Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All browsers hijacked Genieo


  • Please log in to reply
15 replies to this topic

#1 potroastmaster

potroastmaster

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 03 February 2013 - 10:22 AM

Using Chrome, IE, and Firefox, and all have an issue with re-direct.

I have followed the forum " http://www.bleepingcomputer.com/forums/topic476924.html/page__hl__genieo "
and downloaded JRT, SpywareBlaster, MiniToolBox, AdwCleaner, I have performed all tasks as outlined in that forum. Yet I still get Redirects/Issues with Going to major search engines like yahoo.com(after searching) and Google.com and bing.com

I have Log from ESET online scanner which found Win32/OpenCandy application and quarantined it.

I also have logs from JRT GooredFix, and AdwCleaner. I also downloaded HiJackThis but have not used HJT today.

I have tried Malwarebytes and AVG and AD-Aware with little success. I have uninstalled many toolbars.

I have CCleaner and have disabled many startup programs associated to these issues.

I have noted that the HOST file has many ip addresses for Google.com variants.

Currently it does not start with yahoo.geneio. com anymore. While using Chrome/FireFox when I go to www.google.com it says "Bad Request (Invalid Hostname)"
While using IE when i go to www.google.com it says
"The webpage cannot be found
HTTP 400

Most likely causes:
•There might be a typing error in the address.
•If you clicked on a link, it may be out of date.

What you can try:

Retype the address.

Go back to the previous page.

Go to and look for the information you want.

More information

This error (HTTP 400 Bad Request) means that Internet Explorer was able to connect to the web server, but the webpage could not be found because of a problem with the address.

For more information about HTTP errors, see Help."

this computer is dell inspiron, running windows vista home premium with SP2, 32 bit, 4GB ram

Please let me know what I should do next.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:15 PM

Posted 03 February 2013 - 10:24 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 potroastmaster

potroastmaster
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 03 February 2013 - 11:04 AM

do you want me to scan a second time with eset? or show previous log that I exported?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:15 PM

Posted 03 February 2013 - 11:06 AM

Please run once again

#5 potroastmaster

potroastmaster
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 03 February 2013 - 11:11 AM

Ok thanks! here is the first Reoprt

"
11:01:43.0206 4708 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:01:43.0515 4708 ============================================================
11:01:43.0515 4708 Current date / time: 2013/02/03 11:01:43.0515
11:01:43.0515 4708 SystemInfo:
11:01:43.0515 4708
11:01:43.0516 4708 OS Version: 6.0.6002 ServicePack: 2.0
11:01:43.0516 4708 Product type: Workstation
11:01:43.0516 4708 ComputerName: ALS-PC
11:01:43.0516 4708 UserName: aarons
11:01:43.0516 4708 Windows directory: C:\Windows
11:01:43.0516 4708 System windows directory: C:\Windows
11:01:43.0516 4708 Processor architecture: Intel x86
11:01:43.0516 4708 Number of processors: 2
11:01:43.0516 4708 Page size: 0x1000
11:01:43.0516 4708 Boot type: Normal boot
11:01:43.0516 4708 ============================================================
11:01:44.0923 4708 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:01:44.0963 4708 ============================================================
11:01:44.0963 4708 \Device\Harddisk0\DR0:
11:01:44.0963 4708 MBR partitions:
11:01:44.0964 4708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
11:01:44.0964 4708 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
11:01:44.0964 4708 ============================================================
11:01:45.0016 4708 C: <-> \Device\Harddisk0\DR0\Partition2
11:01:45.0056 4708 D: <-> \Device\Harddisk0\DR0\Partition1
11:01:45.0056 4708 ============================================================
11:01:45.0056 4708 Initialize success
11:01:45.0056 4708 ============================================================
11:02:32.0742 3472 ============================================================
11:02:32.0742 3472 Scan started
11:02:32.0742 3472 Mode: Manual; TDLFS;
11:02:32.0742 3472 ============================================================
11:02:33.0413 3472 ================ Scan system memory ========================
11:02:33.0413 3472 System memory - ok
11:02:33.0414 3472 ================ Scan services =============================
11:02:33.0598 3472 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
11:02:33.0604 3472 ACPI - ok
11:02:33.0653 3472 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:02:33.0657 3472 AdobeFlashPlayerUpdateSvc - ok
11:02:33.0686 3472 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:02:33.0695 3472 adp94xx - ok
11:02:33.0736 3472 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:02:33.0736 3472 adpahci - ok
11:02:33.0752 3472 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
11:02:33.0752 3472 adpu160m - ok
11:02:33.0767 3472 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:02:33.0768 3472 adpu320 - ok
11:02:33.0781 3472 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:02:33.0783 3472 AeLookupSvc - ok
11:02:33.0825 3472 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
11:02:33.0832 3472 AFD - ok
11:02:33.0857 3472 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:02:33.0860 3472 agp440 - ok
11:02:33.0869 3472 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:02:33.0872 3472 aic78xx - ok
11:02:33.0890 3472 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
11:02:33.0892 3472 ALG - ok
11:02:33.0918 3472 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
11:02:33.0919 3472 aliide - ok
11:02:33.0939 3472 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:02:33.0941 3472 amdagp - ok
11:02:33.0948 3472 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
11:02:33.0952 3472 amdide - ok
11:02:33.0959 3472 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
11:02:33.0962 3472 AmdK7 - ok
11:02:33.0983 3472 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:02:33.0985 3472 AmdK8 - ok
11:02:34.0015 3472 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
11:02:34.0017 3472 Appinfo - ok
11:02:34.0120 3472 [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:02:34.0123 3472 Apple Mobile Device - ok
11:02:34.0137 3472 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
11:02:34.0140 3472 arc - ok
11:02:34.0152 3472 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:02:34.0155 3472 arcsas - ok
11:02:34.0178 3472 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:02:34.0179 3472 AsyncMac - ok
11:02:34.0210 3472 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
11:02:34.0211 3472 atapi - ok
11:02:34.0241 3472 [ FD59145571041180F54A620FB8159746 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
11:02:34.0249 3472 Ati External Event Utility - ok
11:02:34.0345 3472 [ 514771DF4C8E653126C6DD7EE3661766 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:02:34.0405 3472 atikmdag - ok
11:02:34.0452 3472 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:02:34.0456 3472 AudioEndpointBuilder - ok
11:02:34.0466 3472 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:02:34.0471 3472 Audiosrv - ok
11:02:34.0687 3472 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
11:02:34.0742 3472 AVGIDSAgent - ok
11:02:34.0793 3472 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
11:02:34.0793 3472 AVGIDSDriver - ok
11:02:34.0824 3472 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
11:02:34.0824 3472 AVGIDSHX - ok
11:02:34.0831 3472 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
11:02:34.0833 3472 AVGIDSShim - ok
11:02:34.0856 3472 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
11:02:34.0860 3472 Avgldx86 - ok
11:02:34.0889 3472 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
11:02:34.0891 3472 Avglogx - ok
11:02:34.0902 3472 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
11:02:34.0904 3472 Avgmfx86 - ok
11:02:34.0917 3472 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
11:02:34.0919 3472 Avgrkx86 - ok
11:02:34.0930 3472 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
11:02:34.0933 3472 Avgtdix - ok
11:02:34.0953 3472 [ 740970262714E0575F23A917A2A53A31 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
11:02:34.0954 3472 avgtp - ok
11:02:34.0979 3472 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
11:02:34.0981 3472 avgwd - ok
11:02:35.0022 3472 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
11:02:35.0024 3472 Beep - ok
11:02:35.0087 3472 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
11:02:35.0090 3472 BFE - ok
11:02:35.0135 3472 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
11:02:35.0147 3472 BITS - ok
11:02:35.0159 3472 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:02:35.0160 3472 blbdrive - ok
11:02:35.0211 3472 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:02:35.0214 3472 Bonjour Service - ok
11:02:35.0241 3472 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:02:35.0243 3472 bowser - ok
11:02:35.0260 3472 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
11:02:35.0261 3472 BrFiltLo - ok
11:02:35.0276 3472 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
11:02:35.0277 3472 BrFiltUp - ok
11:02:35.0302 3472 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
11:02:35.0304 3472 Browser - ok
11:02:35.0322 3472 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
11:02:35.0324 3472 Brserid - ok
11:02:35.0344 3472 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
11:02:35.0346 3472 BrSerWdm - ok
11:02:35.0366 3472 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
11:02:35.0367 3472 BrUsbMdm - ok
11:02:35.0379 3472 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
11:02:35.0381 3472 BrUsbSer - ok
11:02:35.0398 3472 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:02:35.0400 3472 BTHMODEM - ok
11:02:35.0434 3472 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:02:35.0435 3472 cdfs - ok
11:02:35.0467 3472 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:02:35.0476 3472 cdrom - ok
11:02:35.0503 3472 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
11:02:35.0505 3472 CertPropSvc - ok
11:02:35.0525 3472 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
11:02:35.0527 3472 circlass - ok
11:02:35.0561 3472 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
11:02:35.0565 3472 CLFS - ok
11:02:35.0609 3472 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:02:35.0611 3472 clr_optimization_v2.0.50727_32 - ok
11:02:35.0664 3472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:02:35.0666 3472 clr_optimization_v4.0.30319_32 - ok
11:02:35.0704 3472 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:02:35.0706 3472 cmdide - ok
11:02:35.0737 3472 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:02:35.0739 3472 Compbatt - ok
11:02:35.0745 3472 COMSysApp - ok
11:02:35.0771 3472 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:02:35.0772 3472 crcdisk - ok
11:02:35.0813 3472 [ 0C629820AAD9C90E456B221C94D640CA ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
11:02:35.0815 3472 Creative Labs Licensing Service - ok
11:02:35.0863 3472 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\Windows\system32\CTsvcCDA.exe
11:02:35.0878 3472 Creative Service for CDROM Access - ok
11:02:35.0879 3472 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
11:02:35.0879 3472 Crusoe - ok
11:02:35.0918 3472 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:02:35.0921 3472 CryptSvc - ok
11:02:35.0961 3472 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:02:35.0975 3472 DcomLaunch - ok
11:02:36.0004 3472 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:02:36.0006 3472 DfsC - ok
11:02:36.0064 3472 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
11:02:36.0097 3472 DFSR - ok
11:02:36.0162 3472 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
11:02:36.0164 3472 Dhcp - ok
11:02:36.0206 3472 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
11:02:36.0207 3472 disk - ok
11:02:36.0246 3472 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:02:36.0247 3472 Dnscache - ok
11:02:36.0320 3472 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
11:02:36.0321 3472 DockLoginService - ok
11:02:36.0362 3472 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:02:36.0366 3472 dot3svc - ok
11:02:36.0395 3472 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
11:02:36.0398 3472 DPS - ok
11:02:36.0431 3472 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:02:36.0440 3472 drmkaud - ok
11:02:36.0475 3472 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:02:36.0485 3472 DXGKrnl - ok
11:02:36.0506 3472 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
11:02:36.0511 3472 e1express - ok
11:02:36.0533 3472 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
11:02:36.0536 3472 E1G60 - ok
11:02:36.0555 3472 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
11:02:36.0557 3472 EapHost - ok
11:02:36.0584 3472 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
11:02:36.0587 3472 Ecache - ok
11:02:36.0640 3472 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:02:36.0651 3472 ehRecvr - ok
11:02:36.0657 3472 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
11:02:36.0660 3472 ehSched - ok
11:02:36.0677 3472 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
11:02:36.0678 3472 ehstart - ok
11:02:36.0697 3472 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:02:36.0703 3472 elxstor - ok
11:02:36.0741 3472 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
11:02:36.0750 3472 EMDMgmt - ok
11:02:36.0778 3472 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:02:36.0779 3472 ErrDev - ok
11:02:36.0843 3472 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
11:02:36.0847 3472 EventSystem - ok
11:02:36.0898 3472 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
11:02:36.0898 3472 exfat - ok
11:02:36.0915 3472 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:02:36.0915 3472 fastfat - ok
11:02:36.0923 3472 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:02:36.0925 3472 fdc - ok
11:02:36.0941 3472 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
11:02:36.0943 3472 fdPHost - ok
11:02:36.0959 3472 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
11:02:36.0961 3472 FDResPub - ok
11:02:36.0977 3472 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:02:36.0979 3472 FileInfo - ok
11:02:36.0994 3472 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:02:37.0004 3472 Filetrace - ok
11:02:37.0032 3472 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:02:37.0034 3472 flpydisk - ok
11:02:37.0051 3472 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:02:37.0055 3472 FltMgr - ok
11:02:37.0104 3472 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
11:02:37.0119 3472 FontCache - ok
11:02:37.0163 3472 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:02:37.0172 3472 FontCache3.0.0.0 - ok
11:02:37.0204 3472 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:02:37.0206 3472 Fs_Rec - ok
11:02:37.0226 3472 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:02:37.0229 3472 gagp30kx - ok
11:02:37.0255 3472 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:02:37.0258 3472 GEARAspiWDM - ok
11:02:37.0315 3472 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
11:02:37.0317 3472 GoToAssist - ok
11:02:37.0359 3472 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
11:02:37.0382 3472 gpsvc - ok
11:02:37.0464 3472 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:02:37.0466 3472 gupdate - ok
11:02:37.0474 3472 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:02:37.0476 3472 gupdatem - ok
11:02:37.0523 3472 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:02:37.0529 3472 HdAudAddService - ok
11:02:37.0566 3472 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:02:37.0576 3472 HDAudBus - ok
11:02:37.0610 3472 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:02:37.0612 3472 HidBth - ok
11:02:37.0630 3472 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
11:02:37.0633 3472 HidIr - ok
11:02:37.0656 3472 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
11:02:37.0659 3472 hidserv - ok
11:02:37.0674 3472 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:02:37.0686 3472 HidUsb - ok
11:02:37.0715 3472 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:02:37.0728 3472 hkmsvc - ok
11:02:37.0743 3472 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
11:02:37.0745 3472 HpCISSs - ok
11:02:37.0796 3472 [ 99F85640054BA65190B860D878A7C9AE ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:02:37.0813 3472 HSF_DPV - ok
11:02:37.0832 3472 [ FE440536BD98AF772130DC3A6FE1915F ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
11:02:37.0838 3472 HSXHWBS2 - ok
11:02:37.0864 3472 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:02:37.0872 3472 HTTP - ok
11:02:37.0918 3472 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
11:02:37.0918 3472 i2omp - ok
11:02:37.0949 3472 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:02:37.0949 3472 i8042prt - ok
11:02:37.0950 3472 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\drivers\iastor.sys
11:02:37.0954 3472 iaStor - ok
11:02:37.0978 3472 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
11:02:37.0983 3472 iaStorV - ok
11:02:38.0048 3472 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:02:38.0063 3472 idsvc - ok
11:02:38.0082 3472 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:02:38.0085 3472 iirsp - ok
11:02:38.0114 3472 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
11:02:38.0123 3472 IKEEXT - ok
11:02:38.0187 3472 [ EDC37B918E583A5A813C53D4F5588255 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:02:38.0225 3472 IntcAzAudAddService - ok
11:02:38.0266 3472 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
11:02:38.0269 3472 intelide - ok
11:02:38.0287 3472 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:02:38.0289 3472 intelppm - ok
11:02:38.0303 3472 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:02:38.0306 3472 IPBusEnum - ok
11:02:38.0320 3472 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:02:38.0322 3472 IpFilterDriver - ok
11:02:38.0349 3472 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:02:38.0355 3472 iphlpsvc - ok
11:02:38.0361 3472 IpInIp - ok
11:02:38.0386 3472 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
11:02:38.0393 3472 IPMIDRV - ok
11:02:38.0423 3472 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
11:02:38.0426 3472 IPNAT - ok
11:02:38.0469 3472 [ DCB3796E0169419618C72F0CE34C68ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:02:38.0484 3472 iPod Service - ok
11:02:38.0502 3472 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:02:38.0504 3472 IRENUM - ok
11:02:38.0522 3472 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:02:38.0525 3472 isapnp - ok
11:02:38.0552 3472 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:02:38.0556 3472 iScsiPrt - ok
11:02:38.0569 3472 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
11:02:38.0572 3472 iteatapi - ok
11:02:38.0587 3472 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
11:02:38.0588 3472 iteraid - ok
11:02:38.0611 3472 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:02:38.0621 3472 kbdclass - ok
11:02:38.0642 3472 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:02:38.0645 3472 kbdhid - ok
11:02:38.0674 3472 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
11:02:38.0676 3472 KeyIso - ok
11:02:38.0769 3472 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:02:38.0777 3472 KSecDD - ok
11:02:38.0810 3472 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
11:02:38.0819 3472 KtmRm - ok
11:02:38.0841 3472 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
11:02:38.0855 3472 LanmanServer - ok
11:02:38.0894 3472 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:02:38.0900 3472 LanmanWorkstation - ok
11:02:39.0079 3472 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
11:02:39.0102 3472 Lavasoft Ad-Aware Service - ok
11:02:39.0143 3472 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
11:02:39.0144 3472 Lavasoft Kernexplorer - ok
11:02:39.0176 3472 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
11:02:39.0178 3472 Lbd - ok
11:02:39.0216 3472 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:02:39.0219 3472 lltdio - ok
11:02:39.0249 3472 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:02:39.0255 3472 lltdsvc - ok
11:02:39.0275 3472 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:02:39.0279 3472 lmhosts - ok
11:02:39.0304 3472 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:02:39.0307 3472 LSI_FC - ok
11:02:39.0322 3472 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:02:39.0325 3472 LSI_SAS - ok
11:02:39.0343 3472 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:02:39.0346 3472 LSI_SCSI - ok
11:02:39.0359 3472 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
11:02:39.0361 3472 luafv - ok
11:02:39.0377 3472 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:02:39.0379 3472 Mcx2Svc - ok
11:02:39.0389 3472 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:02:39.0391 3472 mdmxsdk - ok
11:02:39.0410 3472 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
11:02:39.0412 3472 megasas - ok
11:02:39.0435 3472 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
11:02:39.0445 3472 MegaSR - ok
11:02:39.0460 3472 mhwwow - ok
11:02:39.0487 3472 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
11:02:39.0489 3472 MMCSS - ok
11:02:39.0498 3472 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
11:02:39.0499 3472 Modem - ok
11:02:39.0526 3472 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:02:39.0528 3472 monitor - ok
11:02:39.0541 3472 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:02:39.0542 3472 mouclass - ok
11:02:39.0549 3472 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:02:39.0551 3472 mouhid - ok
11:02:39.0557 3472 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
11:02:39.0559 3472 MountMgr - ok
11:02:39.0578 3472 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
11:02:39.0581 3472 mpio - ok
11:02:39.0595 3472 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:02:39.0597 3472 mpsdrv - ok
11:02:39.0630 3472 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
11:02:39.0638 3472 MpsSvc - ok
11:02:39.0651 3472 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
11:02:39.0653 3472 Mraid35x - ok
11:02:39.0674 3472 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:02:39.0676 3472 MRxDAV - ok
11:02:39.0701 3472 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:02:39.0703 3472 mrxsmb - ok
11:02:39.0732 3472 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:02:39.0736 3472 mrxsmb10 - ok
11:02:39.0746 3472 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:02:39.0747 3472 mrxsmb20 - ok
11:02:39.0774 3472 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
11:02:39.0776 3472 msahci - ok
11:02:39.0784 3472 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:02:39.0787 3472 msdsm - ok
11:02:39.0800 3472 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
11:02:39.0803 3472 MSDTC - ok
11:02:39.0853 3472 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:02:39.0854 3472 Msfs - ok
11:02:39.0874 3472 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:02:39.0875 3472 msisadrv - ok
11:02:39.0929 3472 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:02:39.0939 3472 MSiSCSI - ok
11:02:39.0944 3472 msiserver - ok
11:02:39.0967 3472 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:02:39.0968 3472 MSKSSRV - ok
11:02:39.0995 3472 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:02:39.0997 3472 MSPCLOCK - ok
11:02:40.0036 3472 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:02:40.0036 3472 MSPQM - ok
11:02:40.0051 3472 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:02:40.0051 3472 MsRPC - ok
11:02:40.0067 3472 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:02:40.0067 3472 mssmbios - ok
11:02:40.0068 3472 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:02:40.0068 3472 MSTEE - ok
11:02:40.0068 3472 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
11:02:40.0068 3472 Mup - ok
11:02:40.0086 3472 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
11:02:40.0092 3472 napagent - ok
11:02:40.0117 3472 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:02:40.0120 3472 NativeWifiP - ok
11:02:40.0150 3472 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:02:40.0157 3472 NDIS - ok
11:02:40.0164 3472 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:02:40.0166 3472 NdisTapi - ok
11:02:40.0180 3472 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:02:40.0182 3472 Ndisuio - ok
11:02:40.0215 3472 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:02:40.0217 3472 NdisWan - ok
11:02:40.0225 3472 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:02:40.0227 3472 NDProxy - ok
11:02:40.0236 3472 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:02:40.0238 3472 NetBIOS - ok
11:02:40.0264 3472 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
11:02:40.0267 3472 netbt - ok
11:02:40.0273 3472 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
11:02:40.0275 3472 Netlogon - ok
11:02:40.0299 3472 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
11:02:40.0307 3472 Netman - ok
11:02:40.0324 3472 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
11:02:40.0331 3472 netprofm - ok
11:02:40.0351 3472 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:02:40.0355 3472 NetTcpPortSharing - ok
11:02:40.0367 3472 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:02:40.0370 3472 nfrd960 - ok
11:02:40.0388 3472 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:02:40.0392 3472 NlaSvc - ok
11:02:40.0413 3472 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:02:40.0414 3472 Npfs - ok
11:02:40.0439 3472 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
11:02:40.0443 3472 nsi - ok
11:02:40.0476 3472 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:02:40.0489 3472 nsiproxy - ok
11:02:40.0546 3472 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:02:40.0563 3472 Ntfs - ok
11:02:40.0585 3472 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
11:02:40.0587 3472 ntrigdigi - ok
11:02:40.0593 3472 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
11:02:40.0596 3472 Null - ok
11:02:40.0604 3472 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:02:40.0606 3472 nvraid - ok
11:02:40.0623 3472 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:02:40.0625 3472 nvstor - ok
11:02:40.0635 3472 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:02:40.0638 3472 nv_agp - ok
11:02:40.0644 3472 NwlnkFlt - ok
11:02:40.0650 3472 NwlnkFwd - ok
11:02:40.0730 3472 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:02:40.0737 3472 odserv - ok
11:02:40.0765 3472 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:02:40.0767 3472 ohci1394 - ok
11:02:40.0792 3472 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:02:40.0794 3472 ose - ok
11:02:40.0816 3472 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
11:02:40.0826 3472 p2pimsvc - ok
11:02:40.0839 3472 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
11:02:40.0845 3472 p2psvc - ok
11:02:40.0858 3472 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
11:02:40.0860 3472 Parport - ok
11:02:40.0886 3472 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:02:40.0887 3472 partmgr - ok
11:02:40.0904 3472 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
11:02:40.0906 3472 Parvdm - ok
11:02:40.0948 3472 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
11:02:40.0951 3472 PcaSvc - ok
11:02:40.0973 3472 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
11:02:40.0975 3472 pci - ok
11:02:40.0994 3472 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
11:02:40.0995 3472 pciide - ok
11:02:41.0013 3472 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:02:41.0016 3472 pcmcia - ok
11:02:41.0048 3472 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:02:41.0061 3472 PEAUTH - ok
11:02:41.0126 3472 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
11:02:41.0138 3472 pla - ok
11:02:41.0168 3472 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:02:41.0175 3472 PlugPlay - ok
11:02:41.0198 3472 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
11:02:41.0208 3472 PNRPAutoReg - ok
11:02:41.0228 3472 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
11:02:41.0238 3472 PNRPsvc - ok
11:02:41.0260 3472 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:02:41.0268 3472 PolicyAgent - ok
11:02:41.0304 3472 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:02:41.0306 3472 PptpMiniport - ok
11:02:41.0325 3472 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
11:02:41.0327 3472 Processor - ok
11:02:41.0345 3472 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
11:02:41.0350 3472 ProfSvc - ok
11:02:41.0369 3472 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
11:02:41.0371 3472 ProtectedStorage - ok
11:02:41.0398 3472 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
11:02:41.0401 3472 PSched - ok
11:02:41.0445 3472 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
11:02:41.0446 3472 PxHelp20 - ok
11:02:41.0484 3472 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:02:41.0499 3472 ql2300 - ok
11:02:41.0508 3472 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:02:41.0511 3472 ql40xx - ok
11:02:41.0536 3472 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
11:02:41.0541 3472 QWAVE - ok
11:02:41.0552 3472 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:02:41.0553 3472 QWAVEdrv - ok
11:02:41.0630 3472 [ 514771DF4C8E653126C6DD7EE3661766 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
11:02:41.0654 3472 R300 - ok
11:02:41.0660 3472 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:02:41.0662 3472 RasAcd - ok
11:02:41.0680 3472 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
11:02:41.0683 3472 RasAuto - ok
11:02:41.0696 3472 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:02:41.0698 3472 Rasl2tp - ok
11:02:41.0737 3472 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
11:02:41.0742 3472 RasMan - ok
11:02:41.0768 3472 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:02:41.0770 3472 RasPppoe - ok
11:02:41.0807 3472 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:02:41.0809 3472 RasSstp - ok
11:02:41.0836 3472 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:02:41.0839 3472 rdbss - ok
11:02:41.0847 3472 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:02:41.0849 3472 RDPCDD - ok
11:02:41.0871 3472 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
11:02:41.0875 3472 rdpdr - ok
11:02:41.0881 3472 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:02:41.0883 3472 RDPENCDD - ok
11:02:41.0913 3472 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:02:41.0916 3472 RDPWD - ok
11:02:41.0953 3472 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:02:41.0956 3472 RemoteAccess - ok
11:02:41.0987 3472 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:02:41.0991 3472 RemoteRegistry - ok
11:02:42.0000 3472 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
11:02:42.0001 3472 RpcLocator - ok
11:02:42.0022 3472 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
11:02:42.0027 3472 RpcSs - ok
11:02:42.0042 3472 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:02:42.0045 3472 rspndr - ok
11:02:42.0077 3472 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
11:02:42.0082 3472 RTL8169 - ok
11:02:42.0130 3472 [ 7F8D15EE000577BE703537849D4F9397 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
11:02:42.0130 3472 RtNdPt60 - ok
11:02:42.0146 3472 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
11:02:42.0146 3472 SamSs - ok
11:02:42.0162 3472 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:02:42.0162 3472 sbp2port - ok
11:02:42.0171 3472 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:02:42.0175 3472 SCardSvr - ok
11:02:42.0232 3472 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
11:02:42.0242 3472 Schedule - ok
11:02:42.0254 3472 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:02:42.0255 3472 SCPolicySvc - ok
11:02:42.0273 3472 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:02:42.0277 3472 SDRSVC - ok
11:02:42.0285 3472 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:02:42.0287 3472 secdrv - ok
11:02:42.0298 3472 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
11:02:42.0301 3472 seclogon - ok
11:02:42.0313 3472 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
11:02:42.0317 3472 SENS - ok
11:02:42.0330 3472 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
11:02:42.0332 3472 Serenum - ok
11:02:42.0354 3472 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
11:02:42.0356 3472 Serial - ok
11:02:42.0372 3472 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:02:42.0374 3472 sermouse - ok
11:02:42.0405 3472 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
11:02:42.0408 3472 SessionEnv - ok
11:02:42.0418 3472 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:02:42.0430 3472 sffdisk - ok
11:02:42.0451 3472 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:02:42.0452 3472 sffp_mmc - ok
11:02:42.0473 3472 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:02:42.0474 3472 sffp_sd - ok
11:02:42.0486 3472 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:02:42.0488 3472 sfloppy - ok
11:02:42.0563 3472 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
11:02:42.0574 3472 SftService - ok
11:02:42.0606 3472 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:02:42.0612 3472 SharedAccess - ok
11:02:42.0652 3472 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:02:42.0658 3472 ShellHWDetection - ok
11:02:42.0675 3472 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:02:42.0677 3472 sisagp - ok
11:02:42.0688 3472 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
11:02:42.0690 3472 SiSRaid2 - ok
11:02:42.0704 3472 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:02:42.0706 3472 SiSRaid4 - ok
11:02:42.0786 3472 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
11:02:42.0839 3472 slsvc - ok
11:02:42.0887 3472 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
11:02:42.0891 3472 SLUINotify - ok
11:02:42.0917 3472 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:02:42.0919 3472 Smb - ok
11:02:42.0946 3472 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:02:42.0950 3472 SNMPTRAP - ok
11:02:42.0973 3472 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
11:02:42.0974 3472 spldr - ok
11:02:43.0002 3472 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
11:02:43.0007 3472 Spooler - ok
11:02:43.0037 3472 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:02:43.0042 3472 srv - ok
11:02:43.0068 3472 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:02:43.0071 3472 srv2 - ok
11:02:43.0108 3472 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:02:43.0111 3472 srvnet - ok
11:02:43.0130 3472 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:02:43.0137 3472 SSDPSRV - ok
11:02:43.0153 3472 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:02:43.0186 3472 SstpSvc - ok
11:02:43.0217 3472 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
11:02:43.0218 3472 stisvc - ok
11:02:43.0267 3472 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:02:43.0270 3472 stllssvr - ok
11:02:43.0283 3472 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:02:43.0285 3472 swenum - ok
11:02:43.0330 3472 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
11:02:43.0337 3472 swprv - ok
11:02:43.0351 3472 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
11:02:43.0353 3472 Symc8xx - ok
11:02:43.0370 3472 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
11:02:43.0373 3472 Sym_hi - ok
11:02:43.0386 3472 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
11:02:43.0389 3472 Sym_u3 - ok
11:02:43.0434 3472 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
11:02:43.0447 3472 SysMain - ok
11:02:43.0479 3472 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:02:43.0484 3472 TabletInputService - ok
11:02:43.0533 3472 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:02:43.0541 3472 TapiSrv - ok
11:02:43.0557 3472 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
11:02:43.0562 3472 TBS - ok
11:02:43.0604 3472 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:02:43.0620 3472 Tcpip - ok
11:02:43.0641 3472 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
11:02:43.0652 3472 Tcpip6 - ok
11:02:43.0679 3472 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:02:43.0682 3472 tcpipreg - ok
11:02:43.0698 3472 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:02:43.0700 3472 TDPIPE - ok
11:02:43.0714 3472 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:02:43.0716 3472 TDTCP - ok
11:02:43.0756 3472 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:02:43.0759 3472 tdx - ok
11:02:43.0777 3472 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:02:43.0779 3472 TermDD - ok
11:02:43.0805 3472 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
11:02:43.0816 3472 TermService - ok
11:02:43.0838 3472 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
11:02:43.0844 3472 Themes - ok
11:02:43.0858 3472 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
11:02:43.0861 3472 THREADORDER - ok
11:02:43.0891 3472 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
11:02:43.0896 3472 TrkWks - ok
11:02:43.0936 3472 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:02:43.0938 3472 TrustedInstaller - ok
11:02:43.0959 3472 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:02:43.0969 3472 tssecsrv - ok
11:02:44.0004 3472 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
11:02:44.0006 3472 tunmp - ok
11:02:44.0037 3472 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:02:44.0040 3472 tunnel - ok
11:02:44.0057 3472 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:02:44.0060 3472 uagp35 - ok
11:02:44.0083 3472 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:02:44.0088 3472 udfs - ok
11:02:44.0119 3472 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:02:44.0124 3472 UI0Detect - ok
11:02:44.0141 3472 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:02:44.0144 3472 uliagpkx - ok
11:02:44.0163 3472 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
11:02:44.0168 3472 uliahci - ok
11:02:44.0202 3472 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
11:02:44.0206 3472 UlSata - ok
11:02:44.0259 3472 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
11:02:44.0259 3472 ulsata2 - ok
11:02:44.0274 3472 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:02:44.0275 3472 umbus - ok
11:02:44.0283 3472 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
11:02:44.0292 3472 upnphost - ok
11:02:44.0324 3472 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:02:44.0327 3472 usbccgp - ok
11:02:44.0354 3472 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:02:44.0357 3472 usbcir - ok
11:02:44.0396 3472 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:02:44.0405 3472 usbehci - ok
11:02:44.0440 3472 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:02:44.0459 3472 usbhub - ok
11:02:44.0477 3472 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:02:44.0480 3472 usbohci - ok
11:02:44.0506 3472 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:02:44.0509 3472 usbprint - ok
11:02:44.0527 3472 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:02:44.0530 3472 USBSTOR - ok
11:02:44.0545 3472 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:02:44.0547 3472 usbuhci - ok
11:02:44.0589 3472 [ 830D5D8456B822C1247C1E59B4C464FA ] USB_RNDIS_XP C:\Windows\system32\DRIVERS\usb8023.sys
11:02:44.0591 3472 USB_RNDIS_XP - ok
11:02:44.0634 3472 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
11:02:44.0639 3472 UxSms - ok
11:02:44.0674 3472 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
11:02:44.0681 3472 vds - ok
11:02:44.0700 3472 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:02:44.0702 3472 vga - ok
11:02:44.0715 3472 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
11:02:44.0718 3472 VgaSave - ok
11:02:44.0740 3472 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:02:44.0743 3472 viaagp - ok
11:02:44.0767 3472 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
11:02:44.0769 3472 ViaC7 - ok
11:02:44.0807 3472 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
11:02:44.0809 3472 viaide - ok
11:02:44.0847 3472 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:02:44.0849 3472 volmgr - ok
11:02:44.0883 3472 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:02:44.0888 3472 volmgrx - ok
11:02:44.0917 3472 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:02:44.0922 3472 volsnap - ok
11:02:44.0941 3472 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:02:44.0945 3472 vsmraid - ok
11:02:44.0985 3472 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
11:02:45.0000 3472 VSS - ok
11:02:45.0010 3472 vToolbarUpdater14.0.1 - ok
11:02:45.0044 3472 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
11:02:45.0061 3472 W32Time - ok
11:02:45.0087 3472 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:02:45.0090 3472 WacomPen - ok
11:02:45.0118 3472 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
11:02:45.0121 3472 Wanarp - ok
11:02:45.0127 3472 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:02:45.0129 3472 Wanarpv6 - ok
11:02:45.0151 3472 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:02:45.0162 3472 wcncsvc - ok
11:02:45.0187 3472 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:02:45.0192 3472 WcsPlugInService - ok
11:02:45.0210 3472 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
11:02:45.0212 3472 Wd - ok
11:02:45.0278 3472 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
11:02:45.0278 3472 WDC_SAM - ok
11:02:45.0310 3472 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:02:45.0313 3472 Wdf01000 - ok
11:02:45.0329 3472 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:02:45.0335 3472 WdiServiceHost - ok
11:02:45.0343 3472 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:02:45.0348 3472 WdiSystemHost - ok
11:02:45.0377 3472 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
11:02:45.0385 3472 WebClient - ok
11:02:45.0414 3472 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:02:45.0424 3472 Wecsvc - ok
11:02:45.0440 3472 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:02:45.0445 3472 wercplsupport - ok
11:02:45.0471 3472 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
11:02:45.0477 3472 WerSvc - ok
11:02:45.0516 3472 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
11:02:45.0520 3472 WimFltr - ok
11:02:45.0552 3472 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:02:45.0569 3472 winachsf - ok
11:02:45.0619 3472 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:02:45.0625 3472 WinDefend - ok
11:02:45.0635 3472 WinHttpAutoProxySvc - ok
11:02:45.0681 3472 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:02:45.0684 3472 Winmgmt - ok
11:02:45.0748 3472 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
11:02:45.0776 3472 WinRM - ok
11:02:45.0830 3472 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:02:45.0842 3472 Wlansvc - ok
11:02:45.0865 3472 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:02:45.0868 3472 WmiAcpi - ok
11:02:45.0915 3472 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:02:45.0917 3472 wmiApSrv - ok
11:02:45.0984 3472 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:02:45.0999 3472 WMPNetworkSvc - ok
11:02:46.0019 3472 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:02:46.0026 3472 WPCSvc - ok
11:02:46.0053 3472 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:02:46.0059 3472 WPDBusEnum - ok
11:02:46.0176 3472 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:02:46.0190 3472 WPFFontCache_v0400 - ok
11:02:46.0217 3472 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:02:46.0218 3472 ws2ifsl - ok
11:02:46.0243 3472 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
11:02:46.0248 3472 wscsvc - ok
11:02:46.0258 3472 WSearch - ok
11:02:46.0343 3472 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
11:02:46.0367 3472 wuauserv - ok
11:02:46.0412 3472 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:02:46.0414 3472 WudfPf - ok
11:02:46.0455 3472 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:02:46.0459 3472 WUDFRd - ok
11:02:46.0495 3472 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:02:46.0501 3472 wudfsvc - ok
11:02:46.0534 3472 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
11:02:46.0536 3472 XAudio - ok
11:02:46.0560 3472 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
11:02:46.0565 3472 XAudioService - ok
11:02:46.0586 3472 ================ Scan global ===============================
11:02:46.0620 3472 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
11:02:46.0653 3472 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
11:02:46.0670 3472 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
11:02:46.0708 3472 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
11:02:46.0716 3472 [Global] - ok
11:02:46.0717 3472 ================ Scan MBR ==================================
11:02:46.0731 3472 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
11:02:47.0303 3472 \Device\Harddisk0\DR0 - ok
11:02:47.0303 3472 ================ Scan VBR ==================================
11:02:47.0329 3472 [ 2632A91AD5D9CC2B61D9F92FDC39109C ] \Device\Harddisk0\DR0\Partition1
11:02:47.0331 3472 \Device\Harddisk0\DR0\Partition1 - ok
11:02:47.0350 3472 [ A2D0AA2D54FE9AD98942390D4E153442 ] \Device\Harddisk0\DR0\Partition2
11:02:47.0365 3472 \Device\Harddisk0\DR0\Partition2 - ok
11:02:47.0365 3472 ============================================================
11:02:47.0365 3472 Scan finished
11:02:47.0365 3472 ============================================================
11:02:47.0381 4564 Detected object count: 0
11:02:47.0381 4564 Actual detected object count: 0
11:02:54.0418 5488 Deinitialize success
"
Currently using aswMBR will post log as soon as it is available

#6 potroastmaster

potroastmaster
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 03 February 2013 - 11:33 AM

aswMBR log

"
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-03 11:06:42
-----------------------------
11:06:42.838 OS Version: Windows 6.0.6002 Service Pack 2
11:06:42.838 Number of processors: 2 586 0xF0D
11:06:42.838 ComputerName: ALS-PC UserName: aarons
11:06:44.445 Initialize success
11:10:19.014 AVAST engine defs: 13020300
11:10:32.539 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:10:32.539 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01113 Size: 305245MB BusType: 3
11:10:32.555 Disk 0 MBR read successfully
11:10:32.570 Disk 0 MBR scan
11:10:32.570 Disk 0 Windows VISTA default MBR code
11:10:32.570 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:10:32.602 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:10:32.617 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
11:10:32.617 Disk 0 scanning sectors +625140400
11:10:32.695 Disk 0 scanning C:\Windows\system32\drivers
11:10:42.664 Service scanning
11:11:03.256 Modules scanning
11:11:07.764 Disk 0 trace - called modules:
11:11:08.310 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:11:08.310 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862d43d0]
11:11:08.326 3 CLASSPNP.SYS[8afa28b3] -> nt!IofCallDriver -> [0x856e7328]
11:11:08.326 5 acpi.sys[806a56bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x856c98a0]
11:11:09.636 AVAST engine scan C:\Windows
11:11:13.349 AVAST engine scan C:\Windows\system32
11:14:42.857 AVAST engine scan C:\Windows\system32\drivers
11:14:55.462 AVAST engine scan C:\Users\aarons
11:21:33.982 AVAST engine scan C:\ProgramData
11:26:31.229 Scan finished successfully
11:30:59.123 Disk 0 MBR has been saved successfully to "C:\Users\aarons\Desktop\MBR.dat"
11:30:59.138 The log file has been saved successfully to "C:\Users\aarons\Desktop\aswMBR.txt"
"
ESET Is in progress
Thanks for your help!

#7 potroastmaster

potroastmaster
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 03 February 2013 - 12:48 PM

ESET finished and found no issues so no option to export log.

If you want the previous log it will show what is currently quarantined

Thanks for your support!

Please let me know what I can do next. :)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:15 PM

Posted 03 February 2013 - 01:50 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 potroastmaster

potroastmaster
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 03 February 2013 - 03:28 PM

Here are the log files I hope they are in order that you asked.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.03.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
aarons :: ALS-PC [administrator]

2/3/2013 2:19:13 PM
mbam-log-2013-02-03 (14-19-13).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 338573
Time elapsed: 51 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


minitoolbox:
MiniToolBox by Farbar Version:10-01-2013
Ran by aarons (administrator) on 03-02-2013 at 14:08:17
Running from "C:\Users\aarons\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
204.152.194.252 www.google.com
204.152.194.252 google.com
204.152.194.252 google.com.au
204.152.194.252 www.google.com.au
204.152.194.252 google.be
204.152.194.252 www.google.be
204.152.194.252 google.com.br
204.152.194.252 www.google.com.br
204.152.194.252 google.ca
204.152.194.252 www.google.ca
204.152.194.252 google.ch
204.152.194.252 www.google.ch
204.152.194.252 google.de
204.152.194.252 www.google.de
204.152.194.252 google.dk
204.152.194.252 www.google.dk
204.152.194.252 google.fr
204.152.194.252 www.google.fr
204.152.194.252 google.ie
204.152.194.252 www.google.ie
204.152.194.252 google.it
204.152.194.252 www.google.it
204.152.194.252 google.co.jp
204.152.194.252 www.google.co.jp
204.152.194.252 google.nl
204.152.194.252 www.google.nl
204.152.194.252 google.no
204.152.194.252 www.google.no
204.152.194.252 google.co.nz
204.152.194.252 www.google.co.nz
204.152.194.252 google.pl
204.152.194.252 www.google.pl
204.152.194.252 google.se
204.152.194.252 www.google.se
204.152.194.252 google.co.uk
204.152.194.252 www.google.co.uk
204.152.194.252 google.co.za
204.152.194.252 www.google.co.za
204.152.194.252 www.google-analytics.com
204.152.194.252 www.bing.com
204.152.194.252 search.yahoo.com
204.152.194.252 www.search.yahoo.com
204.152.194.252 uk.search.yahoo.com
204.152.194.252 ca.search.yahoo.com
204.152.194.252 de.search.yahoo.com
204.152.194.252 fr.search.yahoo.com
204.152.194.252 au.search.yahoo.com

127.0.0.1 localhost

========================= IP Configuration: ================================

Linksys Wireless-G USB Network Adapter with SpeedBooster = Wireless Network Connection

(Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Als-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ga.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.ga.comcast.net.
Description . . . . . . . . . . . : Linksys Wireless-G USB Network Adapter with

SpeedBooster
Physical Address. . . . . . . . . : 00-12-17-8F-18-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9ce0:4be4:52f1:d24d%18(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, February 03, 2013 8:31:50 AM
Lease Expires . . . . . . . . . . : Monday, February 04, 2013 8:31:49 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 436212247
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-22-4B-17-00-21-9B-24-DB-CC
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-21-9B-24-DB-CC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.ga.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:4002:c02::8a
74.125.137.102
74.125.137.138
74.125.137.139
74.125.137.101
74.125.137.113
74.125.137.100



Pinging google.com [204.152.194.252] with 32 bytes of data:

Reply from 204.152.194.252: bytes=32 time=98ms TTL=51

Reply from 204.152.194.252: bytes=32 time=80ms TTL=51



Ping statistics for 204.152.194.252:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 80ms, Maximum = 98ms, Average = 89ms

Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=103ms TTL=47

Reply from 206.190.36.45: bytes=32 time=200ms TTL=47



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 103ms, Maximum = 200ms, Average = 151ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
18 ...00 12 17 8f 18 76 ...... Linksys Wireless-G USB Network Adapter with SpeedBooster
11 ...00 21 9b 24 db cc ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
17 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
16 ...00 00 00 00 00 00 00 e0 isatap.hsd1.ga.comcast.net.
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.105 286
192.168.1.105 255.255.255.255 On-link 192.168.1.105 286
192.168.1.255 255.255.255.255 On-link 192.168.1.105 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.105 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.105 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
18 286 fe80::/64 On-link
18 286 fe80::9ce0:4be4:52f1:d24d/128
On-link
1 306 ff00::/8 On-link
18 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/03/2013 11:21:08 AM) (Source: Application Error) (User: )
Description: Faulting application WINWORD.EXE, version 12.0.6668.5000, time stamp

0x5083137f, faulting module hpz3r5ha.dll, version 61.71.246.0, time stamp 0x460a27bd,

exception code 0xc0000005, fault offset 0x000467e8,
process id 0x9b8, application start time 0xWINWORD.EXE0.

Error: (02/03/2013 08:29:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2013 08:16:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2013 08:15:09 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-

{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/03/2013 06:53:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE

TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2013 06:51:36 AM) (Source: Application Error) (User: )
Description: Faulting application WINWORD.EXE, version 12.0.6668.5000, time stamp

0x5083137f, faulting module hpz3r5ha.dll, version 61.71.246.0, time stamp 0x460a27bd,

exception code 0xc0000005, fault offset 0x000467e8,
process id 0x15f8, application start time 0xWINWORD.EXE0.


System errors:
=============
Error: (02/03/2013 08:29:45 AM) (Source: Service Control Manager) (User: )
Description: mhwwow

Error: (02/03/2013 08:29:45 AM) (Source: Service Control Manager) (User: )
Description: vToolbarUpdater14.0.1%%2

Error: (02/03/2013 08:29:45 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (02/03/2013 08:28:25 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (02/03/2013 08:16:23 AM) (Source: Service Control Manager) (User: )
Description: mhwwow

Error: (02/03/2013 08:16:23 AM) (Source: Service Control Manager) (User: )
Description: vToolbarUpdater14.0.1%%2

Error: (02/03/2013 08:16:23 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (02/03/2013 06:53:58 AM) (Source: Service Control Manager) (User: )
Description: mhwwow

Error: (02/03/2013 06:53:58 AM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (02/03/2013 06:53:58 AM) (Source: Service Control Manager) (User: )
Description: vToolbarUpdater14.0.1%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-02-03 13:55:59.172
Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page

image hashes could not be found on the system.

Date: 2013-02-03 13:55:58.754
Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page

image hashes could not be found on the system.

Date: 2013-02-03 13:55:58.324
Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page

image hashes could not be found on the system.

Date: 2013-02-03 13:55:57.505
Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page

image hashes could not be found on the system.

Date: 2013-02-03 13:55:56.936
Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page

image hashes could not be found on the system.

Date: 2013-02-03 13:55:56.520
Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page

image hashes could not be found on the system.

Date: 2013-02-03 13:55:56.100
Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-

page image hashes could not be found on the system.

Date: 2013-02-03 13:55:55.677
Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-

page image hashes could not be found on the system.

Date: 2013-02-03 13:55:55.257
Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-

page image hashes could not be found on the system.

Date: 2013-02-03 13:55:54.845
Description: Code Integrity is unable to verify the image integrity of the file

\Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-

page image hashes could not be found on the system.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Ad-Aware (Version: 9.6.0)
Ad-Aware Security Toolbar (Version: 0.9.1.8)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader 9.2 (Version: 9.2.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.008.0512.1132)
AVG 2013 (Version: 13.0.2639)
AVG 2013 (Version: 13.0.2897)
AVG 2013 (Version: 2013.0.2897)
Banctec Service Agreement (Version: 2.0.0)
Bonjour (Version: 2.0.2.0)
Catalyst Control Center Core Implementation (Version: 2008.0512.1133.18639)
Catalyst Control Center Graphics Full Existing (Version: 2008.0512.1133.18639)
Catalyst Control Center Graphics Full New (Version: 2008.0512.1133.18639)
Catalyst Control Center Graphics Light (Version: 2008.0512.1133.18639)
Catalyst Control Center Graphics Previews Common (Version: 2008.0512.1133.18639)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0512.1133.18639)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0512.1133.18639)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0512.1133.18639)
Catalyst Control Center Localization French (Version: 2008.0512.1133.18639)
Catalyst Control Center Localization German (Version: 2008.0512.1133.18639)
Catalyst Control Center Localization Hungarian (Version: 2008.0512.1133.18639)
Catalyst Control Center Localization Italian (Version: 2008.0512.1133.18639)
Catalyst Control Center Localization Japanese (Version: 2008.0512.1133.18639)
Catalyst Control Center Localization Korean (Version: 2008.0512.1133.18639)
Catalyst Control Center Localization Portuguese (Version: 2008.0512.1133.18639)
Catalyst Control Center Localization Spanish (Version: 2008.0512.1133.18639)
Catalyst Control Center Localization Turkish (Version: 2008.0512.1133.18639)
ccc-core-static (Version: 2008.0512.1133.18639)
ccc-utility (Version: 2008.0512.1133.18639)
CCC Help Chinese Standard (Version: 2008.0512.1132.18639)
CCC Help Chinese Traditional (Version: 2008.0512.1132.18639)
CCC Help English (Version: 2008.0512.1132.18639)
CCC Help French (Version: 2008.0512.1132.18639)
CCC Help German (Version: 2008.0512.1132.18639)
CCC Help Hungarian (Version: 2008.0512.1132.18639)
CCC Help Italian (Version: 2008.0512.1132.18639)
CCC Help Japanese (Version: 2008.0512.1132.18639)
CCC Help Korean (Version: 2008.0512.1132.18639)
CCC Help Portuguese (Version: 2008.0512.1132.18639)
CCC Help Spanish (Version: 2008.0512.1132.18639)
CCC Help Turkish (Version: 2008.0512.1132.18639)
CCleaner (Version: 3.27)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 PCI V.92 Modem (Version: 7.74.00)
Creative MediaSource 5 (Version: 5.00)
Defraggler (Version: 1.20)
Dell-eBay (Version: 1.00.0000)
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell Dock (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 3.2.6032.102)
Digital Line Detect (Version: 1.21)
dj_sf_software_req (Version: 90.0.235.000)
EDocs
ESET Online Scanner v3
Google Chrome (Version: 24.0.1312.57)
Google Update Helper (Version: 1.3.21.123)
GoToAssist 8.0.0.514
HiJackThis (Version: 1.0.0)
HP Deskjet Printer Driver Software 9.0 (Version: 9.0)
iTunes (Version: 10.0.0.68)
Java™ 6 Update 7 (Version: 1.6.0.70)
Junk Mail filter update (Version: 14.0.8050.1202)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MediaDirect (Version: 4.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version:

8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version:

9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version:

9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Modem Diagnostic Tool (Version: 1.0.24.0)
Mozilla Firefox (3.6.28) (Version: 3.6.28 (en-US))
MSVCRT (Version: 14.0.1468.721)
NetWaiting (Version: 2.5.53)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
QuickTime (Version: 7.67.75.0)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (Version: 1.00)
Realtek High Definition Audio Driver
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Skins (Version: 2008.0512.1133.18639)
Smilebox (Version: 1.1.1.1)
Sound Blaster Audigy ADVANCED MB (Version: 1.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
SpywareBlaster 4.6 (Version: 4.6.0)
Toolbox (Version: 90.0.146.000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 3325.27 MB
Available physical RAM: 1768.35 MB
Total Pagefile: 6880.55 MB
Available Pagefile: 5370.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.21 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:216.99 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.02 GB) NTFS

========================= Users: ========================================

User accounts for \\ALS-PC

aarons Administrator Guest

========================= Restore Points ==================================

02-02-2013 19:55:56 Removed FixCleaner
02-02-2013 19:58:08 Removed Nuance PDF Reader.
02-02-2013 19:59:19 Removed SavetheChildren Reminder by We-Care.com v4.1.19.4
03-02-2013 04:15:12 Installed HiJackThis
03-02-2013 13:12:46 Installed Microsoft Fix it 50267
03-02-2013 13:25:00 Installed Microsoft Fix it 50267

**** End of log ****


Farbar Service Scanner Version: 30-01-2013
Ran by aarons (administrator) on 03-02-2013 at 14:17:58
Running from "C:\Users\aarons\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


adwCleaner
# AdwCleaner v2.109 - Logfile created 02/03/2013 at 14:10:18
# Updated 26/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : aarons - ALS-PC
# Boot Mode : Normal
# Running from : C:\Users\aarons\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.28 (en-US)

File : C:\Users\aarons\AppData\Roaming\Mozilla\Firefox\Profiles\f38qn04e.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\aarons\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.52] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.55] : keyword = "isearch.avg.com",
Deleted [l.58] : search_url = "hxxp://isearch.avg.com/search?cid={03E03205-C0F0-4C68-A20F-

28F0F4E80B75}&mid=30[...]

*************************

AdwCleaner[S1].txt - [5703 octets] - [03/02/2013 06:51:42]
AdwCleaner[S2].txt - [1149 octets] - [03/02/2013 14:10:18]

########## EOF - C:\AdwCleaner[S2].txt - [1209 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows Vista ™ Home Premium x86
Ran by aarons on Sun 02/03/2013 at 15:16:05.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/03/2013 at 15:19:55.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/03/2013 03:24:08 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\CTsvcCDA.exe (PID: 2688) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: DisallowRun [HKCU]

Backup Registry file created at:
C:\Users\aarons\Desktop\rkill\rkill-02-03-2013-03-24-13.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
204.152.194.252 www.google.com
204.152.194.252 google.com
204.152.194.252 google.com.au

20 out of 64 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 02/03/2013 03:24:22 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)


"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AVG_UI" "AVG User Interface" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgui.exe"
+ "ROC_roc_ssl_v12" "" "" "File not found: C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\aarons\appdata\local\google\update\googleupdate.exe"
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8050.1202.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8050.1202.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgse.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "ACE Context Menu" "" "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.6.0_07\bin\ssv.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files\windows live\writer\writerbrowserextension.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Sun Java Console" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre1.6.0_07\bin\ssv.dll"
"Task Scheduler" "" "" ""
+ "\Ad-Aware Update (Weekly)" "Ad-Aware Admin Application " "Lavasoft Limited " "c:\program files\lavasoft\ad-aware\ad-awareadmin.exe"
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
X "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
X "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
X "\GoogleUpdateTaskUserS-1-5-21-2810422428-1526617023-1039550107-1000Core" "Google Installer" "Google Inc." "c:\users\aarons\appdata\local\google\update\googleupdate.exe"
X "\GoogleUpdateTaskUserS-1-5-21-2810422428-1526617023-1039550107-1000UA" "Google Installer" "Google Inc." "c:\users\aarons\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
X "\PCDEventLauncher" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\dell support center\sessionchecker.exe"
X "\PCDoctorBackgroundMonitorTask" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\dell support center\uaclauncher.exe"
X "\ROC_JAN2013_TB_rmv" "" "" "File not found: C:\Program Files\AVG Secure Search\PostInstall\ROC.exe"
+ "\RtlNICDiagVistaStart" "Realtek NIC Diagnostic Utility" "Realtek" "c:\program files\realtek\rtnicdiag\rtnicdiag.exe"
X "\SystemToolsDailyTest" "" "" "File not found: uaclauncher.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Ati External Event Utility" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2013\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "Creative Labs Licensing Service" "Provides licensing services for Creative Labs applications." "Creative Labs" "c:\program files\common files\creative labs shared\service\creativelicensing.exe"
+ "Creative Service for CDROM Access" "Creative Service for CDROM Access" "Creative Technology Ltd" "c:\windows\system32\ctsvccda.exe"
+ "DockLoginService" "Dock Login Service" "Stardock Corporation" "c:\program files\dell\delldock\docklogin.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\514\g2aservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "Lavasoft Ad-Aware Service" "Lavasoft Ad-Aware Service" "Lavasoft Limited" "c:\program files\lavasoft\ad-aware\aawservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "SftService" "SoftThinks Agent Service" "SoftThinks SAS" "c:\program files\dell datasafe local backup\sftservice.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "vToolbarUpdater14.0.1" "" "" "File not found: C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "XAudioService" "User-mode gate for Modem Speakerphone" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avglogx" "AVG Logging Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avglogx.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "avgtp" "" "AVG Technologies" "c:\windows\system32\drivers\avgtpx86.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e6032.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_dpv.sys"
+ "HSXHWBS2" "HSF_HWB2 WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsxhwbs2.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: C:\Windows\System32\Drivers\IpInIp.sys"
+ "Lavasoft Kernexplorer" "" "" "c:\program files\lavasoft\ad-aware\kernexplorer.sys"
+ "Lbd" "Ad-Aware mini-filter driver" "Lavasoft AB" "c:\windows\system32\drivers\lbd.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "mhwwow" "" "" "File not found: C:\Windows\System32\Drivers\mhwwow.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: C:\Windows\System32\Drivers\NwlnkFlt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: C:\Windows\System32\Drivers\NwlnkFwd.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "R300" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "RTL8169" "Realtek 8136/8168/8169 NDIS6 32-bit Driver " "Realtek " "c:\windows\system32\drivers\rtlh86.sys"
+ "RtNdPt60" "Realtek NDIS Protocol Driver" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\rtndpt60.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_cnxt.sys"
+ "XAudio" "Modem Audio Device Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ATI Ticker" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "BPM Metadata" "Creative BPM Metadata Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\metabpmu.ax"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Creative AC3 Source Filter" "Creative AC3 Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\ac3srcu.ax"
+ "Creative Audio Gain Filter" "Audio Gain Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\audgain.ax"
+ "Creative CDDA Source Filter" "CDDA Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\cdda.ax"
+ "Creative Flac Source Filter" "Creative FLAC Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\flacsrcu.ax"
+ "Creative Internet Source Filter" "Creative Internet Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\inetsrcu.ax"
+ "Creative LiveRecording Filter_SxS" "Live Recording Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\liverecu.ax"
+ "Creative MLP Source Filter" "Creative MLP Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\mlpsrcu.ax"
+ "Creative NVF Filter" "Creative Nomad Voice File Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\nvfsrcu.ax"
+ "Creative Ogg Source Filter" "Creative Ogg Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\oggsrcu.ax"
+ "Creative PCM Raw Writer" "Creative Raw Writer" "Creative Technology Ltd" "c:\program files\creative\shared files\rawwritu.ax"
+ "Creative Wave Writer" "Wave Writer" "Creative Technology Ltd" "c:\program files\creative\shared files\wavwrite.ax"
+ "Creative WMA Source Filter" "Creative WMA Source Filter" "Creative Technology Ltd" "c:\program files\creative\shared files\wmasrc.ax"
+ "Creative WMA Writer" "WMA Writer" "Creative Technology Ltd" "c:\program files\creative\shared files\wmawrite.ax"
+ "CT CMSS3 filter" "Sample" "Creative Technology Ltd" "c:\program files\creative\shared files\cmss3.ax"
+ "CT HPVirtualizer filter" "Creative Headphone Virtualizer Filter" "Creative Technology, Ltd." "c:\program files\creative\shared files\virtual.ax"
+ "CT Karaoke filter" "Creative Karaoke Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\karaoke.ax"
+ "CT PDP filter" "Creative Crystalizer Filter" "Creative Technology, Ltd." "c:\program files\creative\shared files\pdp.ax"
+ "CT SmartVolumeManagement filter" "Creative Compressor Plugin" "Creative Technology Ltd." "c:\program files\creative\shared files\dscompr.ax"
+ "CT Time-Scaling filter" "Sample" "Creative Technology Ltd." "c:\program files\creative\shared files\timescal.ax"
+ "CT Upsampler filter" "Sample" "Creative Technology Ltd" "c:\program files\creative\shared files\upsample.ax"
+ "CyberLink Audio Decoder (MD3)" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\claud.ax"
+ "CyberLink Audio Effect (MD3)" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\dell\mediadirect\kernel\movie\claudfx.ax"
+ "CyberLink Audio Wizard" "CyberLink Audio Wizard Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\claudwizard.ax"
+ "CyberLink Demultiplexer (MD3)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator (MD3)" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter (MD3)" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\clline21.ax"
+ "CyberLink MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\video\clmsplter.ax"
+ "Cyberlink SubTitle Importor (MD3)" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (MD3)" "CLAuTS.ax" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\clauts.ax"
+ "CyberLink Tzan Filter" "Cyberlink Tzan Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\cltzan.ax"
+ "CyberLink Video Effect (MD3)" "CLVidFx" "CyberLink" "c:\program files\dell\mediadirect\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder (MD3)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\movie\clvsd.ax"
+ "CyberLink Video/SP Decoder (ShEX)" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\dell\mediadirect\kernel\video\climagevsd.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "MMACE Deinterlace" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Noise Reduction" "Creative Noise Reduction Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\noisredu.ax"
+ "PCM to EXT" "Creative Pcm2Ext" "Creative Technology Ltd." "c:\program files\creative\sbaudigy\wavestudio 7\pcm2ext.ax"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SVM Metadata" "Creative SVM Metadata Filter" "Creative Technology Ltd." "c:\program files\creative\shared files\metasvmu.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "lsdelete" "" "" "c:\windows\system32\lsdelete.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "GoToAssist" "Citrix Online GoToAssist" "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\514\g2awinlogon.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "LIDIL hpzll5ha" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzll5ha.dll"



Thanks for your time and support!

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:15 PM

Posted 03 February 2013 - 03:59 PM

Click on startmenu and type

cmd

right click on it and select run as administrator

Now copy following commands and press ENTER one by one

cd C:\windows\system32\drivers\etc
takeown /a /f hosts
cacls hosts /p everyone:f


Press Y

attrib -s -h -r hosts

After running these commands


Now launch mini toolbox and checkmark hosts contents alone and post the new log


Edited by narenxp, 12 March 2013 - 12:31 AM.


#11 potroastmaster

potroastmaster
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 03 February 2013 - 04:46 PM

MiniToolBox by Farbar Version:10-01-2013
Ran by aarons (administrator) on 03-02-2013 at 16:44:46
Running from "C:\Users\aarons\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

::1 localhost
127.0.0.1 localhost


**** End of log ****



EXCELLENT!
thanks so much guys!
i believe it is working now!
is there anything else to do to ensure my dad doesn't get into this trouble again?

#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:15 AM

Posted 03 February 2013 - 05:05 PM

Hello -
Just FYI, there is a way to reset your browsers again listed on the Genio site -
http://www.genieo.com/faq/#q20
http://www.genieo.com/faq/#uninstall

It works for many, but sometimes there is still a few minor problems -

Thank You -
EDITED to repair link -

Edited by noknojon, 03 February 2013 - 05:07 PM.


#13 potroastmaster

potroastmaster
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 03 February 2013 - 05:11 PM

Thanks I just new that the genieo was a "symptom" there were other issues so not sure what was installed first and what was straight up malware. But they knew nothing about genieo to begin with.
Thanks for the ideas, noknojon!

Jeff.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:15 PM

Posted 03 February 2013 - 05:15 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#15 Genieo support

Genieo support

    Authorized Genieo Representative


  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 04 February 2013 - 01:26 AM

Hi All,

There is really no need for all those tools and complicated steps to uninstall Genieo.
Please visit our FAQ page http://www.genieo.com/faq#uninstall And simply follow the instructions.

Once you are done, you can go to your browser settings and change the default homepage and search to match your decision.

Use relevant link:
Chrome: http://support.google.com/chrome/bin/answer.py?hl=en&answer=95421&topic=1735105&ctx=topic
IE: http://support.microsoft.com/kb/252464
FF: http://www.wikihow.com/Change-your-Start-Page-on-Mozilla-Firefox
Safari: http://browsers.about.com/od/safar1/ss/safarihomepage_3.htm




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users