956 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
03:32:41.0892 3956 umbus - ok
03:32:41.0923 3956 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
03:32:41.0923 3956 UmPass - ok
03:32:41.0954 3956 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
03:32:41.0970 3956 upnphost - ok
03:32:42.0017 3956 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
03:32:42.0017 3956 USBAAPL - ok
03:32:42.0064 3956 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\windows\system32\drivers\usbaudio.sys
03:32:42.0064 3956 usbaudio - ok
03:32:42.0095 3956 [ 8EF48FF1C23B1CE6F96D09A45959EB20 ] usbbus C:\windows\system32\DRIVERS\lgusbbus.sys
03:32:42.0095 3956 usbbus - ok
03:32:42.0142 3956 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
03:32:42.0142 3956 usbccgp - ok
03:32:42.0142 3956 USBCCID - ok
03:32:42.0188 3956 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
03:32:42.0188 3956 usbcir - ok
03:32:42.0220 3956 [ A0E24C5C2D0CFF04BBD3753A72FAE80B ] UsbDiag C:\windows\system32\DRIVERS\lgusbdiag.sys
03:32:42.0220 3956 UsbDiag - ok
03:32:42.0266 3956 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
03:32:42.0266 3956 usbehci - ok
03:32:42.0313 3956 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
03:32:42.0313 3956 usbhub - ok
03:32:42.0376 3956 [ CC09A1132B1F6A8362107CC134E90D0B ] USBModem C:\windows\system32\DRIVERS\lgusbmodem.sys
03:32:42.0376 3956 USBModem - ok
03:32:42.0407 3956 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
03:32:42.0407 3956 usbohci - ok
03:32:42.0438 3956 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
03:32:42.0438 3956 usbprint - ok
03:32:42.0500 3956 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
03:32:42.0500 3956 usbscan - ok
03:32:42.0516 3956 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
03:32:42.0516 3956 USBSTOR - ok
03:32:42.0547 3956 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
03:32:42.0547 3956 usbuhci - ok
03:32:42.0578 3956 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
03:32:42.0594 3956 usbvideo - ok
03:32:42.0610 3956 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
03:32:42.0610 3956 UxSms - ok
03:32:42.0625 3956 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
03:32:42.0625 3956 VaultSvc - ok
03:32:42.0641 3956 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
03:32:42.0641 3956 vdrvroot - ok
03:32:42.0688 3956 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
03:32:42.0688 3956 vds - ok
03:32:42.0719 3956 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
03:32:42.0719 3956 vga - ok
03:32:42.0734 3956 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
03:32:42.0734 3956 VgaSave - ok
03:32:42.0781 3956 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
03:32:42.0781 3956 vhdmp - ok
03:32:42.0797 3956 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
03:32:42.0812 3956 viaagp - ok
03:32:42.0828 3956 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
03:32:42.0828 3956 ViaC7 - ok
03:32:42.0875 3956 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
03:32:42.0875 3956 viaide - ok
03:32:42.0890 3956 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
03:32:42.0890 3956 volmgr - ok
03:32:42.0922 3956 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
03:32:42.0937 3956 volmgrx - ok
03:32:42.0953 3956 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
03:32:42.0953 3956 volsnap - ok
03:32:42.0984 3956 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
03:32:42.0984 3956 vsmraid - ok
03:32:43.0046 3956 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
03:32:43.0062 3956 VSS - ok
03:32:43.0093 3956 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
03:32:43.0093 3956 vwifibus - ok
03:32:43.0109 3956 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
03:32:43.0109 3956 vwififlt - ok
03:32:43.0156 3956 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
03:32:43.0156 3956 vwifimp - ok
03:32:43.0187 3956 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
03:32:43.0187 3956 W32Time - ok
03:32:43.0202 3956 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
03:32:43.0202 3956 WacomPen - ok
03:32:43.0249 3956 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
03:32:43.0249 3956 WANARP - ok
03:32:43.0249 3956 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
03:32:43.0265 3956 Wanarpv6 - ok
03:32:43.0343 3956 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
03:32:43.0358 3956 WatAdminSvc - ok
03:32:43.0421 3956 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
03:32:43.0436 3956 wbengine - ok
03:32:43.0483 3956 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
03:32:43.0483 3956 WbioSrvc - ok
03:32:43.0514 3956 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
03:32:43.0530 3956 wcncsvc - ok
03:32:43.0546 3956 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
03:32:43.0546 3956 WcsPlugInService - ok
03:32:43.0577 3956 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
03:32:43.0577 3956 Wd - ok
03:32:43.0639 3956 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam.sys
03:32:43.0639 3956 WDC_SAM - ok
03:32:43.0655 3956 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
03:32:43.0670 3956 Wdf01000 - ok
03:32:43.0670 3956 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
03:32:43.0686 3956 WdiServiceHost - ok
03:32:43.0686 3956 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
03:32:43.0686 3956 WdiSystemHost - ok
03:32:43.0733 3956 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
03:32:43.0733 3956 WebClient - ok
03:32:43.0764 3956 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
03:32:43.0780 3956 Wecsvc - ok
03:32:43.0780 3956 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
03:32:43.0795 3956 wercplsupport - ok
03:32:43.0795 3956 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
03:32:43.0811 3956 WerSvc - ok
03:32:43.0826 3956 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
03:32:43.0842 3956 WfpLwf - ok
03:32:43.0858 3956 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
03:32:43.0858 3956 WIMMount - ok
03:32:43.0873 3956 WinHttpAutoProxySvc - ok
03:32:43.0936 3956 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
03:32:43.0936 3956 Winmgmt - ok
03:32:43.0998 3956 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
03:32:43.0998 3956 WinRM - ok
03:32:44.0076 3956 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
03:32:44.0076 3956 WinUsb - ok
03:32:44.0107 3956 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
03:32:44.0123 3956 Wlansvc - ok
03:32:44.0248 3956 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:32:44.0248 3956 wlidsvc - ok
03:32:44.0310 3956 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
03:32:44.0310 3956 WmiAcpi - ok
03:32:44.0341 3956 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
03:32:44.0341 3956 wmiApSrv - ok
03:32:44.0419 3956 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
03:32:44.0419 3956 WMPNetworkSvc - ok
03:32:44.0450 3956 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
03:32:44.0450 3956 WPCSvc - ok
03:32:44.0482 3956 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
03:32:44.0497 3956 WPDBusEnum - ok
03:32:44.0513 3956 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
03:32:44.0513 3956 ws2ifsl - ok
03:32:44.0528 3956 WSearch - ok
03:32:44.0591 3956 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
03:32:44.0591 3956 WudfPf - ok
03:32:44.0638 3956 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
03:32:44.0638 3956 WUDFRd - ok
03:32:44.0653 3956 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\windows\System32\WUDFSvc.dll
03:32:44.0653 3956 wudfsvc - ok
03:32:44.0684 3956 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
03:32:44.0700 3956 WwanSvc - ok
03:32:44.0731 3956 ================ Scan global ===============================
03:32:44.0809 3956 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
03:32:44.0840 3956 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
03:32:44.0856 3956 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
03:32:44.0887 3956 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
03:32:44.0918 3956 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
03:32:44.0918 3956 [Global] - ok
03:32:44.0918 3956 ================ Scan MBR ==================================
03:32:44.0934 3956 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
03:32:45.0121 3956 \Device\Harddisk0\DR0 - ok
03:32:45.0121 3956 ================ Scan VBR ==================================
03:32:45.0152 3956 [ 37066B35A291F05985DB560CEC742B89 ] \Device\Harddisk0\DR0\Partition1
03:32:45.0152 3956 \Device\Harddisk0\DR0\Partition1 - ok
03:32:45.0184 3956 [ 539AC94B218179C6B510867776B1E881 ] \Device\Harddisk0\DR0\Partition2
03:32:45.0184 3956 \Device\Harddisk0\DR0\Partition2 - ok
03:32:45.0184 3956 ============================================================
03:32:45.0184 3956 Scan finished
03:32:45.0184 3956 ============================================================
03:32:45.0199 2640 Detected object count: 0
03:32:45.0199 2640 Actual detected object count: 0
03:33:06.0556 3412 Deinitialize success

2. ASWMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-29 03:45:11
-----------------------------
03:45:11.719 OS Version: Windows 6.1.7601 Service Pack 1
03:45:11.719 Number of processors: 2 586 0x170A
03:45:11.735 ComputerName: MICHAEL-MSI UserName: Michael
03:45:12.686 Initialize success
03:45:20.049 AVAST engine defs: 12082803
03:45:23.013 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070
03:45:23.029 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
03:45:23.045 Disk 0 MBR read successfully
03:45:23.045 Disk 0 MBR scan
03:45:23.045 Disk 0 Windows 7 default MBR code
03:45:23.060 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
03:45:23.107 Disk 0 Partition 2 80 (A) 27 Hidden NTFS WinRE NTFS 100 MB offset 20973568
03:45:23.123 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 136880 MB offset 21178368
03:45:23.169 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 91253 MB offset 301508608
03:45:23.201 Disk 0 scanning sectors +488394752
03:45:23.279 Disk 0 scanning C:\windows\system32\drivers
03:45:36.320 Service scanning
03:46:12.843 Modules scanning
03:46:26.836 Disk 0 trace - called modules:
03:46:26.867 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys
03:46:26.867 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a94460]
03:46:26.867 3 CLASSPNP.SYS[8ae0459e] -> nt!IofCallDriver -> [0x864f4978]
03:46:26.883 5 ACPI.sys[8b0903d4] -> nt!IofCallDriver -> \Device\00000070[0x864aa160]
03:46:27.819 AVAST engine scan C:\windows
03:46:29.831 AVAST engine scan C:\windows\system32
03:49:23.199 AVAST engine scan C:\windows\system32\drivers
03:49:38.192 AVAST engine scan C:\Users\Michael
03:50:16.615 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"
03:50:16.630 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

3. ESET

C:\Users\Michael\AppData\Local\Temp\Temporary Internet Files\Content.IE5\B0X3A7EO\kitten[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Michael\AppData\Local\Temp\Temporary Internet Files\Content.IE5\F0KU2T6F\slider[1].aspx HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Michael\AppData\Local\Temp\Temporary Internet Files\Content.IE5\O0JW27JD\slider[1].aspx HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Michael\Documents\My Projects\DVDStyler_141.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\510C3XRF\american-eskimo-puppy-chases-the-cat[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\510C3XRF\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\510C3XRF\kitty-wrestling-a-ball-in-laundry-basket[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Z7FAU7L\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Z7FAU7L\ifCAT3C03N.txt HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QOLF2J\puppy-plays-with-cat[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTCG5ZRK\cat-and-dolphin-playing-together[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTCG5ZRK\cat-and-dolphin-playing-together[2].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTCG5ZRK\ifCA6V18R9.txt HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTCG5ZRK\nine-wild-kittens-playing-on-bed[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTCG5ZRK\talking-cat[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:14 PM

Posted 28 August 2012 - 09:02 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 subguy

subguy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 29 August 2012 - 05:32 PM

Hi narenxp, sorry this took a while to get done. Here are the results of the scans you requested. P.S. thanks for the help.

1. MBAM log
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Michael :: MICHAEL-MSI [administrator]

Protection: Enabled

8/29/2012 11:22:54 PM
mbam-log-2012-08-29 (23-22-54).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316106
Time elapsed: 1 hour(s), 37 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Then this report came up, from MBAM, not sure if it is important.

2012/08/30 01:17:54 +0300 MICHAEL-MSI Michael MESSAGE Starting protection
2012/08/30 01:17:57 +0300 MICHAEL-MSI Michael MESSAGE Protection started successfully
2012/08/30 01:18:00 +0300 MICHAEL-MSI Michael MESSAGE Starting IP protection
2012/08/30 01:18:00 +0300 MICHAEL-MSI Michael ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753

2. Minitool box

MiniToolBox by Farbar Version: 23-07-2012
Ran by Michael (administrator) on 30-08-2012 at 01:09:05
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local"

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Disconnected)
Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Michael-msi
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-25-D3-7E-2D-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 00-25-D3-7E-2D-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6836:f16f:7696:84a2%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.11.1.48(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 29, 2012 11:20:16 PM
Lease Expires . . . . . . . . . . : Thursday, August 30, 2012 1:50:16 AM
Default Gateway . . . . . . . . . : 10.11.1.1
DHCP Server . . . . . . . . . . . : 10.11.1.1
DHCPv6 IAID . . . . . . . . . . . : 218113491
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-CA-51-07-40-61-86-14-11-6A
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physical Address. . . . . . . . . : 40-61-86-14-11-6A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{69263ECD-8C6E-45CA-B16F-BC1988515945}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E89683FE-1C5F-43DE-B274-84500B139139}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F0AA3D75-A771-4D6F-A5F0-1A9A1624A6AD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 2607:f8b0:4009:801::1002
74.125.225.72
74.125.225.67
74.125.225.70
74.125.225.73
74.125.225.64
74.125.225.71
74.125.225.78
74.125.225.65
74.125.225.68
74.125.225.66
74.125.225.69


Pinging google.com [74.125.225.67] with 32 bytes of data:
Reply from 74.125.225.67: bytes=32 time=23ms TTL=55
Reply from 74.125.225.67: bytes=32 time=22ms TTL=55

Ping statistics for 74.125.225.67:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 23ms, Average = 22ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=105ms TTL=47
Reply from 98.138.253.109: bytes=32 time=177ms TTL=47

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 105ms, Maximum = 177ms, Average = 141ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
22...06 25 d3 7e 2d 55 ......Microsoft Virtual WiFi Miniport Adapter
11...00 25 d3 7e 2d 55 ......Atheros AR9285 Wireless Network Adapter
10...40 61 86 14 11 6a ......NVIDIA nForce 10/100/1000 Mbps Ethernet
1...........................Software Loopback Interface 1
25...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #4
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #5
23...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #8
20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #6
21...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #7
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.11.1.1 10.11.1.48 25
10.11.1.0 255.255.255.0 On-link 10.11.1.48 281
10.11.1.48 255.255.255.255 On-link 10.11.1.48 281
10.11.1.255 255.255.255.255 On-link 10.11.1.48 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.11.1.48 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.11.1.48 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::6836:f16f:7696:84a2/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 09 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 56 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 57 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 58 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 59 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 60 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 61 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 62 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 63 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 64 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 65 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 66 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 67 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 68 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 69 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/29/2012 01:56:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x0120b461
Faulting process id: 0x404
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/29/2012 01:54:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x00bbb461
Faulting process id: 0x95c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/29/2012 01:51:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x0030b478
Faulting process id: 0x1510
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/29/2012 01:50:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x0012b461
Faulting process id: 0x14b0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/29/2012 01:49:26 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x00bbb461
Faulting process id: 0xf44
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/29/2012 01:48:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x0113b461
Faulting process id: 0x45c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/29/2012 01:47:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x013ab461
Faulting process id: 0x460
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/29/2012 01:46:25 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x00ccb461
Faulting process id: 0x1640
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/29/2012 01:45:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x000bb461
Faulting process id: 0xdec
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/29/2012 01:44:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: 80000032.@_unloaded, version: 0.0.0.0, time stamp: 0x4fe23011
Exception code: 0xc0000005
Fault offset: 0x00f8b461
Faulting process id: 0xc70
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (08/29/2012 11:18:32 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1058

Error: (08/29/2012 11:18:32 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1058

Error: (08/29/2012 11:18:31 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/29/2012 02:36:09 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1058

Error: (08/29/2012 02:36:09 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1058

Error: (08/29/2012 02:36:08 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/29/2012 02:33:19 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (08/29/2012 05:11:27 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1058

Error: (08/29/2012 05:11:27 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:
%%1058

Error: (08/29/2012 05:11:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 6.1.1)
Acrobat.com (Version: 1.6.65)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player Plugin (Version: 9.0.124.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Brochures & Flyers
ArcSoft Print Creations - Funhouse II
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Poster Creator
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations (Version: 3.0.255.331)
ArcSoft WebCam Companion 3 (Version: 3.0.32.134)
BurnRecovery (Version: 3.0.908.2201)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conduit Engine (Version: )
ESET Online Scanner v3
Google Update Helper (Version: 1.3.21.115)
HP Update (Version: 4.000.011.006)
iCloud (Version: 1.0.1.29)
InstallIQ Updater (Version: 1.4.1.0)
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 34 (Version: 6.0.340)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.127.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MobileMe Control Panel (Version: 3.1.8.0)
MSI Software Install (Version: 3.0.908.2001)
NCH Toolbar (Version: 6.2.1.8)
NVIDIA Drivers (Version: 1.3)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 6.0.1.5859)
Realtek USB 2.0 Card Reader (Version: 6.1.7100.30093)
SUPERAntiSpyware Free Edition (Version: 4.33.0.1000)
System Control Manager (Version: 2.209.0724.004.10)
TuneUp Companion 2.4.2.1 (Version: 2.4.2.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR archiver
Xvid Video Codec (Version: 1.3.1)

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 2815.24 MB
Available physical RAM: 1568.04 MB
Total Pagefile: 5628.76 MB
Available Pagefile: 4203.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.96 MB

========================= Partitions: =====================================

1 Drive c: (OS_Install) (Fixed) (Total:133.67 GB) (Free:78.04 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:89.11 GB) (Free:0.01 GB) NTFS

========================= Users: ========================================

User accounts for \\MICHAEL-MSI

Administrator Guest Michael


**** End of log ****

3. FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Michael (administrator) on 30-08-2012 at 01:11:26
Running from "C:\Users\Michael\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is set to Disabled. The default start type is Auto.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

4. adware cleaner

# AdwCleaner v1.801 - Logfile created 08/30/2012 at 01:14:14
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Michael - MICHAEL-MSI
# Boot Mode : Normal
# Running from : C:\Users\Michael\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Michael\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Michael\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Michael\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Michael\AppData\LocalLow\Hotbar
Folder Deleted : C:\Users\Michael\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Michael\AppData\LocalLow\NCH
Folder Deleted : C:\Users\Michael\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Michael\AppData\LocalLow\ShoppingReport
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\NCH

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2117678
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319576
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2354614
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\Hotbar
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH Toolbar
Key Deleted : HKLM\SOFTWARE\NCH

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C82A6707-0024-4C0D-B22D-C2DB3D8A8DBA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C4B5403-6B3E-48D8-9E66-AFA0D0130BB6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88B7167C-5BC7-4A62-A7E3-BFD0168CF208}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C82A6707-0024-4C0D-B22D-C2DB3D8A8DBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\cah2d43r.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6403 octets] - [30/08/2012 01:14:14]

########## EOF - C:\AdwCleaner[S1].txt - [6531 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:14 PM

Posted 29 August 2012 - 06:08 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 subguy

subguy
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 29 August 2012 - 07:03 PM

The next two scans coming up.
1. FSS log

Farbar Service Scanner Version: 06-08-2012
Ran by Michael (administrator) on 30-08-2012 at 02:52:54
Running from "C:\Users\Michael\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

2. RKILL

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/30/2012 02:57:22 AM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.
* No issues found.

Checking Windows Service Integrity:

* AppMgmt [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/30/2012 02:57:49 AM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:14 PM

Posted 29 August 2012 - 08:39 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users