Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looking for Assistance in cleaning up an infected PC


  • Please log in to reply
7 replies to this topic

#1 motoxer4533

motoxer4533

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 28 November 2012 - 06:45 AM

Hello,

A family member has asked me to look at their PC (Windows Vista) and it definitely has some issues. I was hoping to get some guidance as to what the best steps are to rid the machine of this infection. I've installed Malwarebytes and run a quick preliminary scan and it found a few items, but it didn't clean up the problem.

Windows Security Essentials is somehow turned off and the service is gone, as well. This is a big red flag to me.

Would someone be willing to work through this with me? I'd appreciate any help I can get! Thanks!

- motoxer4533

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:53 AM

Posted 28 November 2012 - 07:35 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 motoxer4533

motoxer4533
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 28 November 2012 - 09:43 PM

Hi narenxp! Thanks for replying. Here are the logs for TDSS:

19:44:37.0212 0732 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:44:37.0648 0732 ============================================================
19:44:37.0648 0732 Current date / time: 2012/11/28 19:44:37.0648
19:44:37.0648 0732 SystemInfo:
19:44:37.0648 0732
19:44:37.0648 0732 OS Version: 6.0.6001 ServicePack: 1.0
19:44:37.0648 0732 Product type: Workstation
19:44:37.0648 0732 ComputerName: *****
19:44:37.0648 0732 UserName: *****
19:44:37.0648 0732 Windows directory: C:\Windows
19:44:37.0648 0732 System windows directory: C:\Windows
19:44:37.0648 0732 Processor architecture: Intel x86
19:44:37.0648 0732 Number of processors: 2
19:44:37.0648 0732 Page size: 0x1000
19:44:37.0648 0732 Boot type: Safe boot with network
19:44:37.0648 0732 ============================================================
19:44:38.0038 0732 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:44:38.0038 0732 ============================================================
19:44:38.0038 0732 \Device\Harddisk0\DR0:
19:44:38.0038 0732 MBR partitions:
19:44:38.0038 0732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
19:44:38.0038 0732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x10CB96B0
19:44:38.0038 0732 ============================================================
19:44:38.0070 0732 C: <-> \Device\Harddisk0\DR0\Partition2
19:44:38.0101 0732 E: <-> \Device\Harddisk0\DR0\Partition1
19:44:38.0101 0732 ============================================================
19:44:38.0101 0732 Initialize success
19:44:38.0101 0732 ============================================================
19:44:44.0497 0272 ============================================================
19:44:44.0497 0272 Scan started
19:44:44.0497 0272 Mode: Manual; TDLFS;
19:44:44.0497 0272 ============================================================
19:44:44.0778 0272 ================ Scan system memory ========================
19:44:44.0778 0272 System memory - ok
19:44:44.0778 0272 ================ Scan services =============================
19:44:45.0246 0272 [ 0CEE59E4613BF65E2FD37E544AD66BDB ] ACPI C:\Windows\system32\drivers\acpi.sys
19:44:45.0246 0272 ACPI - ok
19:44:45.0292 0272 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:44:45.0292 0272 adp94xx - ok
19:44:45.0324 0272 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:44:45.0324 0272 adpahci - ok
19:44:45.0355 0272 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:44:45.0355 0272 adpu160m - ok
19:44:45.0386 0272 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:44:45.0386 0272 adpu320 - ok
19:44:45.0448 0272 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:44:45.0448 0272 AeLookupSvc - ok
19:44:45.0558 0272 [ 087B04CA45E2F059A55709B0B8F95EA9 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
19:44:45.0558 0272 AESTFilters - ok
19:44:45.0620 0272 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
19:44:45.0620 0272 AFD - ok
19:44:45.0667 0272 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:44:45.0667 0272 agp440 - ok
19:44:45.0698 0272 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:44:45.0698 0272 aic78xx - ok
19:44:45.0729 0272 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:44:45.0729 0272 ALG - ok
19:44:45.0760 0272 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:44:45.0760 0272 aliide - ok
19:44:45.0792 0272 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:44:45.0792 0272 amdagp - ok
19:44:45.0823 0272 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:44:45.0823 0272 amdide - ok
19:44:45.0870 0272 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:44:45.0885 0272 AmdK7 - ok
19:44:45.0916 0272 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:44:45.0916 0272 AmdK8 - ok
19:44:45.0963 0272 [ B83F9DA84F7079451C1C6A4A2F140920 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:44:45.0963 0272 ApfiltrService - ok
19:44:46.0026 0272 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:44:46.0026 0272 Appinfo - ok
19:44:46.0135 0272 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:44:46.0135 0272 Apple Mobile Device - ok
19:44:46.0213 0272 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:44:46.0213 0272 arc - ok
19:44:46.0260 0272 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:44:46.0260 0272 arcsas - ok
19:44:46.0291 0272 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:46.0291 0272 AsyncMac - ok
19:44:46.0338 0272 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
19:44:46.0338 0272 atapi - ok
19:44:46.0416 0272 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:44:46.0431 0272 AudioEndpointBuilder - ok
19:44:46.0431 0272 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:44:46.0431 0272 Audiosrv - ok
19:44:46.0478 0272 [ 423C7B87E886AC93D22936EA82665F83 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
19:44:46.0478 0272 BCM42RLY - ok
19:44:46.0540 0272 [ 41A70777E892C3DEA606758366566A77 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
19:44:46.0556 0272 BCM43XX - ok
19:44:46.0618 0272 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:44:46.0618 0272 Beep - ok
19:44:46.0650 0272 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:44:46.0650 0272 blbdrive - ok
19:44:46.0728 0272 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:44:46.0728 0272 Bonjour Service - ok
19:44:46.0774 0272 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:44:46.0774 0272 bowser - ok
19:44:46.0821 0272 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:44:46.0821 0272 BrFiltLo - ok
19:44:46.0852 0272 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:44:46.0852 0272 BrFiltUp - ok
19:44:46.0884 0272 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:44:46.0884 0272 Browser - ok
19:44:46.0930 0272 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:44:46.0930 0272 Brserid - ok
19:44:46.0946 0272 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:44:46.0946 0272 BrSerWdm - ok
19:44:46.0977 0272 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:44:46.0977 0272 BrUsbMdm - ok
19:44:46.0993 0272 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:44:46.0993 0272 BrUsbSer - ok
19:44:47.0024 0272 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:44:47.0024 0272 BTHMODEM - ok
19:44:47.0055 0272 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:44:47.0055 0272 cdfs - ok
19:44:47.0086 0272 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:44:47.0086 0272 cdrom - ok
19:44:47.0133 0272 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
19:44:47.0133 0272 CertPropSvc - ok
19:44:47.0149 0272 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
19:44:47.0149 0272 circlass - ok
19:44:47.0196 0272 [ 0703B9DEE7EEC6D6370EDEBD43D0F5C2 ] CLFS C:\Windows\system32\CLFS.sys
19:44:47.0196 0272 CLFS - ok
19:44:47.0274 0272 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:47.0274 0272 clr_optimization_v2.0.50727_32 - ok
19:44:47.0352 0272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:47.0352 0272 clr_optimization_v4.0.30319_32 - ok
19:44:47.0383 0272 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:44:47.0383 0272 CmBatt - ok
19:44:47.0414 0272 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:44:47.0430 0272 cmdide - ok
19:44:47.0445 0272 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:44:47.0445 0272 Compbatt - ok
19:44:47.0461 0272 COMSysApp - ok
19:44:47.0461 0272 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:44:47.0461 0272 crcdisk - ok
19:44:47.0492 0272 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:44:47.0492 0272 Crusoe - ok
19:44:47.0539 0272 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:44:47.0539 0272 CryptSvc - ok
19:44:47.0601 0272 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:44:47.0601 0272 DcomLaunch - ok
19:44:47.0632 0272 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:44:47.0632 0272 DfsC - ok
19:44:47.0710 0272 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
19:44:47.0710 0272 DFSR - ok
19:44:47.0773 0272 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:44:47.0773 0272 Dhcp - ok
19:44:47.0820 0272 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
19:44:47.0820 0272 disk - ok
19:44:47.0866 0272 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:44:47.0866 0272 Dnscache - ok
19:44:47.0944 0272 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
19:44:47.0944 0272 DockLoginService - ok
19:44:47.0976 0272 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
19:44:47.0991 0272 dot3svc - ok
19:44:48.0022 0272 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:44:48.0022 0272 DPS - ok
19:44:48.0054 0272 [ A261867E0862BE565BC1F86D387C0805 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:44:48.0054 0272 drmkaud - ok
19:44:48.0116 0272 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:44:48.0116 0272 DXGKrnl - ok
19:44:48.0163 0272 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
19:44:48.0163 0272 e1express - ok
19:44:48.0178 0272 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:44:48.0194 0272 E1G60 - ok
19:44:48.0225 0272 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:44:48.0225 0272 EapHost - ok
19:44:48.0272 0272 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:44:48.0272 0272 Ecache - ok
19:44:48.0334 0272 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:44:48.0334 0272 ehRecvr - ok
19:44:48.0350 0272 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:44:48.0350 0272 ehSched - ok
19:44:48.0350 0272 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:44:48.0350 0272 ehstart - ok
19:44:48.0412 0272 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:44:48.0412 0272 elxstor - ok
19:44:48.0459 0272 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:44:48.0459 0272 EMDMgmt - ok
19:44:48.0490 0272 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:44:48.0490 0272 ErrDev - ok
19:44:48.0553 0272 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
19:44:48.0553 0272 EventSystem - ok
19:44:48.0584 0272 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
19:44:48.0584 0272 exfat - ok
19:44:48.0615 0272 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:44:48.0615 0272 fastfat - ok
19:44:48.0646 0272 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:44:48.0646 0272 fdc - ok
19:44:48.0678 0272 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:44:48.0678 0272 fdPHost - ok
19:44:48.0709 0272 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:44:48.0709 0272 FDResPub - ok
19:44:48.0724 0272 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:44:48.0724 0272 FileInfo - ok
19:44:48.0740 0272 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:44:48.0740 0272 Filetrace - ok
19:44:48.0771 0272 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:44:48.0771 0272 flpydisk - ok
19:44:48.0802 0272 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:44:48.0802 0272 FltMgr - ok
19:44:48.0849 0272 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:44:48.0849 0272 FontCache3.0.0.0 - ok
19:44:48.0880 0272 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:44:48.0880 0272 Fs_Rec - ok
19:44:48.0912 0272 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:44:48.0912 0272 gagp30kx - ok
19:44:49.0021 0272 [ 311ACFCDD2C9A99481E91FA4CB028D70 ] GameConsoleService C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
19:44:49.0021 0272 GameConsoleService - ok
19:44:49.0068 0272 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:44:49.0068 0272 GEARAspiWDM - ok
19:44:49.0161 0272 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
19:44:49.0161 0272 GoToAssist - ok
19:44:49.0208 0272 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
19:44:49.0208 0272 gpsvc - ok
19:44:49.0302 0272 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:44:49.0302 0272 gupdate - ok
19:44:49.0302 0272 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:44:49.0317 0272 gupdatem - ok
19:44:49.0395 0272 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:44:49.0395 0272 gusvc - ok
19:44:49.0426 0272 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:49.0426 0272 HDAudBus - ok
19:44:49.0458 0272 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:44:49.0458 0272 HidBth - ok
19:44:49.0473 0272 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:44:49.0473 0272 HidIr - ok
19:44:49.0504 0272 [ 53D5A2F9CE6AE47D7507727DF1DA79F8 ] hidserv C:\Windows\system32\hidserv.dll
19:44:49.0504 0272 hidserv - ok
19:44:49.0536 0272 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:44:49.0536 0272 HidUsb - ok
19:44:49.0567 0272 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:44:49.0567 0272 hkmsvc - ok
19:44:49.0598 0272 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:44:49.0598 0272 HpCISSs - ok
19:44:49.0645 0272 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:44:49.0645 0272 HTTP - ok
19:44:49.0676 0272 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:44:49.0676 0272 i2omp - ok
19:44:49.0723 0272 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:44:49.0723 0272 i8042prt - ok
19:44:49.0801 0272 [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:44:49.0801 0272 IAANTMON - ok
19:44:49.0848 0272 [ 80C633722DA72E97F3F5B3B11325696D ] iaStor C:\Windows\system32\drivers\iastor.sys
19:44:49.0848 0272 iaStor - ok
19:44:49.0910 0272 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:44:49.0910 0272 iaStorV - ok
19:44:49.0988 0272 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:44:49.0988 0272 idsvc - ok
19:44:50.0082 0272 [ 8DAD27DD28A4274866767C89C0BF154F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:44:50.0097 0272 igfx - ok
19:44:50.0128 0272 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:44:50.0128 0272 iirsp - ok
19:44:50.0175 0272 [ 68E8C415E102E5D79FD7E4A765B8CBA4 ] IKEEXT C:\Windows\System32\ikeext.dll
19:44:50.0175 0272 IKEEXT - ok
19:44:50.0238 0272 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:44:50.0238 0272 intelide - ok
19:44:50.0269 0272 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:44:50.0269 0272 intelppm - ok
19:44:50.0300 0272 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:44:50.0300 0272 IPBusEnum - ok
19:44:50.0316 0272 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:50.0316 0272 IpFilterDriver - ok
19:44:50.0316 0272 IpInIp - ok
19:44:50.0347 0272 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:44:50.0347 0272 IPMIDRV - ok
19:44:50.0362 0272 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:44:50.0362 0272 IPNAT - ok
19:44:50.0409 0272 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:44:50.0425 0272 iPod Service - ok
19:44:50.0456 0272 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:44:50.0456 0272 IRENUM - ok
19:44:50.0487 0272 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:44:50.0487 0272 isapnp - ok
19:44:50.0518 0272 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:44:50.0518 0272 iScsiPrt - ok
19:44:50.0550 0272 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:44:50.0550 0272 iteatapi - ok
19:44:50.0581 0272 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:44:50.0581 0272 iteraid - ok
19:44:50.0612 0272 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:44:50.0612 0272 kbdclass - ok
19:44:50.0643 0272 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:44:50.0643 0272 kbdhid - ok
19:44:50.0674 0272 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
19:44:50.0674 0272 KeyIso - ok
19:44:50.0737 0272 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:44:50.0737 0272 KSecDD - ok
19:44:50.0768 0272 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:44:50.0784 0272 KtmRm - ok
19:44:50.0815 0272 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:44:50.0815 0272 LanmanServer - ok
19:44:50.0877 0272 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:44:50.0877 0272 LanmanWorkstation - ok
19:44:50.0908 0272 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:44:50.0908 0272 lltdio - ok
19:44:50.0955 0272 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:44:50.0955 0272 lltdsvc - ok
19:44:50.0971 0272 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:44:50.0971 0272 lmhosts - ok
19:44:51.0002 0272 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:44:51.0002 0272 LSI_FC - ok
19:44:51.0033 0272 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:44:51.0033 0272 LSI_SAS - ok
19:44:51.0064 0272 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:44:51.0064 0272 LSI_SCSI - ok
19:44:51.0096 0272 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:44:51.0096 0272 luafv - ok
19:44:51.0127 0272 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:44:51.0127 0272 Mcx2Svc - ok
19:44:51.0158 0272 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:44:51.0158 0272 megasas - ok
19:44:51.0220 0272 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:44:51.0220 0272 MegaSR - ok
19:44:51.0252 0272 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:44:51.0252 0272 MMCSS - ok
19:44:51.0283 0272 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:44:51.0283 0272 Modem - ok
19:44:51.0298 0272 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:44:51.0298 0272 monitor - ok
19:44:51.0314 0272 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:44:51.0314 0272 mouclass - ok
19:44:51.0345 0272 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:44:51.0345 0272 mouhid - ok
19:44:51.0376 0272 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:44:51.0376 0272 MountMgr - ok
19:44:51.0454 0272 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:44:51.0454 0272 MozillaMaintenance - ok
19:44:51.0486 0272 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:44:51.0486 0272 MpFilter - ok
19:44:51.0517 0272 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:44:51.0517 0272 mpio - ok
19:44:51.0548 0272 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:44:51.0548 0272 mpsdrv - ok
19:44:51.0564 0272 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:44:51.0564 0272 Mraid35x - ok
19:44:51.0579 0272 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:44:51.0579 0272 MRxDAV - ok
19:44:51.0610 0272 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:51.0610 0272 mrxsmb - ok
19:44:51.0657 0272 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:51.0657 0272 mrxsmb10 - ok
19:44:51.0673 0272 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:51.0673 0272 mrxsmb20 - ok
19:44:51.0704 0272 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
19:44:51.0704 0272 msahci - ok
19:44:51.0735 0272 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:44:51.0735 0272 msdsm - ok
19:44:51.0751 0272 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:44:51.0751 0272 MSDTC - ok
19:44:51.0782 0272 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:44:51.0798 0272 Msfs - ok
19:44:51.0813 0272 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:44:51.0813 0272 msisadrv - ok
19:44:51.0876 0272 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:44:51.0876 0272 MSiSCSI - ok
19:44:51.0876 0272 msiserver - ok
19:44:51.0922 0272 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:44:51.0922 0272 MSKSSRV - ok
19:44:51.0954 0272 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:51.0954 0272 MSPCLOCK - ok
19:44:51.0969 0272 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:44:51.0969 0272 MSPQM - ok
19:44:52.0000 0272 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:44:52.0000 0272 MsRPC - ok
19:44:52.0016 0272 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:44:52.0016 0272 mssmbios - ok
19:44:52.0032 0272 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:44:52.0032 0272 MSTEE - ok
19:44:52.0063 0272 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
19:44:52.0063 0272 Mup - ok
19:44:52.0094 0272 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
19:44:52.0094 0272 napagent - ok
19:44:52.0125 0272 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:44:52.0125 0272 NativeWifiP - ok
19:44:52.0188 0272 [ C8560010A542B5DCA94C62468DC20784 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:44:52.0188 0272 NDIS - ok
19:44:52.0219 0272 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:52.0219 0272 NdisTapi - ok
19:44:52.0234 0272 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:52.0234 0272 Ndisuio - ok
19:44:52.0266 0272 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:52.0266 0272 NdisWan - ok
19:44:52.0281 0272 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:44:52.0281 0272 NDProxy - ok
19:44:52.0297 0272 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:44:52.0297 0272 NetBIOS - ok
19:44:52.0328 0272 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:44:52.0328 0272 netbt - ok
19:44:52.0328 0272 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
19:44:52.0344 0272 Netlogon - ok
19:44:52.0359 0272 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:44:52.0359 0272 Netman - ok
19:44:52.0390 0272 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:44:52.0390 0272 netprofm - ok
19:44:52.0437 0272 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:44:52.0437 0272 NetTcpPortSharing - ok
19:44:52.0500 0272 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:44:52.0500 0272 nfrd960 - ok
19:44:52.0531 0272 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:44:52.0531 0272 NisDrv - ok
19:44:52.0593 0272 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:44:52.0593 0272 NisSrv - ok
19:44:52.0624 0272 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:44:52.0640 0272 NlaSvc - ok
19:44:52.0656 0272 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:44:52.0656 0272 Npfs - ok
19:44:52.0656 0272 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:44:52.0656 0272 nsi - ok
19:44:52.0687 0272 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:44:52.0687 0272 nsiproxy - ok
19:44:52.0734 0272 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:44:52.0734 0272 Ntfs - ok
19:44:52.0765 0272 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:44:52.0765 0272 ntrigdigi - ok
19:44:52.0796 0272 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:44:52.0796 0272 Null - ok
19:44:52.0812 0272 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:44:52.0812 0272 nvraid - ok
19:44:52.0827 0272 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:44:52.0827 0272 nvstor - ok
19:44:52.0874 0272 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:44:52.0874 0272 nv_agp - ok
19:44:52.0890 0272 NwlnkFlt - ok
19:44:52.0890 0272 NwlnkFwd - ok
19:44:52.0921 0272 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:44:52.0921 0272 ohci1394 - ok
19:44:52.0983 0272 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:44:52.0983 0272 p2pimsvc - ok
19:44:52.0999 0272 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
19:44:52.0999 0272 p2psvc - ok
19:44:53.0014 0272 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:44:53.0014 0272 Parport - ok
19:44:53.0046 0272 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:44:53.0046 0272 partmgr - ok
19:44:53.0077 0272 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:44:53.0077 0272 Parvdm - ok
19:44:53.0092 0272 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:44:53.0092 0272 PcaSvc - ok
19:44:53.0108 0272 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
19:44:53.0108 0272 pci - ok
19:44:53.0139 0272 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
19:44:53.0139 0272 pciide - ok
19:44:53.0170 0272 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:44:53.0170 0272 pcmcia - ok
19:44:53.0217 0272 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:44:53.0233 0272 PEAUTH - ok
19:44:53.0311 0272 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:44:53.0326 0272 pla - ok
19:44:53.0358 0272 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:44:53.0373 0272 PlugPlay - ok
19:44:53.0404 0272 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:44:53.0404 0272 PNRPAutoReg - ok
19:44:53.0420 0272 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:44:53.0420 0272 PNRPsvc - ok
19:44:53.0467 0272 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:44:53.0467 0272 PolicyAgent - ok
19:44:53.0498 0272 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:44:53.0498 0272 PptpMiniport - ok
19:44:53.0529 0272 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
19:44:53.0529 0272 Processor - ok
19:44:53.0560 0272 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
19:44:53.0560 0272 ProfSvc - ok
19:44:53.0576 0272 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:44:53.0576 0272 ProtectedStorage - ok
19:44:53.0623 0272 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:44:53.0623 0272 PSched - ok
19:44:53.0670 0272 [ DBAF8A53D7669EFB4742896B458181D0 ] PTDUBus C:\Windows\system32\DRIVERS\PTDUBus.sys
19:44:53.0670 0272 PTDUBus - ok
19:44:53.0716 0272 [ FA4E2A5CF478624D3154FB045FB2D076 ] PTDUMdm C:\Windows\system32\DRIVERS\PTDUMdm.sys
19:44:53.0716 0272 PTDUMdm - ok
19:44:53.0763 0272 [ 9C489B38CA13F251289004FE4F8631DD ] PTDUVsp C:\Windows\system32\DRIVERS\PTDUVsp.sys
19:44:53.0763 0272 PTDUVsp - ok
19:44:53.0810 0272 [ 37A75AC00D26364A5EA2050A6F85C2D0 ] PTDUWFLT C:\Windows\system32\DRIVERS\PTDUWFLT.sys
19:44:53.0810 0272 PTDUWFLT - ok
19:44:53.0857 0272 [ F4A789A94FF74A47EB321BE4465259D0 ] PTDUWWAN C:\Windows\system32\DRIVERS\PTDUWWAN.sys
19:44:53.0857 0272 PTDUWWAN - ok
19:44:53.0904 0272 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:44:53.0904 0272 PxHelp20 - ok
19:44:53.0982 0272 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:44:53.0997 0272 ql2300 - ok
19:44:54.0013 0272 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:44:54.0013 0272 ql40xx - ok
19:44:54.0060 0272 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:44:54.0060 0272 QWAVE - ok
19:44:54.0075 0272 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:44:54.0075 0272 QWAVEdrv - ok
19:44:54.0169 0272 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
19:44:54.0184 0272 R300 - ok
19:44:54.0200 0272 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:44:54.0200 0272 RasAcd - ok
19:44:54.0247 0272 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:44:54.0247 0272 RasAuto - ok
19:44:54.0278 0272 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:44:54.0278 0272 Rasl2tp - ok
19:44:54.0309 0272 [ AFB474438762F0418060653F7294D92C ] RasMan C:\Windows\System32\rasmans.dll
19:44:54.0325 0272 RasMan - ok
19:44:54.0340 0272 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:44:54.0340 0272 RasPppoe - ok
19:44:54.0340 0272 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:44:54.0340 0272 RasSstp - ok
19:44:54.0356 0272 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:44:54.0356 0272 rdbss - ok
19:44:54.0372 0272 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:44:54.0372 0272 RDPCDD - ok
19:44:54.0403 0272 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:44:54.0403 0272 rdpdr - ok
19:44:54.0418 0272 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:44:54.0418 0272 RDPENCDD - ok
19:44:54.0450 0272 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:44:54.0450 0272 RDPWD - ok
19:44:54.0481 0272 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:44:54.0496 0272 RemoteAccess - ok
19:44:54.0528 0272 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:44:54.0528 0272 RemoteRegistry - ok
19:44:54.0559 0272 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:44:54.0559 0272 RpcLocator - ok
19:44:54.0590 0272 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
19:44:54.0590 0272 RpcSs - ok
19:44:54.0621 0272 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:44:54.0621 0272 rspndr - ok
19:44:54.0652 0272 [ 8F6B5CFCD472FD3E54A68D211EC4617B ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
19:44:54.0652 0272 RTSTOR - ok
19:44:54.0652 0272 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
19:44:54.0668 0272 SamSs - ok
19:44:54.0684 0272 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:44:54.0684 0272 sbp2port - ok
19:44:54.0715 0272 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:44:54.0730 0272 SCardSvr - ok
19:44:54.0777 0272 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
19:44:54.0777 0272 Schedule - ok
19:44:54.0793 0272 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
19:44:54.0793 0272 SCPolicySvc - ok
19:44:54.0824 0272 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:44:54.0824 0272 SDRSVC - ok
19:44:54.0855 0272 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:44:54.0855 0272 secdrv - ok
19:44:54.0886 0272 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:44:54.0886 0272 seclogon - ok
19:44:54.0933 0272 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
19:44:54.0933 0272 SENS - ok
19:44:54.0949 0272 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:44:54.0949 0272 Serenum - ok
19:44:54.0980 0272 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:44:54.0980 0272 Serial - ok
19:44:54.0996 0272 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:44:54.0996 0272 sermouse - ok
19:44:55.0027 0272 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:44:55.0027 0272 SessionEnv - ok
19:44:55.0105 0272 [ C548818EDDAAFF32ADB58A5C7C4B0F6E ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
19:44:55.0120 0272 SfCtlCom - ok
19:44:55.0152 0272 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:44:55.0152 0272 sffdisk - ok
19:44:55.0167 0272 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:44:55.0167 0272 sffp_mmc - ok
19:44:55.0183 0272 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:44:55.0183 0272 sffp_sd - ok
19:44:55.0198 0272 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:44:55.0214 0272 sfloppy - ok
19:44:55.0245 0272 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:44:55.0261 0272 ShellHWDetection - ok
19:44:55.0276 0272 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:44:55.0276 0272 sisagp - ok
19:44:55.0292 0272 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:44:55.0292 0272 SiSRaid2 - ok
19:44:55.0339 0272 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:44:55.0339 0272 SiSRaid4 - ok
19:44:55.0432 0272 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
19:44:55.0448 0272 slsvc - ok
19:44:55.0464 0272 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:44:55.0464 0272 SLUINotify - ok
19:44:55.0479 0272 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:44:55.0479 0272 Smb - ok
19:44:55.0542 0272 [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5 C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
19:44:55.0542 0272 SMSIVZAM5 - ok
19:44:55.0573 0272 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:44:55.0573 0272 SNMPTRAP - ok
19:44:55.0604 0272 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:44:55.0604 0272 spldr - ok
19:44:55.0635 0272 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
19:44:55.0635 0272 Spooler - ok
19:44:55.0698 0272 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
19:44:55.0698 0272 sprtsvc_DellSupportCenter - ok
19:44:55.0729 0272 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:44:55.0744 0272 srv - ok
19:44:55.0776 0272 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:44:55.0776 0272 srv2 - ok
19:44:55.0791 0272 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:44:55.0791 0272 srvnet - ok
19:44:55.0822 0272 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:44:55.0822 0272 SSDPSRV - ok
19:44:55.0838 0272 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:44:55.0838 0272 SstpSvc - ok
19:44:55.0963 0272 [ CB2449150A5EA17CAA0B94363D9440CC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
19:44:55.0963 0272 STacSV - ok
19:44:56.0010 0272 [ 14A9AD287FDA70A06463E09C4328C1F2 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
19:44:56.0010 0272 STHDA - ok
19:44:56.0056 0272 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
19:44:56.0056 0272 stisvc - ok
19:44:56.0150 0272 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:44:56.0150 0272 stllssvr - ok
19:44:56.0181 0272 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:44:56.0181 0272 swenum - ok
19:44:56.0212 0272 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
19:44:56.0212 0272 swprv - ok
19:44:56.0244 0272 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:44:56.0244 0272 Symc8xx - ok
19:44:56.0259 0272 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:44:56.0259 0272 Sym_hi - ok
19:44:56.0290 0272 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:44:56.0290 0272 Sym_u3 - ok
19:44:56.0322 0272 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
19:44:56.0337 0272 SysMain - ok
19:44:56.0353 0272 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:44:56.0353 0272 TabletInputService - ok
19:44:56.0384 0272 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:44:56.0384 0272 TapiSrv - ok
19:44:56.0415 0272 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:44:56.0415 0272 TBS - ok
19:44:56.0462 0272 [ 6216A954ED7045B62880A92D6C9B9FC7 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:44:56.0478 0272 Tcpip - ok
19:44:56.0493 0272 [ 6216A954ED7045B62880A92D6C9B9FC7 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:44:56.0493 0272 Tcpip6 - ok
19:44:56.0524 0272 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:44:56.0524 0272 tcpipreg - ok
19:44:56.0556 0272 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:44:56.0556 0272 TDPIPE - ok
19:44:56.0587 0272 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:44:56.0587 0272 TDTCP - ok
19:44:56.0602 0272 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:44:56.0602 0272 tdx - ok
19:44:56.0618 0272 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:44:56.0618 0272 TermDD - ok
19:44:56.0665 0272 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
19:44:56.0680 0272 TermService - ok
19:44:56.0696 0272 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
19:44:56.0696 0272 Themes - ok
19:44:56.0727 0272 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:44:56.0727 0272 THREADORDER - ok
19:44:56.0774 0272 [ 01725DECC55E65258297F4D703E14C58 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
19:44:56.0774 0272 tmactmon - ok
19:44:56.0836 0272 [ 34DBC9C278B209D173BD2A1B02BCD42D ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
19:44:56.0836 0272 TMBMServer - ok
19:44:56.0868 0272 [ 1F6BB0D481B6907587350009CF958ED6 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
19:44:56.0868 0272 tmcomm - ok
19:44:56.0883 0272 [ 141A25DCEEC66C5286EEDC4FAAE8BB11 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
19:44:56.0883 0272 tmevtmgr - ok
19:44:56.0914 0272 [ DD24009F294B68B535E87C8683C60032 ] tmlwf C:\Windows\system32\DRIVERS\tmlwf.sys
19:44:56.0914 0272 tmlwf - ok
19:44:56.0946 0272 [ CD32C0760E164AC6CC8AB4D9437218AC ] TmPfw C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
19:44:56.0961 0272 TmPfw - ok
19:44:56.0992 0272 [ DE9E8269185A7614A5A4F39CACD266EC ] tmpreflt C:\Windows\system32\DRIVERS\tmpreflt.sys
19:44:56.0992 0272 tmpreflt - ok
19:44:57.0039 0272 [ 7C4B30E6924A1C504F63C8B13482F3E3 ] tmproxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
19:44:57.0039 0272 tmproxy - ok
19:44:57.0086 0272 [ C9B16B4F9F063B527CDDBB76FB946DFD ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
19:44:57.0086 0272 tmtdi - ok
19:44:57.0133 0272 [ 492A8D4F8867B38189FE9A62E9B560E1 ] tmwfp C:\Windows\system32\DRIVERS\tmwfp.sys
19:44:57.0133 0272 tmwfp - ok
19:44:57.0164 0272 [ F23C38F5EDEB8D0FBD512632F5421651 ] tmxpflt C:\Windows\system32\DRIVERS\tmxpflt.sys
19:44:57.0164 0272 tmxpflt - ok
19:44:57.0195 0272 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:44:57.0211 0272 TrkWks - ok
19:44:57.0258 0272 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:44:57.0258 0272 TrustedInstaller - ok
19:44:57.0289 0272 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:44:57.0289 0272 tssecsrv - ok
19:44:57.0320 0272 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:44:57.0320 0272 tunmp - ok
19:44:57.0367 0272 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:44:57.0367 0272 tunnel - ok
19:44:57.0398 0272 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:44:57.0398 0272 uagp35 - ok
19:44:57.0429 0272 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:44:57.0429 0272 udfs - ok
19:44:57.0460 0272 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:44:57.0460 0272 UI0Detect - ok
19:44:57.0476 0272 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:44:57.0476 0272 uliagpkx - ok
19:44:57.0507 0272 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:44:57.0507 0272 uliahci - ok
19:44:57.0523 0272 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:44:57.0523 0272 UlSata - ok
19:44:57.0554 0272 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:44:57.0554 0272 ulsata2 - ok
19:44:57.0585 0272 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:44:57.0585 0272 umbus - ok
19:44:57.0601 0272 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:44:57.0616 0272 upnphost - ok
19:44:57.0663 0272 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:44:57.0663 0272 USBAAPL - ok
19:44:57.0710 0272 [ 4073A94046D5F1025766EEFD6ABDC8DB ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:44:57.0710 0272 usbccgp - ok
19:44:57.0726 0272 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:44:57.0726 0272 usbcir - ok
19:44:57.0772 0272 [ 8625E96957CB855413628ABB306C7B89 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:44:57.0772 0272 usbehci - ok
19:44:57.0788 0272 [ BC1912EBB127B4E0905C7574349C6DCE ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:44:57.0788 0272 usbhub - ok
19:44:57.0819 0272 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:44:57.0819 0272 usbohci - ok
19:44:57.0850 0272 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:44:57.0850 0272 usbprint - ok
19:44:57.0897 0272 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:44:57.0897 0272 usbscan - ok
19:44:57.0913 0272 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:44:57.0913 0272 USBSTOR - ok
19:44:57.0944 0272 [ 4BA9542F67C63979761F1E0B8AB7141F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:44:57.0944 0272 usbuhci - ok
19:44:57.0960 0272 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
19:44:57.0960 0272 UxSms - ok
19:44:57.0991 0272 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
19:44:57.0991 0272 vds - ok
19:44:58.0038 0272 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:44:58.0038 0272 vga - ok
19:44:58.0052 0272 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:44:58.0053 0272 VgaSave - ok
19:44:58.0108 0272 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:44:58.0109 0272 viaagp - ok
19:44:58.0150 0272 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:44:58.0151 0272 ViaC7 - ok
19:44:58.0173 0272 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:44:58.0174 0272 viaide - ok
19:44:58.0208 0272 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:44:58.0209 0272 volmgr - ok
19:44:58.0262 0272 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:44:58.0265 0272 volmgrx - ok
19:44:58.0316 0272 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:44:58.0318 0272 volsnap - ok
19:44:58.0383 0272 [ EB80F44FE19E0CD7CE998CA11CD790DD ] vsapint C:\Windows\system32\DRIVERS\vsapint.sys
19:44:58.0391 0272 vsapint - ok
19:44:58.0424 0272 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:44:58.0425 0272 vsmraid - ok
19:44:58.0485 0272 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
19:44:58.0493 0272 VSS - ok
19:44:58.0502 0272 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
19:44:58.0505 0272 W32Time - ok
19:44:58.0557 0272 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:44:58.0558 0272 WacomPen - ok
19:44:58.0587 0272 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:44:58.0588 0272 Wanarp - ok
19:44:58.0592 0272 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:44:58.0593 0272 Wanarpv6 - ok
19:44:58.0693 0272 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:44:58.0697 0272 wcncsvc - ok
19:44:58.0737 0272 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:44:58.0739 0272 WcsPlugInService - ok
19:44:58.0779 0272 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:44:58.0780 0272 Wd - ok
19:44:58.0836 0272 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:44:58.0839 0272 Wdf01000 - ok
19:44:58.0862 0272 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:44:58.0865 0272 WdiServiceHost - ok
19:44:58.0868 0272 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:44:58.0871 0272 WdiSystemHost - ok
19:44:58.0894 0272 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
19:44:58.0897 0272 WebClient - ok
19:44:58.0933 0272 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:44:58.0936 0272 Wecsvc - ok
19:44:58.0984 0272 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:44:58.0986 0272 wercplsupport - ok
19:44:59.0040 0272 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
19:44:59.0042 0272 WerSvc - ok
19:44:59.0048 0272 WinHttpAutoProxySvc - ok
19:44:59.0127 0272 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:44:59.0128 0272 Winmgmt - ok
19:44:59.0204 0272 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:44:59.0213 0272 WinRM - ok
19:44:59.0275 0272 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:44:59.0280 0272 Wlansvc - ok
19:44:59.0285 0272 wltrysvc - ok
19:44:59.0325 0272 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:44:59.0326 0272 WmiAcpi - ok
19:44:59.0368 0272 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:44:59.0369 0272 wmiApSrv - ok
19:44:59.0423 0272 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:44:59.0429 0272 WMPNetworkSvc - ok
19:44:59.0463 0272 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:44:59.0466 0272 WPCSvc - ok
19:44:59.0487 0272 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:44:59.0489 0272 WPDBusEnum - ok
19:44:59.0528 0272 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:44:59.0528 0272 WpdUsb - ok
19:44:59.0635 0272 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:44:59.0640 0272 WPFFontCache_v0400 - ok
19:44:59.0676 0272 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:44:59.0677 0272 ws2ifsl - ok
19:44:59.0681 0272 WSearch - ok
19:44:59.0719 0272 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:44:59.0720 0272 WUDFRd - ok
19:44:59.0749 0272 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:44:59.0751 0272 wudfsvc - ok
19:44:59.0772 0272 yksvc - ok
19:44:59.0811 0272 [ 1A51DF1A5C658D534ED980D18F7982DE ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
19:44:59.0813 0272 yukonwlh - ok
19:44:59.0851 0272 ================ Scan global ===============================
19:44:59.0873 0272 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:44:59.0906 0272 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:44:59.0920 0272 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:44:59.0955 0272 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
19:44:59.0958 0272 [Global] - ok
19:44:59.0959 0272 ================ Scan MBR ==================================
19:44:59.0974 0272 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
19:45:01.0321 0272 \Device\Harddisk0\DR0 - ok
19:45:01.0321 0272 ================ Scan VBR ==================================
19:45:01.0365 0272 [ 6CD61C58DB72A28ACDC82DE03A11535A ] \Device\Harddisk0\DR0\Partition1
19:45:01.0366 0272 \Device\Harddisk0\DR0\Partition1 - ok
19:45:01.0393 0272 [ 9AA9370C0011398C1CBB542E7D8B7B98 ] \Device\Harddisk0\DR0\Partition2
19:45:01.0394 0272 \Device\Harddisk0\DR0\Partition2 - ok
19:45:01.0397 0272 ============================================================
19:45:01.0397 0272 Scan finished
19:45:01.0397 0272 ============================================================
19:45:01.0410 1744 Detected object count: 0
19:45:01.0410 1744 Actual detected object count: 0
19:45:11.0796 1996 Deinitialize success



And here is the log from aswMBR:


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-28 20:09:12
-----------------------------
20:09:12.423 OS Version: Windows 6.0.6001 Service Pack 1
20:09:12.423 Number of processors: 2 586 0xF0D
20:09:12.424 ComputerName: ***** UserName: *****
20:09:26.594 Initialize success
20:11:01.364 AVAST engine defs: 12112801
20:11:13.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:11:13.812 Disk 0 Vendor: TOSHIBA_ LV01 Size: 152627MB BusType: 3
20:11:13.828 Disk 0 MBR read successfully
20:11:13.828 Disk 0 MBR scan
20:11:13.828 Disk 0 Windows VISTA default MBR code
20:11:13.844 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:11:13.859 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
20:11:13.875 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 137586 MB offset 30801920
20:11:13.890 Disk 0 scanning sectors +312579760
20:11:13.953 Disk 0 scanning C:\Windows\system32\drivers
20:11:24.108 Service scanning
20:11:49.911 Modules scanning
20:11:57.488 Disk 0 trace - called modules:
20:11:57.504 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:11:57.504 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b7f4e8]
20:11:57.504 3 CLASSPNP.SYS[8a39d745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x850a2028]
20:11:58.252 AVAST engine scan C:\Windows
20:12:00.414 AVAST engine scan C:\Windows\system32
20:13:45.443 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:14:38.499 AVAST engine scan C:\Windows\system32\drivers
20:14:51.712 AVAST engine scan C:\Users\*****
20:25:56.896 AVAST engine scan C:\ProgramData
20:28:50.009 Scan finished successfully
20:29:18.838 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
20:29:18.854 The log file has been saved successfully to "C:\aswMBR_log.txt"


Finally, here is the log from ESET:

C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1261m0gj.default\extensions\{008fb7b1-b70a-4d3b-a9e5-65eef18cac75}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1261m0gj.default\extensions\{008fb7b1-b70a-4d3b-a9e5-65eef18cac75}\chrome\xulcache.jar JS/Agent.NDO trojan cleaned by deleting - quarantined
C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1261m0gj.default\extensions\{21ba9837-45f1-42a5-8b3b-86d75b3f313d}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\1261m0gj.default\extensions\{21ba9837-45f1-42a5-8b3b-86d75b3f313d}\chrome\xulcache.jar JS/Agent.NDO trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\195UYY75\kittens-nod-their-head-to-music[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DXG3Y0E\jumping-kitten-climbs-leg[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EAK3EU4Z\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXRJT7I1\kittyflix_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFFA1V8M\all-videos[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFFA1V8M\categories[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YM13RFG1\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YM13RFG1\cat-and-dolphin-playing-together[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YM13RFG1\kittyflix_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:53 AM

Posted 29 November 2012 - 05:35 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 motoxer4533

motoxer4533
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 29 November 2012 - 07:33 PM

Hi narenxp, here are my logs:

Malwarebytes:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.29.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Trisha :: TRISHA-PC [administrator]

11/29/2012 6:21:44 AM
mbam-log-2012-11-29 (18-54-26).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391789
Time elapsed: 2 hour(s), 18 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$60d35d25dc80bc7d5604733a958532d9\n.) Good: (fastprox.dll) -> No action taken.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-1843096759-3661859450-2179860247-1000\$60d35d25dc80bc7d5604733a958532d9\n.) Good: (shell32.dll) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> No action taken.

(end)


MiniToolbox:
MiniToolBox by Farbar Version: 25-11-2012
Ran by Trisha (administrator) on 29-11-2012 at 06:24:15
Running from "C:\Users\Trisha\Downloads"
Windows Vista ™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Disconnected)
Dell Wireless 1397 WLAN Mini-Card = BAUER (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Trisha-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter BAUER:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-24-2C-02-8A-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f8df:f33a:6a9d:a02e%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, November 28, 2012 9:45:32 PM
Lease Expires . . . . . . . . . . : Thursday, November 29, 2012 9:45:32 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0B96354A-D735-493C-A9B1-3F99E7119B17}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{DCBC52BE-822C-4682-BC65-2D22CB9455C9}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4009:802::1008
74.125.225.105
74.125.225.96
74.125.225.99
74.125.225.101
74.125.225.97
74.125.225.102
74.125.225.98
74.125.225.110
74.125.225.104
74.125.225.103
74.125.225.100



Pinging google.com [74.125.225.99] with 32 bytes of data:

Reply from 74.125.225.99: bytes=32 time=25ms TTL=54

Reply from 74.125.225.99: bytes=32 time=24ms TTL=54



Ping statistics for 74.125.225.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 24ms, Maximum = 25ms, Average = 24ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=138ms TTL=48

Reply from 98.138.253.109: bytes=32 time=90ms TTL=49



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 90ms, Maximum = 138ms, Average = 114ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 24 2c 02 8a 7f ...... Dell Wireless 1397 WLAN Mini-Card
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
19 ...00 00 00 00 00 00 00 e0 isatap.{0B96354A-D735-493C-A9B1-3F99E7119B17}
17 ...00 00 00 00 00 00 00 e0 isatap.{DCBC52BE-822C-4682-BC65-2D22CB9455C9}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.9 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.9 281
192.168.1.9 255.255.255.255 On-link 192.168.1.9 281
192.168.1.255 255.255.255.255 On-link 192.168.1.9 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.9 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.9 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::f8df:f33a:6a9d:a02e/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/28/2012 09:46:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2012 08:05:34 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/28/2012 08:02:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2012 07:37:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2012 07:37:05 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/27/2012 08:00:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2012 08:00:15 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/27/2012 07:35:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2012 07:35:42 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/27/2012 11:14:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 64805280


System errors:
=============
Error: (11/28/2012 09:46:13 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (11/28/2012 09:46:13 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (11/28/2012 09:46:13 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (11/28/2012 09:46:13 PM) (Source: Service Control Manager) (User: )
Description: NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller%%1058

Error: (11/28/2012 09:46:13 PM) (Source: Service Control Manager) (User: )
Description: PANTECH UM175 WWAN Driver%%1058

Error: (11/28/2012 09:46:13 PM) (Source: Service Control Manager) (User: )
Description: PTDUWWAN Filter Driver%%1058

Error: (11/28/2012 09:46:13 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (11/28/2012 09:46:13 PM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058

Error: (11/28/2012 09:45:31 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (11/28/2012 08:07:03 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}


Microsoft Office Sessions:
=========================
Error: (11/28/2012 09:46:12 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2012 08:05:34 PM) (Source: EventSystem)(User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/28/2012 08:02:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2012 07:37:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2012 07:37:05 PM) (Source: EventSystem)(User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/27/2012 08:00:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2012 08:00:15 PM) (Source: EventSystem)(User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/27/2012 07:35:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2012 07:35:42 PM) (Source: EventSystem)(User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (11/27/2012 11:14:57 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 64805280


CodeIntegrity Errors:
===================================
Date: 2012-11-29 06:23:28.749
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-29 06:23:28.430
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-29 06:23:28.079
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-29 06:23:27.805
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-29 06:23:27.443
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-29 06:23:27.116
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-29 06:23:25.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-29 06:23:24.811
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-29 06:23:24.254
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-29 06:23:23.980
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

7-Zip 4.65
Acrobat.com (Version: 1.7.258)
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Reader 9.2 (Version: 9.2.0)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Choice Guard (Version: 1.2.87.0)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Consumer In-Home Service Agreement (Version: 2.0.0)
Coupon Printer for Windows (Version: 5.0.0.1)
Cozi (Version: 1.0.3220.15315)
Dell Dock (Version: 1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.08298)
Dell Touchpad (Version: 7.2.115.201)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
DELL0604 (Version: 1.0.0)
ESET Online Scanner v3
Google Chrome (Version: 23.0.1271.64)
Google Chrome Frame (Version: 24.0.1312.14)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
GoToAssist 8.0.0.514
iCloud (Version: 2.0.2.187)
Intel® Matrix Storage Manager
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8050.1202)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Move Media Player
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSN Toolbar (Version: 4.0.0401.0)
MSVCRT (Version: 14.0.1468.721)
PANTECH UM175 Driver (Version: 3.3.3524.918)
PowerDVD (Version: 8.1)
QuickSet (Version: 9.2.17)
QuickTime (Version: 7.72.80.56)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.51.22)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Trend Micro Internet Security (Version: 16.60)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VZAccess Manager (Version: 7.2.1.2)
WebSlingPlayer ActiveX (Version: 1.4.0.76)
WildTangent Games (Version: 1.0.0.62)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Toolbar (Version: 14.0.8052.1208)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3033.63 MB
Available physical RAM: 1723.71 MB
Total Pagefile: 6299.55 MB
Available Pagefile: 4848.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.04 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:66.23 GB) NTFS
2 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.54 GB) NTFS

========================= Users: ========================================

User accounts for \\TRISHA-PC

Administrator Guest Trisha

========================= Restore Points ==================================

26-08-2012 08:16:12 Windows Update
27-08-2012 07:00:50 Windows Update
27-08-2012 21:20:25 Windows Update
28-08-2012 07:00:16 Windows Update
29-08-2012 07:00:18 Windows Update
29-08-2012 23:47:08 Windows Update
30-08-2012 07:00:18 Windows Update
31-08-2012 07:00:16 Windows Update
31-08-2012 17:45:40 Windows Update
01-09-2012 07:00:16 Windows Update
02-09-2012 07:00:56 Windows Update
02-09-2012 07:20:51 Windows Update
03-09-2012 07:00:55 Windows Update
03-09-2012 19:25:39 Windows Update
04-09-2012 07:00:15 Windows Update
04-09-2012 23:54:08 Windows Update
06-09-2012 07:00:16 Windows Update
06-09-2012 21:10:03 Windows Update
07-09-2012 07:00:15 Windows Update
23-09-2012 17:05:51 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
23-09-2012 17:06:45 Device Driver Package Install: Apple Network adapters

**** End of log ****


Farbar
Farbar Service Scanner Version: 09-11-2012
Ran by Trisha (administrator) on 29-11-2012 at 06:28:23
Running from "C:\Users\Trisha\Downloads"
Windows Vista ™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-06-14 19:06] - [2011-04-21 08:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-11 09:21] - [2010-06-16 10:55] - 0902032 ____A (Microsoft Corporation) 6216A954ED7045B62880A92D6C9B9FC7

C:\Windows\system32\dnsrslvr.dll
[2011-04-16 10:02] - [2011-03-02 09:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2010-08-11 09:21] - [2010-06-16 10:09] - 0328704 ____A (Microsoft Corporation) D3E6D78285529962349A7F1617035938

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-20 21:23] - [2008-01-20 21:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-20 21:23] - [2008-01-20 21:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-20 21:25] - [2008-01-20 21:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2009-03-26 15:45] - [2009-03-26 15:45] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-17 17:49] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

adware cleaner
# AdwCleaner v2.009 - Logfile created 11/29/2012 at 18:57:31
# Updated 24/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : Trisha - TRISHA-PC
# Boot Mode : Normal
# Running from : C:\Users\Trisha\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Trisha\AppData\Roaming\Mozilla\Firefox\Profiles\1261m0gj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [863 octets] - [29/11/2012 18:57:31]

########## EOF - C:\AdwCleaner[R1].txt - [922 octets] ##########


# AdwCleaner v2.010 - Logfile created 11/29/2012 at 19:24:00
# Updated 29/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : Trisha - TRISHA-PC
# Boot Mode : Normal
# Running from : C:\Users\Trisha\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKU\S-1-5-21-1843096759-3661859450-2179860247-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Trisha\AppData\Roaming\Mozilla\Firefox\Profiles\1261m0gj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Trisha\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [990 octets] - [29/11/2012 18:57:31]
AdwCleaner[S2].txt - [1416 octets] - [29/11/2012 19:24:00]

########## EOF - C:\AdwCleaner[S2].txt - [1476 octets] ##########


Junkware removal tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.6.2 (11.29.2012:1)
OS: Windows Vista ™ Home Premium x86
Ran by Trisha on Thu 11/29/2012 at 6:30:33.59
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/29/2012 at 6:34:56.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:53 AM

Posted 30 November 2012 - 01:34 AM

Run malwarebytes again and post the clean log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 motoxer4533

motoxer4533
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:53 AM

Posted 30 November 2012 - 08:26 PM

Hey narenxp! heres this round of logs:

mbam:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.30.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Trisha :: TRISHA-PC [administrator]

11/30/2012 7:00:39 AM
mbam-log-2012-11-30 (07-00-39).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 392358
Time elapsed: 13 hour(s), 3 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



FSS:
Farbar Service Scanner Version: 09-11-2012
Ran by Trisha (administrator) on 30-11-2012 at 06:50:49
Running from "C:\Users\Trisha\Downloads"
Windows Vista ™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0204288 ____A (Microsoft Corporation) 43A988A9C10333476CB5FB667CBD629D

C:\Windows\system32\Drivers\afd.sys
[2011-06-14 19:06] - [2011-04-21 08:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-11 09:21] - [2010-06-16 10:55] - 0902032 ____A (Microsoft Corporation) 6216A954ED7045B62880A92D6C9B9FC7

C:\Windows\system32\dnsrslvr.dll
[2011-04-16 10:02] - [2011-03-02 09:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2010-08-11 09:21] - [2010-06-16 10:09] - 0328704 ____A (Microsoft Corporation) D3E6D78285529962349A7F1617035938

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-20 21:23] - [2008-01-20 21:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-20 21:23] - [2008-01-20 21:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-20 21:25] - [2008-01-20 21:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2009-03-26 15:45] - [2009-03-26 15:45] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-17 17:49] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

Rkill
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/30/2012 06:52:19 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\System32\WLTRYSVC.EXE (PID: 1684) [WD-HEUR]
* C:\Windows\System32\bcmwltry.exe (PID: 1696) [WD-HEUR]
* C:\Windows\System32\WLTRAY.EXE (PID: 3584) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 11/30/2012 06:52:43 AM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)


Autoruns
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "Broadcom Wireless Manager UI" "Dell Wireless WLAN Card Wireless Network Tray Applet" "Dell Inc." "c:\windows\system32\wltray.exe"
+ "dellsupportcenter" "" "SupportSoft, Inc." "c:\program files\dell support center\bin\sprtcmd.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "PDVDDXSrv" "CyberLink PowerDVD Resident Program" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickSet" "QuickSet" "Dell Inc." "c:\program files\dell\quickset\quickset.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray.exe"
+ "UfSeAgnt.exe" "Trend Micro Server Agent" "Trend Micro Inc." "c:\program files\trend micro\internet security\ufseagnt.exe"
"C:\Users\Trisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dell Dock.lnk" "Dell Dock" "Stardock Corporation" "c:\program files\dell\delldock\delldock.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "msnmsgr" "Windows Live Messenger" "Microsoft Corporation" "c:\program files\windows live\messenger\msnmsgr.exe"
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
+ "WMPNSCFG" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "cozi" "Cozi Protocol Handler" "Cozi Group, Inc." "c:\program files\cozi express\coziprotocolhandler.dll"
+ "gcf" "Chrome Frame renders the Web of the future in the browsers of the past. It's like strapping a rocket engine to a minivan." "Google Inc." "c:\program files\google\chrome frame\application\24.0.1312.27\npchrome_frame.dll"
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8050.1202.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8050.1202.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files\common files\apple\internet services\shellstreams.dll"
+ "TMD Shell Extension" "Tmdshell Dynamic Link Library" "Trend Micro Inc." "c:\program files\trend micro\internet security\tmdshell.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "VBPropSheet" "VBProp Dynamic Link Library" "Trend Micro Inc." "c:\program files\trend micro\internet security\vbprop.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "TMD Shell Extension" "Tmdshell Dynamic Link Library" "Trend Micro Inc." "c:\program files\trend micro\internet security\tmdshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "ChromeFrame BHO" "Chrome Frame renders the Web of the future in the browsers of the past. It's like strapping a rocket engine to a minivan." "Google Inc." "c:\program files\google\chrome frame\application\24.0.1312.27\npchrome_frame.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Toolbar Helper" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files\windows live\toolbar\wltcore.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "&Windows Live Toolbar" "Windows Live Toolbar Core" "Microsoft Corporation" "c:\program files\windows live\toolbar\wltcore.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files\windows live\writer\writerbrowserextension.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AESTFilters" "Andrea filters APO access service (32-bit)" "Andrea Electronics Corporation" "c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\aestsrv.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "DockLoginService" "Dock Login Service" "Stardock Corporation" "c:\program files\dell\delldock\docklogin.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files\wildtangent\dell games\dell game console\gameconsoleservice.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\514\g2aservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaantmon.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "SfCtlCom" "Manages all components of Trend Micro Internet Security." "Trend Micro Inc." "c:\program files\trend micro\internet security\sfctlcom.exe"
+ "sprtsvc_DellSupportCenter" "SupportSoft Sprocket Service (DellSupportCenter)" "SupportSoft, Inc." "c:\program files\dell support center\bin\sprtsvc.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\stacsv.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "TMBMServer" "Manages the Trend Micro unauthorized change prevention feature" "Trend Micro Inc." "c:\program files\trend micro\bm\tmbmsrv.exe"
+ "TmPfw" "Manages the Trend Micro Personal Firewall." "Trend Micro Inc." "c:\program files\trend micro\internet security\tmpfw.exe"
+ "tmproxy" "Manages the Trend Micro Proxy." "Trend Micro Inc." "c:\program files\trend micro\internet security\tmproxy.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wltrysvc" "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant." "" "c:\windows\system32\wltrysvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "yksvc" "Service for Marvell® Yukon® Network Adapters" "Marvell" "c:\windows\system32\ykx32coinst.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "BCM42RLY" "Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm42rly.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e6032.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "PTDUBus" "USB Composite Device Driver (MSS Ver.3)" "DEVGURU Co., LTD." "c:\windows\system32\drivers\ptdubus.sys"
+ "PTDUMdm" "PANTECH UM175 device drivers" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ptdumdm.sys"
+ "PTDUVsp" "PANTECH UM175 Diagnostic Port device driver" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ptduvsp.sys"
+ "PTDUWFLT" "USB Wireless Network Adapter Filter Driver" "DEVGURU Co., LTD." "c:\windows\system32\drivers\ptduwflt.sys"
+ "PTDUWWAN" "USB Wireless Network Adapter Device Driver (MSS Ver.3)" "DEVGURU Co., LTD." "c:\windows\system32\drivers\ptduwwan.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "R300" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "RTSTOR" "Realtek USB Mass Storage Driver for Vista" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtstor.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SMSIVZAM5" "Smith Micro NDIS 5.0 Protocol Driver" "Smith Micro Inc." "c:\program files\verizon wireless\vzaccess manager\smsivzam5.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt.sys"
+ "tmactmon" "Trend Micro Activity Monitor Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmactmon.sys"
+ "tmcomm" "Trend Micro Common Engine Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmcomm.sys"
+ "tmevtmgr" "Trend Micro Event Manager Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmevtmgr.sys"
+ "tmlwf" "Trend Micro NDIS 6.0 Filter Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmlwf.sys"
+ "tmpreflt" "Trend Filter Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmpreflt.sys"
+ "tmtdi" "Trend Micro TDI Driver (i386-fre)" "Trend Micro Inc." "c:\windows\system32\drivers\tmtdi.sys"
+ "tmwfp" "Trend Micro WFP Callout Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmwfp.sys"
+ "tmxpflt" "Trend Functionality Driver" "Trend Micro Inc." "c:\windows\system32\drivers\tmxpflt.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "vsapint" "Trend Virus ScanEngine" "Trend Micro Inc." "c:\windows\system32\drivers\vsapint.sys"
+ "yukonwlh" "Miniport Driver for Marvell Yukon Ethernet Controller." "Marvell" "c:\windows\system32\drivers\yk60x86.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudwizard.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "GoToAssist" "Citrix Online GoToAssist" "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\514\g2awinlogon.dll"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "LIDIL hpzlllhn" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzlllhn.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "Dell Wireless WLAN Card Logon Provider" "Dell Inc." "c:\windows\system32\bcmlogon.dll"
"C:\Users\Trisha\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Calendar" "Browse the days of the calendar." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\Gadget.xml"
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "Notes" "Capture ideas, notes, and reminders in a quick and easy way." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:53 AM

Posted 30 November 2012 - 08:53 PM

Current issues?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users