Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The curse of the Google Redirect virus


  • Please log in to reply
5 replies to this topic

#1 Frustration Abounds

Frustration Abounds

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 30 November 2012 - 11:24 PM

Hi there, I am hoping you can help me get rid of the Google redirect virus that is plaguing me. I got hit by it two or three days ago and it's already driving me crazy. After I do a Google search, clicking on the links sends me to random websites. Also, new windows or tabs occasionally pop up on their own, also with random spamoriffic websites.

What I've done so far:

First I tried Spybot Search & Destroy. It flagged and removed a "Widgi Toolbar" item, but I don't know that that was related to the redirect problem. At any rate I still had the redirect problem after doing it, and Spybot Search & Destroy didn't find anything else subsequently.

Then I decided to download AVG antivirus software, so I went to download.cnet.com and found AVG 2013 Free Edition. But when I clicked on the green Download button I got the following error message in the browers:

This webpage is not available
The webpage at http://download.cnet.com/AVG-AntiVirus-Free-2013/3001-2239_4-10320142.html?spi=176821e3dcabee0eb81826e4c5f76158 might be temporarily down or it may have moved permanently to a new web address.
Here are some suggestions:
Reload this webpage later.
Error 355 (net::ERR_INCOMPLETE_CHUNKED_ENCODING): The server unexpectedly closed the connection.


More redirection shenanigans? I don't know, but in any case I couldn't get AVG.

Then I googled around and found this Youtube video and the accompanying tutorial about removing the Google Redirect virus. They talk about tracking down the infected .sys files to get rid of it. I followed all the steps (making hidden files visible and then creating a boot log, if that's the term, and manually scrolling through the list of .sys files in Notepad, looking for suspicious file names). Any .sys files I thought were questionable, I googled to see if they were "real". (You know--if people were talking about them as if they were legitimate, necessary files). Alas, I did not find any particularly suspicious looking .sys files and all the ones I did google were legitimate.

Then I went to look at my atapi.sys file. I read that if it's the "true" version it would be about 22kb, but if it's infected it would be over 100kb. Well, mine is 22kb.

I also have been unable to log into Gmail today. It claims that I have cookies disabled. But I don't! I checked in Google Chrome's setting and they are enabled. (Also, I can get into Yahoo Mail and other sites without logging in . . . That means cookies are working, right?) This problem with Gmail occurs no matter which browser I use--Chrome, IE, or Firefox.

This is the error message I get from Gmail:

Your browser's cookie functionality is turned off. Please turn it on. [?]


I don't know if the Gmail thing is related to the redirect problem, but the timing seems suspicious.


Basically the only thing I actually "did" on my computer was remove "Widgi Toolbar" with Spybot Search & Destroy, and other than that it's been a bunch of dead ends. Please, please help me.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:21 PM

Posted 01 December 2012 - 07:41 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Frustration Abounds

Frustration Abounds
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 01 December 2012 - 04:04 PM

Thanks for your help!

TDSSkiller Results:

Posted Image

aswMBR:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-01 08:49:25
-----------------------------
08:49:25.143 OS Version: Windows 6.0.6001 Service Pack 1
08:49:25.144 Number of processors: 2 586 0x6802
08:49:25.146 ComputerName: MADCAP UserName: Owner
08:49:28.931 Initialize success
08:49:55.875 AVAST engine defs: 12120100
08:50:01.274 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
08:50:01.278 Disk 0 Vendor: ST9160821AS 3.BHE Size: 152627MB BusType: 3
08:50:01.329 Disk 0 MBR read successfully
08:50:01.333 Disk 0 MBR scan
08:50:01.340 Disk 0 unknown MBR code
08:50:01.358 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140411 MB offset 63
08:50:01.473 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12213 MB offset 287563500
08:50:01.674 Disk 0 scanning sectors +312576705
08:50:01.867 Disk 0 scanning C:\Windows\system32\drivers
08:50:31.845 Service scanning
08:51:06.614 Modules scanning
08:52:08.337 Disk 0 trace - called modules:
08:52:08.368 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
08:52:08.377 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84cb2ac8]
08:52:08.385 3 CLASSPNP.SYS[87da8745] -> nt!IofCallDriver -> [0x84baba78]
08:52:08.393 5 acpi.sys[8060e6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x84babba0]
08:52:11.823 AVAST engine scan C:\Windows
08:52:19.520 AVAST engine scan C:\Windows\system32
08:58:13.432 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:59:16.024 AVAST engine scan C:\Windows\system32\drivers
08:59:54.057 AVAST engine scan C:\Users\Owner
09:21:09.840 AVAST engine scan C:\ProgramData
09:24:52.969 Scan finished successfully
09:25:18.241 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Downloads\Documents\MBR.dat"
09:25:18.252 The log file has been saved successfully to

"C:\Users\Owner\Downloads\Documents\Google_Redirect_aswMBR.txt"



ESET list of threats:

C:\$RECYCLE.BIN\S-1-5-21-1822931998-2931835876-3782589528-1001\$R7RHMQ8.exe multiple threats cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.12.2012_08.16.43\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.12.2012_08.16.43\tdlfs0000\tsk0002.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.12.2012_08.16.43\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.OX trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.12.2012_08.16.43\tdlfs0000\tsk0006.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.12.2012_08.16.43\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.12.2012_08.16.43\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Default\cbcgnpgkkdogkbngnhpfmknnedkehcnp\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\cbcgnpgkkdogkbngnhpfmknnedkehcnp\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7850180f-6b367594 a variant of Java/Exploit.Agent.NDH trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7d358f61-5cbc8139 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-565e8d3b Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9b9fzd3v.default\extensions\{0ded8238-71b2-41ba-bfec-4948043be45e}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9b9fzd3v.default\extensions\{fb265c34-e428-4d7d-a5a9-374b11427946}\chrome\xulcache.jar JS/Agent.NDB trojan cleaned by deleting - quarantined
C:\Users\Owner\Desktop\Downloads\Codecs\media.player.codec.pack.v3.9.5.setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Owner\Desktop\Downloads\Softonic Movie Maker\SoftonicDownloader_for_sothink-dvd-movie-maker.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\Visitors\AppData\Roaming\Mozilla\Firefox\Profiles\nxgrpm8b.default\extensions\{0ded8238-71b2-41ba-bfec-4948043be45e}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Users\Visitors\AppData\Roaming\Mozilla\Firefox\Profiles\nxgrpm8b.default\extensions\{fb265c34-e428-4d7d-a5a9-374b11427946}\chrome\xulcache.jar JS/Agent.NDB trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\all-videos[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\all-videos[2].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\cat-and-dolphin-playing-together[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\cat-and-dolphin-playing-together[3].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\cat-and-dolphin-playing-together[4].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\cat-and-dolphin-playing-together[5].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\cat-and-dolphin-playing-together[6].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\cat-and-dolphin-playing-together[7].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\cat-and-dolphin-playing-together[8].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\cat-and-dolphin-playing-together[9].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\favorites[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OGJOFR6\LK0CAAC46F2CAO2GEKICA9SKUR0CAEFO2XACAX1MW28CAP9IFSRCAFRT5ACCAFTYLBWCAHE6FI1CAN3NPMQCAO696UHCAUI2UG1CA4IQ1APCA6SZAIUCA6JH628CAMJZYV8.htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42V3BIZD\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42V3BIZD\cat-and-dolphin-playing-together[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42V3BIZD\cat-and-dolphin-playing-together[3].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42V3BIZD\cat-and-dolphin-playing-together[4].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42V3BIZD\kittyflix_com[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\afrCA1Z7BJ6.htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\afrCAB38823.htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\afrCAIN202C.htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\afrCAVRSQBX.htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\cat-and-dolphin-playing-together[10].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\cat-and-dolphin-playing-together[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\cat-and-dolphin-playing-together[3].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\cat-and-dolphin-playing-together[4].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\cat-and-dolphin-playing-together[5].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\cat-and-dolphin-playing-together[6].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\cat-and-dolphin-playing-together[7].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\cat-and-dolphin-playing-together[8].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\fpiCA46PRS7.htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\fpiCALBHA6G.htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\imp HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\imp[11] HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\kittyflix_com[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\submit-a-video[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4393TEX0\submit-a-video[2].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VPRKE8M\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VPRKE8M\cat-and-dolphin-playing-together[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5VPRKE8M\kittyflix_com[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\993W18RI\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\993W18RI\cat-and-dolphin-playing-together[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\993W18RI\cat-and-dolphin-playing-together[3].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\993W18RI\cat-and-dolphin-playing-together[4].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\993W18RI\cat-and-dolphin-playing-together[5].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\993W18RI\cat-and-dolphin-playing-together[6].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\993W18RI\cat-and-dolphin-playing-together[7].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\993W18RI\kittyflix_com[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\993W18RI\kittyflix_com[2].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYECUE60\submit-a-video[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLOHN2FE\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLOHN2FE\cat-and-dolphin-playing-together[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLOHN2FE\cat-and-dolphin-playing-together[3].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\Temp\C413.tmp a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
Operating memory multiple threats


Edited by Frustration Abounds, 01 December 2012 - 04:07 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:21 PM

Posted 01 December 2012 - 04:55 PM

Run TDSSkiller and post the new log(No screenshots)

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 Frustration Abounds

Frustration Abounds
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 02 December 2012 - 12:29 AM

TDSS:

16:42:54.0550 1996 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:42:55.0128 1996 ============================================================
16:42:55.0128 1996 Current date / time: 2012/12/01 16:42:55.0128
16:42:55.0128 1996 SystemInfo:
16:42:55.0128 1996
16:42:55.0128 1996 OS Version: 6.0.6001 ServicePack: 1.0
16:42:55.0129 1996 Product type: Workstation
16:42:55.0129 1996 ComputerName: MADCAP
16:42:55.0129 1996 UserName: Owner
16:42:55.0129 1996 Windows directory: C:\Windows
16:42:55.0129 1996 System windows directory: C:\Windows
16:42:55.0129 1996 Processor architecture: Intel x86
16:42:55.0129 1996 Number of processors: 2
16:42:55.0129 1996 Page size: 0x1000
16:42:55.0129 1996 Boot type: Normal boot
16:42:55.0129 1996 ============================================================
16:42:56.0055 1996 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders:

0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:42:56.0058 1996 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders:

0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:42:56.0091 1996 ============================================================
16:42:56.0091 1996 \Device\Harddisk0\DR0:
16:42:56.0100 1996 MBR partitions:
16:42:56.0100 1996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1123DEAD
16:42:56.0100 1996 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1123DEEC, BlocksNum 0x17DABD5
16:42:56.0100 1996 \Device\Harddisk1\DR1:
16:42:56.0100 1996 MBR partitions:
16:42:56.0100 1996 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
16:42:56.0100 1996 ============================================================
16:42:56.0111 1996 C: <-> \Device\Harddisk0\DR0\Partition1
16:42:56.0148 1996 D: <-> \Device\Harddisk0\DR0\Partition2
16:42:56.0151 1996 F: <-> \Device\Harddisk1\DR1\Partition1
16:42:56.0151 1996 ============================================================
16:42:56.0151 1996 Initialize success
16:42:56.0151 1996 ============================================================
16:43:02.0851 3360 ============================================================
16:43:02.0851 3360 Scan started
16:43:02.0851 3360 Mode: Manual; TDLFS;
16:43:02.0851 3360 ============================================================
16:43:05.0576 3360 ================ Scan system memory ========================
16:43:05.0576 3360 System memory - ok
16:43:05.0577 3360 ================ Scan services =============================
16:43:06.0428 3360 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common

Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
16:43:06.0446 3360 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
16:43:06.0527 3360 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common

Files\ArcSoft\Connection Service\Bin\ACService.exe
16:43:06.0530 3360 ACDaemon - ok
16:43:07.0319 3360 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
16:43:07.0329 3360 ACPI - ok
16:43:07.0427 3360 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
16:43:07.0437 3360 adfs - ok
16:43:07.0598 3360 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:43:07.0613 3360 adp94xx - ok
16:43:07.0690 3360 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:43:07.0701 3360 adpahci - ok
16:43:07.0752 3360 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:43:07.0754 3360 adpu160m - ok
16:43:07.0797 3360 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:43:07.0800 3360 adpu320 - ok
16:43:07.0902 3360 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:43:07.0904 3360 AeLookupSvc - ok
16:43:08.0041 3360 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
16:43:08.0042 3360 Afc - ok
16:43:08.0325 3360 [ 763E172A55177E478CB419F88FD0BA03 ] AFD C:\Windows\system32\drivers\afd.sys
16:43:08.0336 3360 AFD - ok
16:43:08.0429 3360 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:43:08.0442 3360 agp440 - ok
16:43:08.0534 3360 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:43:08.0536 3360 aic78xx - ok
16:43:08.0569 3360 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:43:08.0571 3360 ALG - ok
16:43:08.0605 3360 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
16:43:08.0606 3360 aliide - ok
16:43:08.0636 3360 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:43:08.0638 3360 amdagp - ok
16:43:08.0662 3360 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
16:43:08.0664 3360 amdide - ok
16:43:08.0709 3360 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:43:08.0711 3360 AmdK7 - ok
16:43:08.0749 3360 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:43:08.0751 3360 AmdK8 - ok
16:43:08.0840 3360 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:43:08.0842 3360 Appinfo - ok
16:43:09.0035 3360 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common

Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:43:09.0038 3360 Apple Mobile Device - ok
16:43:09.0119 3360 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
16:43:09.0123 3360 arc - ok
16:43:09.0169 3360 ArcGIS License Manager - ok
16:43:09.0221 3360 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:43:09.0225 3360 arcsas - ok
16:43:09.0276 3360 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:43:09.0277 3360 AsyncMac - ok
16:43:09.0344 3360 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
16:43:09.0346 3360 atapi - ok
16:43:09.0443 3360 [ 0437199C88F6E88A387CFEC8A8886A6E ] athr C:\Windows\system32\DRIVERS\athr.sys
16:43:09.0451 3360 athr - ok
16:43:09.0512 3360 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:43:09.0518 3360 AudioEndpointBuilder - ok
16:43:09.0591 3360 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:43:09.0595 3360 Audiosrv - ok
16:43:09.0793 3360 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
16:43:09.0806 3360 BCM43XV - ok
16:43:09.0865 3360 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:43:09.0873 3360 Beep - ok
16:43:09.0914 3360 blbdrive - ok
16:43:10.0018 3360 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:43:10.0023 3360 Bonjour Service - ok
16:43:10.0078 3360 [ 74B442B2BE1260B7588C136177CEAC66 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:43:10.0080 3360 bowser - ok
16:43:10.0122 3360 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:43:10.0123 3360 BrFiltLo - ok
16:43:10.0147 3360 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:43:10.0149 3360 BrFiltUp - ok
16:43:10.0173 3360 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:43:10.0175 3360 Browser - ok
16:43:10.0208 3360 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:43:10.0210 3360 Brserid - ok
16:43:10.0242 3360 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:43:10.0244 3360 BrSerWdm - ok
16:43:10.0274 3360 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:43:10.0276 3360 BrUsbMdm - ok
16:43:10.0296 3360 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:43:10.0297 3360 BrUsbSer - ok
16:43:10.0325 3360 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:43:10.0327 3360 BTHMODEM - ok
16:43:10.0375 3360 [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ C:\Windows\System32\bthserv.dll
16:43:10.0377 3360 BthServ - ok
16:43:10.0414 3360 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:43:10.0416 3360 cdfs - ok
16:43:10.0444 3360 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:43:10.0446 3360 cdrom - ok
16:43:10.0501 3360 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
16:43:10.0503 3360 CertPropSvc - ok
16:43:10.0550 3360 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
16:43:10.0551 3360 circlass - ok
16:43:10.0589 3360 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
16:43:10.0593 3360 CLFS - ok
16:43:10.0671 3360 [ A4AF4201BD519971F8F34724F3CA9DBB ] clr_optimization_v2.0.50727_32

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:10.0673 3360 clr_optimization_v2.0.50727_32 - ok
16:43:10.0769 3360 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:10.0773 3360 clr_optimization_v4.0.30319_32 - ok
16:43:10.0811 3360 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:43:10.0813 3360 CmBatt - ok
16:43:10.0854 3360 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:43:10.0856 3360 cmdide - ok
16:43:10.0929 3360 [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb C:\Program Files\Hewlett-Packard\HP Quick

Launch Buttons\Com4Qlb.exe
16:43:10.0932 3360 Com4Qlb - ok
16:43:10.0962 3360 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:43:10.0964 3360 Compbatt - ok
16:43:10.0984 3360 COMSysApp - ok
16:43:10.0998 3360 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:43:11.0001 3360 crcdisk - ok
16:43:11.0032 3360 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:43:11.0034 3360 Crusoe - ok
16:43:11.0078 3360 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:43:11.0081 3360 CryptSvc - ok
16:43:11.0159 3360 [ 33FB1F0193EE2051067441492D56113C ] DcomLaunch C:\Windows\system32\rpcss.dll
16:43:11.0167 3360 DcomLaunch - ok
16:43:11.0194 3360 [ 9E635AE5E8AD93E2B5989E2E23679F97 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:43:11.0196 3360 DfsC - ok
16:43:11.0296 3360 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
16:43:11.0317 3360 DFSR - ok
16:43:11.0370 3360 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:43:11.0374 3360 Dhcp - ok
16:43:11.0417 3360 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
16:43:11.0419 3360 disk - ok
16:43:11.0452 3360 [ F5A0F1DA1ED8B429597E71D27D976E31 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:43:11.0456 3360 Dnscache - ok
16:43:11.0488 3360 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
16:43:11.0492 3360 dot3svc - ok
16:43:11.0526 3360 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:43:11.0531 3360 DPS - ok
16:43:11.0561 3360 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:43:11.0562 3360 drmkaud - ok
16:43:11.0636 3360 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:43:11.0643 3360 DXGKrnl - ok
16:43:11.0684 3360 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
16:43:11.0687 3360 E100B - ok
16:43:11.0722 3360 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:43:11.0724 3360 E1G60 - ok
16:43:11.0783 3360 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:43:11.0786 3360 EapHost - ok
16:43:11.0838 3360 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:43:11.0840 3360 Ecache - ok
16:43:11.0902 3360 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:43:11.0906 3360 ehRecvr - ok
16:43:11.0953 3360 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:43:11.0956 3360 ehSched - ok
16:43:11.0973 3360 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:43:11.0975 3360 ehstart - ok
16:43:12.0021 3360 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:43:12.0025 3360 elxstor - ok
16:43:12.0089 3360 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:43:12.0096 3360 EMDMgmt - ok
16:43:12.0150 3360 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
16:43:12.0156 3360 EventSystem - ok
16:43:12.0189 3360 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
16:43:12.0192 3360 exfat - ok
16:43:12.0214 3360 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:43:12.0216 3360 fastfat - ok
16:43:12.0260 3360 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:43:12.0261 3360 fdc - ok
16:43:12.0301 3360 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:43:12.0303 3360 fdPHost - ok
16:43:12.0328 3360 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:43:12.0330 3360 FDResPub - ok
16:43:12.0372 3360 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:43:12.0374 3360 FileInfo - ok
16:43:12.0419 3360 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:43:12.0421 3360 Filetrace - ok
16:43:12.0505 3360 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:43:12.0515 3360 FLEXnet Licensing Service - ok
16:43:12.0551 3360 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:43:12.0553 3360 flpydisk - ok
16:43:12.0656 3360 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:43:12.0660 3360 FltMgr - ok
16:43:12.0767 3360 [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0

\WPF\PresentationFontCache.exe
16:43:12.0769 3360 FontCache3.0.0.0 - ok
16:43:12.0828 3360 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:43:12.0830 3360 Fs_Rec - ok
16:43:12.0892 3360 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:43:12.0894 3360 gagp30kx - ok
16:43:12.0950 3360 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:43:12.0952 3360 GEARAspiWDM - ok
16:43:13.0011 3360 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
16:43:13.0018 3360 gpsvc - ok
16:43:13.0083 3360 [ 7BE40BB4CD16D8760E18EA981FF452EC ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
16:43:13.0086 3360 HdAudAddService - ok
16:43:13.0124 3360 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:43:13.0126 3360 HDAudBus - ok
16:43:13.0156 3360 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:43:13.0159 3360 HidBth - ok
16:43:13.0188 3360 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:43:13.0191 3360 HidIr - ok
16:43:13.0221 3360 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
16:43:13.0224 3360 hidserv - ok
16:43:13.0269 3360 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:43:13.0271 3360 HidUsb - ok
16:43:13.0309 3360 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:43:13.0314 3360 hkmsvc - ok
16:43:13.0375 3360 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP

Health Check\hphc_service.exe
16:43:13.0378 3360 HP Health Check Service - ok
16:43:13.0417 3360 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:43:13.0420 3360 HpCISSs - ok
16:43:13.0471 3360 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:43:13.0474 3360 HpqKbFiltr - ok
16:43:13.0510 3360 [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
16:43:13.0514 3360 HpqRemHid - ok
16:43:13.0572 3360 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe
16:43:13.0576 3360 hpqwmiex - ok
16:43:13.0641 3360 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:43:13.0647 3360 HSFHWAZL - ok
16:43:13.0734 3360 [ 1882827F41DEE51C70E24C567C35BFB5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:43:13.0834 3360 HSF_DPV - ok
16:43:13.0873 3360 [ A44DDF3BA83E4664BF4DE9220097578C ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:43:13.0880 3360 HSXHWAZL - ok
16:43:13.0934 3360 [ 406C027C18E98A396FAA1963DAD5FF70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:43:13.0945 3360 HTTP - ok
16:43:13.0989 3360 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:43:13.0992 3360 i2omp - ok
16:43:14.0037 3360 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:43:14.0040 3360 i8042prt - ok
16:43:14.0128 3360 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
16:43:14.0218 3360 ialm - ok
16:43:14.0308 3360 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:43:14.0315 3360 iaStorV - ok
16:43:14.0422 3360 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:43:14.0426 3360 IDriverT - ok
16:43:14.0497 3360 [ E7CC3AEAED9893A88876744CD439F76C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0

\Windows Communication Foundation\infocard.exe
16:43:14.0554 3360 idsvc - ok
16:43:14.0598 3360 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:43:14.0601 3360 iirsp - ok
16:43:14.0639 3360 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
16:43:14.0651 3360 IKEEXT - ok
16:43:14.0687 3360 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
16:43:14.0690 3360 intelide - ok
16:43:14.0722 3360 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:43:14.0725 3360 intelppm - ok
16:43:14.0767 3360 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:43:14.0772 3360 IPBusEnum - ok
16:43:14.0792 3360 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:43:14.0794 3360 IpFilterDriver - ok
16:43:14.0806 3360 IpInIp - ok
16:43:14.0834 3360 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:43:14.0837 3360 IPMIDRV - ok
16:43:14.0868 3360 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:43:14.0872 3360 IPNAT - ok
16:43:14.0952 3360 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:43:14.0984 3360 iPod Service - ok
16:43:15.0014 3360 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:43:15.0017 3360 IRENUM - ok
16:43:15.0043 3360 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:43:15.0046 3360 isapnp - ok
16:43:15.0099 3360 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:43:15.0105 3360 iScsiPrt - ok
16:43:15.0130 3360 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:43:15.0134 3360 iteatapi - ok
16:43:15.0155 3360 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:43:15.0158 3360 iteraid - ok
16:43:15.0194 3360 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:43:15.0204 3360 kbdclass - ok
16:43:15.0226 3360 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:43:15.0229 3360 kbdhid - ok
16:43:15.0259 3360 [ DCF733788C7D088D814E5F80EB4B3E0F ] KeyIso C:\Windows\system32\lsass.exe
16:43:15.0262 3360 KeyIso - ok
16:43:15.0318 3360 [ 5367DC846CAE9639B899BFD13B97A8C9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:43:15.0328 3360 KSecDD - ok
16:43:15.0405 3360 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:43:15.0414 3360 KtmRm - ok
16:43:15.0454 3360 [ 05CE901A4472B3FBF9407C94AD1DB693 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:43:15.0460 3360 LanmanServer - ok
16:43:15.0504 3360 [ DEC1A338B86C5D582C25C40836DD76C3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:43:15.0511 3360 LanmanWorkstation - ok
16:43:15.0554 3360 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:43:15.0556 3360 lltdio - ok
16:43:15.0598 3360 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:43:15.0605 3360 lltdsvc - ok
16:43:15.0641 3360 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:43:15.0644 3360 lmhosts - ok
16:43:15.0702 3360 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:43:15.0706 3360 LSI_FC - ok
16:43:15.0739 3360 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:43:15.0742 3360 LSI_SAS - ok
16:43:15.0774 3360 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:43:15.0778 3360 LSI_SCSI - ok
16:43:15.0827 3360 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:43:15.0910 3360 luafv - ok
16:43:15.0941 3360 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:43:15.0945 3360 Mcx2Svc - ok
16:43:16.0046 3360 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:43:16.0070 3360 mdmxsdk - ok
16:43:16.0147 3360 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
16:43:16.0150 3360 megasas - ok
16:43:16.0226 3360 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:43:16.0229 3360 MMCSS - ok
16:43:16.0283 3360 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:43:16.0310 3360 Modem - ok
16:43:16.0405 3360 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:43:16.0417 3360 monitor - ok
16:43:16.0495 3360 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:43:16.0545 3360 mouclass - ok
16:43:16.0570 3360 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:43:16.0573 3360 mouhid - ok
16:43:16.0621 3360 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:43:17.0013 3360 MountMgr - ok
16:43:17.0188 3360 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance

Service\maintenanceservice.exe
16:43:17.0216 3360 MozillaMaintenance - ok
16:43:17.0285 3360 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
16:43:17.0315 3360 mpio - ok
16:43:17.0362 3360 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:43:17.0366 3360 mpsdrv - ok
16:43:17.0404 3360 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:43:17.0407 3360 Mraid35x - ok
16:43:17.0445 3360 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:43:17.0450 3360 MRxDAV - ok
16:43:17.0469 3360 [ C4AD205530888404E2B5FC8D9319B119 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:43:17.0473 3360 mrxsmb - ok
16:43:17.0517 3360 [ 7F14576D4F7B1930F951FE585201BBA4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:43:17.0526 3360 mrxsmb10 - ok
16:43:17.0548 3360 [ 3268B8C3FA92BFC086355C39B45E9CC9 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:43:17.0551 3360 mrxsmb20 - ok
16:43:17.0592 3360 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
16:43:17.0595 3360 msahci - ok
16:43:17.0618 3360 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:43:17.0622 3360 msdsm - ok
16:43:17.0665 3360 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:43:17.0669 3360 MSDTC - ok
16:43:17.0721 3360 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:43:17.0724 3360 Msfs - ok
16:43:17.0767 3360 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:43:17.0770 3360 msisadrv - ok
16:43:17.0810 3360 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:43:17.0814 3360 MSiSCSI - ok
16:43:17.0825 3360 msiserver - ok
16:43:17.0852 3360 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:43:17.0855 3360 MSKSSRV - ok
16:43:17.0913 3360 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:43:17.0938 3360 MSPCLOCK - ok
16:43:17.0982 3360 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:43:17.0985 3360 MSPQM - ok
16:43:18.0102 3360 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:43:18.0107 3360 MsRPC - ok
16:43:18.0132 3360 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:43:18.0135 3360 mssmbios - ok
16:43:18.0180 3360 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:43:18.0182 3360 MSTEE - ok
16:43:18.0224 3360 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
16:43:18.0228 3360 Mup - ok
16:43:18.0267 3360 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
16:43:18.0278 3360 napagent - ok
16:43:18.0325 3360 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:43:18.0330 3360 NativeWifiP - ok
16:43:18.0434 3360 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:43:18.0461 3360 NDIS - ok
16:43:18.0498 3360 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:43:18.0504 3360 NdisTapi - ok
16:43:18.0548 3360 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:43:18.0551 3360 Ndisuio - ok
16:43:18.0574 3360 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:43:18.0578 3360 NdisWan - ok
16:43:18.0630 3360 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:43:18.0633 3360 NDProxy - ok
16:43:18.0654 3360 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:43:18.0657 3360 NetBIOS - ok
16:43:18.0686 3360 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:43:18.0692 3360 netbt - ok
16:43:18.0713 3360 [ DCF733788C7D088D814E5F80EB4B3E0F ] Netlogon C:\Windows\system32\lsass.exe
16:43:18.0715 3360 Netlogon - ok
16:43:18.0769 3360 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:43:18.0778 3360 Netman - ok
16:43:18.0806 3360 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:43:18.0814 3360 netprofm - ok
16:43:18.0848 3360 [ F9102685F97F9BA85F4A70AFCF722CFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0

\Windows Communication Foundation\SMSvcHost.exe
16:43:18.0852 3360 NetTcpPortSharing - ok
16:43:18.0899 3360 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:43:18.0902 3360 nfrd960 - ok
16:43:18.0939 3360 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:43:18.0946 3360 NlaSvc - ok
16:43:18.0981 3360 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:43:19.0018 3360 Npfs - ok
16:43:19.0063 3360 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:43:19.0066 3360 nsi - ok
16:43:19.0081 3360 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:43:19.0084 3360 nsiproxy - ok
16:43:19.0168 3360 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:43:19.0242 3360 Ntfs - ok
16:43:19.0291 3360 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:43:19.0303 3360 ntrigdigi - ok
16:43:19.0337 3360 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:43:19.0339 3360 Null - ok
16:43:19.0390 3360 [ A1108084B0D2FC43DCC401735770E2A3 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:43:19.0445 3360 NVENETFD - ok
16:43:19.0821 3360 [ 442EAC1B12ACF1BAD6F1224167E034C8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:43:20.0501 3360 nvlddmkm - ok
16:43:20.0561 3360 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:43:20.0564 3360 nvraid - ok
16:43:20.0603 3360 [ 9AEBC32F9D6E02EBEE0369AB296FE7C8 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
16:43:20.0605 3360 nvsmu - ok
16:43:20.0627 3360 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:43:20.0662 3360 nvstor - ok
16:43:20.0722 3360 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:43:20.0766 3360 nv_agp - ok
16:43:20.0781 3360 NwlnkFlt - ok
16:43:20.0798 3360 NwlnkFwd - ok
16:43:21.0408 3360 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft

Shared\OFFICE12\ODSERV.EXE
16:43:21.0621 3360 odserv - ok
16:43:21.0973 3360 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:43:22.0004 3360 ohci1394 - ok
16:43:22.0184 3360 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft

Shared\Source Engine\OSE.EXE
16:43:22.0241 3360 ose - ok
16:43:22.0478 3360 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:43:22.0521 3360 p2pimsvc - ok
16:43:22.0543 3360 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
16:43:22.0562 3360 p2psvc - ok
16:43:22.0609 3360 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:43:22.0613 3360 Parport - ok
16:43:22.0658 3360 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:43:22.0661 3360 partmgr - ok
16:43:22.0692 3360 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:43:22.0694 3360 Parvdm - ok
16:43:22.0730 3360 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:43:22.0734 3360 PcaSvc - ok
16:43:22.0771 3360 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
16:43:22.0779 3360 pci - ok
16:43:22.0800 3360 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
16:43:22.0802 3360 pciide - ok
16:43:22.0855 3360 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:43:22.0868 3360 pcmcia - ok
16:43:22.0929 3360 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:43:22.0997 3360 PEAUTH - ok
16:43:23.0211 3360 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:43:24.0037 3360 pla - ok
16:43:24.0175 3360 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:43:24.0209 3360 PlugPlay - ok
16:43:24.0310 3360 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:43:24.0319 3360 PNRPAutoReg - ok
16:43:24.0732 3360 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:43:24.0742 3360 PNRPsvc - ok
16:43:24.0877 3360 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:43:24.0905 3360 PolicyAgent - ok
16:43:24.0935 3360 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:43:24.0946 3360 PptpMiniport - ok
16:43:24.0974 3360 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
16:43:24.0993 3360 Processor - ok
16:43:25.0147 3360 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
16:43:25.0168 3360 ProfSvc - ok
16:43:25.0187 3360 [ DCF733788C7D088D814E5F80EB4B3E0F ] ProtectedStorage C:\Windows\system32\lsass.exe
16:43:25.0190 3360 ProtectedStorage - ok
16:43:25.0225 3360 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:43:25.0228 3360 PSched - ok
16:43:25.0272 3360 [ 6DFE268A6927059A4D56FC59F9965491 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
16:43:25.0274 3360 PSI - ok
16:43:25.0476 3360 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:43:25.0565 3360 ql2300 - ok
16:43:25.0597 3360 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:43:25.0623 3360 ql40xx - ok
16:43:25.0705 3360 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:43:25.0720 3360 QWAVE - ok
16:43:25.0834 3360 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:43:25.0901 3360 QWAVEdrv - ok
16:43:26.0094 3360 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
16:43:26.0195 3360 RapiMgr - ok
16:43:26.0244 3360 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:43:26.0255 3360 RasAcd - ok
16:43:26.0286 3360 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:43:26.0316 3360 RasAuto - ok
16:43:26.0387 3360 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:43:26.0421 3360 Rasl2tp - ok
16:43:26.0543 3360 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
16:43:26.0552 3360 RasMan - ok
16:43:26.0573 3360 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:43:26.0575 3360 RasPppoe - ok
16:43:26.0608 3360 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:43:26.0611 3360 RasSstp - ok
16:43:26.0638 3360 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:43:26.0646 3360 rdbss - ok
16:43:26.0668 3360 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:43:26.0671 3360 RDPCDD - ok
16:43:26.0814 3360 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:43:26.0836 3360 rdpdr - ok
16:43:26.0860 3360 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:43:26.0863 3360 RDPENCDD - ok
16:43:26.0919 3360 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:43:26.0925 3360 RDPWD - ok
16:43:26.0996 3360 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:43:27.0000 3360 RemoteAccess - ok
16:43:27.0022 3360 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:43:27.0027 3360 RemoteRegistry - ok
16:43:27.0129 3360 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared

Files\RichVideo.exe
16:43:27.0172 3360 RichVideo - ok
16:43:27.0225 3360 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
16:43:27.0230 3360 rimmptsk - ok
16:43:27.0271 3360 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
16:43:27.0278 3360 rimsptsk - ok
16:43:27.0347 3360 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
16:43:27.0350 3360 rismxdp - ok
16:43:27.0388 3360 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:43:27.0391 3360 RpcLocator - ok
16:43:27.0427 3360 [ 33FB1F0193EE2051067441492D56113C ] RpcSs C:\Windows\system32\rpcss.dll
16:43:27.0435 3360 RpcSs - ok
16:43:27.0481 3360 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:43:27.0484 3360 rspndr - ok
16:43:27.0541 3360 [ DCF733788C7D088D814E5F80EB4B3E0F ] SamSs C:\Windows\system32\lsass.exe
16:43:27.0545 3360 SamSs - ok
16:43:27.0697 3360 [ AD720D4D463B72C58DA9FF5933723A66 ] SBAMSvc C:\Program Files\Sunbelt

Software\CounterSpy\SBAMSvc.exe
16:43:27.0795 3360 SBAMSvc - ok
16:43:27.0823 3360 [ 29658F5353D5B73CA514A784E6AAC54E ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
16:43:28.0006 3360 sbapifs - ok
16:43:28.0062 3360 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:43:28.0066 3360 sbp2port - ok
16:43:28.0097 3360 [ 9FFBE1A6D3A919D83AD7984DBC012F8C ] SBPIMSvc C:\Program Files\Sunbelt

Software\CounterSpy\SBPIMSvc.exe
16:43:28.0102 3360 SBPIMSvc - ok
16:43:28.0142 3360 [ C1AE5D1F53285D79A0B73A62AF20734F ] SBRE C:\Windows\system32\drivers\SBREDrv.sys
16:43:28.0147 3360 SBRE - ok
16:43:28.0316 3360 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search &

Destroy\SDWinSec.exe
16:43:28.0501 3360 SBSDWSCService - ok
16:43:28.0557 3360 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:43:28.0563 3360 SCardSvr - ok
16:43:28.0616 3360 [ 1D5E99DB3C10F4FA034010DC49043CA4 ] Schedule C:\Windows\system32\schedsvc.dll
16:43:28.0630 3360 Schedule - ok
16:43:28.0658 3360 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
16:43:28.0662 3360 SCPolicySvc - ok
16:43:28.0703 3360 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:43:28.0707 3360 sdbus - ok
16:43:28.0753 3360 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:43:28.0758 3360 SDRSVC - ok
16:43:28.0801 3360 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:43:28.0803 3360 secdrv - ok
16:43:28.0827 3360 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:43:28.0831 3360 seclogon - ok
16:43:28.0848 3360 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:43:28.0852 3360 SENS - ok
16:43:28.0891 3360 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:43:28.0893 3360 Serenum - ok
16:43:28.0931 3360 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:43:28.0935 3360 Serial - ok
16:43:28.0953 3360 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:43:28.0956 3360 sermouse - ok
16:43:29.0017 3360 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:43:29.0023 3360 SessionEnv - ok
16:43:29.0095 3360 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:43:29.0097 3360 sffdisk - ok
16:43:29.0130 3360 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:43:29.0142 3360 sffp_mmc - ok
16:43:29.0213 3360 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:43:29.0222 3360 sffp_sd - ok
16:43:29.0252 3360 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:43:29.0254 3360 sfloppy - ok
16:43:29.0295 3360 [ 27F10F348E508243F6254846F8370D0D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:43:29.0302 3360 ShellHWDetection - ok
16:43:29.0331 3360 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:43:29.0333 3360 sisagp - ok
16:43:29.0351 3360 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:43:29.0354 3360 SiSRaid2 - ok
16:43:29.0374 3360 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:43:29.0377 3360 SiSRaid4 - ok
16:43:29.0504 3360 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
16:43:29.0611 3360 slsvc - ok
16:43:29.0711 3360 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:43:29.0740 3360 SLUINotify - ok
16:43:29.0821 3360 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:43:29.0857 3360 Smb - ok
16:43:29.0993 3360 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:43:30.0017 3360 SNMPTRAP - ok
16:43:30.0101 3360 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:43:30.0142 3360 spldr - ok
16:43:30.0204 3360 [ 846CDF9A3CF4DA9B306ADFB7D55EE4C2 ] Spooler C:\Windows\System32\spoolsv.exe
16:43:30.0229 3360 Spooler - ok
16:43:30.0440 3360 [ CE5E5D07BCDA842D3F417A8333F91440 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:43:30.0827 3360 srv - ok
16:43:30.0987 3360 [ 805FAC010405AD3F82EF8DF0BB035D81 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:43:31.0142 3360 srv2 - ok
16:43:31.0214 3360 [ F63A0A58AAFE34D7A1A0A74ABCCDD9C0 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:43:31.0286 3360 srvnet - ok
16:43:31.0404 3360 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:43:31.0472 3360 SSDPSRV - ok
16:43:31.0633 3360 [ 3D2829FDE1C52FC64DA5413889CE4DEE ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:43:31.0649 3360 ssmdrv - ok
16:43:32.0140 3360 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:43:32.0199 3360 SstpSvc - ok
16:43:32.0271 3360 Steam Client Service - ok
16:43:32.0440 3360 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
16:43:32.0686 3360 stisvc - ok
16:43:32.0823 3360 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:43:32.0851 3360 swenum - ok
16:43:33.0052 3360 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
16:43:33.0118 3360 swprv - ok
16:43:33.0185 3360 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:43:33.0197 3360 Symc8xx - ok
16:43:33.0233 3360 SymIM - ok
16:43:33.0257 3360 SymIMMP - ok
16:43:33.0287 3360 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:43:33.0304 3360 Sym_hi - ok
16:43:33.0333 3360 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:43:33.0338 3360 Sym_u3 - ok
16:43:33.0395 3360 [ 3D6316279C3540AA268BF025F4621EF3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:43:33.0403 3360 SynTP - ok
16:43:33.0561 3360 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
16:43:34.0010 3360 SysMain - ok
16:43:34.0143 3360 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:43:34.0214 3360 TabletInputService - ok
16:43:35.0298 3360 [ DAD1A4D96291139C0F834B138320E475 ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
16:43:36.0281 3360 TabletServicePen - ok
16:43:36.0403 3360 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
16:43:37.0220 3360 TapiSrv - ok
16:43:37.0297 3360 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:43:37.0317 3360 TBS - ok
16:43:37.0508 3360 [ 82E266BEE5F0167E41C6ECFDD2A79C02 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:43:37.0539 3360 Tcpip - ok
16:43:37.0569 3360 [ 82E266BEE5F0167E41C6ECFDD2A79C02 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:43:37.0578 3360 Tcpip6 - ok
16:43:37.0661 3360 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:43:37.0669 3360 tcpipreg - ok
16:43:37.0701 3360 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:43:37.0725 3360 TDPIPE - ok
16:43:37.0774 3360 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:43:37.0819 3360 TDTCP - ok
16:43:37.0854 3360 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:43:37.0877 3360 tdx - ok
16:43:37.0908 3360 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:43:37.0913 3360 TermDD - ok
16:43:37.0980 3360 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
16:43:38.0045 3360 TermService - ok
16:43:38.0112 3360 [ 27F10F348E508243F6254846F8370D0D ] Themes C:\Windows\system32\shsvcs.dll
16:43:38.0119 3360 Themes - ok
16:43:38.0135 3360 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:43:38.0145 3360 THREADORDER - ok
16:43:38.0192 3360 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:43:38.0216 3360 TrkWks - ok
16:43:38.0337 3360 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:43:38.0358 3360 TrustedInstaller - ok
16:43:38.0399 3360 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:43:38.0403 3360 tssecsrv - ok
16:43:38.0463 3360 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:43:38.0468 3360 tunmp - ok
16:43:38.0497 3360 [ 119B8184E106BAEDC83FCE5DDF3950DA ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:43:38.0543 3360 tunnel - ok
16:43:38.0860 3360 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:43:38.0880 3360 uagp35 - ok
16:43:38.0963 3360 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:43:39.0049 3360 udfs - ok
16:43:39.0112 3360 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:43:39.0133 3360 UI0Detect - ok
16:43:39.0157 3360 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:43:39.0164 3360 uliagpkx - ok
16:43:39.0191 3360 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:43:39.0199 3360 uliahci - ok
16:43:39.0321 3360 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:43:39.0380 3360 UlSata - ok
16:43:39.0420 3360 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:43:39.0459 3360 ulsata2 - ok
16:43:39.0548 3360 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:43:39.0573 3360 umbus - ok
16:43:39.0665 3360 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:43:39.0686 3360 upnphost - ok
16:43:39.0710 3360 upnphost32 - ok
16:43:40.0113 3360 [ 1DF89C499BF45D878B87EBD4421D462D ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:43:40.0133 3360 USBAAPL - ok
16:43:40.0342 3360 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:43:40.0346 3360 usbaudio - ok
16:43:40.0381 3360 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:43:40.0409 3360 usbccgp - ok
16:43:40.0482 3360 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:43:40.0519 3360 usbcir - ok
16:43:40.0570 3360 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:43:40.0575 3360 usbehci - ok
16:43:40.0632 3360 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:43:40.0638 3360 usbhub - ok
16:43:40.0677 3360 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:43:40.0702 3360 usbohci - ok
16:43:40.0738 3360 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:43:40.0740 3360 usbprint - ok
16:43:40.0773 3360 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:43:40.0795 3360 usbscan - ok
16:43:40.0889 3360 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:43:40.0909 3360 USBSTOR - ok
16:43:41.0036 3360 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:43:41.0064 3360 usbuhci - ok
16:43:41.0109 3360 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:43:41.0114 3360 usbvideo - ok
16:43:41.0156 3360 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
16:43:41.0160 3360 UxSms - ok
16:43:41.0322 3360 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
16:43:41.0381 3360 vds - ok
16:43:41.0425 3360 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:43:41.0430 3360 vga - ok
16:43:41.0478 3360 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:43:41.0508 3360 VgaSave - ok
16:43:41.0541 3360 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:43:41.0544 3360 viaagp - ok
16:43:41.0571 3360 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:43:41.0574 3360 ViaC7 - ok
16:43:41.0609 3360 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
16:43:41.0631 3360 viaide - ok
16:43:41.0682 3360 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:43:41.0705 3360 volmgr - ok
16:43:41.0751 3360 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:43:41.0759 3360 volmgrx - ok
16:43:41.0795 3360 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:43:41.0802 3360 volsnap - ok
16:43:41.0839 3360 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:43:41.0866 3360 vsmraid - ok
16:43:41.0997 3360 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
16:43:42.0065 3360 VSS - ok
16:43:42.0262 3360 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
16:43:42.0289 3360 W32Time - ok
16:43:42.0352 3360 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\Windows\system32

\DRIVERS\wacommousefilter.sys
16:43:42.0354 3360 wacommousefilter - ok
16:43:42.0384 3360 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:43:42.0387 3360 WacomPen - ok
16:43:42.0419 3360 [ 73E6F16A1F187D71FB26AF308551E54A ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
16:43:42.0421 3360 wacomvhid - ok
16:43:42.0451 3360 [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
16:43:42.0453 3360 WacomVKHid - ok
16:43:42.0562 3360 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:43:42.0585 3360 Wanarp - ok
16:43:42.0592 3360 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:43:42.0597 3360 Wanarpv6 - ok
16:43:42.0658 3360 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
16:43:42.0667 3360 WcesComm - ok
16:43:42.0710 3360 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:43:42.0757 3360 wcncsvc - ok
16:43:42.0775 3360 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:43:42.0780 3360 WcsPlugInService - ok
16:43:42.0817 3360 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
16:43:42.0820 3360 Wd - ok
16:43:42.0860 3360 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:43:42.0902 3360 Wdf01000 - ok
16:43:42.0930 3360 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:43:42.0935 3360 WdiServiceHost - ok
16:43:42.0944 3360 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:43:42.0949 3360 WdiSystemHost - ok
16:43:43.0028 3360 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
16:43:43.0084 3360 WebClient - ok
16:43:43.0107 3360 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:43:43.0116 3360 Wecsvc - ok
16:43:43.0137 3360 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:43:43.0146 3360 wercplsupport - ok
16:43:43.0219 3360 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
16:43:43.0242 3360 WerSvc - ok
16:43:43.0560 3360 [ E096FFB754F1E45AE1BDDAC1275AE2C5 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:43:43.0757 3360 winachsf - ok
16:43:43.0769 3360 WinHttpAutoProxySvc - ok
16:43:43.0938 3360 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:43:43.0988 3360 Winmgmt - ok
16:43:44.0250 3360 [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM C:\Windows\system32\WsmSvc.dll
16:43:44.0413 3360 WinRM - ok
16:43:44.0525 3360 [ F03110711B17AD31271CB2BAF0DBB2B1 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
16:43:44.0528 3360 winusb - ok
16:43:44.0626 3360 [ 4B40FF01DB5357299DCBDB5A5746AD21 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:43:44.0641 3360 Wlansvc - ok
16:43:44.0786 3360 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WLIDSVC.EXE
16:43:44.0886 3360 wlidsvc - ok
16:43:44.0923 3360 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:43:44.0926 3360 WmiAcpi - ok
16:43:45.0050 3360 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:43:45.0054 3360 wmiApSrv - ok
16:43:45.0213 3360 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media

Player\wmpnetwk.exe
16:43:45.0287 3360 WMPNetworkSvc - ok
16:43:45.0409 3360 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:43:45.0440 3360 WPCSvc - ok
16:43:45.0507 3360 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:43:45.0533 3360 WPDBusEnum - ok
16:43:46.0070 3360 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400

C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:43:46.0382 3360 WPFFontCache_v0400 - ok
16:43:46.0458 3360 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:43:46.0480 3360 ws2ifsl - ok
16:43:46.0509 3360 WSearch - ok
16:43:46.0604 3360 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:43:46.0608 3360 WUDFRd - ok
16:43:46.0659 3360 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:43:46.0664 3360 wudfsvc - ok
16:43:46.0706 3360 [ 19E7C173B6242AD7521E537AE54768BF ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
16:43:46.0709 3360 XAudio - ok
16:43:46.0740 3360 [ CDA0BC78672B50C43649FF34E1FD0FF8 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
16:43:46.0783 3360 XAudioService - ok
16:43:46.0801 3360 ================ Scan global ===============================
16:43:46.0887 3360 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:43:46.0955 3360 [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
16:43:46.0979 3360 [ 8B05FAF8603E6FDE90C5B103761CC3F6 ] C:\Windows\system32\winsrv.dll
16:43:47.0190 3360 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
16:43:47.0246 3360 [Global] - ok
16:43:47.0247 3360 ================ Scan MBR ==================================
16:43:47.0261 3360 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
16:43:47.0917 3360 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:43:47.0917 3360 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:43:47.0932 3360 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:43:48.0510 3360 \Device\Harddisk1\DR1 - ok
16:43:48.0511 3360 ================ Scan VBR ==================================
16:43:48.0519 3360 [ 6A88C4C2FF7C9FDFB8756F02BAFAC891 ] \Device\Harddisk0\DR0\Partition1
16:43:48.0525 3360 \Device\Harddisk0\DR0\Partition1 - ok
16:43:48.0532 3360 [ 479E33C6512598C2CDDB86C643BA1188 ] \Device\Harddisk0\DR0\Partition2
16:43:48.0538 3360 \Device\Harddisk0\DR0\Partition2 - ok
16:43:48.0549 3360 [ 9BCC2A56D7708EB13551AC470A17A585 ] \Device\Harddisk1\DR1\Partition1
16:43:48.0552 3360 \Device\Harddisk1\DR1\Partition1 - ok
16:43:48.0553 3360 ============================================================
16:43:48.0553 3360 Scan finished
16:43:48.0553 3360 ============================================================
16:43:48.0582 2816 Detected object count: 1
16:43:48.0582 2816 Actual detected object count: 1
16:44:00.0148 2816 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:44:00.0168 2816 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:44:00.0173 2816 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:44:00.0181 2816 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:44:00.0189 2816 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:44:00.0207 2816 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:44:00.0217 2816 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:44:00.0242 2816 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:44:00.0248 2816 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:44:00.0254 2816 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:44:00.0260 2816 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:44:00.0267 2816 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:44:00.0273 2816 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:44:00.0279 2816 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:44:00.0281 2816 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine



Anti-Malware results:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.01.11

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Owner :: MADCAP [administrator]

12/1/2012 4:48:40 PM
20121201Anti-Malware Log.txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 558420
Time elapsed: 3 hour(s), 31 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18

\$ff24043d55f85ce9a20a8337d9b4b888\n.) Good: (fastprox.dll) -> No action taken.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-

1822931998-2931835876-3782589528-1001\$ff24043d55f85ce9a20a8337d9b4b888\n.) Good: (shell32.dll) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 14
C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n (Trojan.0Access) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\00000004.@ (Trojan.0Access) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\000000cb.@ (Trojan.0Access) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\80000000.@ (Trojan.0Access) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U\80000032.@ (Trojan.0Access) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-1822931998-2931835876-3782589528-1001\$R43RHHR.exe (PUP.BundleInstaller.VG) -> No action

taken.
C:\$RECYCLE.BIN\S-1-5-21-1822931998-2931835876-3782589528-1001\$ff24043d55f85ce9a20a8337d9b4b888\n (Trojan.0Access) ->

No action taken.
C:\TDSSKiller_Quarantine\01.12.2012_16.42.55\tdlfs0000\tsk0005.dta (Trojan.Agent.MRGGen) -> No action taken.
C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> No action taken.
C:\Windows\System32\config\systemprofile\AppData\Roaming\02000000eff8839f1270C.manifest (Malware.Trace) -> No action

taken.
C:\Windows\System32\config\systemprofile\AppData\Roaming\02000000eff8839f1270O.manifest (Malware.Trace) -> No action

taken.
C:\Windows\System32\config\systemprofile\AppData\Roaming\02000000eff8839f1270P.manifest (Malware.Trace) -> No action

taken.
C:\Windows\System32\config\systemprofile\AppData\Roaming\02000000eff8839f1270S.manifest (Malware.Trace) -> No action

taken.

(end)




Mini Toolbar:

MiniToolBox by Farbar Version: 25-11-2012
Ran by Owner (administrator) on 01-12-2012 at 21:00:04
Running from "C:\Users\Owner\Downloads"
Windows Vista ™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Madcap
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-1F-3A-26-A2-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fd8a:1e24:b318:766%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, December 01, 2012 8:54:18 PM
Lease Expires . . . . . . . . . . : Sunday, December 02, 2012 8:54:18 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1E-68-0D-8E-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.wa.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 27:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 28:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 30:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 31:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 32:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 33:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 34:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 35:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 36:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 37:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 38:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 39:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 40:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 41:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 42:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 43:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 44:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 45:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 46:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 47:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 48:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 49:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 50:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 51:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 52:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 53:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 54:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 55:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:400a:800::1008
173.194.33.33
173.194.33.32
173.194.33.35
173.194.33.46
173.194.33.41
173.194.33.34
173.194.33.37
173.194.33.40
173.194.33.39
173.194.33.38
173.194.33.36

Pinging google.com [74.125.224.100] with 32 bytes of data:Reply from 74.125.224.100: bytes=32 time=36ms TTL=54Request

timed out.Ping statistics for 74.125.224.100: Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),Approximate

round trip times in milli-seconds: Minimum = 36ms, Maximum = 36ms, Average = 36msServer: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=119ms TTL=44Reply from

98.139.183.24: bytes=32 time=111ms TTL=44Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost =

0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 111ms, Maximum = 119ms, Average = 115msPinging

127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms

TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip

times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average =

0ms===========================================================================
Interface List
9 ...00 1f 3a 26 a2 2a ...... Atheros AR5007 802.11b/g WiFi Adapter
8 ...00 1e 68 0d 8e c0 ...... NVIDIA nForce

Networking Controller
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ......

Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
57 ...00 00 00 00 00 00 00 e0

isatap.hsd1.wa.comcast.net.
30 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15

...00 00 00 00 00 00 00 e0 6TO4 Adapter
16 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
17 ...00 00 00 00 00 00 00 e0

6TO4 Adapter
18 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
19 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
20 ...00 00 00 00

00 00 00 e0 6TO4 Adapter
21 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
22 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
23

...00 00 00 00 00 00 00 e0 6TO4 Adapter
24 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
25 ...00 00 00 00 00 00 00 e0

6TO4 Adapter
26 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
27 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
28 ...00 00 00 00

00 00 00 e0 6TO4 Adapter
29 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
31 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
32

...00 00 00 00 00 00 00 e0 6TO4 Adapter
33 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
34 ...00 00 00 00 00 00 00 e0

6TO4 Adapter
35 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
36 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
37 ...00 00 00 00

00 00 00 e0 6TO4 Adapter
38 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
39 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
40

...00 00 00 00 00 00 00 e0 6TO4 Adapter
41 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
42 ...00 00 00 00 00 00 00 e0

6TO4 Adapter
43 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
44 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
45 ...00 00 00 00

00 00 00 e0 6TO4 Adapter
46 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
47 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
48

...00 00 00 00 00 00 00 e0 6TO4 Adapter
49 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
50 ...00 00 00 00 00 00 00 e0

6TO4 Adapter
51 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
52 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
53 ...00 00 00 00

00 00 00 e0 6TO4 Adapter
54 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
55 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
58

...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 281
192.168.1.100 255.255.255.255 On-link 192.168.1.100 281
192.168.1.255 255.255.255.255 On-link 192.168.1.100 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 281 fe80::/64 On-link
9 281 fe80::fd8a:1e24:b318:766/128
On-link
1 306 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/01/2012 08:54:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for

"Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195

"1".
Dependent Assembly

Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"

could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/01/2012 06:55:53 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module

mshtml.dll, version 7.0.6001.18148, time stamp 0x48e44427, exception code 0xc00000fd, fault offset 0x00095813,
process id 0x1480, application start time 0xsvchost.exe0.

Error: (12/01/2012 08:42:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for

"Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195

"1".
Dependent Assembly

Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"

could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/01/2012 03:46:02 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module

mshtml.dll, version 7.0.6001.18148, time stamp 0x48e44427, exception code 0xc00000fd, fault offset 0x000cd731,
process id 0x1460, application start time 0xsvchost.exe0.

Error: (12/01/2012 01:19:25 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module

kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d, exception code 0xc0000005, fault offset 0x000bf285,
process id 0x11d4, application start time 0xsvchost.exe0.

Error: (12/01/2012 00:48:04 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module

mshtml.dll, version 7.0.6001.18148, time stamp 0x48e44427, exception code 0xc00000fd, fault offset 0x00095805,
process id 0x16d4, application start time 0xsvchost.exe0.

Error: (11/30/2012 07:37:24 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module

kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d, exception code 0xc0000005, fault offset 0x000bf285,
process id 0x1784, application start time 0xsvchost.exe0.

Error: (11/30/2012 07:17:53 PM) (Source: Application Error) (User: )
Description: Faulting application prx8jbrg.exe, version 1.0.15.15641, time stamp 0x4e21f2b1, faulting module

prx8jbrg.exe, version 1.0.15.15641, time stamp 0x4e21f2b1, exception code 0xc0000005, fault offset 0x0000c676,
process id 0x14ac, application start time 0xprx8jbrg.exe0.

Error: (11/30/2012 06:42:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for

"Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195

"1".
Dependent Assembly

Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"

could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/30/2012 06:15:26 PM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module

kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a76d, exception code 0xc0000005, fault offset 0x000bf285,
process id 0x12b0, application start time 0xsvchost.exe0.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (03/15/2011 08:52:02 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office

Version: 12.0.6425.1000. This session lasted 75674 seconds with 13560 seconds of active time. This session ended with

a crash.

Error: (08/27/2010 08:38:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office

Version: 12.0.6425.1000. This session lasted 3135 seconds with 2040 seconds of active time. This session ended with a

crash.

Error: (03/19/2010 08:31:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office

Version: 12.0.6425.1000. This session lasted 1065 seconds with 180 seconds of active time. This session ended with a

crash.

Error: (04/16/2008 06:37:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office

Version: 12.0.6215.1000. This session lasted 1277 seconds with 1140 seconds of active time. This session ended with a

crash.


CodeIntegrity Errors:
===================================
Date: 2012-12-01 19:51:23.216
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1

\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys

because the set of per-page image hashes could not be found on the system.

Date: 2012-12-01 19:51:23.170
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1

\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys

because the set of per-page image hashes could not be found on the system.

Date: 2012-12-01 19:51:23.083
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1

\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys

because the set of per-page image hashes could not be found on the system.

Date: 2012-12-01 19:51:23.039
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1

\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys

because the set of per-page image hashes could not be found on the system.

Date: 2012-12-01 19:51:22.982
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1

\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys

because the set of per-page image hashes could not be found on the system.

Date: 2012-12-01 19:51:22.942
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1

\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys

because the set of per-page image hashes could not be found on the system.

Date: 2012-12-01 19:51:22.839
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1

\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys

because the set of per-page image hashes could not be found on the system.

Date: 2012-12-01 19:51:22.795
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1

\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys

because the set of per-page image hashes could not be found on the system.

Date: 2012-12-01 19:51:22.708
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1

\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys

because the set of per-page image hashes could not be found on the system.

Date: 2012-12-01 19:51:22.661
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1

\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys

because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

7-Zip 9.20
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Active@ KillDisk (Version: 6.0.0)
Adobe AIR (Version: 1.1.0.5790)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS4 (Version: 2)
Adobe Drive CS4 (Version: 1)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash Player 10 Plugin (Version: 10.3.181.22)
Adobe Fonts All (Version: 2.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 8.1.3 (Version: 8.1.3)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player (Version: 10.2.0.023)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ArcSoft MediaImpression 2 (Version: 2.0.14.672)
ArcSoft Scan-n-Stitch Deluxe (Version: 1.1.2.27)
Atheros Driver Installation Program (Version: 7.1)
aTube Catcher (Version: 2.2.527)
Audacity 1.2.6
Avid Log Exchange (Version: 27.0.3)
AviSynth 2.5
Beneath a Steel Sky
BitTorrent
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HD Audio (Version: 4.31.0.50)
Connect (Version: 1.0.0.1)
CounterSpy (Version: 4.0.3904)
CyberLink YouCam (Version: 1.0.1002)
Distance 5.0
DVD Decrypter (Remove Only)
DVD Suite (Version: 5.5.0928)
EA Download Manager (Version: 5.1.0.4)
EnVision
Epson Copy Utility 3.5 (Version: 3.5.0.0)
Epson Event Manager (Version: 2.40.0001)
EPSON Perfection V33/V330 Photo Scanner Driver Update
EPSON Scan
ESET Online Scanner v3
ESU for Microsoft Vista (Version: 2.0.10.1)
Fallout
FM Screen Capture Codec (Remove Only)
GIMP 2.6.8
Google Chrome (Version: 23.0.1271.95)
Google Talk (remove only)
Gordian Knot Rip Pack 0.35.0 (Version: 0.35.0)
Hauppauge MCE XP/Vista Software Encoder (2.0.25149) (Version: 2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check (Version: 1.1.11.0)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5)
HiJackThis (Version: 1.0.0)
HP Active Support Library (Version: 2.3.0.2)
HP Doc Viewer (Version: 1.02.0001)
HP Quick Launch Buttons 6.30 E1 (Version: 6.30 E1)
HP QuickTouch 1.00 C4 (Version: 1.0.7)
HP User Guides 0087 (Version: 1.02.0000)
HP Wireless Assistant (Version: 3.00 H2)
HPNetworkAssistant (Version: 1.1.70)
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
kuler (Version: 2.0)
LabelPrint (Version: 2.20.2128)
Landscape Management System 3.1 (Version: 3.1)
LMS 2.0.45 (Version: 2.0.45)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Matrox VFW Software Codecs, build 28
Media Player Codec Pack 3.9.5
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Standard 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSCU for Microsoft Vista (Version: 1.0.1.9)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
muvee autoProducer 6.1 (Version: 6.10.050)
NetWaiting (Version: 2.5.46)
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PDF Settings CS4 (Version: 9.0)
Pen Tablet
Photoshop Camera Raw (Version: 5.0)
Portal
Power2Go (Version: 5.6.3327)
PowerDirector (Version: 6.5.2129)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (Version: 3.51.01)
Secunia PSI (RC1)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.0 (Version: 5.0.156)
Spybot - Search & Destroy (Version: 1.6.2)
Stand Visualization System (SVS)
Steam (Version: 1.0.0.0)
Suite Shared Configuration CS4 (Version: 1.0)
Synaptics Pointing Device Driver (Version: 10.0.13.2)
The Sims 2 Family Fun Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims™ 2 Celebration! Stuff
The Sims™ 3 (Version: 1.0.631)
The Sims™ Life Stories (Version: 1.00.0000)
TM Randomize Slideshow
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2291599)
Update Service (Version: 3.2.0)
Vista Codec Package (Version: 5.7.9)
VLC media player 2.0.4 (Version: 2.0.4)
VobSub v2.23 (Remove Only)
WeatherBug Gadget (Version: 1.0.0.6)
Windows Essentials Media Codec Pack 3.2 (Version: 3.2)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR archiver
Y!Fit (Version: 1.00.0000)
Yahoo! Messenger
Youtube Downloader HD v. 2.9.5

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 1982.18 MB
Available physical RAM: 775.93 MB
Total Pagefile: 4205.53 MB
Available Pagefile: 2797.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.7 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:137.12 GB) (Free:25.69 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.93 GB) (Free:1.85 GB) NTFS
3 Drive e: (1000112081) (CDROM) (Total:7.57 GB) (Free:0 GB) UDF
4 Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:833.32 GB) NTFS

========================= Users: ========================================

User accounts for \\MADCAP

Admin Administrator Guest
Owner Visitors

========================= Restore Points ==================================

22-11-2012 20:07:37 Scheduled Checkpoint
23-11-2012 14:59:34 Scheduled Checkpoint
24-11-2012 17:35:55 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
24-11-2012 17:37:41 Device Driver Package Install: Apple Network adapters
24-11-2012 17:39:46 Installed iTunes
26-11-2012 02:34:42 Scheduled Checkpoint

**** End of log ****


Fabar Service Scan:

Farbar Service Scanner Version: 01-12-2012 02
Ran by Owner (administrator) on 01-12-2012 at 21:04:19
Running from "C:\Users\Owner\Downloads"
Windows Vista ™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of BITS. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does

not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not

exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does

not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not

exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not

exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2008-07-10 09:27] - [2008-04-26 00:26] - 0891448 ____A (Microsoft Corporation) 82E266BEE5F0167E41C6ECFDD2A79C02

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2008-03-10 20:27] - [2008-01-18 22:34] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-03-10 20:26] - [2008-01-18 22:33] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-03-10 20:26] - [2008-01-18 22:33] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-03-10 20:26] - [2008-01-18 22:37] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-03-10 20:26] - [2008-01-18 22:37] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll
[2008-03-10 20:26] - [2008-01-18 22:37] - 1695232 ____A (Microsoft Corporation) D79538B67FA641E986855DEF651E78FE

C:\Windows\system32\qmgr.dll
[2008-03-10 20:27] - [2008-01-18 22:36] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-10-11 09:39] - [2008-04-17 21:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-03-10 20:27] - [2008-01-18 22:34] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


AdwCleaner:

# AdwCleaner v2.010 - Logfile created 12/01/2012 at 21:13:28
# Updated 29/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : Owner - MADCAP
# Boot Mode : Normal
# Running from : C:\Users\Owner\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9b9fzd3v.default\searchplugins\Askcom.xml
Folder Found : C:\Users\Owner\AppData\Local\OpenCandy
Folder Found : C:\Users\Owner\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9b9fzd3v.default\extensions\staged

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-

5F6FB52FBAD6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\9b9fzd3v.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3133 octets] - [01/12/2012 21:13:28]

########## EOF - C:\AdwCleaner[R1].txt - [3193 octets] ##########



Junkware Removal:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.7.2 (12.01.2012:2)
OS: Windows Vista ™ Home Premium x86
Ran by Owner on Sat 12/01/2012 at 21:22:59.30
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/01/2012 at 21:27:52.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Google appears to be working normally for me now! I am also able to log into Gmail again!

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:21 PM

Posted 02 December 2012 - 11:17 AM

Run malwarebytes again and post the clean log

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users