Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing metropolitan police ukash virus


  • Please log in to reply
8 replies to this topic

#1 dave_unreal

dave_unreal

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 03 September 2012 - 09:41 AM

Hi

I'm helping a friend remove some malware from his PC. It locks up his PC completely unless I boot in safe mode. (booting normally results in seeing the desktop for a few seconds then a white screen for 10 mins before seeing the fake warning message).

I've read a little about the malware on another thread and I've run TDSSKiller, ASWMBR and ESET Online Scanner. I've posted the logs below.

I'd very much appreciate it if someone could have a look for me. It's a bit beyond my abilities.

Thanks

TDSSKiller:
13:11:50.0733 3684 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:11:52.0308 3684 ============================================================
13:11:52.0308 3684 Current date / time: 2012/09/03 13:11:52.0308
13:11:52.0308 3684 SystemInfo:
13:11:52.0308 3684
13:11:52.0308 3684 OS Version: 6.0.6002 ServicePack: 2.0
13:11:52.0308 3684 Product type: Workstation
13:11:52.0308 3684 ComputerName: STEVE-PC
13:11:52.0308 3684 UserName: Steve
13:11:52.0308 3684 Windows directory: C:\Windows
13:11:52.0308 3684 System windows directory: C:\Windows
13:11:52.0308 3684 Processor architecture: Intel x86
13:11:52.0308 3684 Number of processors: 2
13:11:52.0308 3684 Page size: 0x1000
13:11:52.0308 3684 Boot type: Safe boot with network
13:11:52.0308 3684 ============================================================
13:12:03.0884 3684 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:12:03.0946 3684 Drive \Device\Harddisk1\DR1 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:12:03.0993 3684 ============================================================
13:12:03.0993 3684 \Device\Harddisk0\DR0:
13:12:04.0040 3684 MBR partitions:
13:12:04.0040 3684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1400000
13:12:04.0040 3684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141F800, BlocksNum 0x1BD89000
13:12:04.0040 3684 \Device\Harddisk1\DR1:
13:12:04.0040 3684 MBR partitions:
13:12:04.0040 3684 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E936870
13:12:04.0040 3684 ============================================================
13:12:04.0336 3684 C: <-> \Device\Harddisk0\DR0\Partition2
13:12:04.0570 3684 D: <-> \Device\Harddisk0\DR0\Partition1
13:12:04.0570 3684 J: <-> \Device\Harddisk1\DR1\Partition1
13:12:04.0570 3684 ============================================================
13:12:04.0570 3684 Initialize success
13:12:04.0570 3684 ============================================================
13:12:08.0127 3756 ============================================================
13:12:08.0127 3756 Scan started
13:12:08.0127 3756 Mode: Manual;
13:12:08.0127 3756 ============================================================
13:12:56.0346 3932 ============================================================
13:12:56.0346 3932 Scan started
13:12:56.0346 3932 Mode: Manual; TDLFS;
13:12:56.0346 3932 ============================================================
13:13:06.0908 3932 ================ Scan system memory ========================
13:13:06.0908 3932 System memory - ok
13:13:06.0908 3932 ================ Scan services =============================
13:13:18.0810 3932 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:13:19.0122 3932 ACPI - ok
13:13:19.0824 3932 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:13:20.0168 3932 AdobeFlashPlayerUpdateSvc - ok
13:13:20.0620 3932 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:13:21.0026 3932 adp94xx - ok
13:13:21.0275 3932 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:13:21.0618 3932 adpahci - ok
13:13:21.0759 3932 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:13:21.0993 3932 adpu160m - ok
13:13:22.0164 3932 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:13:22.0383 3932 adpu320 - ok
13:13:22.0664 3932 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:13:22.0726 3932 AeLookupSvc - ok
13:13:23.0022 3932 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
13:13:23.0163 3932 AERTFilters - ok
13:13:23.0678 3932 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
13:13:23.0974 3932 AFD - ok
13:13:24.0177 3932 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:13:24.0224 3932 agp440 - ok
13:13:24.0473 3932 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:13:24.0536 3932 aic78xx - ok
13:13:24.0676 3932 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
13:13:24.0738 3932 ALG - ok
13:13:24.0957 3932 [ DC67A153FDB8105B25D05334B5E1D8E2 ] aliide C:\Windows\system32\drivers\aliide.sys
13:13:25.0050 3932 aliide - ok
13:13:25.0206 3932 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:13:25.0222 3932 amdagp - ok
13:13:25.0331 3932 [ 835C4C3355088298A5EBD818FA31430F ] amdide C:\Windows\system32\drivers\amdide.sys
13:13:25.0409 3932 amdide - ok
13:13:25.0518 3932 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:13:25.0534 3932 AmdK7 - ok
13:13:25.0596 3932 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:13:25.0674 3932 AmdK8 - ok
13:13:25.0940 3932 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
13:13:26.0002 3932 Appinfo - ok
13:13:27.0656 3932 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:13:27.0656 3932 Apple Mobile Device - ok
13:13:27.0936 3932 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
13:13:28.0077 3932 arc - ok
13:13:28.0389 3932 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:13:28.0576 3932 arcsas - ok
13:13:30.0354 3932 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:13:30.0682 3932 aspnet_state - ok
13:13:30.0854 3932 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:13:30.0978 3932 AsyncMac - ok
13:13:31.0119 3932 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
13:13:31.0119 3932 atapi - ok
13:13:31.0868 3932 [ B488FC27338B83C9FC91D684467EEB7E ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
13:13:32.0492 3932 Ati External Event Utility - ok
13:13:34.0145 3932 [ E52B7A5010011C29063684CAC1A6BBF0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:13:36.0875 3932 atikmdag - ok
13:13:37.0156 3932 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:13:37.0312 3932 AudioEndpointBuilder - ok
13:13:37.0452 3932 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:13:37.0452 3932 Audiosrv - ok
13:13:37.0749 3932 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
13:13:37.0796 3932 Beep - ok
13:13:38.0264 3932 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
13:13:38.0607 3932 BFE - ok
13:13:39.0215 3932 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
13:13:40.0526 3932 BITS - ok
13:13:40.0541 3932 blbdrive - ok
13:13:41.0212 3932 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:13:41.0212 3932 Bonjour Service - ok
13:13:41.0368 3932 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:13:41.0571 3932 bowser - ok
13:13:41.0680 3932 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:13:41.0805 3932 BrFiltLo - ok
13:13:41.0914 3932 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:13:42.0039 3932 BrFiltUp - ok
13:13:42.0164 3932 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
13:13:42.0273 3932 Browser - ok
13:13:42.0444 3932 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:13:42.0663 3932 Brserid - ok
13:13:42.0725 3932 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:13:42.0788 3932 BrSerWdm - ok
13:13:43.0037 3932 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:13:43.0162 3932 BrUsbMdm - ok
13:13:43.0224 3932 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:13:43.0271 3932 BrUsbSer - ok
13:13:43.0427 3932 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:13:43.0552 3932 BTHMODEM - ok
13:13:44.0207 3932 catchme - ok
13:13:44.0410 3932 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:13:44.0504 3932 cdfs - ok
13:13:44.0722 3932 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:13:44.0753 3932 cdrom - ok
13:13:45.0050 3932 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
13:13:45.0112 3932 CertPropSvc - ok
13:13:45.0408 3932 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\Windows\system32\drivers\cfwids.sys
13:13:45.0424 3932 cfwids - ok
13:13:45.0486 3932 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
13:13:45.0518 3932 circlass - ok
13:13:45.0705 3932 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
13:13:46.0017 3932 CLFS - ok
13:13:46.0110 3932 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:13:46.0610 3932 clr_optimization_v2.0.50727_32 - ok
13:13:48.0248 3932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:13:49.0324 3932 clr_optimization_v4.0.30319_32 - ok
13:13:49.0371 3932 [ E79CBB2195E965F6E3256E2C1B23FD1C ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:13:49.0418 3932 cmdide - ok
13:13:49.0589 3932 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:13:49.0683 3932 Compbatt - ok
13:13:49.0683 3932 COMSysApp - ok
13:13:49.0776 3932 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:13:49.0776 3932 crcdisk - ok
13:13:50.0073 3932 [ 0C629820AAD9C90E456B221C94D640CA ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
13:13:50.0073 3932 Creative Labs Licensing Service - ok
13:13:50.0120 3932 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:13:50.0213 3932 Crusoe - ok
13:13:50.0385 3932 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:13:50.0603 3932 CryptSvc - ok
13:13:51.0134 3932 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:13:51.0789 3932 DcomLaunch - ok
13:13:51.0867 3932 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:13:51.0976 3932 DfsC - ok
13:13:53.0208 3932 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
13:13:55.0096 3932 DFSR - ok
13:13:55.0252 3932 [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys
13:13:55.0346 3932 dgderdrv - ok
13:13:55.0658 3932 [ 8D949255EDC6F4AA87730B8472106591 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
13:13:55.0860 3932 dg_ssudbus - ok
13:13:56.0204 3932 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:13:56.0500 3932 Dhcp - ok
13:13:56.0672 3932 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
13:13:56.0703 3932 disk - ok
13:13:56.0906 3932 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:13:57.0046 3932 Dnscache - ok
13:13:57.0233 3932 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:13:57.0280 3932 dot3svc - ok
13:13:57.0452 3932 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
13:13:57.0608 3932 DPS - ok
13:13:57.0764 3932 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:13:57.0795 3932 drmkaud - ok
13:13:58.0091 3932 [ 245F62A2AA67F4A61F10174BF1017327 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
13:13:58.0310 3932 DSBrokerService - ok
13:13:58.0746 3932 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
13:13:58.0871 3932 DSproct - ok
13:13:59.0121 3932 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\Windows\system32\DRIVERS\dsunidrv.sys
13:13:59.0136 3932 dsunidrv - ok
13:13:59.0542 3932 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:14:00.0447 3932 DXGKrnl - ok
13:14:00.0774 3932 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
13:14:01.0024 3932 e1express - ok
13:14:01.0196 3932 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:14:01.0430 3932 E1G60 - ok
13:14:01.0586 3932 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
13:14:01.0601 3932 EapHost - ok
13:14:01.0866 3932 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:14:02.0132 3932 Ecache - ok
13:14:02.0303 3932 EF04A6B03BB82CEB - ok
13:14:03.0130 3932 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:14:03.0707 3932 ehRecvr - ok
13:14:03.0879 3932 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
13:14:04.0035 3932 ehSched - ok
13:14:04.0191 3932 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
13:14:04.0238 3932 ehstart - ok
13:14:04.0706 3932 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:14:05.0236 3932 elxstor - ok
13:14:05.0720 3932 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:14:06.0578 3932 EMDMgmt - ok
13:14:06.0983 3932 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
13:14:07.0467 3932 EventSystem - ok
13:14:07.0841 3932 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
13:14:08.0387 3932 exfat - ok
13:14:08.0606 3932 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:14:08.0855 3932 fastfat - ok
13:14:09.0027 3932 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:14:09.0089 3932 fdc - ok
13:14:09.0276 3932 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
13:14:09.0339 3932 fdPHost - ok
13:14:09.0557 3932 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:14:09.0635 3932 FDResPub - ok
13:14:09.0963 3932 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:14:10.0103 3932 FileInfo - ok
13:14:10.0275 3932 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:14:10.0337 3932 Filetrace - ok
13:14:10.0462 3932 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:14:10.0618 3932 flpydisk - ok
13:14:10.0868 3932 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:14:11.0070 3932 FltMgr - ok
13:14:12.0006 3932 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
13:14:13.0067 3932 FontCache - ok
13:14:13.0566 3932 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:14:13.0800 3932 FontCache3.0.0.0 - ok
13:14:14.0003 3932 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
13:14:14.0175 3932 FsUsbExDisk - ok
13:14:14.0752 3932 [ 15AB846886C225FFF0376F3CEF21188F ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe
13:14:15.0017 3932 FsUsbExService - ok
13:14:15.0142 3932 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:14:15.0204 3932 Fs_Rec - ok
13:14:15.0407 3932 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:14:15.0548 3932 gagp30kx - ok
13:14:15.0891 3932 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:14:15.0984 3932 GEARAspiWDM - ok
13:14:16.0671 3932 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
13:14:17.0451 3932 gpsvc - ok
13:14:18.0387 3932 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9858168482398 C:\Program Files\Google\Update\GoogleUpdate.exe
13:14:18.0948 3932 gupdate1c9858168482398 - ok
13:14:19.0214 3932 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:14:19.0214 3932 gupdatem - ok
13:14:19.0853 3932 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:14:20.0649 3932 HDAudBus - ok
13:14:20.0820 3932 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:14:20.0930 3932 HidBth - ok
13:14:21.0086 3932 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:14:21.0195 3932 HidIr - ok
13:14:21.0507 3932 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
13:14:21.0585 3932 hidserv - ok
13:14:21.0788 3932 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:14:21.0850 3932 HidUsb - ok
13:14:22.0037 3932 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:14:22.0162 3932 hkmsvc - ok
13:14:22.0380 3932 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:14:22.0552 3932 HpCISSs - ok
13:14:23.0082 3932 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:14:23.0925 3932 HTTP - ok
13:14:24.0112 3932 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:14:24.0268 3932 i2omp - ok
13:14:24.0736 3932 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:14:24.0798 3932 i8042prt - ok
13:14:25.0157 3932 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
13:14:25.0641 3932 iaStor - ok
13:14:25.0859 3932 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:14:26.0343 3932 iaStorV - ok
13:14:27.0170 3932 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:14:27.0170 3932 IDriverT - ok
13:14:28.0277 3932 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:14:29.0759 3932 idsvc - ok
13:14:29.0915 3932 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:14:30.0024 3932 iirsp - ok
13:14:30.0648 3932 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
13:14:31.0366 3932 IKEEXT - ok
13:14:33.0254 3932 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:14:36.0374 3932 IntcAzAudAddService - ok
13:14:36.0608 3932 [ 0084046C084D68E494F8CF36BCF08186 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
13:14:36.0717 3932 intelide - ok
13:14:37.0013 3932 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:14:37.0091 3932 intelppm - ok
13:14:37.0403 3932 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:14:37.0544 3932 IPBusEnum - ok
13:14:37.0746 3932 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:14:37.0918 3932 IpFilterDriver - ok
13:14:38.0152 3932 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:14:38.0558 3932 iphlpsvc - ok
13:14:38.0558 3932 IpInIp - ok
13:14:38.0714 3932 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:14:38.0901 3932 IPMIDRV - ok
13:14:39.0135 3932 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:14:39.0322 3932 IPNAT - ok
13:14:40.0352 3932 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:14:41.0568 3932 iPod Service - ok
13:14:41.0724 3932 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:14:41.0787 3932 IRENUM - ok
13:14:42.0083 3932 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:14:42.0317 3932 isapnp - ok
13:14:42.0785 3932 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:14:43.0082 3932 iScsiPrt - ok
13:14:43.0253 3932 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:14:43.0425 3932 iteatapi - ok
13:14:43.0503 3932 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:14:43.0596 3932 iteraid - ok
13:14:43.0784 3932 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:14:43.0846 3932 kbdclass - ok
13:14:44.0049 3932 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:14:44.0111 3932 kbdhid - ok
13:14:44.0392 3932 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
13:14:44.0392 3932 KeyIso - ok
13:14:44.0829 3932 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:14:45.0453 3932 KSecDD - ok
13:14:45.0609 3932 KService - ok
13:14:45.0983 3932 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:14:46.0654 3932 KtmRm - ok
13:14:46.0779 3932 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
13:14:47.0091 3932 LanmanServer - ok
13:14:47.0356 3932 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:14:47.0637 3932 LanmanWorkstation - ok
13:14:47.0918 3932 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:14:48.0074 3932 lltdio - ok
13:14:48.0370 3932 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:14:48.0791 3932 lltdsvc - ok
13:14:49.0025 3932 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:14:49.0103 3932 lmhosts - ok
13:14:49.0197 3932 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:14:49.0509 3932 LSI_FC - ok
13:14:49.0649 3932 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:14:49.0992 3932 LSI_SAS - ok
13:14:50.0195 3932 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:14:50.0320 3932 LSI_SCSI - ok
13:14:50.0616 3932 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
13:14:50.0835 3932 luafv - ok
13:14:51.0162 3932 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus.sys
13:14:51.0350 3932 MarvinBus - ok
13:14:52.0223 3932 [ AAC3B33BA020D2AF530D694A5A920180 ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
13:14:52.0551 3932 McAfee SiteAdvisor Service - ok
13:14:53.0003 3932 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
13:14:53.0346 3932 McComponentHostService - ok
13:14:53.0752 3932 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:14:53.0752 3932 McMPFSvc - ok
13:14:53.0830 3932 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:14:53.0830 3932 mcmscsvc - ok
13:14:53.0924 3932 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:14:53.0924 3932 McNaiAnn - ok
13:14:54.0064 3932 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:14:54.0064 3932 McNASvc - ok
13:14:54.0828 3932 [ 135AA9E9E7047B7DC1F753205D421A26 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
13:14:55.0281 3932 McODS - ok
13:14:55.0421 3932 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:14:55.0421 3932 McProxy - ok
13:14:55.0858 3932 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
13:14:55.0858 3932 McShield - ok
13:14:55.0998 3932 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:14:56.0186 3932 Mcx2Svc - ok
13:14:56.0466 3932 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
13:14:56.0576 3932 megasas - ok
13:14:56.0778 3932 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
13:14:57.0028 3932 mfeapfk - ok
13:14:57.0231 3932 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
13:14:57.0402 3932 mfeavfk - ok
13:14:57.0527 3932 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
13:14:57.0699 3932 mfebopk - ok
13:14:57.0933 3932 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
13:14:57.0933 3932 mfefire - ok
13:14:58.0354 3932 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
13:14:58.0791 3932 mfefirek - ok
13:14:59.0337 3932 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
13:14:59.0992 3932 mfehidk - ok
13:15:00.0148 3932 [ AC04A618AEF3DE0FCE91C766F9E069DA ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
13:15:00.0210 3932 mfenlfk - ok
13:15:00.0444 3932 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
13:15:00.0678 3932 mferkdet - ok
13:15:00.0975 3932 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\Windows\system32\mfevtps.exe
13:15:00.0975 3932 mfevtp - ok
13:15:01.0365 3932 [ F284337AEDB7483DF8A5FA840647E2B0 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
13:15:01.0599 3932 mfewfpk - ok
13:15:01.0770 3932 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
13:15:01.0848 3932 MMCSS - ok
13:15:02.0004 3932 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
13:15:02.0098 3932 Modem - ok
13:15:02.0238 3932 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:15:02.0301 3932 monitor - ok
13:15:02.0472 3932 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:15:02.0894 3932 mouclass - ok
13:15:03.0081 3932 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:15:03.0143 3932 mouhid - ok
13:15:03.0268 3932 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:15:03.0408 3932 MountMgr - ok
13:15:03.0736 3932 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
13:15:03.0986 3932 mpio - ok
13:15:04.0157 3932 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:15:04.0188 3932 mpsdrv - ok
13:15:04.0594 3932 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
13:15:05.0093 3932 MpsSvc - ok
13:15:05.0202 3932 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:15:05.0405 3932 Mraid35x - ok
13:15:05.0514 3932 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:15:05.0686 3932 MRxDAV - ok
13:15:05.0826 3932 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:15:05.0936 3932 mrxsmb - ok
13:15:06.0232 3932 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:15:06.0544 3932 mrxsmb10 - ok
13:15:06.0762 3932 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:15:06.0872 3932 mrxsmb20 - ok
13:15:06.0996 3932 [ D420BC42A637AC3CC4F411220549C0DC ] msahci C:\Windows\system32\drivers\msahci.sys
13:15:07.0199 3932 msahci - ok
13:15:07.0340 3932 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:15:07.0433 3932 msdsm - ok
13:15:07.0558 3932 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
13:15:07.0745 3932 MSDTC - ok
13:15:07.0995 3932 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:15:08.0135 3932 Msfs - ok
13:15:08.0338 3932 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:15:08.0354 3932 msisadrv - ok
13:15:08.0416 3932 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:15:08.0494 3932 MSiSCSI - ok
13:15:08.0525 3932 msiserver - ok
13:15:08.0666 3932 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:15:08.0884 3932 MSKSSRV - ok
13:15:09.0180 3932 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:15:09.0274 3932 MSPCLOCK - ok
13:15:09.0446 3932 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:15:09.0602 3932 MSPQM - ok
13:15:09.0898 3932 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:15:10.0226 3932 MsRPC - ok
13:15:10.0397 3932 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:15:10.0460 3932 mssmbios - ok
13:15:10.0631 3932 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:15:10.0850 3932 MSTEE - ok
13:15:10.0974 3932 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
13:15:11.0068 3932 Mup - ok
13:15:11.0411 3932 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
13:15:11.0708 3932 napagent - ok
13:15:11.0926 3932 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:15:12.0191 3932 NativeWifiP - ok
13:15:12.0971 3932 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:15:13.0580 3932 NDIS - ok
13:15:13.0798 3932 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:15:13.0845 3932 NdisTapi - ok
13:15:14.0079 3932 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:15:14.0141 3932 Ndisuio - ok
13:15:14.0282 3932 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:15:14.0406 3932 NdisWan - ok
13:15:14.0547 3932 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:15:14.0656 3932 NDProxy - ok
13:15:14.0843 3932 Nero BackItUp Scheduler 4.0 - ok
13:15:14.0999 3932 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:15:15.0077 3932 NetBIOS - ok
13:15:15.0483 3932 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:15:15.0717 3932 netbt - ok
13:15:15.0779 3932 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
13:15:15.0795 3932 Netlogon - ok
13:15:16.0200 3932 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
13:15:16.0668 3932 Netman - ok
13:15:16.0856 3932 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
13:15:17.0136 3932 netprofm - ok
13:15:17.0308 3932 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:15:17.0480 3932 NetTcpPortSharing - ok
13:15:17.0620 3932 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:15:17.0682 3932 nfrd960 - ok
13:15:17.0948 3932 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:15:18.0275 3932 NlaSvc - ok
13:15:18.0431 3932 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:15:18.0525 3932 Npfs - ok
13:15:18.0696 3932 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
13:15:18.0806 3932 nsi - ok
13:15:19.0040 3932 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:15:19.0102 3932 nsiproxy - ok
13:15:20.0054 3932 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:15:21.0754 3932 Ntfs - ok
13:15:21.0848 3932 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:15:21.0972 3932 ntrigdigi - ok
13:15:22.0316 3932 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
13:15:22.0347 3932 NuidFltr - ok
13:15:22.0550 3932 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
13:15:22.0612 3932 Null - ok
13:15:22.0752 3932 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:15:23.0002 3932 nvraid - ok
13:15:23.0189 3932 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:15:23.0330 3932 nvstor - ok
13:15:23.0454 3932 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:15:23.0579 3932 nv_agp - ok
13:15:23.0610 3932 NwlnkFlt - ok
13:15:23.0610 3932 NwlnkFwd - ok
13:15:24.0453 3932 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:15:24.0453 3932 odserv - ok
13:15:24.0609 3932 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:15:24.0687 3932 ohci1394 - ok
13:15:25.0014 3932 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:15:25.0014 3932 ose - ok
13:15:25.0482 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:15:26.0200 3932 p2pimsvc - ok
13:15:26.0496 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
13:15:26.0496 3932 p2psvc - ok
13:15:26.0606 3932 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
13:15:26.0730 3932 Parport - ok
13:15:26.0824 3932 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:15:26.0902 3932 partmgr - ok
13:15:26.0996 3932 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
13:15:27.0105 3932 Parvdm - ok
13:15:27.0198 3932 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
13:15:27.0308 3932 PcaSvc - ok
13:15:27.0620 3932 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
13:15:27.0807 3932 pci - ok
13:15:27.0994 3932 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
13:15:28.0056 3932 pciide - ok
13:15:28.0181 3932 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\Windows\system32\drivers\pclepci.sys
13:15:28.0212 3932 PCLEPCI - ok
13:15:28.0384 3932 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:15:28.0696 3932 pcmcia - ok
13:15:29.0273 3932 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:15:30.0474 3932 PEAUTH - ok
13:15:31.0410 3932 [ C463F4E36E7A90BED38483939ADAB014 ] PinnacleMarvinAVS C:\Windows\system32\DRIVERS\MarvinAVS.sys
13:15:32.0034 3932 PinnacleMarvinAVS - ok
13:15:32.0580 3932 [ 33F059DF48CFA585D0292017546F3BFB ] PinnacleMarvinUsb C:\Windows\system32\DRIVERS\MarvinUsb.sys
13:15:33.0204 3932 PinnacleMarvinUsb - ok
13:15:34.0468 3932 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
13:15:36.0449 3932 pla - ok
13:15:36.0590 3932 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:15:36.0668 3932 PlugPlay - ok
13:15:36.0917 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:15:36.0917 3932 PNRPAutoReg - ok
13:15:37.0214 3932 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:15:37.0229 3932 PNRPsvc - ok
13:15:37.0292 3932 Point32 - ok
13:15:37.0494 3932 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:15:37.0900 3932 PolicyAgent - ok
13:15:38.0212 3932 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:15:38.0321 3932 PptpMiniport - ok
13:15:38.0477 3932 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
13:15:38.0774 3932 Processor - ok
13:15:38.0961 3932 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
13:15:39.0117 3932 ProfSvc - ok
13:15:39.0210 3932 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:15:39.0226 3932 ProtectedStorage - ok
13:15:39.0304 3932 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:15:39.0413 3932 PSched - ok
13:15:39.0632 3932 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
13:15:39.0694 3932 PxHelp20 - ok
13:15:40.0131 3932 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:15:40.0926 3932 ql2300 - ok
13:15:41.0082 3932 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:15:41.0332 3932 ql40xx - ok
13:15:41.0582 3932 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
13:15:41.0800 3932 QWAVE - ok
13:15:41.0894 3932 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:15:41.0987 3932 QWAVEdrv - ok
13:15:43.0532 3932 [ E52B7A5010011C29063684CAC1A6BBF0 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
13:15:43.0532 3932 R300 - ok
13:15:43.0750 3932 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:15:43.0812 3932 RasAcd - ok
13:15:43.0968 3932 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
13:15:44.0093 3932 RasAuto - ok
13:15:44.0795 3932 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:15:44.0904 3932 Rasl2tp - ok
13:15:45.0201 3932 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
13:15:45.0450 3932 RasMan - ok
13:15:45.0575 3932 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:15:45.0700 3932 RasPppoe - ok
13:15:45.0856 3932 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:15:46.0012 3932 RasSstp - ok
13:15:46.0230 3932 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:15:46.0355 3932 rdbss - ok
13:15:46.0496 3932 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:15:46.0652 3932 RDPCDD - ok
13:15:46.0808 3932 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:15:47.0120 3932 rdpdr - ok
13:15:47.0276 3932 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:15:47.0307 3932 RDPENCDD - ok
13:15:47.0525 3932 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:15:47.0915 3932 RDPWD - ok
13:15:48.0118 3932 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:15:48.0227 3932 RemoteAccess - ok
13:15:48.0352 3932 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:15:48.0461 3932 RemoteRegistry - ok
13:15:48.0570 3932 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:15:48.0633 3932 RpcLocator - ok
13:15:49.0038 3932 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
13:15:49.0054 3932 RpcSs - ok
13:15:49.0194 3932 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:15:49.0272 3932 rspndr - ok
13:15:49.0350 3932 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
13:15:49.0350 3932 SamSs - ok
13:15:49.0538 3932 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:15:49.0756 3932 sbp2port - ok
13:15:49.0912 3932 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:15:50.0037 3932 SCardSvr - ok
13:15:50.0645 3932 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
13:15:51.0394 3932 Schedule - ok
13:15:51.0472 3932 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:15:51.0472 3932 SCPolicySvc - ok
13:15:51.0597 3932 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:15:51.0737 3932 SDRSVC - ok
13:15:51.0768 3932 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:15:51.0846 3932 secdrv - ok
13:15:52.0034 3932 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
13:15:52.0096 3932 seclogon - ok
13:15:52.0330 3932 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
13:15:52.0392 3932 SENS - ok
13:15:52.0626 3932 [ B97E1D0E59A128394F24E9F31E227EF2 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
13:15:52.0720 3932 Ser2pl - ok
13:15:52.0876 3932 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:15:52.0970 3932 Serenum - ok
13:15:53.0094 3932 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
13:15:53.0360 3932 Serial - ok
13:15:53.0531 3932 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:15:53.0718 3932 sermouse - ok
13:15:53.0874 3932 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
13:15:53.0984 3932 SessionEnv - ok
13:15:54.0108 3932 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:15:54.0249 3932 sffdisk - ok
13:15:54.0342 3932 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:15:54.0436 3932 sffp_mmc - ok
13:15:54.0576 3932 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:15:54.0686 3932 sffp_sd - ok
13:15:54.0748 3932 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:15:54.0826 3932 sfloppy - ok
13:15:55.0076 3932 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:15:55.0497 3932 SharedAccess - ok
13:15:55.0762 3932 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:15:56.0152 3932 ShellHWDetection - ok
13:15:56.0386 3932 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:15:56.0558 3932 sisagp - ok
13:15:56.0620 3932 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:15:56.0698 3932 SiSRaid2 - ok
13:15:56.0870 3932 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:15:57.0135 3932 SiSRaid4 - ok
13:16:00.0146 3932 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
13:16:03.0780 3932 slsvc - ok
13:16:04.0014 3932 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:16:04.0077 3932 SLUINotify - ok
13:16:04.0217 3932 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:16:04.0311 3932 Smb - ok
13:16:04.0467 3932 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:16:04.0529 3932 SNMPTRAP - ok
13:16:04.0794 3932 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
13:16:04.0888 3932 spldr - ok
13:16:05.0044 3932 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
13:16:05.0106 3932 Spooler - ok
13:16:05.0262 3932 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:16:05.0528 3932 srv - ok
13:16:05.0668 3932 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:16:05.0886 3932 srv2 - ok
13:16:05.0933 3932 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:16:05.0996 3932 srvnet - ok
13:16:06.0136 3932 [ 48F44A1BE434830B7C90FB730745F65A ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
13:16:06.0261 3932 ssadbus - ok
13:16:06.0620 3932 [ 9630B486B62CC0ADB0A89152ED0218D7 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
13:16:06.0698 3932 ssadmdfl - ok
13:16:06.0916 3932 [ 9AFAA23421622C392B55508FA9613949 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
13:16:07.0119 3932 ssadmdm - ok
13:16:07.0353 3932 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:16:07.0571 3932 SSDPSRV - ok
13:16:07.0758 3932 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:16:07.0883 3932 SstpSvc - ok
13:16:08.0117 3932 [ 15376507E439F73610F83947F1727E84 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
13:16:08.0336 3932 ssudmdm - ok
13:16:08.0570 3932 [ 54946449A0EB74915A4BB34F7EE51A5A ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys
13:16:08.0726 3932 ss_bus - ok
13:16:08.0819 3932 [ 4450BC0B2E9D7D9B90E3C3DE4EA00A78 ] ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys
13:16:08.0882 3932 ss_mdfl - ok
13:16:09.0038 3932 [ 30B8D0DD01EAD1243F329CAF7D7D1517 ] ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys
13:16:09.0194 3932 ss_mdm - ok
13:16:09.0365 3932 [ C9FA6A70C051FC59D22C2E4CD211AD9B ] ST330 C:\Windows\system32\drivers\st330.sys
13:16:09.0474 3932 ST330 - ok
13:16:09.0708 3932 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
13:16:09.0802 3932 StarOpen - ok
13:16:09.0864 3932 [ 0017202EB0224F82706F04ED35AB23C2 ] STBUS C:\Windows\system32\drivers\stbus.sys
13:16:09.0989 3932 STBUS - ok
13:16:10.0832 3932 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
13:16:11.0315 3932 stisvc - ok
13:16:11.0315 3932 stllssvr - ok
13:16:11.0596 3932 [ 1AE6397F7695BD95C25CB30D83D5E185 ] stppp C:\Windows\system32\DRIVERS\stppp.sys
13:16:11.0736 3932 stppp - ok
13:16:11.0814 3932 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:16:11.0846 3932 swenum - ok
13:16:12.0189 3932 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
13:16:12.0548 3932 swprv - ok
13:16:12.0672 3932 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:16:12.0766 3932 Symc8xx - ok
13:16:12.0860 3932 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:16:12.0906 3932 Sym_hi - ok
13:16:13.0062 3932 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:16:13.0265 3932 Sym_u3 - ok
13:16:13.0764 3932 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
13:16:14.0310 3932 SysMain - ok
13:16:14.0435 3932 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:16:14.0591 3932 TabletInputService - ok
13:16:14.0810 3932 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:16:15.0106 3932 TapiSrv - ok
13:16:15.0340 3932 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
13:16:15.0387 3932 TBS - ok
13:16:16.0276 3932 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:16:17.0352 3932 Tcpip - ok
13:16:18.0288 3932 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:16:18.0288 3932 Tcpip6 - ok
13:16:18.0788 3932 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:16:18.0850 3932 tcpipreg - ok
13:16:19.0084 3932 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:16:19.0146 3932 TDPIPE - ok
13:16:19.0256 3932 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:16:19.0302 3932 TDTCP - ok
13:16:19.0505 3932 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:16:19.0630 3932 tdx - ok
13:16:19.0708 3932 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:16:19.0770 3932 TermDD - ok
13:16:20.0192 3932 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
13:16:20.0800 3932 TermService - ok
13:16:20.0956 3932 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
13:16:20.0956 3932 Themes - ok
13:16:21.0128 3932 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
13:16:21.0128 3932 THREADORDER - ok
13:16:21.0330 3932 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
13:16:21.0455 3932 TrkWks - ok
13:16:21.0783 3932 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:16:21.0830 3932 TrustedInstaller - ok
13:16:21.0986 3932 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:16:22.0142 3932 tssecsrv - ok
13:16:22.0407 3932 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:16:22.0485 3932 tunmp - ok
13:16:22.0688 3932 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:16:22.0766 3932 tunnel - ok
13:16:22.0968 3932 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:16:23.0109 3932 uagp35 - ok
13:16:23.0296 3932 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:16:23.0577 3932 udfs - ok
13:16:23.0717 3932 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:16:23.0795 3932 UI0Detect - ok
13:16:23.0936 3932 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:16:24.0045 3932 uliagpkx - ok
13:16:24.0232 3932 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:16:24.0903 3932 uliahci - ok
13:16:25.0059 3932 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:16:25.0355 3932 UlSata - ok
13:16:25.0433 3932 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:16:25.0620 3932 ulsata2 - ok
13:16:25.0995 3932 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:16:26.0073 3932 umbus - ok
13:16:26.0478 3932 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
13:16:26.0931 3932 upnphost - ok
13:16:27.0290 3932 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:16:27.0477 3932 USBAAPL - ok
13:16:27.0836 3932 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:16:28.0070 3932 usbccgp - ok
13:16:28.0335 3932 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:16:28.0569 3932 usbcir - ok
13:16:28.0959 3932 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:16:29.0037 3932 usbehci - ok
13:16:29.0364 3932 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:16:29.0817 3932 usbhub - ok
13:16:29.0895 3932 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:16:30.0082 3932 usbohci - ok
13:16:30.0269 3932 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:16:30.0441 3932 usbprint - ok
13:16:30.0675 3932 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:16:30.0784 3932 usbscan - ok
13:16:30.0940 3932 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:16:31.0018 3932 USBSTOR - ok
13:16:31.0299 3932 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:16:31.0439 3932 usbuhci - ok
13:16:31.0626 3932 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
13:16:31.0845 3932 UxSms - ok
13:16:32.0266 3932 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
13:16:32.0718 3932 vds - ok
13:16:33.0124 3932 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:16:33.0186 3932 vga - ok
13:16:33.0467 3932 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:16:33.0561 3932 VgaSave - ok
13:16:33.0779 3932 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:16:33.0857 3932 viaagp - ok
13:16:33.0951 3932 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:16:34.0029 3932 ViaC7 - ok
13:16:34.0185 3932 [ F3B4762EB85A2AFF4999401F14C3262B ] viaide C:\Windows\system32\drivers\viaide.sys
13:16:34.0247 3932 viaide - ok
13:16:34.0372 3932 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:16:34.0466 3932 volmgr - ok
13:16:34.0778 3932 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:16:35.0308 3932 volmgrx - ok
13:16:35.0604 3932 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:16:36.0041 3932 volsnap - ok
13:16:36.0182 3932 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:16:36.0525 3932 vsmraid - ok
13:16:37.0648 3932 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
13:16:39.0692 3932 VSS - ok
13:16:40.0191 3932 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
13:16:40.0721 3932 W32Time - ok
13:16:40.0971 3932 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:16:41.0158 3932 WacomPen - ok
13:16:41.0361 3932 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:16:41.0408 3932 Wanarp - ok
13:16:41.0501 3932 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:16:41.0501 3932 Wanarpv6 - ok
13:16:42.0141 3932 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:16:42.0734 3932 wcncsvc - ok
13:16:42.0905 3932 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:16:42.0983 3932 WcsPlugInService - ok
13:16:43.0124 3932 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
13:16:43.0186 3932 Wd - ok
13:16:43.0592 3932 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:16:44.0481 3932 Wdf01000 - ok
13:16:44.0762 3932 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:16:44.0996 3932 WdiServiceHost - ok
13:16:45.0089 3932 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:16:45.0089 3932 WdiSystemHost - ok
13:16:45.0370 3932 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
13:16:45.0713 3932 WebClient - ok
13:16:46.0103 3932 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:16:46.0368 3932 Wecsvc - ok
13:16:46.0540 3932 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:16:46.0618 3932 wercplsupport - ok
13:16:46.0790 3932 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
13:16:46.0961 3932 WerSvc - ok
13:16:47.0663 3932 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:16:47.0975 3932 WinDefend - ok
13:16:47.0991 3932 WinHttpAutoProxySvc - ok
13:16:49.0020 3932 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:16:49.0332 3932 Winmgmt - ok
13:16:50.0190 3932 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
13:16:51.0610 3932 WinRM - ok
13:16:51.0984 3932 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:16:52.0640 3932 Wlansvc - ok
13:16:54.0449 3932 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:16:54.0465 3932 wlidsvc - ok
13:16:54.0636 3932 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:16:54.0714 3932 WmiAcpi - ok
13:16:54.0917 3932 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:16:55.0167 3932 wmiApSrv - ok
13:16:55.0916 3932 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:16:57.0086 3932 WMPNetworkSvc - ok
13:16:57.0351 3932 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:16:57.0522 3932 WPCSvc - ok
13:16:57.0632 3932 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:16:57.0772 3932 WPDBusEnum - ok
13:16:58.0037 3932 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:16:58.0224 3932 WpdUsb - ok
13:17:00.0674 3932 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:17:01.0547 3932 WPFFontCache_v0400 - ok
13:17:01.0703 3932 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:17:01.0734 3932 ws2ifsl - ok
13:17:01.0906 3932 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
13:17:01.0937 3932 wscsvc - ok
13:17:01.0937 3932 WSearch - ok
13:17:03.0107 3932 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:17:04.0917 3932 wuauserv - ok
13:17:05.0042 3932 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:17:05.0182 3932 WUDFRd - ok
13:17:05.0291 3932 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:17:05.0712 3932 wudfsvc - ok
13:17:05.0915 3932 ================ Scan global ===============================
13:17:06.0009 3932 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:17:06.0524 3932 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:17:07.0132 3932 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
13:17:07.0382 3932 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:17:07.0725 3932 [Global] - ok
13:17:07.0725 3932 ================ Scan MBR ==================================
13:17:07.0818 3932 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:17:31.0593 3932 \Device\Harddisk0\DR0 - ok
13:17:31.0593 3932 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
13:17:31.0733 3932 \Device\Harddisk1\DR1 - ok
13:17:31.0733 3932 ================ Scan VBR ==================================
13:17:31.0796 3932 [ 87D7E2332112ADABAC754F09359D8169 ] \Device\Harddisk0\DR0\Partition1
13:17:31.0858 3932 \Device\Harddisk0\DR0\Partition1 - ok
13:17:31.0874 3932 [ C9E8FA27544F490865E35E86F37AF041 ] \Device\Harddisk0\DR0\Partition2
13:17:31.0889 3932 \Device\Harddisk0\DR0\Partition2 - ok
13:17:31.0889 3932 [ E233F2B3140409AB0AB61C7372D87133 ] \Device\Harddisk1\DR1\Partition1
13:17:31.0889 3932 \Device\Harddisk1\DR1\Partition1 - ok
13:17:31.0889 3932 ============================================================
13:17:31.0889 3932 Scan finished
13:17:31.0889 3932 ============================================================
13:17:31.0905 3924 Detected object count: 0
13:17:31.0905 3924 Actual detected object count: 0
13:17:38.0925 3664 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-03 13:18:07
-----------------------------
13:18:07.488 OS Version: Windows 6.0.6002 Service Pack 2
13:18:07.488 Number of processors: 2 586 0xF0B
13:18:07.488 ComputerName: STEVE-PC UserName: Steve
13:20:52.558 Initialize success
13:21:23.321 AVAST engine defs: 12090300
13:21:35.037 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:21:35.037 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
13:21:35.084 Disk 0 MBR read successfully
13:21:35.084 Disk 0 MBR scan
13:21:35.084 Disk 0 Windows VISTA default MBR code
13:21:35.084 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
13:21:35.099 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
13:21:35.115 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228114 MB offset 21100544
13:21:35.130 Disk 0 scanning sectors +488278016
13:21:35.193 Disk 0 scanning C:\Windows\system32\drivers
13:21:45.255 Service scanning
13:22:08.015 Modules scanning
13:22:12.461 Disk 0 trace - called modules:
13:22:12.960 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:22:12.960 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8513e7a0]
13:22:12.976 3 CLASSPNP.SYS[886088b3] -> nt!IofCallDriver -> [0x84fe4950]
13:22:12.976 5 acpi.sys[880946bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85004b98]
13:22:14.130 AVAST engine scan C:\Windows
13:22:17.921 AVAST engine scan C:\Windows\system32
13:25:23.499 AVAST engine scan C:\Windows\system32\drivers
13:25:35.386 AVAST engine scan C:\Users\Steve
13:25:35.542 File: C:\Users\Steve\0.965155974342213.exe **INFECTED** Win32:Rootkit-gen [Rtk]
13:51:43.217 AVAST engine scan C:\ProgramData
13:51:45.198 File: C:\ProgramData\diczirtb.exe **INFECTED** Win32:Rootkit-gen [Rtk]
14:14:35.986 Scan finished successfully
14:15:22.536 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
14:15:22.536 The log file has been saved successfully to "C:\aswMBR.txt"

ESET:

C:\ProgramData\diczirtb.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\Users\Steve\0.965155974342213.exe Win32/Weelsof.B trojan cleaned by deleting - quarantined
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\18M9THQ5\79cba1185463850dedba31f172f1dc5b[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Steve\AppData\Local\temp\jar_cache800987312022466599.tmp Java/Exploit.Agent.NDB trojan cleaned by deleting - quarantined

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 PM

Posted 03 September 2012 - 09:43 AM

You should be able to boot into normal mode now

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#3 dave_unreal

dave_unreal
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 03 September 2012 - 01:33 PM

Hi

Thanks very much for looking at this narenxp.

I've pasted the latest logs below.

MiniToolBox by Farbar Version: 23-07-2012
Ran by Steve (administrator) on 03-09-2012 at 19:32:11
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Steve-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-1A-A0-92-4D-28
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3492:ed49:4881:6093%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 03 September 2012 19:28:21
Lease Expires . . . . . . . . . . : 04 September 2012 19:28:21
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 201333408
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-77-C9-59-00-1A-A0-92-4D-28
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:ba:b8a:3f57:fffa(Preferred)
Link-local IPv6 Address . . . . . : fe80::ba:b8a:3f57:fffa%8(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : isatap.Home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: SkyRouter.Home
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:801::1001
74.125.230.134
74.125.230.135
74.125.230.136
74.125.230.137
74.125.230.142
74.125.230.128
74.125.230.129
74.125.230.130
74.125.230.131
74.125.230.132
74.125.230.133



Pinging google.com [74.125.230.134] with 32 bytes of data:

Reply from 74.125.230.134: bytes=32 time=173ms TTL=58

Reply from 74.125.230.134: bytes=32 time=22ms TTL=58



Ping statistics for 74.125.230.134:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 173ms, Average = 97ms

Server: SkyRouter.Home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=420ms TTL=50

Reply from 98.139.183.24: bytes=32 time=345ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 345ms, Maximum = 420ms, Average = 382ms

Server: SkyRouter.Home
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 1a a0 92 4d 28 ...... Intel® 82562V-2 10/100 Network Connection
1 ........................... Software Loopback Interface 1
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
11 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
12 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
13 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
16 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
21 ...00 00 00 00 00 00 00 e0 isatap.Home
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.5 276
192.168.0.5 255.255.255.255 On-link 192.168.0.5 276
192.168.0.255 255.255.255.255 On-link 192.168.0.5 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.5 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.5 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
8 18 ::/0 On-link
1 306 ::1/128 On-link
8 18 2001::/32 On-link
8 266 2001:0:5ef5:79fb:ba:b8a:3f57:fffa/128
On-link
9 276 fe80::/64 On-link
8 266 fe80::/64 On-link
8 266 fe80::ba:b8a:3f57:fffa/128
On-link
9 276 fe80::3492:ed49:4881:6093/128
On-link
1 306 ff00::/8 On-link
8 266 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/03/2012 03:50:12 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/03/2012 03:50:12 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/03/2012 03:50:11 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/03/2012 03:50:11 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/03/2012 03:49:38 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/03/2012 03:49:38 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MCAFEE\MCAFEE ANTIVIRUS PLUS.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (09/03/2012 00:27:41 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/03/2012 11:53:36 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/17/2012 01:23:06 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (08/16/2012 06:01:49 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16448 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1248
Start Time: 01cd7bcec6080819
Termination Time: 5


System errors:
=============
Error: (09/03/2012 07:29:00 PM) (Source: Service Control Manager) (User: )
Description: Nero BackItUp Scheduler 4.0%%2

Error: (09/03/2012 07:29:00 PM) (Source: Service Control Manager) (User: )
Description: KService%%3

Error: (09/03/2012 04:33:04 PM) (Source: Service Control Manager) (User: )
Description: McAfee Scanner1

Error: (09/03/2012 03:47:39 PM) (Source: Service Control Manager) (User: )
Description: Nero BackItUp Scheduler 4.0%%2

Error: (09/03/2012 03:47:39 PM) (Source: Service Control Manager) (User: )
Description: KService%%3

Error: (09/03/2012 01:09:46 PM) (Source: DCOM) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (09/03/2012 01:07:18 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/03/2012 01:00:48 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{395633B1-EED9-4DFC-B67F-9788B51C9F06}

Error: (09/03/2012 01:00:44 PM) (Source: DCOM) (User: )
Description: 1084McNaSvc{24F616A1-B755-4053-8018-C3425DC8B68A}

Error: (09/03/2012 00:28:19 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}


Microsoft Office Sessions:
=========================
Error: (04/27/2011 00:50:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/19/2010 10:48:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/29/2010 11:34:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/17/2007 11:09:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 Plugin (Version: 10.0.12.36)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Reader 7.1.0 (Version: 7.1.0)
Advertising Center (Version: 0.0.0.1)
AI RoboForm (All Users)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Application Profiles (Version: 2.0.4105.34139)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center Localization Arabic (Version: 0108.2146.2565.38893)
Catalyst Control Center Localization Chinese Standard (Version: 0108.2146.2565.38893)
Catalyst Control Center Localization Chinese Traditional (Version: 0108.2146.2565.38893)
Catalyst Control Center Localization French (Version: 0108.2146.2565.38893)
Catalyst Control Center Localization German (Version: 0108.2146.2565.38893)
Catalyst Control Center Localization Italian (Version: 0108.2146.2565.38893)
Catalyst Control Center Localization Japanese (Version: 0108.2146.2565.38893)
Catalyst Control Center Localization Korean (Version: 0108.2146.2565.38893)
Catalyst Control Center Localization Spanish (Version: 0108.2146.2565.38893)
CCC Help Chinese Standard (Version: 0108.2146.2564.38893)
CCC Help Chinese Traditional (Version: 0108.2146.2564.38893)
CCC Help English (Version: 0108.2146.2564.38893)
CCC Help French (Version: 0108.2146.2564.38893)
CCC Help German (Version: 0108.2146.2564.38893)
CCC Help Italian (Version: 0108.2146.2564.38893)
CCC Help Japanese (Version: 0108.2146.2564.38893)
CCC Help Korean (Version: 0108.2146.2564.38893)
CCC Help Polish (Version: 0108.2146.2564.38893)
CCC Help Portuguese (Version: 0108.2146.2564.38893)
CCC Help Spanish (Version: 0108.2146.2564.38893)
CCC Help Thai (Version: 0108.2146.2564.38893)
CCleaner (remove only)
CCScore (Version: 6.02.1001.0001)
Creative WebCam Center
D3DX10 (Version: 15.4.2368.0902)
Dell System Customization Wizard (Version: 1.00.0000)
DellSupport (Version: 6.0.3075)
ESET Online Scanner v3
ESSBrwr (Version: 6.04.0000.0001)
ESSCDBK (Version: 6.04.0000.0001)
ESScore (Version: 6.04.0000.0003)
ESSgui (Version: 6.04.0000.0001)
ESSini (Version: 6.04.0000.0001)
ESSPCD (Version: 6.04.0000.0001)
ESSPDock (Version: 6.03.0001.0004)
ESSSONIC (Version: 6.4.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 6.04.0000.0001)
fflink (Version: 6.02.1001.0001)
FileZilla Client 3.0.11 (Version: 3.0.11)
FreeKapture 2.00 - Freeware
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer (Version: 4.0.0.002)
Google Update Helper (Version: 1.3.21.115)
ImagXpress (Version: 7.0.74.0)
Intel® PRO Network Connections 12.1.11.0 (Version: )
iTunes (Version: 10.6.3.25)
Java™ 6 Update 15 (Version: 6.0.150)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
liteCAM (Version: 2.90.0000)
liteRecorder (Version: 1.70.0000)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee AntiVirus Plus (Version: 11.0.678)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.6.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyFreeCodec
neroxml (Version: 1.0.0)
netbrdg (Version: 6.04.0000.0001)
OfotoXMI (Version: 6.04.0000.0001)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Orange Siemens Router
Pinnacle Instant DVD Recorder
Pinnacle Systems USB-2 Device Drivers (Version: 2.00.0014)
PL-2303 USB-to-Serial (Version: 1.00.000)
PL-2303 Vista Driver Installer (Version: 3.2.0.0)
QuickTime (Version: 7.70.80.34)
RealPlayer
Realtek High Definition Audio Driver
Samsung Kies (Version: 2.0.0.11032_12)
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio (Version: 3.0.0.61111)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2300.0)
Segoe UI (Version: 15.4.2271.0615)
SFR (Version: 6.04.0000.0001)
SHASTA (Version: 6.04.0000.0001)
skin0001 (Version: 6.04.0000.0004)
SKINXSDK (Version: 6.02.1001.0001)
SoMud 1.3.3 (Version: 1.3.3)
Sonic Activation Module (Version: 1.0)
Sound Blaster Audigy ADVANCED MB (Version: 1.0)
Speccy (Version: 1.03)
staticcr (Version: 6.04.0000.0005)
Studio 11 (Version: 11.0)
Studio 11 (Version: 11.0.0.0)
tooltips (Version: 6.04.0000.0001)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
VPRINTOL (Version: 6.04.0000.0001)
VueScan
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR archiver
WIRELESS (Version: 6.04.0000.0001)
Yahoo! Desktop Login (Version: 1.00.0001)

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 2045.45 MB
Available physical RAM: 808.26 MB
Total Pagefile: 4333.93 MB
Available Pagefile: 3002.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.09 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:222.77 GB) (Free:18.91 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.9 GB) NTFS

========================= Users: ========================================

User accounts for \\STEVE-PC

Administrator ASPNET Guest
Steve


**** End of log ****


Farbar Service Scanner Version: 06-08-2012
Ran by Steve (administrator) on 03-09-2012 at 19:07:12
Running from "C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OSIR1M46"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-06-24 21:32] - [2008-01-19 08:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v2.000 - Logfile created 09/03/2012 at 19:23:57
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Steve - STEVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8YOXSUI\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
Folder Deleted : C:\Users\Steve\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.bigseekpro.com/somud/{842C3DBD-EC95-486D-AE28-10783B8015D0} --> hxxp://www.google.com

-\\ Mozilla Firefox v2.0 (en-US)

Profile name : default
File : C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\0k1acx7k.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1950 octets] - [03/09/2012 19:23:57]

########## EOF - C:\AdwCleaner[S1].txt - [2010 octets] ##########

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 PM

Posted 03 September 2012 - 04:12 PM

Malwarebytes log?


download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#5 dave_unreal

dave_unreal
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 08 September 2012 - 10:04 AM

Hi

Sorry I've not had a chance to add the logs till now.

Here's the RKILL:


Rkill 2.3.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/08/2012 03:59:13 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\FsUsbExService.Exe (PID: 2796) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/08/2012 03:59:23 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)




I'll post the Malwarebytes log later, I can't find the previous log so I'll need to run it again.

Thanks

#6 dave_unreal

dave_unreal
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 11 September 2012 - 06:12 PM

Hi

Here is the Malwarebytes log too.

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.07.13

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Steve :: STEVE-PC [administrator]

Protection: Enabled

11/09/2012 21:11:06
mbam-log-2012-09-11 (21-11-06).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 421950
Time elapsed: 1 hour(s), 53 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 PM

Posted 11 September 2012 - 06:16 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#8 dave_unreal

dave_unreal
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 12 September 2012 - 02:05 AM

Okay, great. Thanks for all your help.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:56 PM

Posted 12 September 2012 - 02:08 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users