Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

whois ERROR:201: access denied


  • Please log in to reply
11 replies to this topic

#1 tallthatsall

tallthatsall

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 03 January 2013 - 07:55 AM

I have attempted to search an IP which has just started to appear in my malwarebytes IP-BLOCK logs. Using http://tools.whois.net/whoisbyip/ and searching for 46.17.96.177 I get the return of:

Querying whois.arin.net]
[Redirected to whois.ripe.net:43]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

%ERROR:201: access denied for 131.103.218.176
%
% Sorry, access from your host has been permanently
% denied because of a repeated excessive querying.
% For more information, see
% http://www.ripe.net/data-tools/db/faq/faq-db/why-did-you-receive-the-error-201-access-denied

% This query was served by the RIPE Database Query Service version 1.47.5 (WHOIS2)


131.103.218.176 is not my IP.

Out of confusion I then used the address http://whois.net/ip-address-lookup/ to search for the same IP address (46.17.96.177). I receive a return of:

[Querying whois.arin.net]
[Redirected to whois.ripe.net:43]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '46.17.96.158 - 46.17.96.191'

inetnum: 46.17.96.158 - 46.17.96.191
netname: MIR-TELEMATIKI
descr: hostkey network
descr: abuse-mailbox: abuse@hostkey.com
country: RU
admin-c: ANSH13-RIPE
tech-c: ANSH13-RIPE
status: ASSIGNED PA
mnt-by: MTLM-MNT
source: RIPE # Filtered

person: Andrey Shevchenko
address: Navitel Rusconnect
address: 19/2 Lva Tolstogo st.
address: Moscow 119034
address: Russia
phone: +7(499)2463587
nic-hdl: ANSH13-RIPE
mnt-by: NCONNECT-MNT
source: RIPE # Filtered

% Information related to '46.17.96.0/24AS49335'

route: 46.17.96.0/24
descr: NCONNECT-NET direct announce
origin: AS49335
mnt-by: MTLM-MNT
source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.47.5 (WHOIS2)


I then did a search for 131.103.218.176 (which again is NOT my IP) from http://tools.whois.net/whoisbyip/ in which I received:

[Querying whois.arin.net]
[Redirected to rwhois.gin.ntt.net:4321]
[Querying rwhois.gin.ntt.net]
[rwhois.gin.ntt.net]
%rwhois V-1.5:0078b6:00 rwhois.gin.ntt.net (Vipar 0.1a. Comments to vipar@us.ntt.net)
network:Class-Name:network
network:Auth-Area:131.103.192.0/18
network:ID:NETBLK-WH-131-103-218-0-24.127.0.0.1/32
network:Handle:NETBLK-WH-131-103-218-0-24
network:Network-Name:WH-131-103-218-0-24
network:IP-Network:131.103.218.0/24
network:In-Addr-Server;I:NS3820-VRIO-HST.127.0.0.1/32
network:In-Addr-Server;I:NS3821-VRIO-HST.127.0.0.1/32
network:IP-Network-Block:131.103.218.0 - 131.103.218.255
network:Org-Name:Verio Web Hosting (SME)
network:Street-Address:5050 Blue Lake Drive
network:City:Boca Raton
network:State:FL
network:Postal-Code:33431
network:Country-Code:US
network:Tech-Contact;I:WA576-VRIO.127.0.0.1/32
network:Created:2004-07-28 16:42:58+00
network:Updated:2004-07-28 16:42:58+00

network:Class-Name:network
network:Auth-Area:131.103.192.0/18
network:ID:NETBLK-W043-131-103-192.127.0.0.1/32
network:Handle:NETBLK-W043-131-103-192
network:Network-Name:W043-131-103-192
network:IP-Network:131.103.192.0/18
network:In-Addr-Server;I:NS2706-VRIO-HST.127.0.0.1/32
network:In-Addr-Server;I:NS2707-VRIO-HST.127.0.0.1/32
network:IP-Network-Block:131.103.192.0 - 131.103.255.255
network:Org-Name:Verio Web Hosting (SME)
network:Street-Address:5050 Blue Lake Drive
network:City:Boca Raton
network:State:FL
network:Postal-Code:33431
network:Country-Code:US
network:Tech-Contact;I:WA576-VRIO.127.0.0.1/32
network:Created:2002-06-20 19:14:46+00
network:Updated:2002-06-20 19:14:46+00

%ok


I did the same search (searching for 131.103.218.176) from http://whois.net/ip-address-lookup/ I received:

[Querying whois.arin.net]
[Redirected to rwhois.gin.ntt.net:4321]
[Querying rwhois.gin.ntt.net]
[rwhois.gin.ntt.net]
%rwhois V-1.5:0078b6:00 rwhois.gin.ntt.net (Vipar 0.1a. Comments to vipar@us.ntt.net)
network:Class-Name:network
network:Auth-Area:131.103.192.0/18
network:ID:NETBLK-WH-131-103-218-0-24.127.0.0.1/32
network:Handle:NETBLK-WH-131-103-218-0-24
network:Network-Name:WH-131-103-218-0-24
network:IP-Network:131.103.218.0/24
network:In-Addr-Server;I:NS3820-VRIO-HST.127.0.0.1/32
network:In-Addr-Server;I:NS3821-VRIO-HST.127.0.0.1/32
network:IP-Network-Block:131.103.218.0 - 131.103.218.255
network:Org-Name:Verio Web Hosting (SME)
network:Street-Address:5050 Blue Lake Drive
network:City:Boca Raton
network:State:FL
network:Postal-Code:33431
network:Country-Code:US
network:Tech-Contact;I:WA576-VRIO.127.0.0.1/32
network:Created:2004-07-28 16:42:58+00
network:Updated:2004-07-28 16:42:58+00

network:Class-Name:network
network:Auth-Area:131.103.192.0/18
network:ID:NETBLK-W043-131-103-192.127.0.0.1/32
network:Handle:NETBLK-W043-131-103-192
network:Network-Name:W043-131-103-192
network:IP-Network:131.103.192.0/18
network:In-Addr-Server;I:NS2706-VRIO-HST.127.0.0.1/32
network:In-Addr-Server;I:NS2707-VRIO-HST.127.0.0.1/32
network:IP-Network-Block:131.103.192.0 - 131.103.255.255
network:Org-Name:Verio Web Hosting (SME)
network:Street-Address:5050 Blue Lake Drive
network:City:Boca Raton
network:State:FL
network:Postal-Code:33431
network:Country-Code:US
network:Tech-Contact;I:WA576-VRIO.127.0.0.1/32
network:Created:2002-06-20 19:14:46+00
network:Updated:2002-06-20 19:14:46+00

%ok


Am I using bogus whois addresses? Has my browser been compromised? Any/all suggestions/help appreciated.

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:31 PM

Posted 04 January 2013 - 11:53 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 tallthatsall

tallthatsall
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 04 January 2013 - 06:16 PM

Hello dev00790,

Thank you so much for your assistance. I have performed the requested steps and have included the logs below. There were no noticed glitches or errors while going through the steps.
I would like to share some info w/you re some info within the logs. I only do so in an effort to save you time with analyzing should you be unfamiliar with what I mention.

  • Re: Tunnel adapter isatap.ph.cox.net: Cox is no longer my ISP
  • I have no idea where UpdatusUser came from, nor do I know who/what this is. There is a directory for this 'user' within the Users directory on my root drive C. Today is the first I have seen this; the properties of the folder indicate it was created 11/18/2012 and has a folder size of 3MB.
  • Re: firmware has corrupted memory. Briefly; this has been a weekly (approx.) event since the day I installed Win 7 on this drive. I have researched this error and it seems to be a common error shared by many and last time I looked there was not a resolve. After the first couple of months of receiving this event and researching this event for hours, I dropped looking further for a fix because it does not seem to impact my system negatively or at all.
  • I do have two network adapters that are built into my motherboard.
  • Re: CodeIntegrity Errors: "Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system." I'm not sure which drive this is referring to, however I am unable to find this file/folder or anything related on any of my drives, and I do have show all files, etc. enabled.
  • I sent you a PM, re one other item; please let me know if you did NOT get that.
Please rest assured I have made no changes to the system.


14:44:24.0744 2864 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:44:25.0298 2864 ============================================================
14:44:25.0298 2864 Current date / time: 2013/01/04 14:44:25.0298
14:44:25.0298 2864 SystemInfo:
14:44:25.0298 2864
14:44:25.0298 2864 OS Version: 6.1.7601 ServicePack: 1.0
14:44:25.0298 2864 Product type: Workstation
14:44:25.0298 2864 ComputerName: STANLEY-PC
14:44:25.0298 2864 UserName: stanley
14:44:25.0298 2864 Windows directory: C:\Windows
14:44:25.0298 2864 System windows directory: C:\Windows
14:44:25.0298 2864 Running under WOW64
14:44:25.0298 2864 Processor architecture: Intel x64
14:44:25.0298 2864 Number of processors: 2
14:44:25.0298 2864 Page size: 0x1000
14:44:25.0298 2864 Boot type: Normal boot
14:44:25.0298 2864 ============================================================
14:44:26.0634 2864 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:44:26.0634 2864 Drive \Device\Harddisk1\DR1 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x204E, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:44:26.0666 2864 Drive \Device\Harddisk2\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5EA25, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
14:44:26.0681 2864 Drive \Device\Harddisk3\DR3 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x66E6, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:44:26.0744 2864 Drive \Device\Harddisk8\DR8 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xFF, Type 'W'
14:44:26.0744 2864 ============================================================
14:44:26.0744 2864 \Device\Harddisk0\DR0:
14:44:26.0775 2864 MBR partitions:
14:44:26.0775 2864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:44:26.0775 2864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
14:44:26.0775 2864 \Device\Harddisk1\DR1:
14:44:26.0775 2864 MBR partitions:
14:44:26.0775 2864 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:44:26.0775 2864 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
14:44:26.0775 2864 \Device\Harddisk2\DR2:
14:44:26.0775 2864 MBR partitions:
14:44:26.0775 2864 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749ED81
14:44:26.0775 2864 \Device\Harddisk3\DR3:
14:44:26.0775 2864 MBR partitions:
14:44:26.0775 2864 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD3511
14:44:26.0775 2864 \Device\Harddisk8\DR8:
14:44:26.0775 2864 MBR partitions:
14:44:26.0775 2864 ============================================================
14:44:26.0837 2864 C: <-> \Device\Harddisk0\DR0\Partition2
14:44:26.0837 2864 F: <-> \Device\Harddisk1\DR1\Partition1
14:44:26.0837 2864 G: <-> \Device\Harddisk1\DR1\Partition2
14:44:26.0869 2864 H: <-> \Device\Harddisk2\DR2\Partition1
14:44:26.0900 2864 I: <-> \Device\Harddisk3\DR3\Partition1
14:44:26.0900 2864 ============================================================
14:44:26.0900 2864 Initialize success
14:44:26.0900 2864 ============================================================
14:45:11.0049 1968 ============================================================
14:45:11.0049 1968 Scan started
14:45:11.0049 1968 Mode: Manual; SigCheck; TDLFS;
14:45:11.0049 1968 ============================================================
14:45:11.0284 1968 ================ Scan system memory ========================
14:45:11.0284 1968 System memory - ok
14:45:11.0284 1968 ================ Scan services =============================
14:45:11.0409 1968 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:45:11.0518 1968 1394ohci - ok
14:45:11.0534 1968 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:45:11.0565 1968 ACPI - ok
14:45:11.0581 1968 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:45:11.0643 1968 AcpiPmi - ok
14:45:11.0737 1968 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
14:45:11.0752 1968 AdobeFlashPlayerUpdateSvc - ok
14:45:11.0799 1968 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:45:11.0831 1968 adp94xx - ok
14:45:11.0846 1968 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:45:11.0862 1968 adpahci - ok
14:45:11.0877 1968 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:45:11.0893 1968 adpu320 - ok
14:45:11.0940 1968 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:45:11.0987 1968 AeLookupSvc - ok
14:45:12.0018 1968 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:45:12.0065 1968 AFD - ok
14:45:12.0065 1968 AFS - ok
14:45:12.0096 1968 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:45:12.0096 1968 agp440 - ok
14:45:12.0112 1968 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:45:12.0143 1968 ALG - ok
14:45:12.0174 1968 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:45:12.0190 1968 aliide - ok
14:45:12.0206 1968 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:45:12.0206 1968 amdide - ok
14:45:12.0237 1968 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:45:12.0284 1968 AmdK8 - ok
14:45:12.0299 1968 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:45:12.0331 1968 AmdPPM - ok
14:45:12.0346 1968 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:45:12.0362 1968 amdsata - ok
14:45:12.0377 1968 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:45:12.0393 1968 amdsbs - ok
14:45:12.0409 1968 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:45:12.0424 1968 amdxata - ok
14:45:12.0440 1968 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:45:12.0596 1968 AppID - ok
14:45:12.0627 1968 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:45:12.0674 1968 AppIDSvc - ok
14:45:12.0690 1968 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:45:12.0737 1968 Appinfo - ok
14:45:12.0768 1968 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:45:12.0815 1968 AppMgmt - ok
14:45:12.0846 1968 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:45:12.0846 1968 arc - ok
14:45:12.0862 1968 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:45:12.0877 1968 arcsas - ok
14:45:12.0971 1968 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:45:12.0971 1968 aspnet_state - ok
14:45:12.0987 1968 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:45:13.0034 1968 AsyncMac - ok
14:45:13.0065 1968 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:45:13.0065 1968 atapi - ok
14:45:13.0112 1968 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:45:13.0174 1968 AudioEndpointBuilder - ok
14:45:13.0206 1968 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:45:13.0237 1968 AudioSrv - ok
14:45:13.0252 1968 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:45:13.0315 1968 AxInstSV - ok
14:45:13.0346 1968 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:45:13.0393 1968 b06bdrv - ok
14:45:13.0409 1968 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:45:13.0440 1968 b57nd60a - ok
14:45:13.0471 1968 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:45:13.0502 1968 BDESVC - ok
14:45:13.0518 1968 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:45:13.0581 1968 Beep - ok
14:45:13.0612 1968 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:45:13.0674 1968 BFE - ok
14:45:13.0706 1968 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:45:13.0768 1968 BITS - ok
14:45:13.0799 1968 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:45:13.0799 1968 blbdrive - ok
14:45:13.0831 1968 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:45:13.0846 1968 bowser - ok
14:45:13.0877 1968 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:45:13.0940 1968 BrFiltLo - ok
14:45:13.0956 1968 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:45:13.0987 1968 BrFiltUp - ok
14:45:14.0002 1968 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:45:14.0034 1968 BridgeMP - ok
14:45:14.0065 1968 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:45:14.0112 1968 Browser - ok
14:45:14.0143 1968 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:45:14.0190 1968 Brserid - ok
14:45:14.0221 1968 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:45:14.0237 1968 BrSerWdm - ok
14:45:14.0268 1968 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:45:14.0284 1968 BrUsbMdm - ok
14:45:14.0299 1968 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:45:14.0315 1968 BrUsbSer - ok
14:45:14.0331 1968 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:45:14.0362 1968 BTHMODEM - ok
14:45:14.0393 1968 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:45:14.0440 1968 bthserv - ok
14:45:14.0456 1968 catchme - ok
14:45:14.0471 1968 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:45:14.0518 1968 cdfs - ok
14:45:14.0565 1968 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:45:14.0565 1968 cdrom - ok
14:45:14.0612 1968 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:45:14.0643 1968 CertPropSvc - ok
14:45:14.0674 1968 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:45:14.0690 1968 circlass - ok
14:45:14.0721 1968 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:45:14.0737 1968 CLFS - ok
14:45:14.0784 1968 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework

\v2.0.50727\mscorsvw.exe
14:45:14.0799 1968 clr_optimization_v2.0.50727_32 - ok
14:45:14.0831 1968 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET

\Framework64\v2.0.50727\mscorsvw.exe
14:45:14.0831 1968 clr_optimization_v2.0.50727_64 - ok
14:45:14.0877 1968 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe
14:45:14.0893 1968 clr_optimization_v4.0.30319_32 - ok
14:45:14.0909 1968 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe
14:45:14.0924 1968 clr_optimization_v4.0.30319_64 - ok
14:45:14.0940 1968 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:45:14.0956 1968 CmBatt - ok
14:45:14.0987 1968 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:45:15.0002 1968 cmdide - ok
14:45:15.0049 1968 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
14:45:15.0065 1968 CNG - ok
14:45:15.0081 1968 COMMONFX - ok
14:45:15.0096 1968 [ 66AC4FDAD5A2D4FF4E3DB41810B39DE2 ] COMMONFX.DLL C:\Windows\system32\COMMONFX.DLL
14:45:15.0159 1968 COMMONFX.DLL - ok
14:45:15.0159 1968 COMMONFX.SYS - ok
14:45:15.0174 1968 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:45:15.0174 1968 Compbatt - ok
14:45:15.0221 1968 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:45:15.0252 1968 CompositeBus - ok
14:45:15.0252 1968 COMSysApp - ok
14:45:15.0268 1968 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:45:15.0268 1968 crcdisk - ok
14:45:15.0315 1968 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:45:15.0362 1968 CryptSvc - ok
14:45:15.0393 1968 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:45:15.0456 1968 CSC - ok
14:45:15.0487 1968 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:45:15.0518 1968 CscService - ok
14:45:15.0549 1968 [ 01BBD5CB85423B12E445209D243A49A9 ] CT20XUT.DLL C:\Windows\system32\CT20XUT.DLL
14:45:15.0565 1968 CT20XUT.DLL - ok
14:45:15.0596 1968 [ B81C989C6D3B770F44316A3DC5F607B3 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
14:45:15.0612 1968 ctac32k - ok
14:45:15.0659 1968 [ 7321BD704CC3B34B78F8574E64258F39 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
14:45:15.0690 1968 ctaud2k - ok
14:45:15.0690 1968 CTAUDFX - ok
14:45:15.0721 1968 [ E873319F281115EBEA75E519C5B4D0C4 ] CTAUDFX.DLL C:\Windows\system32\CTAUDFX.DLL
14:45:15.0737 1968 CTAUDFX.DLL - ok
14:45:15.0752 1968 CTAUDFX.SYS - ok
14:45:15.0768 1968 [ 06300545BEDF49B6A51FDFE1861F9CAF ] CTEAPSFX.DLL C:\Windows\system32\CTEAPSFX.DLL
14:45:15.0784 1968 CTEAPSFX.DLL - ok
14:45:15.0799 1968 [ 2D902F8EC247F0ED0D458CDCAF786544 ] CTEDSPFX.DLL C:\Windows\system32\CTEDSPFX.DLL
14:45:15.0815 1968 CTEDSPFX.DLL - ok
14:45:15.0846 1968 [ 0D3F99CDA2BEA14E4911A698441F1A29 ] CTEDSPIO.DLL C:\Windows\system32\CTEDSPIO.DLL
14:45:15.0846 1968 CTEDSPIO.DLL - ok
14:45:15.0877 1968 [ 9D26AA450AC1CAADDE25F1621BA89842 ] CTEDSPSY.DLL C:\Windows\system32\CTEDSPSY.DLL
14:45:15.0893 1968 CTEDSPSY.DLL - ok
14:45:15.0893 1968 CTERFXFX - ok
14:45:15.0909 1968 [ E5F88DAD5EC69665DFA3E5E87791F800 ] CTERFXFX.DLL C:\Windows\system32\CTERFXFX.DLL
14:45:15.0924 1968 CTERFXFX.DLL - ok
14:45:15.0924 1968 CTERFXFX.SYS - ok
14:45:15.0971 1968 [ FA6DCA331835997D2F7C83B9AAABC4BB ] CTEXFIFX.DLL C:\Windows\system32\CTEXFIFX.DLL
14:45:16.0018 1968 CTEXFIFX.DLL - ok
14:45:16.0049 1968 [ 9E6A0A3CA3825BB568D42F5F3CB09453 ] CTHWIUT.DLL C:\Windows\system32\CTHWIUT.DLL
14:45:16.0049 1968 CTHWIUT.DLL - ok
14:45:16.0081 1968 [ 6A05134810301FA6FDD6E95583A91F35 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
14:45:16.0096 1968 ctprxy2k - ok
14:45:16.0096 1968 CTSBLFX - ok
14:45:16.0127 1968 [ 99047FCEBAB495410CD58AB17284720A ] CTSBLFX.DLL C:\Windows\system32\CTSBLFX.DLL
14:45:16.0143 1968 CTSBLFX.DLL - ok
14:45:16.0159 1968 CTSBLFX.SYS - ok
14:45:16.0190 1968 [ F792246CF9D8EE17F2B32E9069415CDD ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
14:45:16.0190 1968 ctsfm2k - ok
14:45:16.0237 1968 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:45:16.0268 1968 DcomLaunch - ok
14:45:16.0299 1968 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:45:16.0346 1968 defragsvc - ok
14:45:16.0377 1968 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:45:16.0424 1968 DfsC - ok
14:45:16.0456 1968 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:45:16.0502 1968 Dhcp - ok
14:45:16.0518 1968 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:45:16.0565 1968 discache - ok
14:45:16.0596 1968 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:45:16.0596 1968 Disk - ok
14:45:16.0643 1968 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:45:16.0721 1968 Dnscache - ok
14:45:16.0877 1968 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:45:16.0909 1968 dot3svc - ok
14:45:16.0940 1968 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:45:16.0956 1968 Dot4 - ok
14:45:16.0987 1968 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:45:17.0018 1968 Dot4Print - ok
14:45:17.0034 1968 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:45:17.0065 1968 dot4usb - ok
14:45:17.0096 1968 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:45:17.0143 1968 DPS - ok
14:45:17.0174 1968 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:45:17.0206 1968 drmkaud - ok
14:45:17.0252 1968 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:45:17.0268 1968 DXGKrnl - ok
14:45:17.0299 1968 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:45:17.0331 1968 EapHost - ok
14:45:17.0424 1968 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:45:17.0534 1968 ebdrv - ok
14:45:17.0581 1968 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:45:17.0612 1968 EFS - ok
14:45:17.0643 1968 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:45:17.0659 1968 elxstor - ok
14:45:17.0690 1968 [ 1E2F860D9521FB73566C85CD17D58291 ] emupia C:\Windows\system32\drivers\emupia2k.sys
14:45:17.0690 1968 emupia - ok
14:45:17.0721 1968 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:45:17.0737 1968 ErrDev - ok
14:45:17.0768 1968 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:45:17.0815 1968 EventSystem - ok
14:45:17.0846 1968 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:45:17.0877 1968 exfat - ok
14:45:17.0893 1968 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:45:17.0940 1968 fastfat - ok
14:45:17.0987 1968 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:45:18.0065 1968 Fax - ok
14:45:18.0081 1968 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:45:18.0112 1968 fdc - ok
14:45:18.0143 1968 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:45:18.0190 1968 fdPHost - ok
14:45:18.0206 1968 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:45:18.0252 1968 FDResPub - ok
14:45:18.0268 1968 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:45:18.0284 1968 FileInfo - ok
14:45:18.0284 1968 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:45:18.0331 1968 Filetrace - ok
14:45:18.0362 1968 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:45:18.0377 1968 flpydisk - ok
14:45:18.0409 1968 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:45:18.0424 1968 FltMgr - ok
14:45:18.0471 1968 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:45:18.0534 1968 FontCache - ok
14:45:18.0581 1968 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF

\PresentationFontCache.exe
14:45:18.0581 1968 FontCache3.0.0.0 - ok
14:45:18.0596 1968 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:45:18.0612 1968 FsDepends - ok
14:45:18.0643 1968 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:45:18.0643 1968 Fs_Rec - ok
14:45:18.0674 1968 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:45:18.0690 1968 fvevol - ok
14:45:18.0706 1968 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:45:18.0721 1968 gagp30kx - ok
14:45:18.0752 1968 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:45:18.0815 1968 gpsvc - ok
14:45:18.0924 1968 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:45:18.0924 1968 gupdate - ok
14:45:18.0940 1968 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:45:18.0940 1968 gupdatem - ok
14:45:18.0987 1968 [ B3F220AD6EEDDC2546780B84A8919B7A ] ha10kx2k C:\Windows\system32\drivers\ha10kx2k.sys
14:45:19.0049 1968 ha10kx2k - ok
14:45:19.0081 1968 [ 5D6AEC608B871CC2C724114F34CAD3C8 ] hap16v2k C:\Windows\system32\drivers\hap16v2k.sys
14:45:19.0096 1968 hap16v2k - ok
14:45:19.0112 1968 [ B95BA8D7EA73A47FAC3A59CF4A3B3043 ] hap17v2k C:\Windows\system32\drivers\hap17v2k.sys
14:45:19.0127 1968 hap17v2k - ok
14:45:19.0159 1968 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:45:19.0190 1968 hcw85cir - ok
14:45:19.0237 1968 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:45:19.0252 1968 HdAudAddService - ok
14:45:19.0299 1968 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:45:19.0315 1968 HDAudBus - ok
14:45:19.0331 1968 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:45:19.0346 1968 HidBatt - ok
14:45:19.0362 1968 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:45:19.0393 1968 HidBth - ok
14:45:19.0424 1968 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:45:19.0440 1968 HidIr - ok
14:45:19.0487 1968 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:45:19.0534 1968 hidserv - ok
14:45:19.0581 1968 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:45:19.0581 1968 HidUsb - ok
14:45:19.0612 1968 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:45:19.0659 1968 hkmsvc - ok
14:45:19.0690 1968 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:45:19.0737 1968 HomeGroupListener - ok
14:45:19.0752 1968 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:45:19.0784 1968 HomeGroupProvider - ok
14:45:19.0799 1968 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:45:19.0815 1968 HpSAMD - ok
14:45:19.0893 1968 [ 1BE48B0542C91487BB8A94BF2278F55D ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:45:19.0924 1968 HPSLPSVC - ok
14:45:19.0956 1968 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:45:20.0018 1968 HTTP - ok
14:45:20.0034 1968 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:45:20.0049 1968 hwpolicy - ok
14:45:20.0081 1968 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:45:20.0081 1968 i8042prt - ok
14:45:20.0112 1968 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:45:20.0127 1968 iaStorV - ok
14:45:20.0174 1968 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication

Foundation\infocard.exe
14:45:20.0206 1968 idsvc - ok
14:45:20.0237 1968 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:45:20.0252 1968 iirsp - ok
14:45:20.0284 1968 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:45:20.0346 1968 IKEEXT - ok
14:45:20.0471 1968 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:45:20.0518 1968 IntcAzAudAddService - ok
14:45:20.0549 1968 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:45:20.0549 1968 intelide - ok
14:45:20.0565 1968 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:45:20.0596 1968 intelppm - ok
14:45:20.0627 1968 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:45:20.0659 1968 IPBusEnum - ok
14:45:20.0674 1968 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:45:20.0721 1968 IpFilterDriver - ok
14:45:20.0752 1968 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:45:20.0784 1968 iphlpsvc - ok
14:45:20.0815 1968 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:45:20.0846 1968 IPMIDRV - ok
14:45:20.0862 1968 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:45:20.0909 1968 IPNAT - ok
14:45:20.0940 1968 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:45:21.0018 1968 IRENUM - ok
14:45:21.0034 1968 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:45:21.0049 1968 isapnp - ok
14:45:21.0065 1968 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:45:21.0081 1968 iScsiPrt - ok
14:45:21.0112 1968 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:45:21.0127 1968 kbdclass - ok
14:45:21.0127 1968 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:45:21.0143 1968 kbdhid - ok
14:45:21.0159 1968 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:45:21.0159 1968 KeyIso - ok
14:45:21.0206 1968 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:45:21.0206 1968 KSecDD - ok
14:45:21.0268 1968 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:45:21.0268 1968 KSecPkg - ok
14:45:21.0299 1968 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:45:21.0346 1968 ksthunk - ok
14:45:21.0377 1968 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:45:21.0424 1968 KtmRm - ok
14:45:21.0456 1968 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:45:21.0502 1968 LanmanServer - ok
14:45:21.0549 1968 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:45:21.0596 1968 LanmanWorkstation - ok
14:45:21.0627 1968 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:45:21.0674 1968 lltdio - ok
14:45:21.0706 1968 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:45:21.0752 1968 lltdsvc - ok
14:45:21.0784 1968 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:45:21.0815 1968 lmhosts - ok
14:45:21.0831 1968 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:45:21.0846 1968 LSI_FC - ok
14:45:21.0862 1968 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:45:21.0877 1968 LSI_SAS - ok
14:45:21.0909 1968 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:45:21.0924 1968 LSI_SAS2 - ok
14:45:21.0940 1968 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:45:21.0940 1968 LSI_SCSI - ok
14:45:21.0956 1968 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:45:22.0002 1968 luafv - ok
14:45:22.0034 1968 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:45:22.0034 1968 MBAMProtector - ok
14:45:22.0081 1968 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:45:22.0096 1968 MBAMScheduler - ok
14:45:22.0143 1968 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:45:22.0174 1968 MBAMService - ok
14:45:22.0190 1968 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:45:22.0206 1968 megasas - ok
14:45:22.0221 1968 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:45:22.0237 1968 MegaSR - ok
14:45:22.0284 1968 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office

\Office12\GrooveAuditService.exe
14:45:22.0299 1968 Microsoft Office Groove Audit Service - ok
14:45:22.0315 1968 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:45:22.0362 1968 MMCSS - ok
14:45:22.0377 1968 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:45:22.0424 1968 Modem - ok
14:45:22.0456 1968 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:45:22.0471 1968 monitor - ok
14:45:22.0502 1968 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:45:22.0502 1968 mouclass - ok
14:45:22.0518 1968 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:45:22.0534 1968 mouhid - ok
14:45:22.0565 1968 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:45:22.0581 1968 mountmgr - ok
14:45:22.0612 1968 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service

\maintenanceservice.exe
14:45:22.0612 1968 MozillaMaintenance - ok
14:45:22.0643 1968 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:45:22.0659 1968 MpFilter - ok
14:45:22.0690 1968 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:45:22.0706 1968 mpio - ok
14:45:22.0721 1968 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:45:22.0752 1968 mpsdrv - ok
14:45:22.0784 1968 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:45:22.0846 1968 MpsSvc - ok
14:45:22.0862 1968 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:45:22.0893 1968 MRxDAV - ok
14:45:22.0924 1968 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:45:22.0971 1968 mrxsmb - ok
14:45:22.0987 1968 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:45:23.0018 1968 mrxsmb10 - ok
14:45:23.0049 1968 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:45:23.0065 1968 mrxsmb20 - ok
14:45:23.0096 1968 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:45:23.0112 1968 msahci - ok
14:45:23.0143 1968 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:45:23.0159 1968 msdsm - ok
14:45:23.0174 1968 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:45:23.0190 1968 MSDTC - ok
14:45:23.0237 1968 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:45:23.0268 1968 Msfs - ok
14:45:23.0268 1968 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:45:23.0315 1968 mshidkmdf - ok
14:45:23.0346 1968 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:45:23.0346 1968 msisadrv - ok
14:45:23.0377 1968 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:45:23.0409 1968 MSiSCSI - ok
14:45:23.0409 1968 msiserver - ok
14:45:23.0424 1968 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:45:23.0471 1968 MSKSSRV - ok
14:45:23.0534 1968 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:45:23.0549 1968 MsMpSvc - ok
14:45:23.0565 1968 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:45:23.0612 1968 MSPCLOCK - ok
14:45:23.0627 1968 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:45:23.0659 1968 MSPQM - ok
14:45:23.0706 1968 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:45:23.0721 1968 MsRPC - ok
14:45:23.0737 1968 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:45:23.0752 1968 mssmbios - ok
14:45:23.0768 1968 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:45:23.0815 1968 MSTEE - ok
14:45:23.0831 1968 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:45:23.0846 1968 MTConfig - ok
14:45:23.0846 1968 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:45:23.0862 1968 Mup - ok
14:45:23.0893 1968 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:45:23.0940 1968 napagent - ok
14:45:23.0987 1968 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:45:24.0018 1968 NativeWifiP - ok
14:45:24.0065 1968 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:45:24.0112 1968 NDIS - ok
14:45:24.0127 1968 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:45:24.0159 1968 NdisCap - ok
14:45:24.0174 1968 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:45:24.0206 1968 NdisTapi - ok
14:45:24.0221 1968 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:45:24.0252 1968 Ndisuio - ok
14:45:24.0268 1968 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:45:24.0315 1968 NdisWan - ok
14:45:24.0346 1968 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:45:24.0393 1968 NDProxy - ok
14:45:24.0424 1968 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:45:24.0471 1968 NetBIOS - ok
14:45:24.0502 1968 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:45:24.0549 1968 NetBT - ok
14:45:24.0565 1968 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:45:24.0581 1968 Netlogon - ok
14:45:24.0612 1968 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:45:24.0659 1968 Netman - ok
14:45:24.0690 1968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:24.0706 1968 NetMsmqActivator - ok
14:45:24.0721 1968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:24.0721 1968 NetPipeActivator - ok
14:45:24.0752 1968 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:45:24.0799 1968 netprofm - ok
14:45:24.0831 1968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:24.0831 1968 NetTcpActivator - ok
14:45:24.0846 1968 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:45:24.0846 1968 NetTcpPortSharing - ok
14:45:24.0862 1968 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:45:24.0877 1968 nfrd960 - ok
14:45:24.0909 1968 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:45:24.0924 1968 NisDrv - ok
14:45:24.0940 1968 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:45:24.0956 1968 NisSrv - ok
14:45:24.0987 1968 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:45:25.0018 1968 NlaSvc - ok
14:45:25.0034 1968 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:45:25.0065 1968 Npfs - ok
14:45:25.0096 1968 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:45:25.0143 1968 nsi - ok
14:45:25.0159 1968 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:45:25.0206 1968 nsiproxy - ok
14:45:25.0284 1968 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:45:25.0346 1968 Ntfs - ok
14:45:25.0346 1968 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:45:25.0377 1968 Null - ok
14:45:25.0409 1968 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
14:45:25.0440 1968 NVENETFD - ok
14:45:25.0690 1968 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:45:25.0877 1968 nvlddmkm - ok
14:45:25.0909 1968 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
14:45:25.0924 1968 nvraid - ok
14:45:25.0940 1968 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:45:25.0940 1968 nvstor - ok
14:45:25.0987 1968 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
14:45:26.0018 1968 nvsvc - ok
14:45:26.0081 1968 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core

\daemonu.exe
14:45:26.0127 1968 nvUpdatusService - ok
14:45:26.0159 1968 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:45:26.0174 1968 nv_agp - ok
14:45:26.0221 1968 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared

\OFFICE12\ODSERV.EXE
14:45:26.0237 1968 odserv - ok
14:45:26.0268 1968 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:45:26.0284 1968 ohci1394 - ok
14:45:26.0299 1968 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:45:26.0315 1968 ose - ok
14:45:26.0346 1968 [ 678CC7DCF607BBD69A9F9333D39C2F1D ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
14:45:26.0362 1968 ossrv - ok
14:45:26.0393 1968 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:45:26.0424 1968 p2pimsvc - ok
14:45:26.0440 1968 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:45:26.0471 1968 p2psvc - ok
14:45:26.0487 1968 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:45:26.0502 1968 Parport - ok
14:45:26.0534 1968 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:45:26.0549 1968 partmgr - ok
14:45:26.0565 1968 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:45:26.0596 1968 PcaSvc - ok
14:45:26.0627 1968 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:45:26.0643 1968 pci - ok
14:45:26.0659 1968 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:45:26.0659 1968 pciide - ok
14:45:26.0674 1968 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:45:26.0690 1968 pcmcia - ok
14:45:26.0706 1968 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:45:26.0721 1968 pcw - ok
14:45:26.0737 1968 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:45:26.0784 1968 PEAUTH - ok
14:45:26.0877 1968 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:45:26.0956 1968 PeerDistSvc - ok
14:45:27.0002 1968 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:45:27.0034 1968 PerfHost - ok
14:45:27.0081 1968 [ 8BA0E6570112C4F27571A3C21B3A02A6 ] PGMTrusted C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
14:45:27.0143 1968 PGMTrusted - ok
14:45:27.0206 1968 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:45:27.0284 1968 pla - ok
14:45:27.0331 1968 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:45:27.0377 1968 PlugPlay - ok
14:45:27.0393 1968 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:45:27.0409 1968 PNRPAutoReg - ok
14:45:27.0424 1968 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:45:27.0440 1968 PNRPsvc - ok
14:45:27.0471 1968 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:45:27.0518 1968 PolicyAgent - ok
14:45:27.0549 1968 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:45:27.0612 1968 Power - ok
14:45:27.0627 1968 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:45:27.0674 1968 PptpMiniport - ok
14:45:27.0706 1968 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:45:27.0737 1968 Processor - ok
14:45:27.0752 1968 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:45:27.0799 1968 ProfSvc - ok
14:45:27.0815 1968 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:45:27.0831 1968 ProtectedStorage - ok
14:45:27.0846 1968 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:45:27.0909 1968 Psched - ok
14:45:27.0956 1968 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:45:28.0002 1968 ql2300 - ok
14:45:28.0034 1968 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:45:28.0049 1968 ql40xx - ok
14:45:28.0081 1968 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:45:28.0112 1968 QWAVE - ok
14:45:28.0127 1968 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:45:28.0159 1968 QWAVEdrv - ok
14:45:28.0174 1968 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:45:28.0206 1968 RasAcd - ok
14:45:28.0221 1968 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:45:28.0268 1968 RasAgileVpn - ok
14:45:28.0299 1968 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:45:28.0346 1968 RasAuto - ok
14:45:28.0362 1968 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:45:28.0393 1968 Rasl2tp - ok
14:45:28.0424 1968 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:45:28.0456 1968 RasMan - ok
14:45:28.0487 1968 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:45:28.0534 1968 RasPppoe - ok
14:45:28.0549 1968 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:45:28.0612 1968 RasSstp - ok
14:45:28.0643 1968 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:45:28.0690 1968 rdbss - ok
14:45:28.0721 1968 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:45:28.0721 1968 rdpbus - ok
14:45:28.0752 1968 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:45:28.0799 1968 RDPCDD - ok
14:45:28.0831 1968 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:45:28.0862 1968 RDPDR - ok
14:45:28.0862 1968 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:45:28.0909 1968 RDPENCDD - ok
14:45:28.0940 1968 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:45:28.0956 1968 RDPREFMP - ok
14:45:29.0002 1968 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:45:29.0049 1968 RdpVideoMiniport - ok
14:45:29.0065 1968 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:45:29.0096 1968 RDPWD - ok
14:45:29.0112 1968 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:45:29.0127 1968 rdyboost - ok
14:45:29.0159 1968 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:45:29.0206 1968 RemoteAccess - ok
14:45:29.0237 1968 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:45:29.0284 1968 RemoteRegistry - ok
14:45:29.0315 1968 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:45:29.0346 1968 RpcEptMapper - ok
14:45:29.0377 1968 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:45:29.0393 1968 RpcLocator - ok
14:45:29.0424 1968 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:45:29.0456 1968 RpcSs - ok
14:45:29.0487 1968 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:45:29.0518 1968 rspndr - ok
14:45:29.0549 1968 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:45:29.0581 1968 s3cap - ok
14:45:29.0596 1968 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:45:29.0612 1968 SamSs - ok
14:45:29.0627 1968 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:45:29.0643 1968 sbp2port - ok
14:45:29.0674 1968 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:45:29.0721 1968 SCardSvr - ok
14:45:29.0752 1968 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:45:29.0799 1968 scfilter - ok
14:45:29.0846 1968 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:45:29.0909 1968 Schedule - ok
14:45:29.0940 1968 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:45:29.0971 1968 SCPolicySvc - ok
14:45:30.0002 1968 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:45:30.0018 1968 SDRSVC - ok
14:45:30.0034 1968 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:45:30.0065 1968 secdrv - ok
14:45:30.0081 1968 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:45:30.0127 1968 seclogon - ok
14:45:30.0159 1968 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:45:30.0206 1968 SENS - ok
14:45:30.0237 1968 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:45:30.0252 1968 SensrSvc - ok
14:45:30.0268 1968 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:45:30.0284 1968 Serenum - ok
14:45:30.0315 1968 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:45:30.0331 1968 Serial - ok
14:45:30.0346 1968 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:45:30.0377 1968 sermouse - ok
14:45:30.0409 1968 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:45:30.0456 1968 SessionEnv - ok
14:45:30.0487 1968 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:45:30.0518 1968 sffdisk - ok
14:45:30.0534 1968 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:45:30.0549 1968 sffp_mmc - ok
14:45:30.0581 1968 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:45:30.0612 1968 sffp_sd - ok
14:45:30.0627 1968 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:45:30.0643 1968 sfloppy - ok
14:45:30.0690 1968 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:45:30.0737 1968 SharedAccess - ok
14:45:30.0784 1968 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:45:30.0831 1968 ShellHWDetection - ok
14:45:30.0846 1968 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:45:30.0862 1968 SiSRaid2 - ok
14:45:30.0877 1968 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:45:30.0893 1968 SiSRaid4 - ok
14:45:30.0909 1968 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:45:30.0940 1968 Smb - ok
14:45:30.0971 1968 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:45:30.0971 1968 SNMPTRAP - ok
14:45:30.0987 1968 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:45:31.0002 1968 spldr - ok
14:45:31.0049 1968 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:45:31.0081 1968 Spooler - ok
14:45:31.0174 1968 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:45:31.0299 1968 sppsvc - ok
14:45:31.0346 1968 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:45:31.0393 1968 sppuinotify - ok
14:45:31.0424 1968 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:45:31.0471 1968 srv - ok
14:45:31.0518 1968 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:45:31.0549 1968 srv2 - ok
14:45:31.0581 1968 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:45:31.0612 1968 srvnet - ok
14:45:31.0659 1968 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:45:31.0706 1968 SSDPSRV - ok
14:45:31.0721 1968 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:45:31.0752 1968 SstpSvc - ok
14:45:31.0784 1968 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:45:31.0784 1968 stexstor - ok
14:45:31.0831 1968 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:45:31.0862 1968 stisvc - ok
14:45:31.0893 1968 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:45:31.0909 1968 storflt - ok
14:45:31.0924 1968 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
14:45:31.0971 1968 StorSvc - ok
14:45:31.0987 1968 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:45:31.0987 1968 storvsc - ok
14:45:32.0018 1968 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:45:32.0018 1968 swenum - ok
14:45:32.0049 1968 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:45:32.0112 1968 swprv - ok
14:45:32.0174 1968 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:45:32.0252 1968 SysMain - ok
14:45:32.0284 1968 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:45:32.0315 1968 TabletInputService - ok
14:45:32.0346 1968 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:45:32.0393 1968 TapiSrv - ok
14:45:32.0424 1968 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:45:32.0456 1968 TBS - ok
14:45:32.0534 1968 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:45:32.0612 1968 Tcpip - ok
14:45:32.0659 1968 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:45:32.0690 1968 TCPIP6 - ok
14:45:32.0737 1968 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:45:32.0737 1968 tcpipreg - ok
14:45:32.0768 1968 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:45:32.0815 1968 TDPIPE - ok
14:45:32.0831 1968 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:45:32.0862 1968 TDTCP - ok
14:45:32.0893 1968 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:45:32.0924 1968 tdx - ok
14:45:32.0940 1968 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:45:32.0940 1968 TermDD - ok
14:45:32.0987 1968 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:45:33.0034 1968 TermService - ok
14:45:33.0049 1968 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:45:33.0081 1968 Themes - ok
14:45:33.0096 1968 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:45:33.0127 1968 THREADORDER - ok
14:45:33.0143 1968 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:45:33.0190 1968 TrkWks - ok
14:45:33.0237 1968 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:45:33.0284 1968 TrustedInstaller - ok
14:45:33.0315 1968 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:45:33.0362 1968 tssecsrv - ok
14:45:33.0393 1968 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:45:33.0424 1968 TsUsbFlt - ok
14:45:33.0456 1968 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:45:33.0502 1968 tunnel - ok
14:45:33.0534 1968 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:45:33.0534 1968 uagp35 - ok
14:45:33.0565 1968 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:45:33.0627 1968 udfs - ok
14:45:33.0659 1968 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:45:33.0674 1968 UI0Detect - ok
14:45:33.0706 1968 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:45:33.0706 1968 uliagpkx - ok
14:45:33.0752 1968 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:45:33.0768 1968 umbus - ok
14:45:33.0799 1968 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:45:33.0831 1968 UmPass - ok
14:45:33.0846 1968 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:45:33.0893 1968 UmRdpService - ok
14:45:33.0909 1968 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:45:33.0956 1968 upnphost - ok
14:45:33.0987 1968 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:45:34.0002 1968 usbaudio - ok
14:45:34.0034 1968 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:45:34.0081 1968 usbccgp - ok
14:45:34.0112 1968 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:45:34.0127 1968 usbcir - ok
14:45:34.0127 1968 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:45:34.0143 1968 usbehci - ok
14:45:34.0159 1968 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:45:34.0174 1968 usbhub - ok
14:45:34.0190 1968 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:45:34.0206 1968 usbohci - ok
14:45:34.0237 1968 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:45:34.0268 1968 usbprint - ok
14:45:34.0299 1968 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:45:34.0331 1968 usbscan - ok
14:45:34.0346 1968 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:45:34.0393 1968 USBSTOR - ok
14:45:34.0409 1968 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:45:34.0440 1968 usbuhci - ok
14:45:34.0456 1968 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:45:34.0471 1968 usbvideo - ok
14:45:34.0502 1968 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:45:34.0549 1968 UxSms - ok
14:45:34.0581 1968 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:45:34.0581 1968 VaultSvc - ok
14:45:34.0596 1968 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:45:34.0612 1968 vdrvroot - ok
14:45:34.0643 1968 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:45:34.0690 1968 vds - ok
14:45:34.0706 1968 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:45:34.0721 1968 vga - ok
14:45:34.0737 1968 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:45:34.0784 1968 VgaSave - ok
14:45:34.0815 1968 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:45:34.0831 1968 vhdmp - ok
14:45:34.0846 1968 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:45:34.0846 1968 viaide - ok
14:45:34.0877 1968 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:45:34.0893 1968 vmbus - ok
14:45:34.0909 1968 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:45:34.0924 1968 VMBusHID - ok
14:45:34.0956 1968 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:45:34.0971 1968 volmgr - ok
14:45:35.0002 1968 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:45:35.0018 1968 volmgrx - ok
14:45:35.0049 1968 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:45:35.0065 1968 volsnap - ok
14:45:35.0081 1968 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\drivers\vpchbus.sys
14:45:35.0096 1968 vpcbus - ok
14:45:35.0112 1968 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\drivers\vpcusb.sys
14:45:35.0143 1968 vpcusb - ok
14:45:35.0174 1968 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:45:35.0190 1968 vsmraid - ok
14:45:35.0237 1968 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:45:35.0315 1968 VSS - ok
14:45:35.0331 1968 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:45:35.0362 1968 vwifibus - ok
14:45:35.0393 1968 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:45:35.0424 1968 W32Time - ok
14:45:35.0440 1968 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:45:35.0471 1968 WacomPen - ok
14:45:35.0502 1968 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:45:35.0549 1968 WANARP - ok
14:45:35.0565 1968 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:45:35.0596 1968 Wanarpv6 - ok
14:45:35.0643 1968 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:45:35.0706 1968 WatAdminSvc - ok
14:45:35.0752 1968 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:45:35.0831 1968 wbengine - ok
14:45:35.0862 1968 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:45:35.0877 1968 WbioSrvc - ok
14:45:35.0909 1968 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:45:35.0940 1968 wcncsvc - ok
14:45:35.0956 1968 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:45:35.0971 1968 WcsPlugInService - ok
14:45:36.0002 1968 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:45:36.0002 1968 Wd - ok
14:45:36.0049 1968 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
14:45:36.0065 1968 WDC_SAM - ok
14:45:36.0112 1968 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:45:36.0143 1968 Wdf01000 - ok
14:45:36.0159 1968 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:45:36.0237 1968 WdiServiceHost - ok
14:45:36.0252 1968 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:45:36.0268 1968 WdiSystemHost - ok
14:45:36.0284 1968 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:45:36.0331 1968 WebClient - ok
14:45:36.0362 1968 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:45:36.0409 1968 Wecsvc - ok
14:45:36.0440 1968 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:45:36.0487 1968 wercplsupport - ok
14:45:36.0502 1968 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:45:36.0549 1968 WerSvc - ok
14:45:36.0581 1968 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:45:36.0612 1968 WfpLwf - ok
14:45:36.0627 1968 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:45:36.0627 1968 WIMMount - ok
14:45:36.0659 1968 WinDefend - ok
14:45:36.0659 1968 WinHttpAutoProxySvc - ok
14:45:36.0706 1968 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:45:36.0752 1968 Winmgmt - ok
14:45:36.0799 1968 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:45:36.0909 1968 WinRM - ok
14:45:36.0956 1968 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:45:37.0002 1968 Wlansvc - ok
14:45:37.0034 1968 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:45:37.0049 1968 WmiAcpi - ok
14:45:37.0081 1968 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:45:37.0112 1968 wmiApSrv - ok
14:45:37.0127 1968 WMPNetworkSvc - ok
14:45:37.0143 1968 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:45:37.0159 1968 WPCSvc - ok
14:45:37.0190 1968 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:45:37.0221 1968 WPDBusEnum - ok
14:45:37.0237 1968 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:45:37.0284 1968 ws2ifsl - ok
14:45:37.0299 1968 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:45:37.0331 1968 wscsvc - ok
14:45:37.0346 1968 WSearch - ok
14:45:37.0440 1968 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:45:37.0549 1968 wuauserv - ok
14:45:37.0581 1968 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:45:37.0627 1968 WudfPf - ok
14:45:37.0643 1968 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:45:37.0674 1968 WUDFRd - ok
14:45:37.0690 1968 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:45:37.0721 1968 wudfsvc - ok
14:45:37.0752 1968 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:45:37.0784 1968 WwanSvc - ok
14:45:37.0799 1968 ================ Scan global ===============================
14:45:37.0831 1968 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:45:37.0877 1968 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:45:37.0877 1968 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:45:37.0909 1968 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:45:37.0924 1968 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:45:37.0940 1968 [Global] - ok
14:45:37.0940 1968 ================ Scan MBR ==================================
14:45:37.0956 1968 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:45:38.0159 1968 \Device\Harddisk0\DR0 - ok
14:45:38.0159 1968 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:45:38.0252 1968 \Device\Harddisk1\DR1 - ok
14:45:38.0252 1968 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
14:45:38.0487 1968 \Device\Harddisk2\DR2 - ok
14:45:38.0487 1968 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
14:45:38.0924 1968 \Device\Harddisk3\DR3 - ok
14:45:38.0924 1968 [ BEA1375B8EF91A9F94778DA6B5B90BC8 ] \Device\Harddisk8\DR8
14:45:39.0034 1968 \Device\Harddisk8\DR8 - ok
14:45:39.0034 1968 ================ Scan VBR ==================================
14:45:39.0034 1968 [ 3801FE1B3D9B0ED4EC16F03F626E9122 ] \Device\Harddisk0\DR0\Partition1
14:45:39.0034 1968 \Device\Harddisk0\DR0\Partition1 - ok
14:45:39.0065 1968 [ E545DF0553EECB645197A3FE321FE290 ] \Device\Harddisk0\DR0\Partition2
14:45:39.0065 1968 \Device\Harddisk0\DR0\Partition2 - ok
14:45:39.0065 1968 [ 11B809319F9FE12BB4F633B02EDAC643 ] \Device\Harddisk1\DR1\Partition1
14:45:39.0065 1968 \Device\Harddisk1\DR1\Partition1 - ok
14:45:39.0081 1968 [ 3833821E89D5DDD4774DB85929DA7D02 ] \Device\Harddisk1\DR1\Partition2
14:45:39.0081 1968 \Device\Harddisk1\DR1\Partition2 - ok
14:45:39.0081 1968 [ A350316643EB99D4D231910B4AC5EC42 ] \Device\Harddisk2\DR2\Partition1
14:45:39.0081 1968 \Device\Harddisk2\DR2\Partition1 - ok
14:45:39.0081 1968 [ 926BB84B00D68F9297095D7397C508D0 ] \Device\Harddisk3\DR3\Partition1
14:45:39.0081 1968 \Device\Harddisk3\DR3\Partition1 - ok
14:45:39.0096 1968 ============================================================
14:45:39.0096 1968 Scan finished
14:45:39.0096 1968 ============================================================
14:45:39.0096 0304 Detected object count: 0
14:45:39.0096 0304 Actual detected object count: 0
14:46:55.0799 2812 Deinitialize success


Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 9
Adobe Flash Player 11.5.502.135
Mozilla Firefox (17.0.1)
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 23-12-2012
Ran by stanley (administrator) on 04-01-2013 at 14:58:50
Running from "C:\Users\stanley\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar Version: 25-11-2012
Ran by stanley (administrator) on 04-01-2013 at 15:01:13
Running from "C:\Users\stanley\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : stanley-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #2
Physical Address. . . . . . . . . : 00-50-8D-9D-E3-87
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, January 04, 2013 1:32:28 PM
Lease Expires . . . . . . . . . . : Saturday, January 05, 2013 1:32:27 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
205.171.2.25
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-50-8D-9D-E3-88
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, January 04, 2013 1:32:28 PM
Lease Expires . . . . . . . . . . : Saturday, January 05, 2013 1:32:27 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
205.171.2.25
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.ph.cox.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2001:4860:4007:800::1005
74.125.224.169
74.125.224.174
74.125.224.160
74.125.224.161
74.125.224.162
74.125.224.163
74.125.224.164
74.125.224.165
74.125.224.166
74.125.224.167
74.125.224.168


Pinging google.com [74.125.224.161] with 32 bytes of data:
Reply from 74.125.224.161: bytes=32 time=37ms TTL=57
Reply from 74.125.224.161: bytes=32 time=36ms TTL=57

Ping statistics for 74.125.224.161:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 37ms, Average = 36ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=505ms TTL=53
Reply from 98.139.183.24: bytes=32 time=381ms TTL=53

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 381ms, Maximum = 505ms, Average = 443ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 3ms, Average = 3ms
===========================================================================
Interface List
12...00 50 8d 9d e3 87 ......NVIDIA nForce Networking Controller #2
10...00 50 8d 9d e3 88 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 10
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.4 266
192.168.0.0 255.255.255.0 On-link 192.168.0.5 266
192.168.0.4 255.255.255.255 On-link 192.168.0.4 266
192.168.0.5 255.255.255.255 On-link 192.168.0.5 266
192.168.0.255 255.255.255.255 On-link 192.168.0.4 266
192.168.0.255 255.255.255.255 On-link 192.168.0.5 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.4 266
224.0.0.0 240.0.0.0 On-link 192.168.0.5 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.4 266
255.255.255.255 255.255.255.255 On-link 192.168.0.5 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/04/2013 02:39:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.697, time stamp: 0x506b3bc0
Faulting module name: nvtray.exe, version: 7.17.13.697, time stamp: 0x506b3bc0
Exception code: 0x40000015
Fault offset: 0x0000000000153481
Faulting process id: 0x430
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3

Error: (01/04/2013 00:48:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.697, time stamp: 0x506b3bc0
Faulting module name: nvtray.exe, version: 7.17.13.697, time stamp: 0x506b3bc0
Exception code: 0x40000015
Fault offset: 0x0000000000153481
Faulting process id: 0xd90
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3

Error: (01/04/2013 00:41:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.697, time stamp: 0x506b3bc0
Faulting module name: nvtray.exe, version: 7.17.13.697, time stamp: 0x506b3bc0
Exception code: 0x40000015
Fault offset: 0x0000000000153481
Faulting process id: 0x29c
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3

Error: (01/03/2013 10:18:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/03/2013 10:17:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/02/2013 08:15:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/02/2013 11:00:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.697, time stamp: 0x506b3bc0
Faulting module name: NvUpdt.dll_unloaded, version: 0.0.0.0, time stamp: 0x506b2cd8
Exception code: 0xc0000005
Fault offset: 0x000007fef0987432
Faulting process id: 0x6bc
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3

Error: (12/28/2012 06:44:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/28/2012 06:42:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests

\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-

controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/28/2012 01:10:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: MODSys.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a980d72
Exception code: 0xc0000005
Fault offset: 0x000007fef248fc90
Faulting process id: 0x8f4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3


System errors:
=============
Error: (01/04/2013 01:32:33 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (01/03/2013 10:19:17 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (01/03/2013 02:03:42 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (01/03/2013 04:26:55 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (12/26/2012 03:35:30 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (12/26/2012 02:44:53 PM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (12/26/2012 02:10:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (12/22/2012 06:14:13 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (12/22/2012 03:16:21 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (12/21/2012 11:25:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS


Microsoft Office Sessions:
=========================
Error: (09/24/2012 03:01:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted

14440 seconds with 3120 seconds of active time. This session ended with a crash.

Error: (08/19/2011 00:42:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted

23194 seconds with 180 seconds of active time. This session ended with a crash.

Error: (04/17/2011 08:09:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 16259 seconds with 6240 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2012-03-05 11:13:03.806
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on

the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an

unknown source.

Date: 2012-03-05 11:13:03.744
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on

the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an

unknown source.

Date: 2011-11-30 22:44:06.008
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on

the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an

unknown source.

Date: 2011-11-30 22:44:05.961
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on

the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an

unknown source.

Date: 2011-11-20 19:09:55.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\shell32.dll because the set of per-page

image hashes could not be found on the system.

Date: 2011-11-20 19:09:55.249
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\shell32.dll because the set of per-page

image hashes could not be found on the system.

Date: 2011-11-20 19:09:05.492
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\shell32.dll because the set of per-page

image hashes could not be found on the system.

Date: 2011-11-20 19:09:05.407
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\shell32.dll because the set of per-page

image hashes could not be found on the system.

Date: 2011-11-20 19:08:58.513
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\shell32.dll because the set of per-page

image hashes could not be found on the system.

Date: 2011-11-20 19:08:58.455
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\shell32.dll because the set of per-page

image hashes could not be found on the system.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
4660_4680_Help (Version: 1.00.0000)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
BurnAware Free 5.2
Burning Love (Version: 1.0)
Camera Finder
CCleaner (Version: 3.25)
Cleopatra and VOTK Offline Patch (Version: 1.00.0000)
Convergys Health Checker (Version: 1.0.4)
CorelDRAW Graphics Suite 12 (Version: 12.0.0.458)
Defraggler (Version: 2.11)
Diamond Drop 2 (remove only)
Double Easy Money (Version: 1.00.0000)
ESET Online Scanner v3
Eusing Free Registry Defrag
Fish Bowl (Version: 1.0)
Foxit Reader (Version: 5.4.3.920)
Google Chrome (Version: 23.0.1271.97)
Google Update Helper (Version: 1.3.21.123)
HP OfficeJet J4600 All-In-One Series (Version: 14.0)
Internet Explorer (Enable DEP)
IrfanView (remove only) (Version: 4.28)
J4600_Basic (Version: 140.0.000.000)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Jewel Quest - Sleepless Star (Version: 1.00.0000)
Jewel Quest (Version: 1.00.0000)
Jewel Quest 2 (Version: 1.00.0000)
Launcher Patch (Version: 1.00.0000)
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microangelo On Display (x64) (Version: 6.10.70)
Microangelo Toolset 6 (x64) (Version: 6.10.70)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mysteries of Cleopatra (Version: 1.00.0000)
Network64 (Version: 140.0.215.000)
Next Generation Visualisations (Version: 1.0.0)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenAL
Paint Shop Pro 7 Anniversary Edition (Version: 7.0.4.0000)
PeaZip 4.6.1
Pogo Games (remove only)
Protect My Disk
Protect My Disk (Version: 6.2.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Reels Of Dublin (Version: 1.00.0000)
Scan (Version: 140.0.167.000)
SeaMonkey 2.14.1 (x86 en-US) (Version: 2.14.1)
SpywareBlaster 4.6 (Version: 4.6.0)
swMSM (Version: 12.0.0.1)
The Print Shop 21 (Version: 21.00.0000)
Toolbox (Version: 140.0.428.000)
Treasure Mile Casino
Universal Viewer
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
ViewSonic Windows Vista x64 Signed Files
WebReg (Version: 140.0.213.017)

========================= Devices: ================================

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 4095.55 MB
Available physical RAM: 2865.09 MB
Total Pagefile: 8189.3 MB
Available Pagefile: 6846.37 MB
Total Virtual: 4095.88 MB
Available Virtual: 3974.72 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:136.73 GB) NTFS
4 Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
5 Drive g: () (Fixed) (Total:59.53 GB) (Free:20.45 GB) NTFS
6 Drive h: () (Fixed) (Total:186.31 GB) (Free:22.55 GB) NTFS
7 Drive i: () (Fixed) (Total:189.91 GB) (Free:155.47 GB) NTFS

========================= Users: ========================================

User accounts for \\STANLEY-PC

Administrator ASPNET databruzer
Guest stanley UpdatusUser

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

17-11-2012 23:05:10 Windows Update
18-11-2012 10:00:15 Windows Update
22-11-2012 20:10:10 Windows Update
25-11-2012 21:48:14 Windows Update
29-11-2012 12:09:14 Windows Update
29-11-2012 17:43:59 Windows Update
03-12-2012 11:49:59 Windows Update
03-12-2012 20:10:42 Removed Java 7 Update 9
03-12-2012 20:11:58 Removed JavaFX 2.1.1
03-12-2012 20:32:40 Installed Java 7 Update 9
10-12-2012 06:17:04 Windows Update
11-12-2012 23:46:40 Windows Update
15-12-2012 08:46:33 Windows Update
19-12-2012 12:35:49 Windows Update
21-12-2012 07:07:44 Windows Update
22-12-2012 06:33:52 Windows Update
26-12-2012 12:39:28 Windows Update
02-01-2013 18:14:02 Windows Update
03-01-2013 13:46:18 Windows Update


**** End of log ****

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:31 PM

Posted 05 January 2013 - 10:58 AM

Hi

What do you use the computer for? If this is your work computer then you shouldn't use it to look for help on a public forum.

For the IP address that was blocked (46.17.96.177) was this an incoming or an outgoing block?

We advise that you check your firewall settings as this type of event is not normal.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 tallthatsall

tallthatsall
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 05 January 2013 - 12:58 PM

What do you use the computer for? If this is your work computer then you shouldn't use it to look for help on a public forum.

For the IP address that was blocked (46.17.96.177) was this an incoming or an outgoing block?


Hello,

The IP address was an outgoing block. It was blocked by MalwareBytes Pro. Because I frequently receive outgoing block warnings from MB, I have attempted to get help from their tech support with the response of, "Don't worry. MBam is doing its job".
I have checked my firewall settings, they are set at default.

I own this computer, I built this computer, it is a desktop in my home. In an attempt to keep a roof over my head, at times, I do use this computer for work - when I am fortunate enough to find work. I also use this computer for personal entertainment, personal communication, personal education, etc.

I apologize for posting on this forum; I did read the rules as well as the User Agreement before posting and I truly was not aware that I should not seek help for a computer that I own. Or was your statement "you shouldn't use it to look for help on a public forum" indicating I should use some other device in my process of looking for help for my computer? Regardless, please know; it was not, nor is it my intention to disrespect or to deceive anyone, quite the contrary; I have been straight up as should be recognized by the contents of my PM. At this time, I do not have the luxury of seeking advice elsewhere, so please let me know if I am finished here and I will do a kill disk & reformat. If that is the case, thank you very much for your assistance thus far, and sorry to have wasted your time. If there should be additional help available, it would be much appreciated, however I do understand if that is not possible.

Again, my apologies and best regards.

tall

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:31 PM

Posted 05 January 2013 - 07:24 PM

Hi

Please do the following next:

:step1:

  • Launch Malwarebytes' Anti-Malware (MBAM)
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

Note: Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step2:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step3:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


:step4:

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 tallthatsall

tallthatsall
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 06 January 2013 - 01:37 PM

I have included the logs below. I left AdwCleaner open because of the warning message I received, (by using only search mode, AC has not removed detected items.........) wasn't sure what to do.
Re how is my computer running? Not sure at the moment. I will do some everyday routine stuff that I normally do and will report back after your reply re my logs.
Thanks!
tall


Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
stanley :: STANLEY-PC [administrator]

Protection: Enabled

1/5/2013 7:33:39 PM
mbam-log-2013-01-05 (19-33-39).txt

Scan type: Full scan (C:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 943703
Time elapsed: 3 hour(s), 18 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
G:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-70e74f63 (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

This was the output contained in the ESET log (there was nothing within the log file to identify ESET) :

G:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1ff0f08c-50e349e4 Java/Agent.FH trojan cleaned by deleting - quarantined



# AdwCleaner v2.104 - Logfile created 01/06/2013 at 11:13:02
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : stanley - STANLEY-PC
# Boot Mode : Normal
# Running from : C:\Users\stanley\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\stanley\AppData\Roaming\Mozilla\Firefox\Profiles\0eqjx221.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\stanley\AppData\Roaming\Mozilla\Firefox\Profiles\0eqjx221.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/?shva=1#inbox");
Found : user_pref("extensions.browserprotect.homepage", "hxxps://mail.google.com/mail/?shva=1#inbox");
Found : user_pref("extensions.ntk.feedStore", "{\"URLtoFeedCount\":16,\"FeedStoriesCount\":12,\"data\":[{\"u[...]
Found : user_pref("extensions.ntk.thumbsUrls", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox;hxxp://www.po[...]
Found : user_pref("surfcanyon.checked_domains", "ABOUT,DC,WKP,ENCR");
Found : user_pref("surfcanyon.content_farm_removal", false);
Found : user_pref("surfcanyon.daily_code", "scIsOnSearchEngineDomain = function() {\nreturn contains(scCurre[...]
Found : user_pref("surfcanyon.daily_code_timestamp", "1329992813592");
Found : user_pref("surfcanyon.disliked_domains", "");
Found : user_pref("surfcanyon.display_similar_product_images", false);
Found : user_pref("surfcanyon.dynamic_preferences_timestamp", "1352516769430");
Found : user_pref("surfcanyon.google_search_button_click_query", "finalco+bertrand");
Found : user_pref("surfcanyon.google_search_button_click_ts", "1312672511438");
Found : user_pref("surfcanyon.hourly_code", "scHourlyCodeRevision = '337b';\nscGetDocument = function() {\nr[...]
Found : user_pref("surfcanyon.hourly_code2", "scEnableGoogle_hourly = function() {\nvar args = window.locati[...]
Found : user_pref("surfcanyon.hourly_code_timestamp", "1330746277494");
Found : user_pref("surfcanyon.initialized_chummo", false);
Found : user_pref("surfcanyon.inst_id", "71241644595122135674374869394441");
Found : user_pref("surfcanyon.inst_timestamp", "1301259398448");
Found : user_pref("surfcanyon.last_seen_splash", "343");
Found : user_pref("surfcanyon.max_num_recs", "5");
Found : user_pref("surfcanyon.no_searchbar_global", false);
Found : user_pref("surfcanyon.num_recs_clicked", "4");
Found : user_pref("surfcanyon.num_results_clicked", "276");
Found : user_pref("surfcanyon.num_results_clicked_when_recs_available", "115");
Found : user_pref("surfcanyon.num_searches", "3009");
Found : user_pref("surfcanyon.partner_code", "MZ");
Found : user_pref("surfcanyon.preferred_domains", "");
Found : user_pref("surfcanyon.refinements_cache", "^conhost.exe/bytes:process:running:windows 7:remove^excel[...]
Found : user_pref("surfcanyon.search_links_enabled", false);
Found : user_pref("surfcanyon.searchbar_zindexes", false);
Found : user_pref("surfcanyon.server_error_time", "");
Found : user_pref("surfcanyon.server_error_url", "");
Found : user_pref("surfcanyon.ss_page_links_enabled", false);
Found : user_pref("surfcanyon.top_of_page_refinements_disabled", false);

File : C:\Users\databruzer\AppData\Roaming\Mozilla\Firefox\Profiles\ga4nml1c.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/?shva=1#inbox");
Found : user_pref("extensions.browserprotect.homepage", "hxxps://mail.google.com/mail/?shva=1#inbox");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\stanley\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4068 octets] - [06/01/2013 11:13:02]

########## EOF - C:\AdwCleaner[R1].txt - [4128 octets] ##########

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:31 PM

Posted 06 January 2013 - 05:42 PM

IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes.
They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms.
This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.
Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities.
You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity.
If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed.
In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them.
Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say:

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Help: I Got Hacked. Now What Do I Do?.

We will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what information can be accessed from it.

Knowing the above, do you wish to proceed with cleaning the malware from the computer?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 tallthatsall

tallthatsall
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 06 January 2013 - 10:01 PM

"Knowing the above, do you wish to proceed with cleaning the malware from the computer"

Thank you. I do understand what you have outlined, and I do not wish to proceed with cleaning. Couple of questions:
  • It appears that the infections were found on my G: drive. Is this correct?
  • If that is the case, that would be the drive that I would like to use for my OS, (it is my only SSD) therefore is it advisable to use kill disk or similar before reformatting? Do you know, is kill disk (or similar) o.k. to use on an SSD?
  • Should I assume all drives in my system have been compromised?
  • Is it possible to retrieve/save data from any of my drives without the lingering doubt of that data being compromised?
  • If there is some data that I can't live without, is there a way to get it off of the drives, like transfer to a flash drive, and then scan the flash drive with another system, or should I worry about whatever is on the flash infecting another system? Any way around this?
  • Any recommendations re saving data is appreciated.
Meanwhile, I will of course disconnect all drives except for the OS drive I will be using, and get back to the other drives when I have time. Do you recommend that eventually I run kill disk on all drives?
I am one for being overly cautious rather than take any chances whatsoever, so I'm willing to do whatever it takes to get back to having a normal/non-compromised system, and will follow any recommendations.

Thank you again. And thank you so much for your help and assistance.










#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:31 PM

Posted 07 January 2013 - 04:07 PM

Hi

1) ESET identified one file as being a Trojan and MBAM another file there, yes.

2) Beyond my knowledge, I don't know sorry.

3) Best to assume so.

4) You can retrieve files from the PC, but there is always a chance however small that they may be infected.

5)

...transfer to a flash drive, and then scan the flash drive with another system...

That is one method worth considering. Do not use Windows XP to do the scan though - Vista or 7 is better since they have autorun disabled by default I believe.
Bear in mind my answer to 4) above.

6) Note: Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

Do you recommend that eventually I run kill disk on all drives?

I don't recommend this since I don't know enough about it.

I hope that helps :).

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 tallthatsall

tallthatsall
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 07 January 2013 - 05:52 PM

Thank you for advice re saving data. I will do some additional research. I guess you & I have run the course, so I bid you adeau. :bowdown:
Respects,
tall

#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:31 PM

Posted 07 January 2013 - 06:03 PM

You're welcome :)

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users