Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow IE 9; Can't turn on Firewall


  • Please log in to reply
19 replies to this topic

#1 ameliacat

ameliacat

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 30 September 2012 - 09:29 AM

After experiencing a sudden slowing in response with IE 9 and Windows 7, I tried a couple of malware scans. On 09/23/12, a Malwarebytes scan found no problems, but Spybot quarantined and removed Win32.Autorun.acs.

I still experience slow response with IE 9. I also found that the Windows Firewall cannot be turned on. In the Control Panel > Windows Firewall > Windows Firewall on or off I get the message: "Windows Firewall can't change one of your settings. Error code 0x80070424."

I tried the Windows Support "Fix-it" for firewalls, but there hasn't been any change.

I also re-ran the Malwarebytes and Spybot scans, but no problems were detected.

What should I do from here?

Thanks.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:29 PM

Posted 30 September 2012 - 09:36 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 ameliacat

ameliacat
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 01 October 2012 - 10:56 PM

TDSKiller Log report

06:39:41.0477 0896 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
06:39:42.0070 0896 ============================================================
06:39:42.0070 0896 Current date / time: 2012/10/01 06:39:42.0070
06:39:42.0070 0896 SystemInfo:
06:39:42.0070 0896
06:39:42.0070 0896 OS Version: 6.1.7600 ServicePack: 0.0
06:39:42.0070 0896 Product type: Workstation
06:39:42.0070 0896 ComputerName: VOSTROPC
06:39:42.0070 0896 UserName: Anne
06:39:42.0070 0896 Windows directory: C:\Windows
06:39:42.0070 0896 System windows directory: C:\Windows
06:39:42.0070 0896 Processor architecture: Intel x86
06:39:42.0070 0896 Number of processors: 4
06:39:42.0070 0896 Page size: 0x1000
06:39:42.0070 0896 Boot type: Normal boot
06:39:42.0070 0896 ============================================================
06:39:43.0177 0896 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:39:46.0625 0896 Drive \Device\Harddisk1\DR1 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:39:46.0687 0896 ============================================================
06:39:46.0687 0896 \Device\Harddisk0\DR0:
06:39:46.0703 0896 MBR partitions:
06:39:46.0703 0896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
06:39:46.0703 0896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x115E9800
06:39:46.0703 0896 \Device\Harddisk1\DR1:
06:39:46.0703 0896 MBR partitions:
06:39:46.0703 0896 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A04800
06:39:46.0703 0896 ============================================================
06:39:46.0765 0896 C: <-> \Device\Harddisk0\DR0\Partition2
06:39:46.0765 0896 D: <-> \Device\Harddisk1\DR1\Partition1
06:39:46.0796 0896 E: <-> \Device\Harddisk0\DR0\Partition1
06:39:46.0796 0896 ============================================================
06:39:46.0796 0896 Initialize success
06:39:46.0796 0896 ============================================================
06:40:03.0192 4472 ============================================================
06:40:03.0192 4472 Scan started
06:40:03.0192 4472 Mode: Manual; TDLFS;
06:40:03.0192 4472 ============================================================
06:40:07.0576 4472 ================ Scan system memory ========================
06:40:07.0576 4472 System memory - ok
06:40:07.0576 4472 ================ Scan services =============================
06:40:07.0763 4472 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
06:40:07.0763 4472 1394ohci - ok
06:40:07.0825 4472 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
06:40:07.0825 4472 ACPI - ok
06:40:07.0872 4472 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
06:40:07.0872 4472 AcpiPmi - ok
06:40:08.0028 4472 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
06:40:08.0028 4472 AdobeActiveFileMonitor6.0 - ok
06:40:08.0137 4472 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
06:40:08.0137 4472 AdobeARMservice - ok
06:40:08.0215 4472 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:40:08.0215 4472 AdobeFlashPlayerUpdateSvc - ok
06:40:08.0262 4472 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
06:40:08.0278 4472 adp94xx - ok
06:40:08.0324 4472 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
06:40:08.0324 4472 adpahci - ok
06:40:08.0356 4472 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
06:40:08.0356 4472 adpu320 - ok
06:40:08.0418 4472 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:40:08.0418 4472 AeLookupSvc - ok
06:40:08.0465 4472 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
06:40:08.0480 4472 AFD - ok
06:40:08.0512 4472 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
06:40:08.0512 4472 agp440 - ok
06:40:08.0558 4472 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
06:40:08.0558 4472 aic78xx - ok
06:40:08.0590 4472 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
06:40:08.0590 4472 ALG - ok
06:40:08.0605 4472 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
06:40:08.0605 4472 aliide - ok
06:40:08.0621 4472 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
06:40:08.0621 4472 amdagp - ok
06:40:08.0652 4472 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
06:40:08.0668 4472 amdide - ok
06:40:08.0683 4472 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
06:40:08.0683 4472 AmdK8 - ok
06:40:08.0699 4472 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
06:40:08.0699 4472 AmdPPM - ok
06:40:08.0761 4472 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:40:08.0761 4472 amdsata - ok
06:40:08.0792 4472 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
06:40:08.0792 4472 amdsbs - ok
06:40:08.0808 4472 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:40:08.0808 4472 amdxata - ok
06:40:08.0839 4472 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
06:40:08.0839 4472 AppID - ok
06:40:08.0886 4472 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:40:08.0886 4472 AppIDSvc - ok
06:40:08.0902 4472 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
06:40:08.0902 4472 Appinfo - ok
06:40:08.0948 4472 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
06:40:08.0948 4472 AppMgmt - ok
06:40:08.0980 4472 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
06:40:08.0980 4472 arc - ok
06:40:09.0011 4472 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
06:40:09.0026 4472 arcsas - ok
06:40:09.0073 4472 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:40:09.0073 4472 AsyncMac - ok
06:40:09.0120 4472 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
06:40:09.0120 4472 atapi - ok
06:40:09.0198 4472 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:40:09.0198 4472 AudioEndpointBuilder - ok
06:40:09.0260 4472 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
06:40:09.0276 4472 Audiosrv - ok
06:40:09.0292 4472 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:40:09.0292 4472 AxInstSV - ok
06:40:09.0323 4472 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
06:40:09.0323 4472 b06bdrv - ok
06:40:09.0354 4472 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
06:40:09.0370 4472 b57nd60x - ok
06:40:09.0510 4472 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
06:40:09.0510 4472 BBSvc - ok
06:40:09.0572 4472 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
06:40:09.0572 4472 BBUpdate - ok
06:40:09.0604 4472 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
06:40:09.0619 4472 BDESVC - ok
06:40:09.0650 4472 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
06:40:09.0650 4472 Beep - ok
06:40:09.0682 4472 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
06:40:09.0682 4472 BFE - ok
06:40:09.0697 4472 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
06:40:09.0697 4472 blbdrive - ok
06:40:09.0760 4472 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:40:09.0760 4472 bowser - ok
06:40:09.0775 4472 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:40:09.0791 4472 BrFiltLo - ok
06:40:09.0806 4472 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:40:09.0822 4472 BrFiltUp - ok
06:40:09.0838 4472 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
06:40:09.0838 4472 Browser - ok
06:40:09.0869 4472 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:40:09.0884 4472 Brserid - ok
06:40:09.0900 4472 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:40:09.0900 4472 BrSerWdm - ok
06:40:09.0916 4472 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:40:09.0916 4472 BrUsbMdm - ok
06:40:09.0931 4472 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:40:09.0931 4472 BrUsbSer - ok
06:40:09.0962 4472 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
06:40:09.0962 4472 BthEnum - ok
06:40:09.0978 4472 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
06:40:09.0978 4472 BTHMODEM - ok
06:40:10.0025 4472 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
06:40:10.0025 4472 BthPan - ok
06:40:10.0072 4472 [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
06:40:10.0072 4472 BTHPORT - ok
06:40:10.0118 4472 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
06:40:10.0118 4472 bthserv - ok
06:40:10.0134 4472 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
06:40:10.0134 4472 BTHUSB - ok
06:40:10.0165 4472 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
06:40:10.0165 4472 BVRPMPR5 - ok
06:40:10.0212 4472 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:40:10.0212 4472 cdfs - ok
06:40:10.0259 4472 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
06:40:10.0259 4472 cdrom - ok
06:40:10.0306 4472 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
06:40:10.0306 4472 CertPropSvc - ok
06:40:10.0321 4472 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
06:40:10.0321 4472 circlass - ok
06:40:10.0337 4472 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
06:40:10.0352 4472 CLFS - ok
06:40:10.0446 4472 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:40:10.0446 4472 clr_optimization_v2.0.50727_32 - ok
06:40:10.0493 4472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:40:10.0508 4472 clr_optimization_v4.0.30319_32 - ok
06:40:10.0555 4472 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:40:10.0555 4472 CmBatt - ok
06:40:10.0571 4472 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
06:40:10.0571 4472 cmdide - ok
06:40:10.0618 4472 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
06:40:10.0618 4472 CNG - ok
06:40:10.0633 4472 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:40:10.0633 4472 Compbatt - ok
06:40:10.0664 4472 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
06:40:10.0664 4472 CompositeBus - ok
06:40:10.0664 4472 COMSysApp - ok
06:40:10.0696 4472 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
06:40:10.0696 4472 crcdisk - ok
06:40:10.0742 4472 [ 0C629820AAD9C90E456B221C94D640CA ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
06:40:10.0742 4472 Creative Labs Licensing Service - ok
06:40:10.0789 4472 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\Windows\system32\CTsvcCDA.exe
06:40:10.0789 4472 Creative Service for CDROM Access - ok
06:40:10.0852 4472 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:40:10.0852 4472 CryptSvc - ok
06:40:10.0898 4472 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
06:40:10.0914 4472 CSC - ok
06:40:10.0930 4472 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
06:40:10.0945 4472 CscService - ok
06:40:10.0961 4472 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] datunidr C:\Windows\system32\DRIVERS\datunidr.sys
06:40:10.0961 4472 datunidr - ok
06:40:11.0023 4472 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
06:40:11.0039 4472 DcomLaunch - ok
06:40:11.0086 4472 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
06:40:11.0086 4472 defragsvc - ok
06:40:11.0132 4472 [ EF501A60C5DE659C02EF1FA8EE8B3998 ] DellAMBrokerService C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
06:40:11.0132 4472 DellAMBrokerService - ok
06:40:11.0179 4472 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:40:11.0179 4472 DfsC - ok
06:40:11.0226 4472 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
06:40:11.0226 4472 Dhcp - ok
06:40:11.0273 4472 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
06:40:11.0273 4472 discache - ok
06:40:11.0288 4472 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
06:40:11.0304 4472 Disk - ok
06:40:11.0335 4472 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:40:11.0335 4472 Dnscache - ok
06:40:11.0398 4472 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
06:40:11.0413 4472 dot3svc - ok
06:40:11.0460 4472 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
06:40:11.0476 4472 Dot4 - ok
06:40:11.0491 4472 [ C25FEA07A8E7767E8B89AB96A3B96519 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
06:40:11.0491 4472 Dot4Print - ok
06:40:11.0507 4472 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
06:40:11.0507 4472 dot4usb - ok
06:40:11.0554 4472 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
06:40:11.0554 4472 DPS - ok
06:40:11.0569 4472 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:40:11.0569 4472 drmkaud - ok
06:40:11.0788 4472 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:40:11.0803 4472 DXGKrnl - ok
06:40:11.0928 4472 [ CF0A6015F437161698C5B2A0A12CF052 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
06:40:11.0928 4472 e1express - ok
06:40:11.0990 4472 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
06:40:11.0990 4472 EapHost - ok
06:40:12.0786 4472 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
06:40:12.0911 4472 ebdrv - ok
06:40:12.0973 4472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
06:40:13.0004 4472 EFS - ok
06:40:13.0082 4472 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:40:13.0082 4472 ehRecvr - ok
06:40:13.0114 4472 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
06:40:13.0129 4472 ehSched - ok
06:40:13.0160 4472 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
06:40:13.0160 4472 elxstor - ok
06:40:13.0192 4472 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
06:40:13.0192 4472 ErrDev - ok
06:40:13.0270 4472 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
06:40:13.0285 4472 EventSystem - ok
06:40:13.0301 4472 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
06:40:13.0301 4472 exfat - ok
06:40:13.0332 4472 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:40:13.0332 4472 fastfat - ok
06:40:13.0394 4472 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
06:40:13.0410 4472 Fax - ok
06:40:13.0426 4472 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:40:13.0426 4472 fdc - ok
06:40:13.0441 4472 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
06:40:13.0441 4472 fdPHost - ok
06:40:13.0457 4472 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
06:40:13.0457 4472 FDResPub - ok
06:40:13.0457 4472 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:40:13.0457 4472 FileInfo - ok
06:40:13.0472 4472 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:40:13.0472 4472 Filetrace - ok
06:40:13.0535 4472 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:40:13.0550 4472 FLEXnet Licensing Service - ok
06:40:13.0582 4472 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:40:13.0582 4472 flpydisk - ok
06:40:13.0613 4472 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:40:13.0613 4472 FltMgr - ok
06:40:13.0660 4472 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
06:40:13.0691 4472 FontCache - ok
06:40:13.0769 4472 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
06:40:13.0769 4472 FontCache3.0.0.0 - ok
06:40:13.0784 4472 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:40:13.0784 4472 FsDepends - ok
06:40:13.0847 4472 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
06:40:13.0847 4472 fssfltr - ok
06:40:13.0956 4472 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
06:40:14.0003 4472 fsssvc - ok
06:40:14.0065 4472 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:40:14.0065 4472 Fs_Rec - ok
06:40:14.0096 4472 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:40:14.0096 4472 fvevol - ok
06:40:14.0143 4472 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
06:40:14.0143 4472 gagp30kx - ok
06:40:14.0206 4472 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
06:40:14.0206 4472 GoogleDesktopManager-051210-111108 - ok
06:40:14.0284 4472 [ 9D28B83E5830C143C37D6678C7409304 ] GoToAssist C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
06:40:14.0284 4472 GoToAssist - ok
06:40:14.0330 4472 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
06:40:14.0346 4472 gpsvc - ok
06:40:14.0393 4472 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
06:40:14.0393 4472 gupdate - ok
06:40:14.0424 4472 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
06:40:14.0424 4472 gupdatem - ok
06:40:14.0440 4472 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
06:40:14.0440 4472 gusvc - ok
06:40:14.0471 4472 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:40:14.0471 4472 hcw85cir - ok
06:40:14.0502 4472 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
06:40:14.0502 4472 HDAudBus - ok
06:40:14.0518 4472 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
06:40:14.0518 4472 HidBatt - ok
06:40:14.0549 4472 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
06:40:14.0549 4472 HidBth - ok
06:40:14.0564 4472 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
06:40:14.0564 4472 HidIr - ok
06:40:14.0611 4472 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
06:40:14.0611 4472 hidserv - ok
06:40:14.0642 4472 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:40:14.0642 4472 HidUsb - ok
06:40:14.0689 4472 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:40:14.0689 4472 hkmsvc - ok
06:40:14.0752 4472 [ 80D465483CECC76B6D1EE05C8FB6BD3F ] hnmsvc C:\Program Files\Dell Network Assistant\hnm_svc.exe
06:40:14.0752 4472 hnmsvc - ok
06:40:14.0783 4472 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:40:14.0798 4472 HomeGroupListener - ok
06:40:14.0830 4472 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:40:14.0845 4472 HomeGroupProvider - ok
06:40:14.0986 4472 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
06:40:14.0986 4472 hpqcxs08 - ok
06:40:15.0032 4472 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
06:40:15.0032 4472 hpqddsvc - ok
06:40:15.0095 4472 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
06:40:15.0095 4472 HpSAMD - ok
06:40:15.0126 4472 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:40:15.0126 4472 HTTP - ok
06:40:15.0173 4472 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:40:15.0173 4472 hwpolicy - ok
06:40:15.0251 4472 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
06:40:15.0251 4472 i8042prt - ok
06:40:15.0298 4472 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:40:15.0298 4472 iaStorV - ok
06:40:15.0376 4472 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:40:15.0407 4472 idsvc - ok
06:40:15.0454 4472 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
06:40:15.0485 4472 iirsp - ok
06:40:15.0610 4472 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
06:40:15.0625 4472 IKEEXT - ok
06:40:16.0031 4472 [ DAD53C5474D888A663699A433D997386 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
06:40:16.0093 4472 IntcAzAudAddService - ok
06:40:16.0156 4472 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
06:40:16.0156 4472 intelide - ok
06:40:16.0249 4472 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:40:16.0280 4472 intelppm - ok
06:40:16.0421 4472 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
06:40:16.0421 4472 IntuitUpdateService - ok
06:40:16.0577 4472 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
06:40:16.0577 4472 IntuitUpdateServiceV4 - ok
06:40:16.0624 4472 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:40:16.0624 4472 IPBusEnum - ok
06:40:16.0655 4472 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:40:16.0655 4472 IpFilterDriver - ok
06:40:16.0686 4472 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
06:40:16.0717 4472 IPMIDRV - ok
06:40:16.0764 4472 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:40:16.0764 4472 IPNAT - ok
06:40:16.0811 4472 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:40:16.0811 4472 IRENUM - ok
06:40:16.0842 4472 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
06:40:16.0842 4472 isapnp - ok
06:40:16.0873 4472 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
06:40:16.0889 4472 iScsiPrt - ok
06:40:16.0920 4472 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
06:40:16.0920 4472 kbdclass - ok
06:40:16.0936 4472 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
06:40:16.0936 4472 kbdhid - ok
06:40:16.0951 4472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
06:40:16.0951 4472 KeyIso - ok
06:40:16.0998 4472 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:40:16.0998 4472 KSecDD - ok
06:40:17.0045 4472 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:40:17.0045 4472 KSecPkg - ok
06:40:17.0076 4472 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
06:40:17.0092 4472 KtmRm - ok
06:40:17.0123 4472 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
06:40:17.0123 4472 LanmanServer - ok
06:40:17.0170 4472 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:40:17.0185 4472 LanmanWorkstation - ok
06:40:17.0248 4472 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:40:17.0263 4472 lltdio - ok
06:40:17.0294 4472 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:40:17.0310 4472 lltdsvc - ok
06:40:17.0341 4472 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
06:40:17.0341 4472 lmhosts - ok
06:40:17.0372 4472 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
06:40:17.0372 4472 LSI_FC - ok
06:40:17.0372 4472 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
06:40:17.0372 4472 LSI_SAS - ok
06:40:17.0404 4472 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:40:17.0404 4472 LSI_SAS2 - ok
06:40:17.0435 4472 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:40:17.0435 4472 LSI_SCSI - ok
06:40:17.0466 4472 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
06:40:17.0482 4472 luafv - ok
06:40:17.0528 4472 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
06:40:17.0528 4472 McciCMService - ok
06:40:17.0606 4472 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:40:17.0606 4472 Mcx2Svc - ok
06:40:17.0622 4472 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
06:40:17.0622 4472 megasas - ok
06:40:17.0653 4472 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
06:40:17.0653 4472 MegaSR - ok
06:40:17.0731 4472 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office 2007\Office12\GrooveAuditService.exe
06:40:17.0731 4472 Microsoft Office Groove Audit Service - ok
06:40:17.0778 4472 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
06:40:17.0778 4472 MMCSS - ok
06:40:17.0794 4472 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
06:40:17.0794 4472 Modem - ok
06:40:17.0825 4472 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:40:17.0825 4472 monitor - ok
06:40:17.0872 4472 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:40:17.0872 4472 mouclass - ok
06:40:17.0887 4472 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:40:17.0887 4472 mouhid - ok
06:40:17.0903 4472 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:40:17.0903 4472 mountmgr - ok
06:40:17.0918 4472 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
06:40:17.0918 4472 mpio - ok
06:40:17.0950 4472 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:40:17.0950 4472 mpsdrv - ok
06:40:18.0028 4472 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
06:40:18.0043 4472 MpsSvc - ok
06:40:18.0152 4472 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
06:40:18.0152 4472 MREMP50 - ok
06:40:18.0152 4472 MREMPR5 - ok
06:40:18.0152 4472 MRENDIS5 - ok
06:40:18.0199 4472 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
06:40:18.0199 4472 MRESP50 - ok
06:40:18.0230 4472 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:40:18.0230 4472 MRxDAV - ok
06:40:18.0293 4472 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:40:18.0308 4472 mrxsmb - ok
06:40:18.0371 4472 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:40:18.0371 4472 mrxsmb10 - ok
06:40:18.0386 4472 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:40:18.0402 4472 mrxsmb20 - ok
06:40:18.0433 4472 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
06:40:18.0433 4472 msahci - ok
06:40:18.0496 4472 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
06:40:18.0496 4472 msdsm - ok
06:40:18.0527 4472 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
06:40:18.0527 4472 MSDTC - ok
06:40:18.0558 4472 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:40:18.0558 4472 Msfs - ok
06:40:18.0558 4472 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:40:18.0558 4472 mshidkmdf - ok
06:40:18.0574 4472 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
06:40:18.0574 4472 msisadrv - ok
06:40:18.0620 4472 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:40:18.0620 4472 MSiSCSI - ok
06:40:18.0636 4472 msiserver - ok
06:40:18.0652 4472 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:40:18.0652 4472 MSKSSRV - ok
06:40:18.0667 4472 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:40:18.0667 4472 MSPCLOCK - ok
06:40:18.0683 4472 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:40:18.0683 4472 MSPQM - ok
06:40:18.0698 4472 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:40:18.0698 4472 MsRPC - ok
06:40:18.0730 4472 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
06:40:18.0730 4472 mssmbios - ok
06:40:20.0804 4472 [ 2DEDD58635AEC83C297981C789927EF4 ] MSSQLSERVER C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
06:40:20.0976 4472 MSSQLSERVER - ok
06:40:21.0054 4472 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:40:21.0070 4472 MSTEE - ok
06:40:21.0116 4472 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
06:40:21.0132 4472 MTConfig - ok
06:40:21.0148 4472 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
06:40:21.0148 4472 Mup - ok
06:40:21.0288 4472 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
06:40:21.0319 4472 napagent - ok
06:40:21.0475 4472 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:40:21.0506 4472 NativeWifiP - ok
06:40:21.0787 4472 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
06:40:21.0850 4472 NDIS - ok
06:40:21.0928 4472 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:40:21.0943 4472 NdisCap - ok
06:40:22.0021 4472 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:40:22.0037 4472 NdisTapi - ok
06:40:22.0068 4472 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:40:22.0084 4472 Ndisuio - ok
06:40:22.0099 4472 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:40:22.0130 4472 NdisWan - ok
06:40:22.0162 4472 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:40:22.0193 4472 NDProxy - ok
06:40:22.0318 4472 [ F713BD5EB873FF6F4B059138194EAC79 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
06:40:22.0333 4472 Net Driver HPZ12 - ok
06:40:22.0349 4472 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:40:22.0349 4472 NetBIOS - ok
06:40:22.0364 4472 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:40:22.0364 4472 NetBT - ok
06:40:22.0380 4472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
06:40:22.0380 4472 Netlogon - ok
06:40:22.0442 4472 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
06:40:22.0442 4472 Netman - ok
06:40:22.0474 4472 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
06:40:22.0489 4472 netprofm - ok
06:40:22.0520 4472 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:40:22.0520 4472 NetTcpPortSharing - ok
06:40:22.0567 4472 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
06:40:22.0567 4472 nfrd960 - ok
06:40:22.0598 4472 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
06:40:22.0614 4472 NlaSvc - ok
06:40:22.0630 4472 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:40:22.0630 4472 Npfs - ok
06:40:22.0676 4472 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
06:40:22.0676 4472 nsi - ok
06:40:22.0692 4472 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:40:22.0692 4472 nsiproxy - ok
06:40:22.0754 4472 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:40:22.0786 4472 Ntfs - ok
06:40:22.0801 4472 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
06:40:22.0801 4472 Null - ok
06:40:25.0781 4472 [ 712D98D35E68D0006B121F4A3B8EE814 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:40:26.0046 4472 nvlddmkm - ok
06:40:26.0124 4472 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:40:26.0155 4472 nvraid - ok
06:40:26.0218 4472 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:40:26.0264 4472 nvstor - ok
06:40:26.0389 4472 [ 8E1424DDB7214A2CF78EC728413BECCD ] nvsvc C:\Windows\system32\nvvsvc.exe
06:40:26.0405 4472 nvsvc - ok
06:40:26.0436 4472 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
06:40:26.0452 4472 nv_agp - ok
06:40:26.0795 4472 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:40:26.0810 4472 odserv - ok
06:40:26.0873 4472 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
06:40:26.0888 4472 ohci1394 - ok
06:40:27.0013 4472 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:40:27.0060 4472 ose - ok
06:40:27.0232 4472 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:40:27.0232 4472 p2pimsvc - ok
06:40:27.0356 4472 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
06:40:27.0372 4472 p2psvc - ok
06:40:27.0450 4472 [ 8F856DAE19383BD69DB444004D5D4F50 ] Packet C:\Windows\system32\DRIVERS\packet.sys
06:40:27.0466 4472 Packet - ok
06:40:27.0512 4472 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
06:40:27.0544 4472 Parport - ok
06:40:27.0575 4472 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:40:27.0606 4472 partmgr - ok
06:40:27.0622 4472 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
06:40:27.0637 4472 Parvdm - ok
06:40:27.0746 4472 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:40:27.0762 4472 PcaSvc - ok
06:40:27.0856 4472 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
06:40:27.0902 4472 pci - ok
06:40:27.0965 4472 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
06:40:27.0980 4472 pciide - ok
06:40:28.0074 4472 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
06:40:28.0090 4472 pcmcia - ok
06:40:28.0339 4472 [ 65A66EB40254DF662E32E89BBBA55E89 ] PCPitstop Scheduling C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
06:40:28.0339 4472 PCPitstop Scheduling - ok
06:40:28.0355 4472 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
06:40:28.0355 4472 pcw - ok
06:40:28.0417 4472 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:40:28.0433 4472 PEAUTH - ok
06:40:28.0511 4472 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
06:40:28.0542 4472 PeerDistSvc - ok
06:40:28.0620 4472 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
06:40:28.0667 4472 pla - ok
06:40:28.0729 4472 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:40:28.0745 4472 PlugPlay - ok
06:40:28.0807 4472 [ 0D337E0CF7041C5F538B27C2F86E48BF ] Pml Driver HPH11 C:\Windows\system32\HPHipm11.exe
06:40:28.0807 4472 Pml Driver HPH11 - ok
06:40:28.0838 4472 [ 379F7A0EC9FBE07629FD3F244D3E3E44 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
06:40:28.0838 4472 Pml Driver HPZ12 - ok
06:40:28.0870 4472 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:40:28.0885 4472 PNRPAutoReg - ok
06:40:28.0901 4472 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:40:28.0901 4472 PNRPsvc - ok
06:40:28.0948 4472 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:40:28.0963 4472 PolicyAgent - ok
06:40:29.0041 4472 [ 65950687968CCD18879C40DB030E33BC ] PortAcc C:\Program Files\Laplink\PCmover\PortAcc.sys
06:40:29.0041 4472 PortAcc - ok
06:40:29.0088 4472 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
06:40:29.0088 4472 Power - ok
06:40:29.0135 4472 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:40:29.0135 4472 PptpMiniport - ok
06:40:29.0150 4472 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
06:40:29.0150 4472 Processor - ok
06:40:29.0197 4472 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
06:40:29.0197 4472 ProfSvc - ok
06:40:29.0213 4472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:40:29.0213 4472 ProtectedStorage - ok
06:40:29.0228 4472 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:40:29.0228 4472 Psched - ok
06:40:29.0291 4472 [ 413F2D5F9D802688242C23B38F767ECB ] PTproct C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
06:40:29.0322 4472 PTproct - ok
06:40:29.0353 4472 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
06:40:29.0353 4472 PxHelp20 - ok
06:40:29.0416 4472 [ 27E26A7DBC17860630CE5065019C348F ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
06:40:29.0416 4472 QBCFMonitorService - ok
06:40:29.0462 4472 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
06:40:29.0478 4472 QBFCService - ok
06:40:29.0587 4472 [ 78AFB70DBE365BD6140E6740792AC3EA ] QBVSS C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
06:40:29.0618 4472 QBVSS - ok
06:40:29.0712 4472 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
06:40:29.0759 4472 ql2300 - ok
06:40:29.0790 4472 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
06:40:29.0790 4472 ql40xx - ok
06:40:29.0821 4472 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
06:40:29.0837 4472 QWAVE - ok
06:40:29.0852 4472 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:40:29.0852 4472 QWAVEdrv - ok
06:40:29.0884 4472 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:40:29.0884 4472 RasAcd - ok
06:40:29.0946 4472 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:40:29.0962 4472 RasAgileVpn - ok
06:40:30.0008 4472 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
06:40:30.0040 4472 RasAuto - ok
06:40:30.0102 4472 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:40:30.0118 4472 Rasl2tp - ok
06:40:30.0164 4472 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
06:40:30.0164 4472 RasMan - ok
06:40:30.0180 4472 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:40:30.0180 4472 RasPppoe - ok
06:40:30.0211 4472 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:40:30.0211 4472 RasSstp - ok
06:40:30.0227 4472 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:40:30.0227 4472 rdbss - ok
06:40:30.0242 4472 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
06:40:30.0242 4472 rdpbus - ok
06:40:30.0258 4472 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:40:30.0258 4472 RDPCDD - ok
06:40:30.0305 4472 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
06:40:30.0305 4472 RDPDR - ok
06:40:30.0336 4472 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:40:30.0336 4472 RDPENCDD - ok
06:40:30.0367 4472 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:40:30.0367 4472 RDPREFMP - ok
06:40:30.0398 4472 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:40:30.0398 4472 RDPWD - ok
06:40:30.0414 4472 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:40:30.0430 4472 rdyboost - ok
06:40:30.0461 4472 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
06:40:30.0476 4472 RemoteAccess - ok
06:40:30.0508 4472 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:40:30.0523 4472 RemoteRegistry - ok
06:40:30.0570 4472 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
06:40:30.0570 4472 RFCOMM - ok
06:40:30.0586 4472 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:40:30.0586 4472 RpcEptMapper - ok
06:40:30.0617 4472 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
06:40:30.0617 4472 RpcLocator - ok
06:40:30.0664 4472 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
06:40:30.0664 4472 RpcSs - ok
06:40:30.0726 4472 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:40:30.0726 4472 rspndr - ok
06:40:30.0773 4472 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
06:40:30.0773 4472 s3cap - ok
06:40:30.0788 4472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
06:40:30.0788 4472 SamSs - ok
06:40:30.0820 4472 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
06:40:30.0820 4472 sbp2port - ok
06:40:30.0851 4472 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:40:30.0851 4472 SCardSvr - ok
06:40:30.0866 4472 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:40:30.0866 4472 scfilter - ok
06:40:30.0929 4472 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
06:40:30.0976 4472 Schedule - ok
06:40:31.0022 4472 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
06:40:31.0022 4472 SCPolicySvc - ok
06:40:31.0038 4472 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:40:31.0038 4472 SDRSVC - ok
06:40:31.0085 4472 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:40:31.0085 4472 secdrv - ok
06:40:31.0132 4472 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
06:40:31.0132 4472 seclogon - ok
06:40:31.0147 4472 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
06:40:31.0163 4472 SENS - ok
06:40:31.0194 4472 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:40:31.0210 4472 SensrSvc - ok
06:40:31.0241 4472 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
06:40:31.0241 4472 Serenum - ok
06:40:31.0256 4472 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
06:40:31.0256 4472 Serial - ok
06:40:31.0288 4472 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
06:40:31.0288 4472 sermouse - ok
06:40:31.0334 4472 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
06:40:31.0334 4472 SessionEnv - ok
06:40:31.0366 4472 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
06:40:31.0366 4472 sffdisk - ok
06:40:31.0381 4472 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
06:40:31.0381 4472 sffp_mmc - ok
06:40:31.0412 4472 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
06:40:31.0412 4472 sffp_sd - ok
06:40:31.0412 4472 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
06:40:31.0412 4472 sfloppy - ok
06:40:31.0490 4472 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:40:31.0506 4472 ShellHWDetection - ok
06:40:31.0522 4472 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
06:40:31.0522 4472 sisagp - ok
06:40:31.0553 4472 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:40:31.0553 4472 SiSRaid2 - ok
06:40:31.0553 4472 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
06:40:31.0568 4472 SiSRaid4 - ok
06:40:31.0600 4472 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:40:31.0600 4472 Smb - ok
06:40:31.0662 4472 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:40:31.0662 4472 SNMPTRAP - ok
06:40:31.0678 4472 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
06:40:31.0678 4472 spldr - ok
06:40:31.0709 4472 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
06:40:31.0724 4472 Spooler - ok
06:40:31.0849 4472 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
06:40:31.0927 4472 sppsvc - ok
06:40:31.0927 4472 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:40:31.0943 4472 sppuinotify - ok
06:40:31.0974 4472 [ 163AD09C3F9257066B78C2333302E488 ] SQLSERVERAGENT C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe
06:40:31.0974 4472 SQLSERVERAGENT - ok
06:40:32.0036 4472 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
06:40:32.0036 4472 srv - ok
06:40:32.0052 4472 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:40:32.0052 4472 srv2 - ok
06:40:32.0068 4472 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:40:32.0068 4472 srvnet - ok
06:40:32.0114 4472 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:40:32.0114 4472 SSDPSRV - ok
06:40:32.0130 4472 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:40:32.0130 4472 SstpSvc - ok
06:40:32.0177 4472 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
06:40:32.0177 4472 stexstor - ok
06:40:32.0224 4472 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
06:40:32.0239 4472 StiSvc - ok
06:40:32.0317 4472 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
06:40:32.0317 4472 stllssvr - ok
06:40:32.0364 4472 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
06:40:32.0364 4472 storflt - ok
06:40:32.0380 4472 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
06:40:32.0380 4472 storvsc - ok
06:40:32.0426 4472 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
06:40:32.0426 4472 swenum - ok
06:40:32.0473 4472 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
06:40:32.0489 4472 swprv - ok
06:40:32.0567 4472 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
06:40:32.0582 4472 Symantec RemoteAssist - ok
06:40:32.0614 4472 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
06:40:32.0660 4472 SysMain - ok
06:40:32.0660 4472 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:40:32.0676 4472 TabletInputService - ok
06:40:32.0692 4472 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
06:40:32.0707 4472 TapiSrv - ok
06:40:32.0754 4472 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
06:40:32.0754 4472 TBS - ok
06:40:32.0816 4472 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:40:32.0848 4472 Tcpip - ok
06:40:32.0894 4472 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:40:32.0910 4472 TCPIP6 - ok
06:40:32.0957 4472 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:40:32.0957 4472 tcpipreg - ok
06:40:32.0972 4472 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:40:32.0972 4472 TDPIPE - ok
06:40:33.0019 4472 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:40:33.0019 4472 TDTCP - ok
06:40:33.0035 4472 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:40:33.0035 4472 tdx - ok
06:40:33.0050 4472 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
06:40:33.0050 4472 TermDD - ok
06:40:33.0097 4472 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
06:40:33.0113 4472 TermService - ok
06:40:33.0128 4472 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
06:40:33.0128 4472 Themes - ok
06:40:33.0144 4472 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
06:40:33.0144 4472 THREADORDER - ok
06:40:33.0160 4472 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
06:40:33.0160 4472 TrkWks - ok
06:40:33.0238 4472 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:40:33.0238 4472 TrustedInstaller - ok
06:40:33.0253 4472 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:40:33.0253 4472 tssecsrv - ok
06:40:33.0284 4472 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:40:33.0284 4472 tunnel - ok
06:40:33.0316 4472 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
06:40:33.0331 4472 uagp35 - ok
06:40:33.0347 4472 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:40:33.0347 4472 udfs - ok
06:40:33.0394 4472 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:40:33.0394 4472 UI0Detect - ok
06:40:33.0425 4472 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
06:40:33.0425 4472 uliagpkx - ok
06:40:33.0440 4472 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:40:33.0456 4472 umbus - ok
06:40:33.0472 4472 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
06:40:33.0472 4472 UmPass - ok
06:40:33.0534 4472 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
06:40:33.0534 4472 UmRdpService - ok
06:40:33.0581 4472 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
06:40:33.0581 4472 upnphost - ok
06:40:33.0628 4472 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
06:40:33.0628 4472 usbccgp - ok
06:40:33.0674 4472 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
06:40:33.0674 4472 usbcir - ok
06:40:33.0721 4472 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\drivers\usbehci.sys
06:40:33.0721 4472 usbehci - ok
06:40:33.0768 4472 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:40:33.0768 4472 usbhub - ok
06:40:33.0799 4472 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
06:40:33.0799 4472 usbohci - ok
06:40:33.0830 4472 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:40:33.0830 4472 usbprint - ok
06:40:33.0862 4472 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:40:33.0877 4472 USBSTOR - ok
06:40:33.0877 4472 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
06:40:33.0877 4472 usbuhci - ok
06:40:33.0924 4472 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
06:40:33.0924 4472 UxSms - ok
06:40:33.0940 4472 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
06:40:33.0940 4472 VaultSvc - ok
06:40:33.0986 4472 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
06:40:33.0986 4472 vdrvroot - ok
06:40:34.0002 4472 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
06:40:34.0018 4472 vds - ok
06:40:34.0033 4472 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:40:34.0033 4472 vga - ok
06:40:34.0049 4472 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
06:40:34.0049 4472 VgaSave - ok
06:40:34.0080 4472 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
06:40:34.0080 4472 vhdmp - ok
06:40:34.0111 4472 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
06:40:34.0111 4472 viaagp - ok
06:40:34.0127 4472 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
06:40:34.0127 4472 ViaC7 - ok
06:40:34.0142 4472 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
06:40:34.0142 4472 viaide - ok
06:40:34.0174 4472 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
06:40:34.0189 4472 vmbus - ok
06:40:34.0205 4472 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
06:40:34.0205 4472 VMBusHID - ok
06:40:34.0220 4472 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
06:40:34.0220 4472 volmgr - ok
06:40:34.0236 4472 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:40:34.0236 4472 volmgrx - ok
06:40:34.0267 4472 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
06:40:34.0267 4472 volsnap - ok
06:40:34.0283 4472 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
06:40:34.0298 4472 vsmraid - ok
06:40:34.0345 4472 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
06:40:34.0376 4472 VSS - ok
06:40:34.0439 4472 [ 682FCF7D2EB5158CD30408E976562408 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
06:40:34.0439 4472 VSTHWBS2 - ok
06:40:34.0470 4472 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
06:40:34.0501 4472 VST_DPV - ok
06:40:34.0501 4472 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
06:40:34.0501 4472 vwifibus - ok
06:40:34.0532 4472 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
06:40:34.0548 4472 W32Time - ok
06:40:34.0579 4472 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
06:40:34.0595 4472 WacomPen - ok
06:40:34.0610 4472 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:40:34.0626 4472 WANARP - ok
06:40:34.0626 4472 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:40:34.0626 4472 Wanarpv6 - ok
06:40:34.0688 4472 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:40:34.0720 4472 WatAdminSvc - ok
06:40:34.0798 4472 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
06:40:34.0844 4472 wbengine - ok
06:40:34.0938 4472 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:40:34.0954 4472 WbioSrvc - ok
06:40:35.0016 4472 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:40:35.0047 4472 wcncsvc - ok
06:40:35.0110 4472 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:40:35.0125 4472 WcsPlugInService - ok
06:40:35.0203 4472 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
06:40:35.0203 4472 Wd - ok
06:40:35.0266 4472 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:40:35.0281 4472 Wdf01000 - ok
06:40:35.0297 4472 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:40:35.0297 4472 WdiServiceHost - ok
06:40:35.0297 4472 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:40:35.0312 4472 WdiSystemHost - ok
06:40:35.0328 4472 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
06:40:35.0344 4472 WebClient - ok
06:40:35.0359 4472 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:40:35.0359 4472 Wecsvc - ok
06:40:35.0375 4472 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:40:35.0422 4472 wercplsupport - ok
06:40:35.0484 4472 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
06:40:35.0500 4472 WerSvc - ok
06:40:35.0531 4472 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:40:35.0546 4472 WfpLwf - ok
06:40:35.0562 4472 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:40:35.0562 4472 WIMMount - ok
06:40:35.0593 4472 [ BC0C7EA89194C299F051C24119000E17 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
06:40:35.0593 4472 winachsf - ok
06:40:35.0609 4472 WinHttpAutoProxySvc - ok
06:40:35.0890 4472 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:40:35.0905 4472 Winmgmt - ok
06:40:36.0280 4472 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
06:40:36.0326 4472 WinRM - ok
06:40:36.0638 4472 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
06:40:36.0670 4472 Wlansvc - ok
06:40:36.0763 4472 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
06:40:36.0763 4472 wlcrasvc - ok
06:40:37.0325 4472 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:40:37.0387 4472 wlidsvc - ok
06:40:37.0418 4472 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
06:40:37.0434 4472 WmiAcpi - ok
06:40:37.0481 4472 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:40:37.0496 4472 wmiApSrv - ok
06:40:37.0699 4472 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
06:40:37.0715 4472 WMPNetworkSvc - ok
06:40:37.0777 4472 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:40:37.0777 4472 WPCSvc - ok
06:40:37.0793 4472 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:40:37.0808 4472 WPDBusEnum - ok
06:40:37.0855 4472 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:40:37.0855 4472 ws2ifsl - ok
06:40:37.0871 4472 WSearch - ok
06:40:37.0902 4472 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:40:37.0918 4472 WudfPf - ok
06:40:37.0933 4472 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:40:37.0933 4472 WUDFRd - ok
06:40:37.0980 4472 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:40:37.0980 4472 wudfsvc - ok
06:40:38.0011 4472 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
06:40:38.0011 4472 WwanSvc - ok
06:40:38.0042 4472 ================ Scan global ===============================
06:40:38.0105 4472 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
06:40:38.0152 4472 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
06:40:38.0167 4472 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
06:40:38.0214 4472 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
06:40:38.0261 4472 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
06:40:38.0276 4472 [Global] - ok
06:40:38.0276 4472 ================ Scan MBR ==================================
06:40:38.0276 4472 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:40:38.0526 4472 \Device\Harddisk0\DR0 - ok
06:40:42.0176 4472 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
06:40:42.0223 4472 \Device\Harddisk1\DR1 - ok
06:40:42.0239 4472 ================ Scan VBR ==================================
06:40:42.0239 4472 [ 4936907D60B10EACAAAE4F3901F18862 ] \Device\Harddisk0\DR0\Partition1
06:40:42.0239 4472 \Device\Harddisk0\DR0\Partition1 - ok
06:40:42.0254 4472 [ 769594CA9090FB521255BC0144CFBD4B ] \Device\Harddisk0\DR0\Partition2
06:40:42.0254 4472 \Device\Harddisk0\DR0\Partition2 - ok
06:40:42.0286 4472 [ C0C359C77E59D7AE86A52FC190E2C133 ] \Device\Harddisk1\DR1\Partition1
06:40:42.0286 4472 \Device\Harddisk1\DR1\Partition1 - ok
06:40:42.0286 4472 ============================================================
06:40:42.0286 4472 Scan finished
06:40:42.0286 4472 ============================================================
06:40:42.0301 4780 Detected object count: 0
06:40:42.0301 4780 Actual detected object count: 0
06:40:52.0550 1008 Deinitialize success


aswMBR log report

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-01 06:43:24
-----------------------------
06:43:24.620 OS Version: Windows 6.1.7600
06:43:24.620 Number of processors: 4 586 0xF0B
06:43:24.620 ComputerName: VOSTROPC UserName: Anne
06:43:26.226 Initialize success
06:45:25.721 AVAST engine defs: 12100100
06:46:15.344 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:46:15.360 Disk 0 Vendor: ST3160815AS 3.ADA Size: 152587MB BusType: 3
06:46:15.360 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
06:46:15.360 Disk 1 Vendor: ST3160815AS 3.ADA Size: 152587MB BusType: 3
06:46:15.391 Disk 0 MBR read successfully
06:46:15.391 Disk 0 MBR scan
06:46:15.407 Disk 0 Windows 7 default MBR code
06:46:15.407 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
06:46:15.422 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
06:46:15.438 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142291 MB offset 21084160
06:46:15.454 Disk 0 scanning sectors +312496128
06:46:15.532 Disk 0 scanning C:\Windows\system32\drivers
06:46:25.547 Service scanning
06:46:56.684 Modules scanning
06:47:04.578 Disk 0 trace - called modules:
06:47:04.594 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
06:47:04.594 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ec6030]
06:47:04.609 3 CLASSPNP.SYS[891b059e] -> nt!IofCallDriver -> [0x859c9878]
06:47:04.609 5 ACPI.sys[88c993b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850a6908]
06:47:05.218 AVAST engine scan C:\Windows
06:47:10.459 AVAST engine scan C:\Windows\system32
06:48:00.099 File: C:\Windows\system32\inetservice_undo.exe **INFECTED** Win32:Trojan-gen
06:51:19.529 AVAST engine scan C:\Windows\system32\drivers
06:51:34.536 AVAST engine scan C:\Users\Anne
06:59:35.610 File: C:\Users\Anne\AppData\LocalLow\SmartPrediction\smartpredictiie.dll **INFECTED** Win32:Adware-gen [Adw]
06:59:36.780 File: C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\228d1806-70fce8bd **INFECTED** Win32:Inject-VX [Trj]
07:01:22.143 AVAST engine scan C:\ProgramData
07:04:35.380 Scan finished successfully
17:07:55.268 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
17:07:55.346 The log file has been saved successfully to "C:\aswMBR log 20121001.txt"

When I clicked on the "FixMBR" button, the following message was displayed:

Warning!!!
Writing a new master boot record to your system partition could damage your partition tables and ause your partitions to become inaccessible.
This application writes standard Windows MBR code.
Are you sure you want to fix the MBR?

I clicked on No. Should I go ahead and click on Yes?





ESET online scanner LIST of found threats

C:\Program Files\RSToo\csrss.exe probably a variant of Win32/Agent.DLRCLPE trojan cleaned by deleting - quarantined
C:\Program Files\RSToo\csrss.new.2.exe probably a variant of Win32/Agent.DLRCLPE trojan cleaned by deleting - quarantined
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\SKF6AXTS\2003994.pdf JS/Exploit.Pdfka.PLS trojan cleaned by deleting - quarantined
C:\Users\Anne\AppData\LocalLow\SmartPrediction\smartpredictiie.dll Win32/Adware.EasyPrediction application cleaned by deleting - quarantined
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\228d1806-70fce8bd a variant of Win32/Kryptik.BAG trojan cleaned by deleting - quarantined


Please advise.

Thanks for your help.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:29 PM

Posted 01 October 2012 - 11:00 PM

When I clicked on the "FixMBR" button, the following message was displayed:


I never asked you to click on FIXMBR

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it . For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 ameliacat

ameliacat
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 October 2012 - 09:38 PM

Malwarebytes

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.11

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Anne :: VOSTROPC [administrator]

10/03/2012 7:07:28 PM
mbam-log-2012-10-03 (19-07-28).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 501118
Time elapsed: 1 hour(s), 47 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\$Recycle.Bin\S-1-5-18\$698cbf5ee8eca416001b8fe283163387\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$698cbf5ee8eca416001b8fe283163387\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$698cbf5ee8eca416001b8fe283163387\U\800000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.

(end)




mini toolbox
MiniToolBox by Farbar Version: 23-07-2012
Ran by Anne (administrator) on 04-10-2012 at 05:00:16
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost
192.168.1.4 NPI0F4A28

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IPV6MON.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : VostroPC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-19-7E-DB-93-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-1D-09-84-62-41
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a0d6:8ee1:24:db3c%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 29, 2012 4:19:26 PM
Lease Expires . . . . . . . . . . : Friday, October 05, 2012 4:37:04 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 201334025
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-34-AF-02-00-1D-09-84-62-41
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{94AD49C7-3BCA-42D7-B6F0-DCAAD05F11C7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 2001:4860:4007:801::1007
74.125.224.165
74.125.224.166
74.125.224.167
74.125.224.168
74.125.224.169
74.125.224.174
74.125.224.160
74.125.224.161
74.125.224.162
74.125.224.163
74.125.224.164


Pinging google.com [74.125.224.169] with 32 bytes of data:
Reply from 74.125.224.169: bytes=32 time=17ms TTL=55
Reply from 74.125.224.169: bytes=32 time=14ms TTL=55

Ping statistics for 74.125.224.169:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 17ms, Average = 15ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=889ms TTL=52
Reply from 72.30.38.140: bytes=32 time=810ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 810ms, Maximum = 889ms, Average = 849ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...00 19 7e db 93 f0 ......Bluetooth Device (Personal Area Network)
11...00 1d 09 84 62 41 ......Intel® 82562V-2 10/100 Network Connection
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::a0d6:8ee1:24:db3c/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/02/2012 07:16:01 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16448 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19a4

Start Time: 01cda0a8553381ae

Termination Time: 78

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (09/29/2012 04:20:10 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/29/2012 04:20:09 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/29/2012 04:20:09 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/29/2012 04:18:45 PM) (Source: MSSQLSERVER) (User: )
Description: 17113initconfig: Error 2(The system cannot find the file specified.) opening 'C:\Program Files\Microsoft SQL Server\MSSQL\data\master.mdf' for configuration information.

Error: (09/29/2012 03:01:20 PM) (Source: Application Hang) (User: )
Description: The program MATSWiz.exe version 3.5.0.29 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4d0

Start Time: 01cd9e8d7ca74f17

Termination Time: 15

Application Path: C:\Users\Anne\AppData\Local\Temp\MATS-Temp\CABhwvjfeef.yao\MATSWiz.exe

Report Id: 2f4f5a50-0a81-11e2-97c7-00197edb93f0

Error: (09/29/2012 02:28:42 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/29/2012 02:28:42 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/29/2012 02:28:42 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/29/2012 02:26:22 PM) (Source: MSSQLSERVER) (User: )
Description: 17113initconfig: Error 2(The system cannot find the file specified.) opening 'C:\Program Files\Microsoft SQL Server\MSSQL\data\master.mdf' for configuration information.


System errors:
=============
Error: (10/04/2012 04:56:36 AM) (Source: NetBT) (User: )
Description: The name "STUDIO2010 :0" could not be registered on the interface with IP address 192.168.1.64.
The computer with the IP address 192.168.1.65 did not allow the name to be claimed by
this computer.

Error: (10/04/2012 04:37:06 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (10/04/2012 04:37:06 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (10/04/2012 04:08:19 AM) (Source: NetBT) (User: )
Description: The name "STUDIO2010 :0" could not be registered on the interface with IP address 192.168.1.64.
The computer with the IP address 192.168.1.65 did not allow the name to be claimed by
this computer.

Error: (10/04/2012 03:44:17 AM) (Source: NetBT) (User: )
Description: The name "STUDIO2010 :0" could not be registered on the interface with IP address 192.168.1.64.
The computer with the IP address 192.168.1.65 did not allow the name to be claimed by
this computer.

Error: (10/04/2012 03:36:35 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (10/04/2012 03:36:35 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (10/04/2012 03:20:14 AM) (Source: NetBT) (User: )
Description: The name "STUDIO2010 :0" could not be registered on the interface with IP address 192.168.1.64.
The computer with the IP address 192.168.1.65 did not allow the name to be claimed by
this computer.

Error: (10/04/2012 02:56:12 AM) (Source: NetBT) (User: )
Description: The name "STUDIO2010 :0" could not be registered on the interface with IP address 192.168.1.64.
The computer with the IP address 192.168.1.65 did not allow the name to be claimed by
this computer.

Error: (10/04/2012 02:36:08 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (09/10/2012 08:12:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 188806 seconds with 2100 seconds of active time. This session ended with a crash.

Error: (09/02/2012 08:24:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 220897 seconds with 9720 seconds of active time. This session ended with a crash.

Error: (06/20/2012 06:40:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/20/2012 06:39:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 65 seconds with 60 seconds of active time. This session ended with a crash.

Error: (06/20/2012 05:49:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40483 seconds with 900 seconds of active time. This session ended with a crash.

Error: (06/19/2012 08:56:07 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 94948 seconds with 1560 seconds of active time. This session ended with a crash.

Error: (06/13/2012 08:02:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48893 seconds with 1560 seconds of active time. This session ended with a crash.

Error: (05/24/2012 07:23:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6652.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1395 seconds with 480 seconds of active time. This session ended with a crash.

Error: (05/24/2012 05:33:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 177 seconds with 60 seconds of active time. This session ended with a crash.

Error: (05/24/2012 05:30:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 214174 seconds with 7200 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP BiDi Channel Components Installer
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AT&T Service & Support Tool
Bing Bar (Version: 7.1.391.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
D3DX10 (Version: 15.4.2368.0902)
Dell Network Assistant
ESET Online Scanner v3
Google Apps Migration For Microsoft Outlook® 2.3.12.34 (Version: 2.3.12.34)
Google Apps Sync™ for Microsoft Outlook® 3.2.353.947 (Version: 3.2.353.947)
Google Desktop (Version: 5.9.1005.12335)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Product Detection (Version: 11.14.0001)
HP Update (Version: 5.003.001.001)
Info Center 1.0.0.10 (Version: 1.0.0.10)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
MSVCRT (Version: 15.4.2862.0708)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PC Pitstop Driver Alert2 2.0.0.0 (Version: 2.0.0.0)
QuickBooks (Version: 21.0.4011.904)
QuickBooks Pro 2011 (Version: 21.0.4011.904)
QuickBooks Remote Access
Quicken 2011 (Version: 20.1.8.6)
SmartPrediction (Version: 3.0.0.0)
TurboTax 2009 wcaiper (Version: 009.000.1050)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245)
TurboTax 2010
TurboTax 2010 wcaiper (Version: 010.000.1924)
TurboTax 2010 WinPerFedFormset (Version: 010.000.5821)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0222)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 wcaiper (Version: 011.000.1647)
TurboTax 2011 WinPerFedFormset (Version: 011.000.3351)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222)
TurboTax 2011 wrapper (Version: 011.000.0121)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live OneCare safety scanner (Version: 1.0.0.0)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
YouSendIt Express (Version: 2.11.2)

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 2046.18 MB
Available physical RAM: 1228.48 MB
Total Pagefile: 5122.18 MB
Available Pagefile: 3029.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.35 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:30.93 GB) NTFS
2 Drive d: (DATAPART1) (Fixed) (Total:149.01 GB) (Free:133.62 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.12 GB) NTFS

========================= Users: ========================================

User accounts for \\VOSTROPC

Administrator Anne ASPNET
Guest HelpAssistant IUSR_P4GB
IWAM_P4GB SQLDebugger SUPPORT_388945a0

========================= Restore Points ==================================


**** End of log ****



Farber service scanner
Farbar Service Scanner Version: 19-09-2012
Ran by Anne (administrator) on 04-10-2012 at 06:44:44
Running from "C:\Users\Anne\Downloads"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-11 14:11] - [2012-03-30 03:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 13:05] - [2011-03-02 22:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 16:53] - [2009-07-13 18:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 16:54] - [2009-07-13 18:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 16:23] - [2009-07-13 18:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 16:24] - [2009-07-13 18:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-02-09 00:26] - [2010-12-20 22:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-13 16:30] - [2009-07-13 18:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-12 20:33] - [2012-04-23 21:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



adware cleaner

# AdwCleaner v2.003 - Logfile created 10/04/2012 at 06:46:45
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Anne - VOSTROPC
# Boot Mode : Normal
# Running from : C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EEURPDQ5\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [1039 octets] - [04/10/2012 06:46:45]

########## EOF - C:\AdwCleaner[S1].txt - [1099 octets] ##########



Junkware removal tool

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.3 (10.03.2012)
OS: Windows 7 Ultimate x86
Ran by Anne on 10/04/2012 at 7:08:21.30
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



Removed the following from [PREFS.JS] :



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on 10/04/2012 at 7:08:26.54
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:29 PM

Posted 04 October 2012 - 09:44 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 ameliacat

ameliacat
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 05 October 2012 - 08:51 AM

Farbar Service Scanner (after running services repair tool)

Farbar Service Scanner Version: 19-09-2012
Ran by Anne (administrator) on 05-10-2012 at 05:50:48
Running from "C:\Users\Anne\Downloads"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-11 14:11] - [2012-03-30 03:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 13:05] - [2011-03-02 22:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 16:53] - [2009-07-13 18:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 16:54] - [2009-07-13 18:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 16:23] - [2009-07-13 18:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 16:24] - [2009-07-13 18:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-02-09 00:26] - [2010-12-20 22:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-13 16:30] - [2009-07-13 18:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-12 20:33] - [2012-04-23 21:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


rkill
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/05/2012 06:05:19 AM in x86 mode.
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\CTsvcCDA.exe (PID: 392) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\clipsrv.exe [NoSig]

* C:\Windows\System32\eventlog.dll [NoSig]

* C:\Windows\System32\msgsvc.dll [NoSig]

* C:\Windows\System32\oakley.dll [NoSig]

* C:\Windows\System32\srsvc.dll [NoSig]

* C:\Windows\System32\wscntfy.exe [NoSig]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost
192.168.1.4 NPI0F4A28

Program finished at: 10/05/2012 06:07:32 AM
Execution time: 0 hours(s), 2 minute(s), and 13 seconds(s)


Autoruns
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Photo Downloader" "Adobe Photo Downloader 4.0 component" "Adobe Systems Incorporated" "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
+ "ATT-SST_McciTrayApp" "mcci+McciTrayApp" "Alcatel-Lucent" "c:\program files\att-sst\mccitrayapp.exe"
+ "Bluetooth HCI Monitor" "Bluetooth HCI Monitoring application" "Logitech Inc." "c:\windows\system32\hcimntr.dll"
+ "dscactivate" " " " " "c:\program files\dell support center\gs_agent\custom\dsca.exe"
+ "ECenter" " " " " "c:\dell\e-center\eulalauncher.exe"
+ "Google Desktop Search" "Google Desktop" "Google" "c:\program files\google\google desktop search\googledesktop.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\groovemonitor.exe"
+ "HP Software Update" "Hewlett-Packard Product Assistant" "Hewlett-Packard Co." "c:\program files\hewlett-packard\hp software update\hpwuschd2.exe"
+ "hpbdfawep" "WEP MFC Application" "" "c:\program files\hewlett-packard\dfawep\bin\hpbdfawep.exe"
+ "HPPQVideo" "ScheduledLaunch" "Hewlett-Packard" "c:\program files\hewlett-packard\scheduledlaunch\hp color laserjet cp1510 series\bin\hppschlnch.exe"
+ "HPUsageTracking" " " "" "c:\program files\hewlett-packard\hp ut\bin\hppusg.exe"
+ "Info Center" "PCPitstopInfoCenter" "PC Pitstop LLC" "c:\program files\pcpitstop\info center\infocenter.exe"
+ "Intuit SyncManager" "IntuitSyncManager" "Intuit Inc. All rights reserved." "c:\program files\common files\intuit\sync\intuitsyncmanager.exe"
+ "ISUSScheduler" "InstallShield Update Service Scheduler" "InstallShield Software Corporation" "c:\program files\common files\installshield\updateservice\issch.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\windows\rthdvcpl.exe"
+ "ToolBoxFX" "HP ToolboxFX" "HP" "c:\program files\hewlett-packard\toolboxfx\bin\hptlbxfx.exe"
+ "UpdReg" "Creative UpdReg" "Creative Technology Ltd." "c:\windows\updreg.exe"
+ "VolPanel" "VolPanlu.exe" "Creative Technology Ltd" "c:\program files\creative\sbaudigy\volume panel\volpanlu.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe"
+ "Dell Network Assistant.lnk" "" "" "c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\icon0240bdfb3.exe"
+ "Digital Line Detect.lnk" "Digital Line Detection" "Avanquest Software " "c:\program files\digital line detect\dlg.exe"
+ "HP Digital Imaging Monitor.lnk" "HP Digital Imaging Monitor" "Hewlett-Packard Co." "c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe"
+ "Intuit Data Protect.lnk" "Intuit Data Protect" "Intuit Inc." "c:\program files\common files\intuit\dataprotect\intuitdataprotect.exe"
+ "QuickBooks Update Agent.lnk" "QuickBooks Automatic Update" "Intuit Inc." "c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe"
+ "QuickBooks_Standard_21.lnk" "QuickBooks" "Intuit Inc." "c:\program files\intuit\quickbooks pro\qbw32.exe"
"C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2007 Screen Clipper and Launcher.lnk" "Microsoft Office OneNote Quick Launcher" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "DellAutomatedPCTuneUp" "Dell Automated PC TuneUp" "Gteko Ltd." "c:\program files\dellautomatedpctuneup\ptagnt.exe"
+ "pwindicator" "" "" "c:\program files\parawin xp\pwic.exe"
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "StartUp This" "LaunchSt MFC Application" "Laplink Software, Inc." "c:\program files\laplink\pcmover\launchst.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "UpdateFlow.ATT-SST" "mcci+McciBrowser" "Alcatel-Lucent" "c:\program files\att-sst\mccibrowser.exe"
+ "WMPNSCFG" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
+ "BTW Setup Wizard" "BtWizard Module" "Broadcom Corporation." "c:\windows\system32\btwizard.dll"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\groovesystemservices.dll"
+ "intu-help-qb4" "QuickBooks Assistance Library" "Intuit, Inc." "c:\program files\intuit\quickbooks pro\helpasyncpluggableprotocol.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
+ "wlpg" "Windows Live Album Download Protocol Handler" "Microsoft Corporation" "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveshellextensions.dll"
+ "YsiShellExt" "YsiExt" "YouSendIt.com" "c:\program files\yousendit\express\version2\ysiext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\windows\system32\btncopy.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveshellextensions.dll"
+ "YsiShellExt" "YsiExt" "YouSendIt.com" "c:\program files\yousendit\express\version2\ysiext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, Inc." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\7.1.391.0\bingext.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files\windows live\writer\writerbrowserextension.dll"
+ "Messenger Companion (Ctrl+Shift+C)" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files\windows live\companion\companioncore.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\onbttnie.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
+ "Sun Java Console" "Java Plug-in 1.6.0 for Netscape Navigator (DLL Helper)" "Sun Microsystems, Inc." "c:\program files\java\jre1.6.0\bin\npjpi160.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\HP WEP" "WEP MFC Application" "" "c:\program files\hewlett-packard\dfawep\bin\hpbdfawep.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "File not found: C:\Windows\system32\gatherWiredInfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "File not found: C:\Windows\system32\gatherWirelessInfo.vbs"
+ "\Norton Internet Security - Run Full System Scan - Anne" "" "" "File not found: C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeActiveFileMonitor6.0" "Tracks files that are managed by Adobe Photoshop Elements" "" "c:\program files\adobe\photoshop elements 6.0\photoshopelementsfileagent.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\7.1.391.0\bbsvc.exe"
+ "BBUpdate" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\7.1.391.0\seaport.exe"
+ "Creative Labs Licensing Service" "Provides licensing services for Creative Labs applications." "Creative Labs" "c:\program files\common files\creative labs shared\service\creativelicensing.exe"
+ "Creative Service for CDROM Access" "Creative Service for CDROM Access" "Creative Technology Ltd" "c:\windows\system32\ctsvccda.exe"
+ "DellAMBrokerService" "Gteko BrkrSvc Application" "" "c:\program files\dellautomatedpctuneup\brkrsvc.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files\windows live\family safety\fsssvc.exe"
+ "GoogleDesktopManager-051210-111108" "Updates Google Desktop with the latest security fixes, enhancements and features. This service only runs occasionally and thus does not affect your computer's performance. If this service is stopped or disabled, Google Desktop may not function correctly." "Google" "c:\program files\google\google desktop search\googledesktop.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\480\g2aservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "hnmsvc" "Advanced Networking Service Application" "SingleClick Systems" "c:\program files\dell network assistant\hnm_svc.exe"
+ "hpqcxs08" "HP CUE Context Manager Objects" "Hewlett-Packard Co." "c:\program files\hewlett-packard\digital imaging\bin\hpqcxs08.dll"
+ "hpqddsvc" "This service detects and monitors CUE devices on the system." "Hewlett-Packard Co." "c:\program files\hewlett-packard\digital imaging\bin\hpqddsvc.dll"
+ "IntuitUpdateService" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service\intuitupdateservice.exe"
+ "IntuitUpdateServiceV4" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service v4\intuitupdateservice.exe"
+ "McciCMService" "mcci+McciCMService" "Alcatel-Lucent" "c:\program files\common files\motive\mccicmservice.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office 2007\office12\grooveauditservice.exe"
+ "MSSQLSERVER" "SQL Server Windows NT" "Microsoft Corporation" "c:\program files\microsoft sql server\mssql\binn\sqlservr.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "PCPitstop Scheduling" "This service handles the scheduling for PCPitstop Applications" "PC Pitstop LLC" "c:\program files\pcpitstop\pcpitstopscheduleservice.exe"
+ "Pml Driver HPH11" "PML Driver" "HP" "c:\windows\system32\hphipm11.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "QBCFMonitorService" "QuickBooks Company File Monitoring Service" "Intuit" "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe"
+ "QBFCService" "QuickBooks FCS module" "Intuit Inc." "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe"
+ "QBVSS" "Enables standard users to access Intuit Data Protect service." "Intuit Inc." "c:\program files\common files\intuit\dataprotect\qbidpservice.exe"
+ "SQLSERVERAGENT" "Microsoft SQL Server Agent" "Microsoft Corporation" "c:\program files\microsoft sql server\mssql\binn\sqlagent.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "Symantec RemoteAssist" "ssrc Module" "Symantec, Inc." "c:\program files\common files\symantec shared\support controls\ssrc.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "BVRPMPR5" "BVRP NDIS 5.0 MPR Protocol Driver" "Avanquest Software" "c:\windows\system32\drivers\bvrpmpr5.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "datunidr" "GUniDriver" "Gteko Ltd." "c:\windows\system32\drivers\datunidr.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e6032.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MREMP50" "PCAUSA NDIS 5.0 MPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\program files\common files\motive\mremp50.sys"
+ "MREMPR5" "" "" "File not found: C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS"
+ "MRENDIS5" "" "" "File not found: C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS"
+ "MRESP50" "PCAUSA NDIS 5.0 SPR Protocol Driver" "Printing Communications Assoc., Inc. (PCAUSA)" "c:\program files\common files\motive\mresp50.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 196.21 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "Packet" "Auto Internet Protocol" "SingleClick Systems" "c:\windows\system32\drivers\packet.sys"
+ "PortAcc" "" "" "c:\program files\laplink\pcmover\portacc.sys"
+ "PTproct" "Process Trigger Driver" "Gteko Ltd." "c:\program files\dellautomatedpctuneup\gtaction\triggers\ptproct.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "VST_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv3.sys"
+ "VSTHWBS2" "HSF_HWB2 WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstbs23.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt3.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "Intel® Corporation" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "Intel® Corporation" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "vidc.tscc" "TechSmith Screen Capture Codec" "TechSmith Corporation" "c:\windows\system32\tsccvid.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "BPM Metadata" "Creative BPM Metadata Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\metabpmu.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Creative AC3 Source Filter" "Creative AC3 Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\ac3srcu.ax"
+ "Creative Audio Gain Filter" "Audio Gain Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\audgain.ax"
+ "Creative CDDA Source Filter" "CDDA Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\cdda.ax"
+ "Creative Flac Source Filter" "Creative FLAC Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\flacsrcu.ax"
+ "Creative Internet Source Filter" "Creative Internet Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\inetsrcu.ax"
+ "Creative LiveRecording Filter_SxS" "Live Recording Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\liverecu.ax"
+ "Creative MLP Source Filter" "Creative MLP Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\mlpsrcu.ax"
+ "Creative NVF Filter" "Creative Nomad Voice File Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\nvfsrcu.ax"
+ "Creative Ogg Source Filter" "Creative Ogg Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\oggsrcu.ax"
+ "Creative PCM Raw Writer" "Creative Raw Writer" "Creative Technology Ltd" "c:\program files\creative\shared files\rawwritu.ax"
+ "Creative Wave Writer" "Wave Writer" "Creative Technology Ltd" "c:\program files\creative\shared files\wavwrite.ax"
+ "Creative WMA Source Filter" "Creative WMA Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\wmasrc.ax"
+ "Creative WMA Writer" "WMA Writer" "Creative Technology Ltd" "c:\program files\creative\shared files\wmawrite.ax"
+ "CT CMSS3 filter" "Sample" "Creative Technology Ltd" "c:\program files\creative\shared files\cmss3.ax"
+ "CT HPVirtualizer filter" "Creative Headphone Virtualizer Filter" "Creative Technology, Ltd." "c:\program files\creative\shared files\virtual.ax"
+ "CT Karaoke filter" "Creative Karaoke Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\karaoke.ax"
+ "CT PDP filter" "Creative Crystalizer Filter" "Creative Technology, Ltd." "c:\program files\creative\shared files\pdp.ax"
+ "CT SmartVolumeManagement filter" "Creative Compressor Plugin" "Creative Technology Ltd." "c:\program files\creative\shared files\dscompr.ax"
+ "CT Time-Scaling filter" "Sample" "Creative Technology Ltd." "c:\program files\creative\shared files\timescal.ax"
+ "CT Upsampler filter" "Sample" "Creative Technology Ltd" "c:\program files\creative\shared files\upsample.ax"
+ "Noise Reduction" "Creative Noise Reduction Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\noisredu.ax"
+ "PCM to EXT" "Creative Pcm2Ext" "Creative Technology Ltd." "c:\program files\creative\sbaudigy\wavestudio 7\pcm2ext.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "SVM Metadata" "Creative SVM Metadata Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\metasvmu.ax"
+ "Track1Filter" "" "" "c:\program files\adobe\photoshop elements 6.0\track1filter.dll"
+ "Track2Filter" "" "" "c:\program files\adobe\photoshop elements 6.0\track2filter.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL" "Google Desktop" "Google" "c:\program files\google\google desktop search\googledesktopnetwork3.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "HP Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Hewlett Packard" "c:\windows\system32\hptcpmon.dll"
+ "PCL hpz3llhn" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3llhn.dll"
"C:\Users\Anne\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:29 PM

Posted 05 October 2012 - 08:54 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 ameliacat

ameliacat
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 06 October 2012 - 02:15 PM

I've followed the last steps that you recommended, including installing Microsoft Security Essentials. Now my system is as clean as it can be.

However, my Internet Explorer 9 is still slower than it was a few weeks ago. Web pages that used to take seconds to load, now take minutes to load.

This PC and another PC laptop are connected to a router. Web pages still load within seconds on the other PC, but this PC that I am using is very, very slow.

What do you suggest?

Thanks for your help.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:29 PM

Posted 06 October 2012 - 03:37 PM

Press WIndows+R key and type

inetcpl.cpl and click ok

The Internet Options dialog box appears.

Click the Advanced tab.

Under Reset Internet Explorer settings, click Reset.

Checkmark Delete personal settings option

click ok

Let me know if that helps

Edited by narenxp, 06 October 2012 - 03:43 PM.


#11 ameliacat

ameliacat
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 06 October 2012 - 05:59 PM

I tried your suggestions, but am still experiencing slo-o-o-ow page loading of about 4-7 minutes.

What else can I do?

Thanks for your help.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:29 PM

Posted 06 October 2012 - 06:09 PM

Uninstall IE 9

http://windows.microsoft.com/en-US/windows7/how-do-i-install-or-uninstall-internet-explorer-9

This should rollback IE to IE 8.Now reinstall IE 9 and see if that helps

#13 ameliacat

ameliacat
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 08 October 2012 - 08:45 AM

I've uninstalled IE 9, then re-installed IE 9, per your recommendation.

Now web page loading is even slower.

I'm now using my other PC to respond.

What do you suggest?

Thanks.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:29 PM

Posted 08 October 2012 - 08:52 AM

Try a clean boot

http://www.askdrtech.com/solutions/post/How-to-perform-a-clean-startup-%28clean-boot%29-in-Windows-7.aspx

Restart the PC and let me know if that helps

#15 ameliacat

ameliacat
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 08 October 2012 - 09:27 AM

After uninstalling IE9, the web page response time slowsd to > 10 minutes. Reinstalling did not improve the response time.

The clean boot has improved response time to around 2 minutes, but it should be seconds, not minutes.

What do you suggest I do next?

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users