Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Google Redirect Infection?


  • Please log in to reply
27 replies to this topic

#1 chillbilly76

chillbilly76

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 04 February 2013 - 05:33 AM

Hi All,

I believe I am also suffering from google redirect maliciousness.
When I click on google search results I get redirected to malicious sites.
I fell for this a month ago when I googled getfirefox and downloaded and installed
firefox from the results of the first link, so who knows what is lurking on my PC.

Anyway as a test just then, in chrome, I googled 'microsoft security essentials'
The top link said it was microsoft, I clicked it, but got redirected to
http://www.scanerrors.com/?t202id=115351&t202kw=microsoft

I have this issue in explorer, chrome and firefox.
I am using Vista.

A possibly related issue is the inability to be able to log into gmail - the browser says it can`t set cookies.

Can you please help me with my redirect issue?

Thanks,

Chillbilly

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:44 PM

Posted 04 February 2013 - 07:11 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 chillbilly76

chillbilly76
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 04 February 2013 - 06:33 PM

Thanks narenxp - will do when i get home from work tonight ( 10 hrs or so ).

I`m in Adelaide Australia.

edit: I should add - after I typed out my OP, I tried googling with opera and that is suffering redirect also.

Edited by chillbilly76, 04 February 2013 - 06:39 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:44 PM

Posted 04 February 2013 - 09:20 PM

:thumbup2:

#5 chillbilly76

chillbilly76
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 05 February 2013 - 07:28 AM

OK - here we go -

TDSKiller log
-----------------------------------
22:50:28.0377 7200 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:50:29.0629 7200 ============================================================
22:50:29.0629 7200 Current date / time: 2013/02/05 22:50:29.0629
22:50:29.0629 7200 SystemInfo:
22:50:29.0629 7200
22:50:29.0630 7200 OS Version: 6.0.6001 ServicePack: 1.0
22:50:29.0630 7200 Product type: Workstation
22:50:29.0630 7200 ComputerName: DEVBOX1
22:50:29.0630 7200 UserName: benno
22:50:29.0630 7200 Windows directory: C:\Windows
22:50:29.0630 7200 System windows directory: C:\Windows
22:50:29.0630 7200 Processor architecture: Intel x86
22:50:29.0630 7200 Number of processors: 2
22:50:29.0630 7200 Page size: 0x1000
22:50:29.0630 7200 Boot type: Normal boot
22:50:29.0630 7200 ============================================================
22:50:30.0636 7200 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:50:30.0636 7200 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:50:30.0638 7200 ============================================================
22:50:30.0638 7200 \Device\Harddisk0\DR0:
22:50:30.0638 7200 MBR partitions:
22:50:30.0638 7200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:50:30.0638 7200 \Device\Harddisk1\DR1:
22:50:30.0638 7200 MBR partitions:
22:50:30.0638 7200 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
22:50:30.0638 7200 ============================================================
22:50:30.0673 7200 C: <-> \Device\Harddisk0\DR0\Partition1
22:50:31.0103 7200 Z: <-> \Device\Harddisk1\DR1\Partition1
22:50:31.0103 7200 ============================================================
22:50:31.0103 7200 Initialize success
22:50:31.0103 7200 ============================================================
22:50:40.0639 12856 ============================================================
22:50:40.0639 12856 Scan started
22:50:40.0639 12856 Mode: Manual;
22:50:40.0639 12856 ============================================================
22:50:42.0660 12856 ================ Scan system memory ========================
22:50:42.0660 12856 System memory - ok
22:50:42.0660 12856 ================ Scan services =============================
22:50:42.0807 12856 [ 05283A3DAB2FAA8E5F6DF511855B6D99 ] 57xx SteelVine Manager C:\Program Files\ASUS\Drive Xpert\SteelVine.exe
22:50:42.0818 12856 57xx SteelVine Manager - ok
22:50:42.0891 12856 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
22:50:42.0892 12856 ACPI - ok
22:50:42.0930 12856 [ C0A9A0BE382321A7A6ADFCC4B305F062 ] acsint C:\Windows\system32\DRIVERS\acsint.sys
22:50:42.0931 12856 acsint - ok
22:50:42.0953 12856 [ 9D4B043FA3A628C6F0D56954A71CD726 ] acsmux C:\Windows\system32\DRIVERS\acsmux.sys
22:50:42.0954 12856 acsmux - ok
22:50:43.0046 12856 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:50:43.0049 12856 AdobeFlashPlayerUpdateSvc - ok
22:50:43.0086 12856 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:50:43.0090 12856 adp94xx - ok
22:50:43.0114 12856 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:50:43.0118 12856 adpahci - ok
22:50:43.0132 12856 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:50:43.0134 12856 adpu160m - ok
22:50:43.0147 12856 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:50:43.0149 12856 adpu320 - ok
22:50:43.0180 12856 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:50:43.0180 12856 AeLookupSvc - ok
22:50:43.0207 12856 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
22:50:43.0210 12856 AFD - ok
22:50:43.0233 12856 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:50:43.0234 12856 agp440 - ok
22:50:43.0270 12856 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:50:43.0271 12856 aic78xx - ok
22:50:43.0290 12856 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
22:50:43.0290 12856 ALG - ok
22:50:43.0307 12856 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
22:50:43.0308 12856 aliide - ok
22:50:43.0316 12856 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:50:43.0317 12856 amdagp - ok
22:50:43.0329 12856 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
22:50:43.0330 12856 amdide - ok
22:50:43.0342 12856 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
22:50:43.0343 12856 AmdK7 - ok
22:50:43.0353 12856 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:50:43.0353 12856 AmdK8 - ok
22:50:43.0374 12856 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
22:50:43.0375 12856 Appinfo - ok
22:50:43.0454 12856 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:50:43.0455 12856 Apple Mobile Device - ok
22:50:43.0475 12856 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
22:50:43.0476 12856 arc - ok
22:50:43.0504 12856 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:50:43.0505 12856 arcsas - ok
22:50:43.0538 12856 [ 2B4E66FAC6503494A2C6F32BB6AB3826 ] AsIO C:\Windows\system32\drivers\AsIO.sys
22:50:43.0539 12856 AsIO - ok
22:50:43.0560 12856 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:50:43.0561 12856 AsyncMac - ok
22:50:43.0565 12856 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
22:50:43.0565 12856 atapi - ok
22:50:43.0585 12856 [ 7A45D5222F3B65CA547615650D83156D ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
22:50:43.0589 12856 Ati External Event Utility - ok
22:50:43.0691 12856 [ 371E835CDC37977A130ABECE1EF0584F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:50:43.0754 12856 atikmdag - ok
22:50:43.0772 12856 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:50:43.0774 12856 AudioEndpointBuilder - ok
22:50:43.0779 12856 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:50:43.0780 12856 Audiosrv - ok
22:50:43.0797 12856 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
22:50:43.0798 12856 Beep - ok
22:50:43.0812 12856 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:50:43.0813 12856 blbdrive - ok
22:50:43.0835 12856 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:50:43.0836 12856 bowser - ok
22:50:43.0847 12856 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:50:43.0848 12856 BrFiltLo - ok
22:50:43.0859 12856 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:50:43.0859 12856 BrFiltUp - ok
22:50:43.0876 12856 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
22:50:43.0877 12856 Browser - ok
22:50:43.0914 12856 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
22:50:43.0916 12856 Brserid - ok
22:50:43.0931 12856 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:50:43.0933 12856 BrSerWdm - ok
22:50:43.0954 12856 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:50:43.0955 12856 BrUsbMdm - ok
22:50:43.0986 12856 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:50:43.0987 12856 BrUsbSer - ok
22:50:44.0002 12856 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:50:44.0003 12856 BTHMODEM - ok
22:50:44.0007 12856 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:50:44.0008 12856 cdfs - ok
22:50:44.0025 12856 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:50:44.0026 12856 cdrom - ok
22:50:44.0035 12856 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
22:50:44.0035 12856 CertPropSvc - ok
22:50:44.0044 12856 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
22:50:44.0045 12856 circlass - ok
22:50:44.0065 12856 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
22:50:44.0066 12856 CLFS - ok
22:50:44.0121 12856 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:50:44.0122 12856 clr_optimization_v2.0.50727_32 - ok
22:50:44.0198 12856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:50:44.0200 12856 clr_optimization_v4.0.30319_32 - ok
22:50:44.0218 12856 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:50:44.0219 12856 cmdide - ok
22:50:44.0229 12856 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:50:44.0230 12856 Compbatt - ok
22:50:44.0233 12856 COMSysApp - ok
22:50:44.0248 12856 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:50:44.0248 12856 crcdisk - ok
22:50:44.0258 12856 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
22:50:44.0259 12856 Crusoe - ok
22:50:44.0291 12856 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:50:44.0292 12856 CryptSvc - ok
22:50:44.0317 12856 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:50:44.0320 12856 DcomLaunch - ok
22:50:44.0354 12856 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:50:44.0355 12856 DfsC - ok
22:50:44.0406 12856 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
22:50:44.0431 12856 DFSR - ok
22:50:44.0458 12856 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:50:44.0459 12856 Dhcp - ok
22:50:44.0465 12856 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
22:50:44.0465 12856 disk - ok
22:50:44.0490 12856 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:50:44.0491 12856 Dnscache - ok
22:50:44.0520 12856 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
22:50:44.0521 12856 dot3svc - ok
22:50:44.0529 12856 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
22:50:44.0530 12856 DPS - ok
22:50:44.0556 12856 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:50:44.0557 12856 drmkaud - ok
22:50:44.0593 12856 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:50:44.0600 12856 DXGKrnl - ok
22:50:44.0626 12856 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
22:50:44.0627 12856 E1G60 - ok
22:50:44.0653 12856 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
22:50:44.0653 12856 EapHost - ok
22:50:44.0681 12856 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
22:50:44.0682 12856 Ecache - ok
22:50:44.0723 12856 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:50:44.0724 12856 ehRecvr - ok
22:50:44.0737 12856 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
22:50:44.0737 12856 ehSched - ok
22:50:44.0752 12856 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
22:50:44.0753 12856 ehstart - ok
22:50:44.0780 12856 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:50:44.0784 12856 elxstor - ok
22:50:44.0812 12856 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:50:44.0815 12856 EMDMgmt - ok
22:50:44.0845 12856 [ 16EBD8BF1D5090923694CC972C7CE1B4 ] ENTECH C:\Windows\system32\DRIVERS\ENTECH.sys
22:50:44.0846 12856 ENTECH - ok
22:50:44.0859 12856 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:50:44.0860 12856 ErrDev - ok
22:50:44.0914 12856 esgiguard - ok
22:50:44.0955 12856 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
22:50:44.0956 12856 EventSystem - ok
22:50:44.0978 12856 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
22:50:44.0980 12856 exfat - ok
22:50:45.0005 12856 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:50:45.0007 12856 fastfat - ok
22:50:45.0017 12856 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:50:45.0018 12856 fdc - ok
22:50:45.0021 12856 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
22:50:45.0021 12856 fdPHost - ok
22:50:45.0039 12856 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
22:50:45.0039 12856 FDResPub - ok
22:50:45.0043 12856 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:50:45.0043 12856 FileInfo - ok
22:50:45.0060 12856 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:50:45.0061 12856 Filetrace - ok
22:50:45.0066 12856 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:50:45.0067 12856 flpydisk - ok
22:50:45.0084 12856 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:50:45.0085 12856 FltMgr - ok
22:50:45.0147 12856 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:50:45.0149 12856 FontCache3.0.0.0 - ok
22:50:45.0166 12856 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:50:45.0167 12856 Fs_Rec - ok
22:50:45.0178 12856 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:50:45.0179 12856 gagp30kx - ok
22:50:45.0207 12856 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:50:45.0208 12856 GEARAspiWDM - ok
22:50:45.0222 12856 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
22:50:45.0224 12856 gpsvc - ok
22:50:45.0330 12856 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b89b291c3a5f C:\Program Files\Google\Update\GoogleUpdate.exe
22:50:45.0331 12856 gupdate1c9b89b291c3a5f - ok
22:50:45.0347 12856 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:50:45.0348 12856 gupdatem - ok
22:50:45.0374 12856 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:50:45.0376 12856 gusvc - ok
22:50:45.0396 12856 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:50:45.0399 12856 HdAudAddService - ok
22:50:45.0414 12856 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:50:45.0415 12856 HDAudBus - ok
22:50:45.0435 12856 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:50:45.0436 12856 HidBth - ok
22:50:45.0472 12856 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
22:50:45.0473 12856 HidIr - ok
22:50:45.0493 12856 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
22:50:45.0493 12856 hidserv - ok
22:50:45.0497 12856 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:50:45.0497 12856 HidUsb - ok
22:50:45.0503 12856 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:50:45.0504 12856 hkmsvc - ok
22:50:45.0520 12856 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:50:45.0521 12856 HpCISSs - ok
22:50:45.0543 12856 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:50:45.0546 12856 HTTP - ok
22:50:45.0588 12856 [ 19E6885A061011D8DABE8F64498423FA ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:50:45.0590 12856 hwdatacard - ok
22:50:45.0613 12856 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:50:45.0614 12856 i2omp - ok
22:50:45.0637 12856 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:50:45.0638 12856 i8042prt - ok
22:50:45.0663 12856 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:50:45.0666 12856 iaStorV - ok
22:50:45.0740 12856 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:50:45.0742 12856 IDriverT - ok
22:50:45.0800 12856 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:50:45.0810 12856 idsvc - ok
22:50:45.0823 12856 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:50:45.0824 12856 iirsp - ok
22:50:46.0214 12856 [ 51516252DBBFED36F70B341DBA263167 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
22:50:46.0215 12856 IJPLMSVC - ok
22:50:46.0322 12856 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
22:50:46.0324 12856 IKEEXT - ok
22:50:46.0463 12856 [ 58628F232A00A3149D7CC7708C521499 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:50:46.0486 12856 IntcAzAudAddService - ok
22:50:46.0522 12856 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
22:50:46.0523 12856 intelide - ok
22:50:46.0541 12856 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:50:46.0542 12856 intelppm - ok
22:50:46.0555 12856 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:50:46.0556 12856 IPBusEnum - ok
22:50:46.0576 12856 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:50:46.0577 12856 IpFilterDriver - ok
22:50:46.0580 12856 IpInIp - ok
22:50:46.0600 12856 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:50:46.0600 12856 IPMIDRV - ok
22:50:46.0616 12856 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:50:46.0618 12856 IPNAT - ok
22:50:46.0669 12856 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:50:46.0677 12856 iPod Service - ok
22:50:46.0698 12856 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:50:46.0699 12856 IRENUM - ok
22:50:46.0725 12856 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:50:46.0727 12856 isapnp - ok
22:50:46.0761 12856 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:50:46.0763 12856 iScsiPrt - ok
22:50:46.0777 12856 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:50:46.0778 12856 iteatapi - ok
22:50:46.0795 12856 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:50:46.0796 12856 iteraid - ok
22:50:46.0811 12856 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:50:46.0811 12856 kbdclass - ok
22:50:46.0824 12856 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:50:46.0825 12856 kbdhid - ok
22:50:46.0851 12856 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
22:50:46.0852 12856 KeyIso - ok
22:50:46.0871 12856 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:50:46.0873 12856 KSecDD - ok
22:50:46.0908 12856 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:50:46.0912 12856 KtmRm - ok
22:50:46.0930 12856 [ C61350992A67EA1EDD3D314A11A99659 ] L1E C:\Windows\system32\DRIVERS\L1E60x86.sys
22:50:46.0931 12856 L1E - ok
22:50:46.0957 12856 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:50:46.0959 12856 LanmanServer - ok
22:50:46.0985 12856 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:50:46.0987 12856 LanmanWorkstation - ok
22:50:47.0090 12856 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
22:50:47.0092 12856 LBTServ - ok
22:50:47.0127 12856 [ 70035567754BED4E6AD353CA3F175127 ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
22:50:47.0128 12856 LEqdUsb - ok
22:50:47.0154 12856 [ 32491B6BAE0AFAD1D7A62C0EF0AF4321 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
22:50:47.0155 12856 LHidEqd - ok
22:50:47.0170 12856 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:50:47.0171 12856 LHidFilt - ok
22:50:47.0206 12856 [ 75AC54B996F7C8E17594EBC32B6614BD ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:50:47.0206 12856 LightScribeService - ok
22:50:47.0223 12856 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:50:47.0223 12856 lltdio - ok
22:50:47.0235 12856 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:50:47.0238 12856 lltdsvc - ok
22:50:47.0241 12856 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:50:47.0242 12856 lmhosts - ok
22:50:47.0267 12856 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:50:47.0268 12856 LMouFilt - ok
22:50:47.0290 12856 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:50:47.0292 12856 LSI_FC - ok
22:50:47.0302 12856 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:50:47.0304 12856 LSI_SAS - ok
22:50:47.0337 12856 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:50:47.0339 12856 LSI_SCSI - ok
22:50:47.0360 12856 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
22:50:47.0361 12856 luafv - ok
22:50:47.0388 12856 [ 0905DC0814D738CFF53577A59CCD81E0 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
22:50:47.0389 12856 MBAMSwissArmy - ok
22:50:47.0491 12856 [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe
22:50:47.0494 12856 McComponentHostService - ok
22:50:47.0521 12856 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:50:47.0523 12856 Mcx2Svc - ok
22:50:47.0554 12856 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
22:50:47.0555 12856 megasas - ok
22:50:47.0593 12856 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:50:47.0598 12856 MegaSR - ok
22:50:47.0619 12856 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
22:50:47.0620 12856 MMCSS - ok
22:50:47.0629 12856 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
22:50:47.0631 12856 Modem - ok
22:50:47.0648 12856 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:50:47.0649 12856 monitor - ok
22:50:47.0657 12856 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:50:47.0658 12856 mouclass - ok
22:50:47.0660 12856 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:50:47.0661 12856 mouhid - ok
22:50:47.0664 12856 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:50:47.0664 12856 MountMgr - ok
22:50:47.0693 12856 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
22:50:47.0695 12856 mpio - ok
22:50:47.0721 12856 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:50:47.0721 12856 mpsdrv - ok
22:50:47.0738 12856 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:50:47.0739 12856 Mraid35x - ok
22:50:47.0752 12856 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:50:47.0753 12856 MRxDAV - ok
22:50:47.0779 12856 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:50:47.0780 12856 mrxsmb - ok
22:50:47.0802 12856 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:50:47.0804 12856 mrxsmb10 - ok
22:50:47.0808 12856 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:50:47.0808 12856 mrxsmb20 - ok
22:50:47.0834 12856 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
22:50:47.0835 12856 msahci - ok
22:50:47.0860 12856 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:50:47.0862 12856 msdsm - ok
22:50:47.0878 12856 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
22:50:47.0880 12856 MSDTC - ok
22:50:47.0908 12856 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:50:47.0909 12856 Msfs - ok
22:50:47.0923 12856 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:50:47.0924 12856 msisadrv - ok
22:50:47.0940 12856 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:50:47.0942 12856 MSiSCSI - ok
22:50:47.0945 12856 msiserver - ok
22:50:47.0987 12856 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:50:47.0988 12856 MSKSSRV - ok
22:50:48.0027 12856 [ 0A562F61D84BF1988E4DD6413B76C1D4 ] msloop C:\Windows\system32\DRIVERS\loop.sys
22:50:48.0027 12856 msloop - ok
22:50:48.0042 12856 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:50:48.0043 12856 MSPCLOCK - ok
22:50:48.0072 12856 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:50:48.0073 12856 MSPQM - ok
22:50:48.0091 12856 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:50:48.0091 12856 MsRPC - ok
22:50:48.0106 12856 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:50:48.0107 12856 mssmbios - ok
22:50:48.0118 12856 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:50:48.0118 12856 MSTEE - ok
22:50:48.0137 12856 [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:50:48.0138 12856 MTsensor - ok
22:50:48.0141 12856 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
22:50:48.0141 12856 Mup - ok
22:50:48.0160 12856 [ A95FED4C2FB11C79E7DDBE2EFF1919B5 ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
22:50:48.0161 12856 mv61xx - ok
22:50:48.0187 12856 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
22:50:48.0190 12856 napagent - ok
22:50:48.0206 12856 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:50:48.0207 12856 NativeWifiP - ok
22:50:48.0227 12856 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:50:48.0230 12856 NDIS - ok
22:50:48.0241 12856 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:50:48.0242 12856 NdisTapi - ok
22:50:48.0254 12856 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:50:48.0254 12856 Ndisuio - ok
22:50:48.0275 12856 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:50:48.0277 12856 NdisWan - ok
22:50:48.0280 12856 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:50:48.0281 12856 NDProxy - ok
22:50:48.0339 12856 [ 6D4028D458EAAA1782099750790DC8C9 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
22:50:48.0346 12856 Nero BackItUp Scheduler 3 - ok
22:50:48.0350 12856 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:50:48.0350 12856 NetBIOS - ok
22:50:48.0361 12856 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:50:48.0363 12856 netbt - ok
22:50:48.0373 12856 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
22:50:48.0374 12856 Netlogon - ok
22:50:48.0405 12856 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
22:50:48.0407 12856 Netman - ok
22:50:48.0418 12856 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
22:50:48.0420 12856 netprofm - ok
22:50:48.0462 12856 [ C9AFE484B3645DA74FD459F45E4F756F ] netr73 C:\Windows\system32\DRIVERS\netr73.sys
22:50:48.0467 12856 netr73 - ok
22:50:48.0493 12856 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:50:48.0495 12856 NetTcpPortSharing - ok
22:50:48.0512 12856 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:50:48.0513 12856 nfrd960 - ok
22:50:48.0531 12856 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:50:48.0532 12856 NlaSvc - ok
22:50:48.0573 12856 [ D36107465E716CF2335A25C54B6D11C2 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:50:48.0577 12856 NMIndexingService - ok
22:50:48.0580 12856 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:50:48.0581 12856 Npfs - ok
22:50:48.0595 12856 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
22:50:48.0597 12856 nsi - ok
22:50:48.0606 12856 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:50:48.0606 12856 nsiproxy - ok
22:50:48.0619 12856 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:50:48.0624 12856 Ntfs - ok
22:50:48.0645 12856 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
22:50:48.0646 12856 ntrigdigi - ok
22:50:48.0661 12856 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
22:50:48.0661 12856 Null - ok
22:50:48.0679 12856 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:50:48.0681 12856 nvraid - ok
22:50:48.0691 12856 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:50:48.0692 12856 nvstor - ok
22:50:48.0717 12856 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:50:48.0718 12856 nv_agp - ok
22:50:48.0721 12856 NwlnkFlt - ok
22:50:48.0724 12856 NwlnkFwd - ok
22:50:48.0809 12856 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:50:48.0813 12856 odserv - ok
22:50:48.0851 12856 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:50:48.0852 12856 ohci1394 - ok
22:50:48.0915 12856 [ D13945C978BFB15DE660064BEDD76486 ] OracleDBConsoledevdb C:\oracle\product\11.1.0\db_1\bin\nmesrvc.exe
22:50:48.0917 12856 OracleDBConsoledevdb - ok
22:50:48.0920 12856 OracleJobSchedulerDEVDB - ok
22:50:48.0921 12856 OracleOraDb11g_home1TNSListener - ok
22:50:48.0933 12856 OracleServiceDEVDB - ok
22:50:48.0936 12856 OracleVssWriterDEVDB - ok
22:50:49.0026 12856 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:50:49.0029 12856 ose - ok
22:50:49.0170 12856 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:50:49.0245 12856 osppsvc - ok
22:50:49.0304 12856 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:50:49.0307 12856 p2pimsvc - ok
22:50:49.0315 12856 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
22:50:49.0318 12856 p2psvc - ok
22:50:49.0348 12856 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
22:50:49.0350 12856 Parport - ok
22:50:49.0369 12856 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:50:49.0370 12856 partmgr - ok
22:50:49.0392 12856 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
22:50:49.0394 12856 Parvdm - ok
22:50:49.0420 12856 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
22:50:49.0422 12856 PcaSvc - ok
22:50:49.0439 12856 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
22:50:49.0440 12856 pci - ok
22:50:49.0462 12856 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
22:50:49.0463 12856 pciide - ok
22:50:49.0475 12856 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:50:49.0477 12856 pcmcia - ok
22:50:49.0516 12856 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:50:49.0519 12856 PEAUTH - ok
22:50:49.0569 12856 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
22:50:49.0575 12856 pla - ok
22:50:49.0584 12856 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:50:49.0586 12856 PlugPlay - ok
22:50:49.0595 12856 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:50:49.0598 12856 PNRPAutoReg - ok
22:50:49.0606 12856 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:50:49.0609 12856 PNRPsvc - ok
22:50:49.0655 12856 [ 437827D69040C0C2565D47B024ED5372 ] Point32 C:\Windows\system32\DRIVERS\point32k.sys
22:50:49.0656 12856 Point32 - ok
22:50:49.0684 12856 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:50:49.0686 12856 PolicyAgent - ok
22:50:49.0694 12856 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:50:49.0695 12856 PptpMiniport - ok
22:50:49.0710 12856 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
22:50:49.0711 12856 Processor - ok
22:50:49.0727 12856 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
22:50:49.0729 12856 ProfSvc - ok
22:50:49.0740 12856 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:50:49.0741 12856 ProtectedStorage - ok
22:50:49.0782 12856 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
22:50:49.0783 12856 ProtexisLicensing - ok
22:50:49.0803 12856 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:50:49.0803 12856 PSched - ok
22:50:49.0844 12856 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:50:49.0855 12856 ql2300 - ok
22:50:49.0864 12856 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:50:49.0866 12856 ql40xx - ok
22:50:49.0891 12856 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
22:50:49.0893 12856 QWAVE - ok
22:50:49.0900 12856 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:50:49.0901 12856 QWAVEdrv - ok
22:50:49.0910 12856 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:50:49.0911 12856 RasAcd - ok
22:50:49.0926 12856 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
22:50:49.0928 12856 RasAuto - ok
22:50:49.0942 12856 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:50:49.0943 12856 Rasl2tp - ok
22:50:49.0954 12856 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
22:50:49.0956 12856 RasMan - ok
22:50:49.0959 12856 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:50:49.0960 12856 RasPppoe - ok
22:50:49.0968 12856 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:50:49.0969 12856 RasSstp - ok
22:50:49.0985 12856 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:50:49.0987 12856 rdbss - ok
22:50:49.0997 12856 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:50:49.0998 12856 RDPCDD - ok
22:50:50.0023 12856 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:50:50.0026 12856 rdpdr - ok
22:50:50.0029 12856 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:50:50.0029 12856 RDPENCDD - ok
22:50:50.0039 12856 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:50:50.0041 12856 RDPWD - ok
22:50:50.0075 12856 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:50:50.0076 12856 RemoteAccess - ok
22:50:50.0099 12856 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:50:50.0100 12856 RemoteRegistry - ok
22:50:50.0114 12856 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
22:50:50.0115 12856 RpcLocator - ok
22:50:50.0127 12856 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
22:50:50.0130 12856 RpcSs - ok
22:50:50.0141 12856 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:50:50.0142 12856 rspndr - ok
22:50:50.0171 12856 [ 0AB8D9D7C5AC81FC736D7C208F737570 ] RT73 C:\Windows\system32\DRIVERS\Dr71WU.sys
22:50:50.0176 12856 RT73 - ok
22:50:50.0229 12856 [ 318F4F327190B2AEE7AAE9CAFD19BB19 ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys
22:50:50.0232 12856 RTL8187B - ok
22:50:50.0275 12856 [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
22:50:50.0275 12856 RtlProt - ok
22:50:50.0278 12856 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
22:50:50.0279 12856 SamSs - ok
22:50:50.0309 12856 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:50:50.0310 12856 sbp2port - ok
22:50:50.0334 12856 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:50:50.0335 12856 SCardSvr - ok
22:50:50.0364 12856 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
22:50:50.0369 12856 Schedule - ok
22:50:50.0379 12856 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
22:50:50.0379 12856 SCPolicySvc - ok
22:50:50.0392 12856 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:50:50.0393 12856 SDRSVC - ok
22:50:50.0401 12856 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:50:50.0402 12856 secdrv - ok
22:50:50.0409 12856 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
22:50:50.0411 12856 seclogon - ok
22:50:50.0417 12856 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
22:50:50.0418 12856 SENS - ok
22:50:50.0436 12856 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:50:50.0437 12856 Serenum - ok
22:50:50.0467 12856 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:50:50.0468 12856 Serial - ok
22:50:50.0484 12856 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:50:50.0486 12856 sermouse - ok
22:50:50.0516 12856 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
22:50:50.0518 12856 SessionEnv - ok
22:50:50.0542 12856 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:50:50.0543 12856 sffdisk - ok
22:50:50.0549 12856 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:50:50.0550 12856 sffp_mmc - ok
22:50:50.0560 12856 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:50:50.0561 12856 sffp_sd - ok
22:50:50.0575 12856 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:50:50.0576 12856 sfloppy - ok
22:50:50.0621 12856 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:50:50.0624 12856 ShellHWDetection - ok
22:50:50.0635 12856 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:50:50.0636 12856 sisagp - ok
22:50:50.0650 12856 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:50:50.0652 12856 SiSRaid2 - ok
22:50:50.0671 12856 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:50:50.0672 12856 SiSRaid4 - ok
22:50:50.0707 12856 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:50:50.0708 12856 SkypeUpdate - ok
22:50:50.0760 12856 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
22:50:50.0773 12856 slsvc - ok
22:50:50.0792 12856 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:50:50.0793 12856 SLUINotify - ok
22:50:50.0801 12856 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:50:50.0802 12856 Smb - ok
22:50:50.0817 12856 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:50:50.0818 12856 SNMPTRAP - ok
22:50:50.0826 12856 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
22:50:50.0827 12856 spldr - ok
22:50:50.0852 12856 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
22:50:50.0854 12856 Spooler - ok
22:50:50.0885 12856 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:50:50.0887 12856 srv - ok
22:50:50.0916 12856 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:50:50.0917 12856 srv2 - ok
22:50:50.0947 12856 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:50:50.0947 12856 srvnet - ok
22:50:50.0956 12856 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:50:50.0958 12856 SSDPSRV - ok
22:50:50.0988 12856 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:50:50.0989 12856 SstpSvc - ok
22:50:51.0012 12856 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
22:50:51.0015 12856 stisvc - ok
22:50:51.0042 12856 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:50:51.0043 12856 swenum - ok
22:50:51.0061 12856 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
22:50:51.0064 12856 swprv - ok
22:50:51.0079 12856 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:50:51.0080 12856 Symc8xx - ok
22:50:51.0090 12856 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:50:51.0091 12856 Sym_hi - ok
22:50:51.0097 12856 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:50:51.0098 12856 Sym_u3 - ok
22:50:51.0121 12856 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
22:50:51.0125 12856 SysMain - ok
22:50:51.0140 12856 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:50:51.0142 12856 TabletInputService - ok
22:50:51.0156 12856 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
22:50:51.0158 12856 TapiSrv - ok
22:50:51.0174 12856 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
22:50:51.0176 12856 TBS - ok
22:50:51.0216 12856 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:50:51.0224 12856 Tcpip - ok
22:50:51.0235 12856 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:50:51.0239 12856 Tcpip6 - ok
22:50:51.0253 12856 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:50:51.0254 12856 tcpipreg - ok
22:50:51.0268 12856 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:50:51.0269 12856 TDPIPE - ok
22:50:51.0286 12856 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:50:51.0287 12856 TDTCP - ok
22:50:51.0297 12856 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:50:51.0299 12856 tdx - ok
22:50:51.0306 12856 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:50:51.0307 12856 TermDD - ok
22:50:51.0329 12856 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
22:50:51.0332 12856 TermService - ok
22:50:51.0344 12856 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
22:50:51.0345 12856 Themes - ok
22:50:51.0352 12856 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
22:50:51.0353 12856 THREADORDER - ok
22:50:51.0359 12856 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
22:50:51.0361 12856 TrkWks - ok
22:50:51.0389 12856 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:50:51.0390 12856 TrustedInstaller - ok
22:50:51.0405 12856 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:50:51.0406 12856 tssecsrv - ok
22:50:51.0430 12856 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:50:51.0431 12856 tunmp - ok
22:50:52.0018 12856 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:50:52.0019 12856 tunnel - ok
22:50:52.0108 12856 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:50:52.0126 12856 uagp35 - ok
22:50:52.0208 12856 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:50:52.0341 12856 udfs - ok
22:50:52.0364 12856 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:50:52.0366 12856 UI0Detect - ok
22:50:52.0392 12856 [ A4E07DA3AE2078BD96E84D4BAA07B71D ] ULCDRHlp C:\Windows\system32\Drivers\ULCDRHlp.sys
22:50:52.0393 12856 ULCDRHlp - ok
22:50:52.0407 12856 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:50:52.0408 12856 uliagpkx - ok
22:50:52.0428 12856 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:50:52.0431 12856 uliahci - ok
22:50:52.0446 12856 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:50:52.0448 12856 UlSata - ok
22:50:52.0462 12856 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:50:52.0464 12856 ulsata2 - ok
22:50:52.0485 12856 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:50:52.0486 12856 umbus - ok
22:50:52.0501 12856 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
22:50:52.0503 12856 upnphost - ok
22:50:52.0529 12856 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:50:52.0530 12856 USBAAPL - ok
22:50:52.0557 12856 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:50:52.0558 12856 usbccgp - ok
22:50:52.0575 12856 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:50:52.0576 12856 usbcir - ok
22:50:52.0594 12856 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:50:52.0595 12856 usbehci - ok
22:50:52.0612 12856 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:50:52.0614 12856 usbhub - ok
22:50:52.0630 12856 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:50:52.0631 12856 usbohci - ok
22:50:52.0653 12856 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:50:52.0654 12856 usbprint - ok
22:50:52.0665 12856 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:50:52.0666 12856 usbscan - ok
22:50:52.0680 12856 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:50:52.0681 12856 USBSTOR - ok
22:50:52.0692 12856 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:50:52.0692 12856 usbuhci - ok
22:50:52.0703 12856 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
22:50:52.0704 12856 UxSms - ok
22:50:52.0725 12856 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
22:50:52.0728 12856 vds - ok
22:50:52.0743 12856 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:50:52.0744 12856 vga - ok
22:50:52.0762 12856 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
22:50:52.0763 12856 VgaSave - ok
22:50:52.0779 12856 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:50:52.0780 12856 viaagp - ok
22:50:52.0793 12856 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:50:52.0794 12856 ViaC7 - ok
22:50:52.0808 12856 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
22:50:52.0809 12856 viaide - ok
22:50:52.0823 12856 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:50:52.0824 12856 volmgr - ok
22:50:52.0839 12856 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:50:52.0841 12856 volmgrx - ok
22:50:52.0857 12856 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:50:52.0858 12856 volsnap - ok
22:50:52.0901 12856 [ F937E203D6F18FAD36B68D92DF02775D ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
22:50:52.0906 12856 vpnagent - ok
22:50:52.0935 12856 [ 0D8DF4058901616A4E716AB67D472581 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
22:50:52.0936 12856 vpnva - ok
22:50:52.0954 12856 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:50:52.0955 12856 vsmraid - ok
22:50:52.0988 12856 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
22:50:52.0993 12856 VSS - ok
22:50:53.0002 12856 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
22:50:53.0005 12856 W32Time - ok
22:50:53.0020 12856 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:50:53.0021 12856 WacomPen - ok
22:50:53.0044 12856 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:50:53.0045 12856 Wanarp - ok
22:50:53.0047 12856 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:50:53.0048 12856 Wanarpv6 - ok
22:50:53.0066 12856 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:50:53.0069 12856 wcncsvc - ok
22:50:53.0075 12856 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:50:53.0077 12856 WcsPlugInService - ok
22:50:53.0089 12856 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
22:50:53.0090 12856 Wd - ok
22:50:53.0111 12856 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:50:53.0113 12856 Wdf01000 - ok
22:50:53.0119 12856 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:50:53.0120 12856 WdiServiceHost - ok
22:50:53.0123 12856 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:50:53.0124 12856 WdiSystemHost - ok
22:50:53.0138 12856 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
22:50:53.0140 12856 WebClient - ok
22:50:53.0165 12856 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:50:53.0167 12856 Wecsvc - ok
22:50:53.0179 12856 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:50:53.0181 12856 wercplsupport - ok
22:50:53.0208 12856 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
22:50:53.0210 12856 WerSvc - ok
22:50:53.0213 12856 WinHttpAutoProxySvc - ok
22:50:53.0254 12856 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:50:53.0255 12856 Winmgmt - ok
22:50:53.0292 12856 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
22:50:53.0302 12856 WinRM - ok
22:50:53.0338 12856 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:50:53.0342 12856 Wlansvc - ok
22:50:53.0356 12856 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:50:53.0357 12856 WmiAcpi - ok
22:50:53.0385 12856 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:50:53.0386 12856 wmiApSrv - ok
22:50:53.0426 12856 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:50:53.0433 12856 WMPNetworkSvc - ok
22:50:53.0447 12856 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:50:53.0449 12856 WPCSvc - ok
22:50:53.0466 12856 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:50:53.0468 12856 WPDBusEnum - ok
22:50:53.0498 12856 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:50:53.0500 12856 WpdUsb - ok
22:50:53.0645 12856 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:50:53.0651 12856 WPFFontCache_v0400 - ok
22:50:53.0677 12856 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:50:53.0678 12856 ws2ifsl - ok
22:50:53.0680 12856 WSearch - ok
22:50:53.0701 12856 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:53.0703 12856 WUDFRd - ok
22:50:53.0709 12856 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:50:53.0711 12856 wudfsvc - ok
22:50:53.0757 12856 ================ Scan global ===============================
22:50:53.0775 12856 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:50:53.0801 12856 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
22:50:53.0810 12856 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
22:50:53.0825 12856 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
22:50:53.0827 12856 [Global] - ok
22:50:53.0827 12856 ================ Scan MBR ==================================
22:50:53.0834 12856 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:50:54.0005 12856 \Device\Harddisk0\DR0 - ok
22:50:54.0007 12856 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
22:50:54.0009 12856 \Device\Harddisk1\DR1 - ok
22:50:54.0009 12856 ================ Scan VBR ==================================
22:50:54.0011 12856 [ 409014C0E2A8AB40ED2EA6988010C81A ] \Device\Harddisk0\DR0\Partition1
22:50:54.0012 12856 \Device\Harddisk0\DR0\Partition1 - ok
22:50:54.0014 12856 [ DEE4178ABA44E5C06865725B146846BF ] \Device\Harddisk1\DR1\Partition1
22:50:54.0014 12856 \Device\Harddisk1\DR1\Partition1 - ok
22:50:54.0015 12856 ============================================================
22:50:54.0015 12856 Scan finished
22:50:54.0015 12856 ============================================================
22:50:54.0020 15720 Detected object count: 0
22:50:54.0020 15720 Actual detected object count: 0

*****************************************************************************************

ASWMBR log
---------------------------------------------------------------------------------

#6 chillbilly76

chillbilly76
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 05 February 2013 - 07:39 AM

wow - ansMBR crashed my computer - so restarted in safe mode -

now running the scan . . .

#7 chillbilly76

chillbilly76
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 05 February 2013 - 08:14 AM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-05 23:05:35
-----------------------------
23:05:35.464 OS Version: Windows 6.0.6001 Service Pack 1
23:05:35.464 Number of processors: 2 586 0x170A
23:05:35.464 ComputerName: DEVBOX1 UserName: benno
23:06:12.545 Initialize success
23:06:25.150 AVAST engine defs: 13020500
23:09:25.086 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:09:25.086 Disk 0 Vendor: WDC_WD10EADS-00L5B1 01.01A01 Size: 953869MB BusType: 3
23:09:25.086 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-6
23:09:25.086 Disk 1 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
23:09:25.117 Disk 0 MBR read successfully
23:09:25.117 Disk 0 MBR scan
23:09:25.117 Disk 0 Windows VISTA default MBR code
23:09:25.117 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
23:09:25.133 Disk 0 scanning sectors +1953521664
23:09:25.195 Disk 0 scanning C:\Windows\system32\drivers
23:09:34.508 Service scanning
23:10:00.280 Modules scanning
23:10:02.183 Disk 0 trace - called modules:
23:10:02.214 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
23:10:02.230 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868a4260]
23:10:02.230 3 CLASSPNP.SYS[83fa0745] -> nt!IofCallDriver -> [0x8592d280]
23:10:02.230 5 acpi.sys[806946a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x866f5ba0]
23:10:05.911 AVAST engine scan C:\Windows
23:10:09.796 AVAST engine scan C:\Windows\system32
23:12:13.097 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
23:13:29.851 AVAST engine scan C:\Windows\system32\drivers
23:14:03.252 AVAST engine scan C:\Users\benno
23:41:16.510 Disk 0 MBR has been saved successfully to "C:\antimal\MBR.dat"
23:41:16.510 The log file has been saved successfully to "C:\antimal\aswMBR.txt"

not sure if ig ot all of this - will let it run again overnight.
now eset . . .

#8 chillbilly76

chillbilly76
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 05 February 2013 - 03:25 PM

eset Log

C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\benno\AppData\Local\ATI\mpcttzqt.dll a variant of Win32/Kryptik.AQKP trojan cleaned by deleting - quarantined
C:\Users\benno\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe multiple threats cleaned by deleting - quarantined
C:\Users\benno\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4f20b760-259c2c6a a variant of Java/Exploit.Agent.NDH trojan cleaned by deleting - quarantined
C:\Users\benno\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4f20b760-7073409b a variant of Java/Exploit.Agent.NDH trojan cleaned by deleting - quarantined
C:\Users\benno\Downloads\Mozilla_FireFox_Setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
Operating memory multiple threats

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:44 PM

Posted 05 February 2013 - 03:26 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#10 chillbilly76

chillbilly76
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 05 February 2013 - 03:28 PM

the avast program crashed - windows informed me it had stopped working, and i could either just close the program, or check online for a solution and close the program.
I could see about 7 red lines on the terminal tho.

will get to those tonight - off to work now
!

Thanks!

Edited by chillbilly76, 05 February 2013 - 03:29 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:44 PM

Posted 05 February 2013 - 03:29 PM

Ignore it move to other scans

#12 chillbilly76

chillbilly76
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 06 February 2013 - 06:10 AM

minitoolbox

MiniToolBox by Farbar Version:10-01-2013
Ran by benno (administrator) on 06-02-2013 at 21:38:24
Running from "C:\antimal"
Windows Vista ™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows = Cisco AnyConnect Secure Mobility Client Connection (Disconnected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection (Connected)
Microsoft Loopback Adapter = Local Area Connection 2 (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : devbox1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::44a6:bd39:98cc:30f8%14(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.48.248(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Physical Address. . . . . . . . . : 00-23-54-82-6B-12
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6da4:4605:5bd2:51f9%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.1.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 06, 2013 8:33:04 PM
Lease Expires . . . . . . . . . . : Thursday, February 07, 2013 8:33:03 PM
Default Gateway . . . . . . . . . : 10.1.1.1
DHCP Server . . . . . . . . . . . : 10.1.1.1
DNS Servers . . . . . . . . . . . : 10.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{D0DA742A-0FEE-429D-A1A6-75B05872DA1B}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{16435A23-0572-4035-BEB9-FDFA9401DA8F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.237.142] with 32 bytes of data:

Reply from 74.125.237.142: bytes=32 time=59ms TTL=56

Reply from 74.125.237.142: bytes=32 time=58ms TTL=56



Ping statistics for 74.125.237.142:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 58ms, Maximum = 59ms, Average = 58ms



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=398ms TTL=48

Reply from 98.138.253.109: bytes=32 time=335ms TTL=48



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 335ms, Maximum = 398ms, Average = 366ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
14 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Adapter
13 ...00 23 54 82 6b 12 ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
1 ........................... Software Loopback Interface 1
21 ...00 00 00 00 00 00 00 e0 isatap.{D0DA742A-0FEE-429D-A1A6-75B05872DA1B}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{16435A23-0572-4035-BEB9-FDFA9401DA8F}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.7 20
10.1.1.0 255.255.255.0 On-link 10.1.1.7 276
10.1.1.7 255.255.255.255 On-link 10.1.1.7 276
10.1.1.255 255.255.255.255 On-link 10.1.1.7 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.48.248 286
169.254.48.248 255.255.255.255 On-link 169.254.48.248 286
169.254.255.255 255.255.255.255 On-link 169.254.48.248 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.48.248 286
224.0.0.0 240.0.0.0 On-link 10.1.1.7 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.48.248 286
255.255.255.255 255.255.255.255 On-link 10.1.1.7 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 286 fe80::/64 On-link
13 276 fe80::/64 On-link
14 286 fe80::44a6:bd39:98cc:30f8/128
On-link
13 276 fe80::6da4:4605:5bd2:51f9/128
On-link
1 306 ff00::/8 On-link
14 286 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 mswsock.dll [File not found] ()
Catalog9 07 mswsock.dll [File not found] ()
Catalog9 08 mswsock.dll [File not found] ()
Catalog9 09 mswsock.dll [File not found] ()
Catalog9 10 mswsock.dll [File not found] ()
Catalog9 11 mswsock.dll [File not found] ()
Catalog9 12 mswsock.dll [File not found] ()
Catalog9 13 mswsock.dll [File not found] ()
Catalog9 14 mswsock.dll [File not found] ()
Catalog9 15 mswsock.dll [File not found] ()
Catalog9 16 mswsock.dll [File not found] ()
Catalog9 17 mswsock.dll [File not found] ()
Catalog9 18 mswsock.dll [File not found] ()
Catalog9 19 mswsock.dll [File not found] ()
Catalog9 20 mswsock.dll [File not found] ()
Catalog9 21 mswsock.dll [File not found] ()
Catalog9 22 mswsock.dll [File not found] ()
Catalog9 23 mswsock.dll [File not found] ()
Catalog9 24 mswsock.dll [File not found] ()
Catalog9 25 mswsock.dll [File not found] ()
Catalog9 26 mswsock.dll [File not found] ()
Catalog9 27 mswsock.dll [File not found] ()
Catalog9 28 mswsock.dll [File not found] ()
Catalog9 29 mswsock.dll [File not found] ()
Catalog9 30 mswsock.dll [File not found] ()
Catalog9 31 mswsock.dll [File not found] ()
Catalog9 32 mswsock.dll [File not found] ()
Catalog9 33 mswsock.dll [File not found] ()
Catalog9 34 mswsock.dll [File not found] ()
Catalog9 35 mswsock.dll [File not found] ()
Catalog9 36 mswsock.dll [File not found] ()
Catalog9 37 mswsock.dll [File not found] ()
Catalog9 38 mswsock.dll [File not found] ()
Catalog9 39 mswsock.dll [File not found] ()
Catalog9 40 mswsock.dll [File not found] ()
Catalog9 41 mswsock.dll [File not found] ()
Catalog9 42 mswsock.dll [File not found] ()
Catalog9 43 mswsock.dll [File not found] ()
Catalog9 44 mswsock.dll [File not found] ()
Catalog9 45 mswsock.dll [File not found] ()
Catalog9 46 mswsock.dll [File not found] ()
Catalog9 47 mswsock.dll [File not found] ()
Catalog9 48 mswsock.dll [File not found] ()
Catalog9 49 mswsock.dll [File not found] ()
Catalog9 50 mswsock.dll [File not found] ()
Catalog9 51 mswsock.dll [File not found] ()
Catalog9 52 mswsock.dll [File not found] ()
Catalog9 53 mswsock.dll [File not found] ()
Catalog9 54 mswsock.dll [File not found] ()
Catalog9 55 mswsock.dll [File not found] ()
Catalog9 56 mswsock.dll [File not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/06/2013 09:38:39 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6001.18000, time stamp 0x47918e19, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000138, fault offset 0x00009cfc,
process id 0x1f08, application start time 0xnslookup.exe0.

Error: (02/06/2013 09:38:33 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6001.18000, time stamp 0x47918e19, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000138, fault offset 0x00009cfc,
process id 0x1968, application start time 0xnslookup.exe0.

Error: (02/06/2013 09:32:58 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6001.18000, time stamp 0x47918e19, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000138, fault offset 0x00009cfc,
process id 0x12b8, application start time 0xnslookup.exe0.

Error: (02/06/2013 09:32:40 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6001.18000, time stamp 0x47918e19, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000138, fault offset 0x00009cfc,
process id 0x10a4, application start time 0xnslookup.exe0.

Error: (02/06/2013 08:34:01 PM) (Source: Application Error) (User: )
Description: Faulting application wmpnetwk.exe, version 11.0.6001.7000, time stamp 0x47919370, faulting module wmp.dll_unloaded, version 0.0.0.0, time stamp 0x4c8a76f8, exception code 0xc0000005, fault offset 0x6a07a8f6,
process id 0xd54, application start time 0xwmpnetwk.exe0.

Error: (02/06/2013 08:34:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2013 05:43:27 AM) (Source: Application Error) (User: )
Description: Faulting application aswMBR.exe, version 0.9.9.1707, time stamp 0x509be8bf, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x00065860,
process id 0x1098, application start time 0xaswMBR.exe0.

Error: (02/05/2013 11:04:44 PM) (Source: EventSystem) (User: )
Description: d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (02/05/2013 11:03:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2013 08:51:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/06/2013 08:34:01 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (02/06/2013 08:34:01 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (02/06/2013 08:34:01 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (02/06/2013 08:34:01 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (02/06/2013 08:34:01 PM) (Source: Service Control Manager) (User: )
Description: 30000vpnagent

Error: (02/06/2013 08:34:00 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (02/06/2013 08:33:03 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (02/06/2013 08:33:02 PM) (Source: Dhcp) (User: )
Description: The IP address lease 10.1.1.7 for the Network Card with network address 002354826B12 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/05/2013 11:05:09 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/05/2013 11:05:00 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-02-06 20:42:09.129
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 20:42:09.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 20:42:08.951
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 20:42:08.813
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 20:42:08.722
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-06 20:42:08.444
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-05 23:06:08.458
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-05 23:06:08.365
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-05 23:06:08.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-02-05 23:06:08.006
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 1.8.2)
µTorrent (Version: 3.2.3.28705)
3 MobileBroadband (Version: 11.002.03.14.100)
3DMark06 (Version: 1.1.0)
AAC Decoder (Version: 7.1.0)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader 9.1 (Version: 9.1.0)
AGEIA PhysX v7.09.13 (Version: 7.09.13)
AI Direct Link (Version: 1.00.14)
AI Suite (Version: 1.04.10)
ANIWZCS2 Service
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ASUSUpdate
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.34)
Atheros Ethernet Utility (Version: 1.1.0.3)
ATI AVIVO Codecs (Version: 9.16.0.30508)
ATI Catalyst Install Manager (Version: 3.0.694.0)
AutoUpdate (Version: 1.1)
BrewMate
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)
Canon MP Navigator EX 1.0
Canon MP610 series
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Easy-PhotoPrint EX
Canon Utilities MyCamera (Version: 7.0.0.3)
Canon Utilities MyCamera DC (Version: 7.0.1.8)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX (Version: 6.2.0.29)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.0.9)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.1003.1759.30358)
Catalyst Control Center Graphics Full Existing (Version: 2008.1003.1759.30358)
Catalyst Control Center Graphics Full New (Version: 2008.1003.1759.30358)
Catalyst Control Center Graphics Light (Version: 2008.1003.1759.30358)
Catalyst Control Center Graphics Previews Vista (Version: 2008.1003.1759.30358)
Catalyst Control Center HydraVision Full (Version: 2008.1003.1759.30358)
Catalyst Control Center InstallProxy (Version: 2008.1003.1759.30358)
ccc-core-static (Version: 2008.1003.1759.30358)
ccc-utility (Version: 2008.1003.1759.30358)
CCC Help English (Version: 2008.1003.1758.30358)
CCleaner (Version: 3.20)
CD-LabelPrint
CDDRV_Installer (Version: 4.60)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.4235)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.4235)
CORE 6.0 University Edition (Version: 6.0.3)
D-Link Wireless G DWA-110
DbVisualizer 6.5.10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.0.0)
DivX Player (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.0.0.19)
DivX Web Player (Version: 1.4.3)
Drive Xpert (Version: 1.0.25)
e-tax 2009 (Version: 1.0.0.0)
e-tax 2011 (Version: 11.1.704)
e-tax 2012 (Version: 6.0.577)
EPU-6 Engine (Version: 1.00.16)
erLT (Version: 1.20.0137)
ESET Online Scanner v3
Express Gate (Version: 1.3.3.1)
FFmpeg for Audacity on Windows
Frontline Systems Premium Solver for Education V7.0
Futuremark SystemInfo (Version: 3.16.2.1)
GIMP 2.6.8
Google Chrome (Version: 24.0.1312.57)
Google Drive (Version: 1.7.4018.3496)
Google Update Helper (Version: 1.3.21.123)
H.264 Decoder (Version: 1.0.0)
ImageMixer 3 SE Ver.5 Transfer Utility (Version: 3.04.009)
ImageMixer 3 SE Ver.5 Video Tools (Version: 3.04.014)
iReport 3.7.0 (Version: 3.7.0)
ISO Recorder (Version: 3.0.0)
iTunes (Version: 10.6.1.7)
J2SE Development Kit 5.0 Update 21 (Version: 1.5.0.210)
J2SE Runtime Environment 5.0 Update 21 (Version: 1.5.0.210)
Java Auto Updater (Version: 2.0.2.1)
Java Platform, Enterprise Edition 5 SDK
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 7 (Version: 1.6.0.70)
KhalInstallWrapper (Version: 2.00.0000)
LightScribe System Software 1.10.16.1 (Version: 1.10.16.1)
Logitech SetPoint (Version: 4.80)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
marvell 61xx (Version: 1.2.0.57)
McAfee Security Scan Plus (Version: 3.0.313.1)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 6.2 (Version: 6.20.182.0)
Microsoft IntelliType Pro 6.2 (Version: 6.20.182.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MKV Splitter (Version: 1.0.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Transfer Utility Ver.2 (Version: 1.01.006)
Nero 8 Essentials (Version: 8.10.366)
neroxml (Version: 1.0.0)
NETGEAR WG111v3 wireless USB 2.0 adapter (Version: 1.01.10)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenAL
Opera 12.12 (Version: 12.12.1707)
PC Probe II (Version: 1.04.51)
Picasa 3 (Version: 3.8)
PIXMA Extended Survey Program
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 6.0.1.5628)
Skins (Version: 2008.1003.1759.30358)
Skype™ 5.10 (Version: 5.10.116)
Ulead Burn.Now 4.5 (Version: 4.5.0)
Ulead Burn.Now 4.5 SE (Version: 4.5.0)
Ulead PhotoImpact 12 (Version: 12.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
VCRedistSetup (Version: 1.0.0)
Vim 7.2 (self-installing)
VLC media player 2.0.1 (Version: 2.0.1)
VoiceOver Kit (Version: 1.40.128.0)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
WinRAR 4.00 (32-bit) (Version: 4.00.0)

========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 3326.12 MB
Available physical RAM: 1360.89 MB
Total Pagefile: 6899.23 MB
Available Pagefile: 4792.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.03 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:931.51 GB) (Free:97.71 GB) NTFS
4 Drive z: (Z Drive) (Fixed) (Total:1863.01 GB) (Free:1483.33 GB) NTFS

========================= Users: ========================================

User accounts for \\DEVBOX1

Administrator benno Courtney
Guest


**** End of log ****

#13 chillbilly76

chillbilly76
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 06 February 2013 - 06:14 AM

farbar service scanner
Farbar Service Scanner Version: 30-01-2013
Ran by benno (administrator) on 06-02-2013 at 21:41:33
Running from "C:\Users\benno\Downloads"
Windows Vista ™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: ATTENTION!=====> Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-15 20:01] - [2011-04-21 23:46] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-16 20:27] - [2010-06-17 02:29] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-16 10:49] - [2011-03-03 01:19] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-21 12:54] - [2008-01-21 12:54] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-21 12:53] - [2008-01-21 12:53] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 12:53] - [2008-01-21 12:53] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-21 12:53] - [2008-01-21 12:53] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 12:54] - [2008-01-21 12:54] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-21 12:55] - [2008-01-21 12:55] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2009-03-13 16:05] - [2008-04-18 16:18] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-21 12:54] - [2008-01-21 12:54] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-04-14 08:47] - [2010-02-19 00:41] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-15 16:18] - [2009-03-03 15:09] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

#14 chillbilly76

chillbilly76
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 06 February 2013 - 06:20 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows Vista ™ Home Premium x86
Ran by benno on Wed 02/06/2013 at 21:46:56.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

Val Name Type Value Data
======== ==== ==========
ATI REG_SZ rundll32.exe C:\Users\benno\AppData\Local\ATI\mpcttzqt.dll,DVEncGetAPIExt




~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\benno\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\benno\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/06/2013 at 21:48:59.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#15 chillbilly76

chillbilly76
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 06 February 2013 - 06:25 AM

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/06/2013 09:53:37 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\benno\Downloads\JRT.exe (PID: 6332) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\L\00000004.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\L\201d3dde [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\L\76603ac3 [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\n [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\U\00000004.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\U\00000008.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\U\000000cb.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\U\80000000.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$e07b9b64255c955ba9240577cad195c3\U\80000032.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-453939289-1705814860-2839792310-1000\$e07b9b64255c955ba9240577cad195c3\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-453939289-1705814860-2839792310-1000\$e07b9b64255c955ba9240577cad195c3\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-453939289-1705814860-2839792310-1000\$e07b9b64255c955ba9240577cad195c3\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-453939289-1705814860-2839792310-1000\$e07b9b64255c955ba9240577cad195c3\n [ZA File]
* C:\$Recycle.Bin\S-1-5-21-453939289-1705814860-2839792310-1000\$e07b9b64255c955ba9240577cad195c3\U\ [ZA Dir]

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* BITS [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 02/06/2013 09:54:28 PM
Execution time: 0 hours(s), 0 minute(s), and 51 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users