Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware and trojan problem


  • Please log in to reply
20 replies to this topic

#1 lffoar

lffoar

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide South Australia
  • Local time:02:50 AM

Posted 15 June 2012 - 04:21 AM

Hi,
Somewhere today I have managed to get an infection from the web. I initially got my Avast anti virus blowing its top and showing me I had "Win32:malware-Gen" and another "Win32:DNSChanger-vj(trj)".
Avast said to do a root scan which I did and it showed infection which I quarantined and deleted. The first (malware-gen) appeared again on reboot so I ran Malwarebytes antimalware in safe mode which showed a trojan (vj trj). I deleted it there but now whenever I startup I'm getting messages from Avast that malware has been blocked. I have scanned several times with Avast, Malwarebytes and SAS but still have problems. Incidentally, while writing this, Avast has gone off four or five times warning of malware. Help would be appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:20 AM

Posted 15 June 2012 - 10:38 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 lffoar

lffoar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide South Australia
  • Local time:02:50 AM

Posted 15 June 2012 - 05:43 PM

Hi and thanks for your prompt reply,
After getting ten or twenty malware messages from Avast last night I investigated further and things seemed to point to a "windows installer" with a lot of numbers/letters following. I traced it back in my system and deleted it which has stopped the AV from alerting me of infection every few minutes. I ran two of the scans which have apparently found problems, (I have a 64 bit system so couldn't run the third) and have listed them here.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 07:58:03
-----------------------------
07:58:03.130 OS Version: Windows x64 6.1.7601 Service Pack 1
07:58:03.130 Number of processors: 8 586 0x1A05
07:58:03.130 ComputerName: BOBBYS-PC UserName: Bobby's
07:58:05.018 Initialize success
07:58:05.080 AVAST engine defs: 12061500
07:58:47.278 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
07:58:47.278 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
07:58:47.294 Disk 0 MBR read successfully
07:58:47.294 Disk 0 MBR scan
07:58:47.294 Disk 0 Windows 7 default MBR code
07:58:47.294 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:58:47.309 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
07:58:47.340 Disk 0 scanning C:\Windows\system32\drivers
07:58:52.988 Service scanning
07:59:03.798 Modules scanning
07:59:03.798 Disk 0 trace - called modules:
07:59:03.814 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
07:59:03.814 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d25790]
07:59:03.814 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8004ac9e40]
07:59:03.830 5 ACPI.sys[fffff88000ef67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa8004ad0060]
07:59:04.937 AVAST engine scan C:\Windows
07:59:07.230 AVAST engine scan C:\Windows\system32
07:59:59.897 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:00:00.584 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:00:16.090 AVAST engine scan C:\Windows\system32\drivers
08:00:23.906 AVAST engine scan C:\Users\Bobby's
08:01:38.505 AVAST engine scan C:\ProgramData
08:02:11.452 Disk 0 MBR has been saved successfully to "C:\Users\Bobby's\Desktop\MBR.dat"
08:02:11.468 The log file has been saved successfully to "C:\Users\Bobby's\Desktop\aswMBR.txt"


07:53:36.0833 1588 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
07:53:37.0644 1588 ============================================================
07:53:37.0644 1588 Current date / time: 2012/06/16 07:53:37.0644
07:53:37.0644 1588 SystemInfo:
07:53:37.0644 1588
07:53:37.0644 1588 OS Version: 6.1.7601 ServicePack: 1.0
07:53:37.0644 1588 Product type: Workstation
07:53:37.0644 1588 ComputerName: BOBBYS-PC
07:53:37.0644 1588 UserName: Bobby's
07:53:37.0644 1588 Windows directory: C:\Windows
07:53:37.0644 1588 System windows directory: C:\Windows
07:53:37.0644 1588 Running under WOW64
07:53:37.0644 1588 Processor architecture: Intel x64
07:53:37.0644 1588 Number of processors: 8
07:53:37.0644 1588 Page size: 0x1000
07:53:37.0644 1588 Boot type: Normal boot
07:53:37.0644 1588 ============================================================
07:53:38.0564 1588 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:53:38.0564 1588 ============================================================
07:53:38.0564 1588 \Device\Harddisk0\DR0:
07:53:38.0564 1588 MBR partitions:
07:53:38.0564 1588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:53:38.0564 1588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
07:53:38.0564 1588 ============================================================
07:53:38.0611 1588 C: <-> \Device\Harddisk0\DR0\Partition1
07:53:38.0611 1588 ============================================================
07:53:38.0611 1588 Initialize success
07:53:38.0611 1588 ============================================================
07:54:09.0109 2428 ============================================================
07:54:09.0109 2428 Scan started
07:54:09.0109 2428 Mode: Manual; TDLFS;
07:54:09.0109 2428 ============================================================
07:54:09.0421 2428 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
07:54:09.0421 2428 !SASCORE - ok
07:54:09.0546 2428 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:54:09.0546 2428 1394ohci - ok
07:54:09.0593 2428 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:54:09.0593 2428 ACPI - ok
07:54:09.0608 2428 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:54:09.0608 2428 AcpiPmi - ok
07:54:09.0702 2428 AcrSch2Svc (2582060d70153b4ab12ff226b6ed7146) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
07:54:09.0718 2428 AcrSch2Svc - ok
07:54:09.0780 2428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:54:09.0780 2428 adp94xx - ok
07:54:09.0811 2428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:54:09.0811 2428 adpahci - ok
07:54:09.0827 2428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:54:09.0827 2428 adpu320 - ok
07:54:09.0842 2428 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:54:09.0842 2428 AeLookupSvc - ok
07:54:09.0889 2428 afcdp (3426a6eaa09077f3ab946fb9ceb85d8e) C:\Windows\system32\DRIVERS\afcdp.sys
07:54:09.0889 2428 afcdp - ok
07:54:09.0998 2428 afcdpsrv (986a134b1a1770599b7af9354cbb066f) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
07:54:10.0030 2428 afcdpsrv - ok
07:54:10.0201 2428 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:54:10.0201 2428 AFD - ok
07:54:10.0232 2428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:54:10.0232 2428 agp440 - ok
07:54:10.0248 2428 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:54:10.0248 2428 ALG - ok
07:54:10.0264 2428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:54:10.0264 2428 aliide - ok
07:54:10.0326 2428 ALSysIO - ok
07:54:10.0326 2428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:54:10.0326 2428 amdide - ok
07:54:10.0373 2428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:54:10.0373 2428 AmdK8 - ok
07:54:10.0373 2428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:54:10.0388 2428 AmdPPM - ok
07:54:10.0404 2428 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:54:10.0404 2428 amdsata - ok
07:54:10.0420 2428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:54:10.0420 2428 amdsbs - ok
07:54:10.0435 2428 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:54:10.0435 2428 amdxata - ok
07:54:10.0466 2428 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:54:10.0466 2428 AppID - ok
07:54:10.0482 2428 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:54:10.0482 2428 AppIDSvc - ok
07:54:10.0498 2428 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:54:10.0498 2428 Appinfo - ok
07:54:10.0513 2428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:54:10.0513 2428 arc - ok
07:54:10.0544 2428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:54:10.0544 2428 arcsas - ok
07:54:10.0576 2428 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
07:54:10.0576 2428 aswFsBlk - ok
07:54:10.0607 2428 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
07:54:10.0607 2428 aswMonFlt - ok
07:54:10.0669 2428 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
07:54:10.0669 2428 aswRdr - ok
07:54:10.0716 2428 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
07:54:10.0716 2428 aswSnx - ok
07:54:10.0747 2428 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
07:54:10.0747 2428 aswSP - ok
07:54:10.0778 2428 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
07:54:10.0778 2428 aswTdi - ok
07:54:10.0825 2428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:54:10.0825 2428 AsyncMac - ok
07:54:10.0919 2428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:54:10.0919 2428 atapi - ok
07:54:11.0090 2428 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:54:11.0106 2428 AudioEndpointBuilder - ok
07:54:11.0106 2428 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:54:11.0122 2428 AudioSrv - ok
07:54:11.0200 2428 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:54:11.0200 2428 avast! Antivirus - ok
07:54:11.0262 2428 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:54:11.0262 2428 AxInstSV - ok
07:54:11.0309 2428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:54:11.0309 2428 b06bdrv - ok
07:54:11.0356 2428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:54:11.0356 2428 b57nd60a - ok
07:54:11.0402 2428 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:54:11.0402 2428 BDESVC - ok
07:54:11.0418 2428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:54:11.0418 2428 Beep - ok
07:54:11.0465 2428 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
07:54:11.0496 2428 BITS - ok
07:54:11.0527 2428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:54:11.0527 2428 blbdrive - ok
07:54:11.0558 2428 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:54:11.0558 2428 bowser - ok
07:54:11.0590 2428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:54:11.0590 2428 BrFiltLo - ok
07:54:11.0605 2428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:54:11.0605 2428 BrFiltUp - ok
07:54:11.0636 2428 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:54:11.0636 2428 Browser - ok
07:54:11.0668 2428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:54:11.0668 2428 Brserid - ok
07:54:11.0683 2428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:54:11.0683 2428 BrSerWdm - ok
07:54:11.0683 2428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:54:11.0683 2428 BrUsbMdm - ok
07:54:11.0699 2428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:54:11.0699 2428 BrUsbSer - ok
07:54:11.0699 2428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:54:11.0714 2428 BTHMODEM - ok
07:54:11.0714 2428 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:54:11.0714 2428 bthserv - ok
07:54:11.0730 2428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:54:11.0730 2428 cdfs - ok
07:54:11.0761 2428 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:54:11.0761 2428 cdrom - ok
07:54:11.0824 2428 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:54:11.0824 2428 CertPropSvc - ok
07:54:11.0855 2428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:54:11.0855 2428 circlass - ok
07:54:11.0886 2428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:54:11.0902 2428 CLFS - ok
07:54:11.0980 2428 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:54:11.0980 2428 clr_optimization_v2.0.50727_32 - ok
07:54:12.0042 2428 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:54:12.0042 2428 clr_optimization_v2.0.50727_64 - ok
07:54:12.0104 2428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:54:12.0104 2428 clr_optimization_v4.0.30319_32 - ok
07:54:12.0136 2428 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:54:12.0136 2428 clr_optimization_v4.0.30319_64 - ok
07:54:12.0167 2428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:54:12.0167 2428 CmBatt - ok
07:54:12.0182 2428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:54:12.0182 2428 cmdide - ok
07:54:12.0229 2428 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:54:12.0229 2428 CNG - ok
07:54:12.0245 2428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:54:12.0245 2428 Compbatt - ok
07:54:12.0260 2428 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:54:12.0260 2428 CompositeBus - ok
07:54:12.0260 2428 COMSysApp - ok
07:54:12.0276 2428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:54:12.0276 2428 crcdisk - ok
07:54:12.0323 2428 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:54:12.0323 2428 CryptSvc - ok
07:54:12.0370 2428 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
07:54:12.0370 2428 dc3d - ok
07:54:12.0416 2428 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:54:12.0448 2428 DcomLaunch - ok
07:54:12.0510 2428 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:54:12.0510 2428 defragsvc - ok
07:54:12.0541 2428 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:54:12.0541 2428 DfsC - ok
07:54:12.0697 2428 DfSdkS (d51b32ba3897f630d99713b74b40d6a2) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe
07:54:12.0713 2428 DfSdkS - ok
07:54:12.0744 2428 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:54:12.0744 2428 Dhcp - ok
07:54:12.0760 2428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:54:12.0760 2428 discache - ok
07:54:12.0775 2428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:54:12.0775 2428 Disk - ok
07:54:12.0822 2428 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:54:12.0822 2428 Dnscache - ok
07:54:12.0853 2428 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:54:12.0853 2428 dot3svc - ok
07:54:12.0900 2428 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:54:12.0916 2428 DPS - ok
07:54:12.0947 2428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:54:12.0947 2428 drmkaud - ok
07:54:13.0009 2428 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:54:13.0009 2428 DXGKrnl - ok
07:54:13.0040 2428 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:54:13.0056 2428 EapHost - ok
07:54:13.0181 2428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:54:13.0228 2428 ebdrv - ok
07:54:13.0306 2428 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
07:54:13.0306 2428 EFS - ok
07:54:13.0337 2428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:54:13.0352 2428 elxstor - ok
07:54:13.0368 2428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:54:13.0368 2428 ErrDev - ok
07:54:13.0415 2428 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:54:13.0415 2428 EventSystem - ok
07:54:13.0430 2428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:54:13.0446 2428 exfat - ok
07:54:13.0462 2428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:54:13.0462 2428 fastfat - ok
07:54:13.0524 2428 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:54:13.0540 2428 Fax - ok
07:54:13.0555 2428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:54:13.0571 2428 fdc - ok
07:54:13.0571 2428 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:54:13.0571 2428 fdPHost - ok
07:54:13.0602 2428 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:54:13.0602 2428 FDResPub - ok
07:54:13.0618 2428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:54:13.0618 2428 FileInfo - ok
07:54:13.0633 2428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:54:13.0633 2428 Filetrace - ok
07:54:13.0649 2428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:54:13.0649 2428 flpydisk - ok
07:54:13.0680 2428 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:54:13.0680 2428 FltMgr - ok
07:54:13.0758 2428 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
07:54:13.0789 2428 FontCache - ok
07:54:13.0820 2428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:54:13.0836 2428 FsDepends - ok
07:54:13.0852 2428 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
07:54:13.0852 2428 Fs_Rec - ok
07:54:13.0914 2428 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:54:13.0914 2428 fvevol - ok
07:54:13.0961 2428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:54:13.0961 2428 gagp30kx - ok
07:54:14.0008 2428 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:54:14.0039 2428 gpsvc - ok
07:54:14.0086 2428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:54:14.0086 2428 hcw85cir - ok
07:54:14.0132 2428 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:54:14.0148 2428 HdAudAddService - ok
07:54:14.0179 2428 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:54:14.0179 2428 HDAudBus - ok
07:54:14.0179 2428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:54:14.0179 2428 HidBatt - ok
07:54:14.0195 2428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:54:14.0195 2428 HidBth - ok
07:54:14.0226 2428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:54:14.0226 2428 HidIr - ok
07:54:14.0242 2428 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
07:54:14.0257 2428 hidserv - ok
07:54:14.0273 2428 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:54:14.0273 2428 HidUsb - ok
07:54:14.0320 2428 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:54:14.0320 2428 hkmsvc - ok
07:54:14.0351 2428 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:54:14.0351 2428 HomeGroupListener - ok
07:54:14.0398 2428 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:54:14.0413 2428 HomeGroupProvider - ok
07:54:14.0429 2428 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:54:14.0429 2428 HpSAMD - ok
07:54:14.0476 2428 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:54:14.0538 2428 HTTP - ok
07:54:14.0600 2428 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:54:14.0600 2428 hwpolicy - ok
07:54:14.0632 2428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:54:14.0632 2428 i8042prt - ok
07:54:14.0694 2428 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:54:14.0694 2428 iaStorV - ok
07:54:14.0710 2428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:54:14.0710 2428 iirsp - ok
07:54:14.0772 2428 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:54:14.0788 2428 IKEEXT - ok
07:54:14.0928 2428 IntcAzAudAddService (13089f31aa37cde1ce3784ee01a48484) C:\Windows\system32\drivers\RTKVHD64.sys
07:54:14.0944 2428 IntcAzAudAddService - ok
07:54:15.0053 2428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
07:54:15.0053 2428 intelide - ok
07:54:15.0068 2428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:54:15.0068 2428 intelppm - ok
07:54:15.0100 2428 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:54:15.0115 2428 IPBusEnum - ok
07:54:15.0131 2428 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:54:15.0131 2428 IpFilterDriver - ok
07:54:15.0146 2428 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:54:15.0146 2428 IPMIDRV - ok
07:54:15.0162 2428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:54:15.0162 2428 IPNAT - ok
07:54:15.0193 2428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:54:15.0193 2428 IRENUM - ok
07:54:15.0209 2428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:54:15.0209 2428 isapnp - ok
07:54:15.0240 2428 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:54:15.0256 2428 iScsiPrt - ok
07:54:15.0271 2428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:54:15.0287 2428 kbdclass - ok
07:54:15.0287 2428 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
07:54:15.0287 2428 kbdhid - ok
07:54:15.0318 2428 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:54:15.0318 2428 KeyIso - ok
07:54:15.0380 2428 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
07:54:15.0380 2428 KeyScrambler - ok
07:54:15.0396 2428 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:54:15.0412 2428 KSecDD - ok
07:54:15.0427 2428 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:54:15.0427 2428 KSecPkg - ok
07:54:15.0443 2428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:54:15.0443 2428 ksthunk - ok
07:54:15.0474 2428 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:54:15.0474 2428 KtmRm - ok
07:54:15.0521 2428 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
07:54:15.0536 2428 LanmanServer - ok
07:54:15.0552 2428 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:54:15.0568 2428 LanmanWorkstation - ok
07:54:15.0599 2428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:54:15.0599 2428 lltdio - ok
07:54:15.0630 2428 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:54:15.0630 2428 lltdsvc - ok
07:54:15.0646 2428 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:54:15.0646 2428 lmhosts - ok
07:54:15.0677 2428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:54:15.0677 2428 LSI_FC - ok
07:54:15.0708 2428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:54:15.0708 2428 LSI_SAS - ok
07:54:15.0724 2428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:54:15.0724 2428 LSI_SAS2 - ok
07:54:15.0739 2428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:54:15.0739 2428 LSI_SCSI - ok
07:54:15.0755 2428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:54:15.0770 2428 luafv - ok
07:54:15.0786 2428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:54:15.0786 2428 megasas - ok
07:54:15.0802 2428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:54:15.0817 2428 MegaSR - ok
07:54:15.0833 2428 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:54:15.0833 2428 MMCSS - ok
07:54:15.0848 2428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:54:15.0848 2428 Modem - ok
07:54:15.0880 2428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:54:15.0880 2428 monitor - ok
07:54:15.0911 2428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:54:15.0911 2428 mouclass - ok
07:54:15.0958 2428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:54:15.0958 2428 mouhid - ok
07:54:15.0989 2428 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:54:15.0989 2428 mountmgr - ok
07:54:16.0020 2428 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:54:16.0020 2428 mpio - ok
07:54:16.0036 2428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:54:16.0036 2428 mpsdrv - ok
07:54:16.0145 2428 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:54:16.0145 2428 MRxDAV - ok
07:54:16.0192 2428 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:54:16.0192 2428 mrxsmb - ok
07:54:16.0223 2428 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:54:16.0223 2428 mrxsmb10 - ok
07:54:16.0238 2428 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:54:16.0238 2428 mrxsmb20 - ok
07:54:16.0270 2428 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:54:16.0270 2428 msahci - ok
07:54:16.0301 2428 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:54:16.0301 2428 msdsm - ok
07:54:16.0316 2428 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:54:16.0332 2428 MSDTC - ok
07:54:16.0348 2428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:54:16.0348 2428 Msfs - ok
07:54:16.0363 2428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:54:16.0363 2428 mshidkmdf - ok
07:54:16.0379 2428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:54:16.0379 2428 msisadrv - ok
07:54:16.0410 2428 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:54:16.0426 2428 MSiSCSI - ok
07:54:16.0426 2428 msiserver - ok
07:54:16.0457 2428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:54:16.0457 2428 MSKSSRV - ok
07:54:16.0457 2428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:54:16.0457 2428 MSPCLOCK - ok
07:54:16.0457 2428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:54:16.0472 2428 MSPQM - ok
07:54:16.0504 2428 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:54:16.0504 2428 MsRPC - ok
07:54:16.0519 2428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:54:16.0519 2428 mssmbios - ok
07:54:16.0535 2428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:54:16.0535 2428 MSTEE - ok
07:54:16.0550 2428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:54:16.0550 2428 MTConfig - ok
07:54:16.0597 2428 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
07:54:16.0597 2428 MTsensor - ok
07:54:16.0597 2428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:54:16.0613 2428 Mup - ok
07:54:16.0660 2428 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:54:16.0660 2428 napagent - ok
07:54:16.0706 2428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:54:16.0706 2428 NativeWifiP - ok
07:54:16.0784 2428 NBVol (7b2d90bbbbed11c8dfba441d34ae901e) C:\Windows\system32\DRIVERS\NBVol.sys
07:54:16.0784 2428 NBVol - ok
07:54:16.0800 2428 NBVolUp (4fe7b5757279d82c4d171e9f7fd52a75) C:\Windows\system32\DRIVERS\NBVolUp.sys
07:54:16.0800 2428 NBVolUp - ok
07:54:16.0862 2428 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:54:16.0878 2428 NDIS - ok
07:54:16.0909 2428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:54:16.0909 2428 NdisCap - ok
07:54:16.0925 2428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:54:16.0925 2428 NdisTapi - ok
07:54:16.0956 2428 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:54:16.0956 2428 Ndisuio - ok
07:54:16.0972 2428 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:54:16.0972 2428 NdisWan - ok
07:54:17.0018 2428 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:54:17.0018 2428 NDProxy - ok
07:54:17.0034 2428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:54:17.0034 2428 NetBIOS - ok
07:54:17.0065 2428 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:54:17.0065 2428 NetBT - ok
07:54:17.0096 2428 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:54:17.0096 2428 Netlogon - ok
07:54:17.0143 2428 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:54:17.0159 2428 Netman - ok
07:54:17.0190 2428 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:54:17.0190 2428 netprofm - ok
07:54:17.0206 2428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:54:17.0206 2428 nfrd960 - ok
07:54:17.0252 2428 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:54:17.0252 2428 NlaSvc - ok
07:54:17.0268 2428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:54:17.0268 2428 Npfs - ok
07:54:17.0284 2428 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:54:17.0284 2428 nsi - ok
07:54:17.0299 2428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:54:17.0299 2428 nsiproxy - ok
07:54:17.0377 2428 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:54:17.0408 2428 Ntfs - ok
07:54:17.0549 2428 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
07:54:17.0549 2428 NuidFltr - ok
07:54:17.0564 2428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:54:17.0564 2428 Null - ok
07:54:18.0110 2428 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:54:18.0157 2428 nvlddmkm - ok
07:54:18.0313 2428 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:54:18.0313 2428 nvraid - ok
07:54:18.0344 2428 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:54:18.0344 2428 nvstor - ok
07:54:18.0438 2428 NVSvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
07:54:18.0469 2428 NVSvc - ok
07:54:18.0641 2428 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
07:54:18.0672 2428 nvUpdatusService - ok
07:54:18.0719 2428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:54:18.0719 2428 nv_agp - ok
07:54:18.0844 2428 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:54:18.0844 2428 odserv - ok
07:54:18.0859 2428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:54:18.0859 2428 ohci1394 - ok
07:54:18.0922 2428 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:54:18.0922 2428 ose - ok
07:54:18.0968 2428 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:54:18.0968 2428 p2pimsvc - ok
07:54:19.0000 2428 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:54:19.0015 2428 p2psvc - ok
07:54:19.0046 2428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:54:19.0046 2428 Parport - ok
07:54:19.0078 2428 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
07:54:19.0078 2428 partmgr - ok
07:54:19.0093 2428 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:54:19.0093 2428 PcaSvc - ok
07:54:19.0124 2428 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:54:19.0124 2428 pci - ok
07:54:19.0124 2428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:54:19.0124 2428 pciide - ok
07:54:19.0140 2428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:54:19.0156 2428 pcmcia - ok
07:54:19.0171 2428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:54:19.0171 2428 pcw - ok
07:54:19.0202 2428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:54:19.0218 2428 PEAUTH - ok
07:54:19.0296 2428 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:54:19.0296 2428 PerfHost - ok
07:54:19.0390 2428 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:54:19.0421 2428 pla - ok
07:54:19.0452 2428 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:54:19.0468 2428 PlugPlay - ok
07:54:19.0483 2428 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:54:19.0483 2428 PNRPAutoReg - ok
07:54:19.0514 2428 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:54:19.0530 2428 PNRPsvc - ok
07:54:19.0561 2428 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:54:19.0577 2428 PolicyAgent - ok
07:54:19.0608 2428 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:54:19.0608 2428 Power - ok
07:54:19.0655 2428 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:54:19.0655 2428 PptpMiniport - ok
07:54:19.0686 2428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:54:19.0686 2428 Processor - ok
07:54:19.0733 2428 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:54:19.0733 2428 ProfSvc - ok
07:54:19.0764 2428 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:54:19.0764 2428 ProtectedStorage - ok
07:54:19.0780 2428 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:54:19.0795 2428 Psched - ok
07:54:19.0858 2428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:54:19.0889 2428 ql2300 - ok
07:54:19.0951 2428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:54:19.0951 2428 ql40xx - ok
07:54:19.0982 2428 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:54:19.0982 2428 QWAVE - ok
07:54:19.0998 2428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:54:19.0998 2428 QWAVEdrv - ok
07:54:20.0014 2428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:54:20.0014 2428 RasAcd - ok
07:54:20.0045 2428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:54:20.0045 2428 RasAgileVpn - ok
07:54:20.0045 2428 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:54:20.0060 2428 RasAuto - ok
07:54:20.0092 2428 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:54:20.0092 2428 Rasl2tp - ok
07:54:20.0123 2428 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:54:20.0123 2428 RasMan - ok
07:54:20.0138 2428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:54:20.0138 2428 RasPppoe - ok
07:54:20.0170 2428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:54:20.0170 2428 RasSstp - ok
07:54:20.0201 2428 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:54:20.0201 2428 rdbss - ok
07:54:20.0216 2428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:54:20.0216 2428 rdpbus - ok
07:54:20.0232 2428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:54:20.0232 2428 RDPCDD - ok
07:54:20.0248 2428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:54:20.0248 2428 RDPENCDD - ok
07:54:20.0248 2428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:54:20.0263 2428 RDPREFMP - ok
07:54:20.0310 2428 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
07:54:20.0310 2428 RDPWD - ok
07:54:20.0341 2428 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:54:20.0341 2428 rdyboost - ok
07:54:20.0372 2428 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:54:20.0372 2428 RemoteAccess - ok
07:54:20.0404 2428 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:54:20.0404 2428 RemoteRegistry - ok
07:54:20.0450 2428 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
07:54:20.0450 2428 Revoflt - ok
07:54:20.0482 2428 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:54:20.0482 2428 RpcEptMapper - ok
07:54:20.0513 2428 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:54:20.0513 2428 RpcLocator - ok
07:54:20.0560 2428 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:54:20.0560 2428 RpcSs - ok
07:54:20.0575 2428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:54:20.0575 2428 rspndr - ok
07:54:20.0638 2428 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:54:20.0638 2428 RTL8167 - ok
07:54:20.0653 2428 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:54:20.0653 2428 SamSs - ok
07:54:20.0778 2428 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
07:54:20.0778 2428 SASDIFSV - ok
07:54:20.0809 2428 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
07:54:20.0809 2428 SASKUTIL - ok
07:54:20.0840 2428 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:54:20.0840 2428 sbp2port - ok
07:54:20.0872 2428 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:54:20.0872 2428 SCardSvr - ok
07:54:20.0887 2428 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:54:20.0903 2428 scfilter - ok
07:54:20.0965 2428 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:54:20.0996 2428 Schedule - ok
07:54:21.0043 2428 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:54:21.0043 2428 SCPolicySvc - ok
07:54:21.0074 2428 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:54:21.0074 2428 SDRSVC - ok
07:54:21.0137 2428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:54:21.0152 2428 secdrv - ok
07:54:21.0152 2428 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:54:21.0152 2428 seclogon - ok
07:54:21.0184 2428 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
07:54:21.0199 2428 SENS - ok
07:54:21.0199 2428 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:54:21.0215 2428 SensrSvc - ok
07:54:21.0215 2428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:54:21.0215 2428 Serenum - ok
07:54:21.0246 2428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:54:21.0246 2428 Serial - ok
07:54:21.0262 2428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:54:21.0262 2428 sermouse - ok
07:54:21.0277 2428 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:54:21.0293 2428 SessionEnv - ok
07:54:21.0308 2428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:54:21.0308 2428 sffdisk - ok
07:54:21.0308 2428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:54:21.0308 2428 sffp_mmc - ok
07:54:21.0324 2428 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:54:21.0324 2428 sffp_sd - ok
07:54:21.0324 2428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:54:21.0340 2428 sfloppy - ok
07:54:21.0371 2428 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:54:21.0386 2428 ShellHWDetection - ok
07:54:21.0402 2428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:54:21.0402 2428 SiSRaid2 - ok
07:54:21.0418 2428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:54:21.0433 2428 SiSRaid4 - ok
07:54:21.0464 2428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:54:21.0464 2428 Smb - ok
07:54:21.0542 2428 snapman (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
07:54:21.0542 2428 snapman - ok
07:54:21.0558 2428 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:54:21.0574 2428 SNMPTRAP - ok
07:54:21.0589 2428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:54:21.0589 2428 spldr - ok
07:54:21.0636 2428 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:54:21.0652 2428 Spooler - ok
07:54:21.0808 2428 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:54:21.0854 2428 sppsvc - ok
07:54:21.0948 2428 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:54:21.0964 2428 sppuinotify - ok
07:54:22.0026 2428 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:54:22.0026 2428 srv - ok
07:54:22.0057 2428 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:54:22.0057 2428 srv2 - ok
07:54:22.0073 2428 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:54:22.0088 2428 srvnet - ok
07:54:22.0120 2428 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:54:22.0120 2428 SSDPSRV - ok
07:54:22.0135 2428 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:54:22.0151 2428 SstpSvc - ok
07:54:22.0276 2428 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:54:22.0276 2428 Stereo Service - ok
07:54:22.0291 2428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:54:22.0307 2428 stexstor - ok
07:54:22.0354 2428 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:54:22.0369 2428 stisvc - ok
07:54:22.0447 2428 SWDUMon (cc4c8d62546a8967391633ebad8f005a) C:\Windows\system32\DRIVERS\SWDUMon.sys
07:54:22.0447 2428 SWDUMon - ok
07:54:22.0478 2428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:54:22.0478 2428 swenum - ok
07:54:22.0510 2428 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:54:22.0510 2428 swprv - ok
07:54:22.0603 2428 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:54:22.0634 2428 SysMain - ok
07:54:22.0759 2428 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:54:22.0759 2428 TabletInputService - ok
07:54:22.0790 2428 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:54:22.0806 2428 TapiSrv - ok
07:54:22.0822 2428 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:54:22.0822 2428 TBS - ok
07:54:22.0931 2428 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
07:54:22.0962 2428 Tcpip - ok
07:54:23.0071 2428 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
07:54:23.0087 2428 TCPIP6 - ok
07:54:23.0134 2428 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:54:23.0134 2428 tcpipreg - ok
07:54:23.0149 2428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:54:23.0165 2428 TDPIPE - ok
07:54:23.0243 2428 tdrpman251 (df9179b7bdf0c5b71f9c3d93c016bae5) C:\Windows\system32\DRIVERS\tdrpm251.sys
07:54:23.0274 2428 tdrpman251 - ok
07:54:23.0321 2428 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
07:54:23.0321 2428 TDTCP - ok
07:54:23.0352 2428 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:54:23.0352 2428 tdx - ok
07:54:23.0383 2428 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:54:23.0383 2428 TermDD - ok
07:54:23.0430 2428 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:54:23.0461 2428 TermService - ok
07:54:23.0477 2428 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:54:23.0477 2428 Themes - ok
07:54:23.0508 2428 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:54:23.0508 2428 THREADORDER - ok
07:54:23.0555 2428 timounter (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
07:54:23.0586 2428 timounter - ok
07:54:23.0602 2428 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:54:23.0602 2428 TrkWks - ok
07:54:23.0648 2428 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:54:23.0648 2428 TrustedInstaller - ok
07:54:23.0695 2428 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:54:23.0695 2428 tssecsrv - ok
07:54:23.0726 2428 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:54:23.0726 2428 TsUsbFlt - ok
07:54:23.0758 2428 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:54:23.0758 2428 tunnel - ok
07:54:23.0789 2428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:54:23.0789 2428 uagp35 - ok
07:54:23.0820 2428 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:54:23.0820 2428 udfs - ok
07:54:23.0836 2428 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:54:23.0851 2428 UI0Detect - ok
07:54:23.0867 2428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:54:23.0867 2428 uliagpkx - ok
07:54:23.0898 2428 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
07:54:23.0898 2428 umbus - ok
07:54:23.0914 2428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:54:23.0914 2428 UmPass - ok
07:54:23.0929 2428 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:54:23.0945 2428 upnphost - ok
07:54:23.0992 2428 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
07:54:23.0992 2428 usbccgp - ok
07:54:24.0023 2428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:54:24.0023 2428 usbcir - ok
07:54:24.0054 2428 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
07:54:24.0054 2428 usbehci - ok
07:54:24.0085 2428 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:54:24.0085 2428 usbhub - ok
07:54:24.0116 2428 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
07:54:24.0116 2428 usbohci - ok
07:54:24.0148 2428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:54:24.0148 2428 usbprint - ok
07:54:24.0179 2428 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:54:24.0179 2428 usbscan - ok
07:54:24.0210 2428 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:54:24.0210 2428 USBSTOR - ok
07:54:24.0241 2428 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
07:54:24.0241 2428 usbuhci - ok
07:54:24.0241 2428 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:54:24.0241 2428 UxSms - ok
07:54:24.0272 2428 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:54:24.0272 2428 VaultSvc - ok
07:54:24.0304 2428 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
07:54:24.0304 2428 VClone - ok
07:54:24.0319 2428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:54:24.0319 2428 vdrvroot - ok
07:54:24.0382 2428 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:54:24.0397 2428 vds - ok
07:54:24.0428 2428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:54:24.0444 2428 vga - ok
07:54:24.0444 2428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:54:24.0444 2428 VgaSave - ok
07:54:24.0460 2428 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:54:24.0475 2428 vhdmp - ok
07:54:24.0491 2428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:54:24.0491 2428 viaide - ok
07:54:24.0506 2428 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:54:24.0506 2428 volmgr - ok
07:54:24.0538 2428 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:54:24.0538 2428 volmgrx - ok
07:54:24.0569 2428 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:54:24.0569 2428 volsnap - ok
07:54:24.0584 2428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:54:24.0584 2428 vsmraid - ok
07:54:24.0662 2428 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:54:24.0694 2428 VSS - ok
07:54:24.0803 2428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:54:24.0803 2428 vwifibus - ok
07:54:24.0850 2428 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:54:24.0865 2428 W32Time - ok
07:54:24.0881 2428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:54:24.0881 2428 WacomPen - ok
07:54:24.0912 2428 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:54:24.0912 2428 WANARP - ok
07:54:24.0912 2428 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:54:24.0912 2428 Wanarpv6 - ok
07:54:25.0021 2428 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:54:25.0052 2428 WatAdminSvc - ok
07:54:25.0130 2428 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:54:25.0162 2428 wbengine - ok
07:54:25.0208 2428 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:54:25.0224 2428 WbioSrvc - ok
07:54:25.0271 2428 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:54:25.0271 2428 wcncsvc - ok
07:54:25.0271 2428 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:54:25.0286 2428 WcsPlugInService - ok
07:54:25.0302 2428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:54:25.0302 2428 Wd - ok
07:54:25.0333 2428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:54:25.0349 2428 Wdf01000 - ok
07:54:25.0364 2428 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:54:25.0364 2428 WdiServiceHost - ok
07:54:25.0364 2428 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:54:25.0380 2428 WdiSystemHost - ok
07:54:25.0396 2428 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:54:25.0411 2428 WebClient - ok
07:54:25.0411 2428 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:54:25.0427 2428 Wecsvc - ok
07:54:25.0442 2428 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:54:25.0458 2428 wercplsupport - ok
07:54:25.0474 2428 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:54:25.0474 2428 WerSvc - ok
07:54:25.0489 2428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:54:25.0489 2428 WfpLwf - ok
07:54:25.0505 2428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:54:25.0505 2428 WIMMount - ok
07:54:25.0520 2428 WinHttpAutoProxySvc - ok
07:54:25.0567 2428 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:54:25.0567 2428 Winmgmt - ok
07:54:25.0661 2428 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:54:25.0708 2428 WinRM - ok
07:54:25.0801 2428 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:54:25.0817 2428 Wlansvc - ok
07:54:26.0004 2428 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:54:26.0051 2428 wlidsvc - ok
07:54:26.0129 2428 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
07:54:26.0129 2428 WmBEnum - ok
07:54:26.0176 2428 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
07:54:26.0176 2428 WmFilter - ok
07:54:26.0207 2428 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys
07:54:26.0207 2428 WmHidLo - ok
07:54:26.0238 2428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:54:26.0238 2428 WmiAcpi - ok
07:54:26.0285 2428 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:54:26.0300 2428 wmiApSrv - ok
07:54:26.0316 2428 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
07:54:26.0316 2428 WmVirHid - ok
07:54:26.0332 2428 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
07:54:26.0332 2428 WmXlCore - ok
07:54:26.0378 2428 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:54:26.0378 2428 WPCSvc - ok
07:54:26.0410 2428 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:54:26.0425 2428 WPDBusEnum - ok
07:54:26.0456 2428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:54:26.0456 2428 ws2ifsl - ok
07:54:26.0488 2428 WSearch - ok
07:54:26.0612 2428 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:54:26.0644 2428 wuauserv - ok
07:54:26.0737 2428 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:54:26.0753 2428 WudfPf - ok
07:54:26.0768 2428 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:54:26.0784 2428 WUDFRd - ok
07:54:26.0800 2428 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:54:26.0800 2428 wudfsvc - ok
07:54:26.0831 2428 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:54:26.0846 2428 WwanSvc - ok
07:54:26.0862 2428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:54:27.0049 2428 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:54:27.0049 2428 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:54:27.0049 2428 Boot (0x1200) (48ef0c5dad26ce45089db77c1d105fa1) \Device\Harddisk0\DR0\Partition0
07:54:27.0049 2428 \Device\Harddisk0\DR0\Partition0 - ok
07:54:27.0096 2428 Boot (0x1200) (6e6d9d068fac949825d3311fc15543dd) \Device\Harddisk0\DR0\Partition1
07:54:27.0096 2428 \Device\Harddisk0\DR0\Partition1 - ok
07:54:27.0096 2428 ============================================================
07:54:27.0096 2428 Scan finished
07:54:27.0096 2428 ============================================================
07:54:27.0096 2608 Detected object count: 1
07:54:27.0096 2608 Actual detected object count: 1
07:54:52.0524 2608 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:54:52.0524 2608 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:56:33.0463 1752 Deinitialize success

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:20 AM

Posted 15 June 2012 - 06:23 PM

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 lffoar

lffoar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide South Australia
  • Local time:02:50 AM

Posted 15 June 2012 - 09:29 PM

ESET log posted.
No problems located in full or quick scan with MBAM, results posted.
Mini toolbox log posted, (error message appeared while scanning "the ordinal 1108 could not be located in the dynamic link library WSOCK32.dll"

C:\Windows\System32\AuudioSes.dll Win32/BHO.ODP trojan
C:\Windows\System32\nvwgff2um.dll Win32/BHO.ODK trojan
C:\Windows\SysWOW64\AuudioSes.dll Win32/BHO.ODP trojan
C:\Windows\SysWOW64\nvwgff2um.dll Win32/BHO.ODK trojan
Operating memory a variant of Win32/Sirefef.EZ trojan




Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bobby's :: BOBBYS-PC [administrator]

16/06/2012 10:59:36 AM
mbam-log-2012-06-16 (10-59-36).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 364478
Time elapsed: 28 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bobby's :: BOBBYS-PC [administrator]

16/06/2012 11:43:38 AM
mbam-log-2012-06-16 (11-43-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260709
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox by Farbar Version: 09-06-2012
Ran by Bobby's (administrator) on 16-06-2012 at 11:49:38
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Bobbys-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-18-7F-D3-D8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, 16 June 2012 11:43:01 AM
Lease Expires . . . . . . . . . . : Sunday, 17 June 2012 11:43:01 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Pinging google.com [74.125.237.136] with 32 bytes of data:
Reply from 74.125.237.136: bytes=32 time=35ms TTL=56
Reply from 74.125.237.136: bytes=32 time=35ms TTL=56

Ping statistics for 74.125.237.136:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 35ms, Average = 35ms

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=203ms TTL=52
Reply from 72.30.38.140: bytes=32 time=201ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 201ms, Maximum = 203ms, Average = 202ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 26 18 7f d3 d8 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\system32\NLAapi.dll

Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\winrnr.dll"

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 07 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 08 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/16/2012 10:18:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/15/2012 07:08:53 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9f8a45bf-b22d-4931-bd55-b6fa0e0a8d35}

Error: (06/15/2012 04:32:00 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 12.0.0.4493 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3e8

Start Time: 01cd4ac4ada083c1

Termination Time: 31

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: fdd1f0cf-b6b7-11e1-a24c-0026187fd3d8

Error: (06/12/2012 02:54:07 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a9a81395-5ac5-4c03-81f0-c404572e76f4}

Error: (06/12/2012 02:49:46 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4a4

Start Time: 01cd485aed91941c

Termination Time: 3

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 342bed4f-b44e-11e1-b8f2-0026187fd3d8

Error: (06/12/2012 02:49:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x000a1d68
Faulting process id: 0x3e0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/12/2012 02:05:07 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b16be279-de1d-4d07-b729-2e82de490345}

Error: (06/10/2012 10:17:35 AM) (Source: Application Hang) (User: )
Description: The program WINWORD.EXE version 12.0.6661.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a80

Start Time: 01cd46a0c75a8304

Termination Time: 17

Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

Report Id: d6c80268-b295-11e1-9b85-0026187fd3d8

Error: (06/09/2012 09:24:43 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {3c4ff2ea-91af-4cf5-8b08-b9ea7cfeaeb4}

Error: (05/29/2012 01:57:03 PM) (Source: Application Hang) (User: )
Description: The program WINWORD.EXE version 12.0.6661.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 584

Start Time: 01cd3d532130a52f

Termination Time: 15

Application Path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

Report Id: 83f72aeb-a946-11e1-baef-0026187fd3d8


System errors:
=============
Error: (06/16/2012 11:43:31 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/16/2012 11:43:31 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/16/2012 11:43:16 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/16/2012 11:43:15 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/16/2012 11:43:14 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/16/2012 11:43:11 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (06/16/2012 11:43:03 AM) (Source: Microsoft-Windows-BitLocker-Driver) (User: SYSTEM)
Description: Encrypted volume check: Volume information on \\?\Volume{19825d41-6f99-11e0-9f78-806e6f6e6963} cannot be read.

Error: (06/16/2012 07:25:45 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/16/2012 07:25:45 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/16/2012 07:25:32 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
AC-3 ACM Codec x64 2.1 (Version: 2.1)
Acronis True Image Home (Version: 13.0.5055)
ACSW (Version: RePack)
Adobe Flash Player 11 Plugin (Version: 11.3.300.257)
Ashampoo Burning Studio 11 v.11.0.2 (Version: 11.0.2)
Ashampoo WinOptimizer 8 v.8.05 (Version: 8.0.5)
µTorrent (Version: 2.2.1)
Auslogics Disk Defrag (Version: version 3.4)
avast! Free Antivirus (Version: 7.0.1426.0)
Canon iP4800 series Printer Driver
Canon My Printer
CCleaner (Version: 3.19)
CD-LabelPrint
ConvertXtoDVD 4.1.19.365 (Version: 4.1.19.365)
DiRT2 (Version: 1.00.0000)
Driver Sweeper version 3.1.0 (Version: 3.1.0)
DVD Shrink 3.2
ESET Online Scanner v3
Everything 1.2.1.371
FastStone Image Viewer 4.5 (Version: 4.5)
FileHippo.com Update Checker
Foxit Reader (Version: 5.3.1.606)
ImgBurn (Version: 2.5.7.0)
Infected - The Twin Vaccine CE (Version: 1.0.0)
iWisoft Free Video Converter 1.2 (Version: 1.2)
Jigsaw Landscapes % CompanyName%
KeyScrambler (Version: 2.9.1.0)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
nrgtoiso
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62)
NVIDIA 3D Vision Driver 285.62 (Version: 285.62)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
OpenAL
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.17.304.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6299)
Revo Uninstaller Pro 2.5.5 (Version: 2.5.5)
SIW version 2010.02.10 (Version: 2010.02.10)
SpywareBlaster 4.6 (Version: 4.6.0)
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (Version: v2011.build.49)
SUPERAntiSpyware (Version: 5.0.1150)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Xvid MPEG-4 Video Codec

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 4086.12 MB
Available physical RAM: 2915.68 MB
Total Pagefile: 10226.31 MB
Available Pagefile: 8985.41 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.79 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.66 GB) (Free:395.18 GB) NTFS

========================= Users: ========================================

User accounts for \\BOBBYS-PC

Administrator Bobby's Guest
UpdatusUser


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:20 AM

Posted 15 June 2012 - 09:38 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe

Click on LOOK,post the generated log

#7 lffoar

lffoar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide South Australia
  • Local time:02:50 AM

Posted 15 June 2012 - 09:56 PM

system look log as requested

SystemLook 30.07.11 by jpshortstuff
Log created at 12:25 on 16/06/2012 by Bobby's
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\ERDNT\cache64\services.exe --a---- 328704 bytes [21:29 20/10/2011] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe --a---- 329216 bytes [23:19 13/07/2009] [01:39 14/07/2009] 50BEA589F7D7958BDD2528A8F69D05CC
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:20 AM

Posted 15 June 2012 - 09:58 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Post the new system look log

#9 lffoar

lffoar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide South Australia
  • Local time:02:50 AM

Posted 15 June 2012 - 10:13 PM

Second system look log

SystemLook 30.07.11 by jpshortstuff
Log created at 12:40 on 16/06/2012 by Bobby's
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\ERDNT\cache64\services.exe --a---- 328704 bytes [21:29 20/10/2011] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:20 AM

Posted 15 June 2012 - 10:38 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Please re run aswmbr and post the new log

#11 lffoar

lffoar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide South Australia
  • Local time:02:50 AM

Posted 15 June 2012 - 11:00 PM

Farbar Service Scanner Version: 09-06-2012
Ran by Bobby's (administrator) on 16-06-2012 at 13:23:17
Running from "C:\Users\Bobby's\Desktop\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 13:26:45
-----------------------------
13:26:45.931 OS Version: Windows x64 6.1.7601 Service Pack 1
13:26:45.931 Number of processors: 8 586 0x1A05
13:26:45.931 ComputerName: BOBBYS-PC UserName: Bobby's
13:26:47.288 Initialize success
13:26:47.788 AVAST engine defs: 12061501
13:27:45.632 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
13:27:45.632 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
13:27:45.648 Disk 0 MBR read successfully
13:27:45.664 Disk 0 MBR scan
13:27:45.664 Disk 0 Windows 7 default MBR code
13:27:45.664 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:27:45.679 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
13:27:45.695 Disk 0 scanning C:\Windows\system32\drivers
13:27:51.857 Service scanning
13:28:03.073 Modules scanning
13:28:03.073 Disk 0 trace - called modules:
13:28:03.089 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
13:28:03.089 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d04790]
13:28:03.104 3 CLASSPNP.SYS[fffff8800148c43f] -> nt!IofCallDriver -> [0xfffffa8004aa1e40]
13:28:03.104 5 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa8004aae060]
13:28:04.259 AVAST engine scan C:\Windows
13:28:06.334 AVAST engine scan C:\Windows\system32
13:29:02.104 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:29:02.790 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:29:18.858 AVAST engine scan C:\Windows\system32\drivers
13:29:26.955 AVAST engine scan C:\Users\Bobby's
13:29:55.362 Disk 0 MBR has been saved successfully to "C:\Users\Bobby's\Desktop\MBR.dat"
13:29:55.362 The log file has been saved successfully to "C:\Users\Bobby's\Desktop\aswMBR.txt"

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:20 AM

Posted 15 June 2012 - 11:14 PM

Create a restore point before trying this

Download

MpsSvc
wscsvc
defender
BFE

Launch them ,click YES when you get UAC prompt

restart the PC and post the new FSS log

Press Windows+R key and type

notepad and click ok

Now copy this script
@echo off
del /f /s /q "C:\Windows\assembly\GAC_32\Desktop.ini"
del /f /s /q "C:\Windows\assembly\GAC_64\Desktop.ini"
del %0

Save it as

filename:remove.bat
Save as type:All types

Right click on the bat file and run as administrator

Now post the new aswmbr log

#13 lffoar

lffoar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide South Australia
  • Local time:02:50 AM

Posted 15 June 2012 - 11:44 PM

Farbar Service Scanner Version: 09-06-2012
Ran by Bobby's (administrator) on 16-06-2012 at 14:03:37
Running from "C:\Users\Bobby's\Desktop\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 14:07:22
-----------------------------
14:07:22.558 OS Version: Windows x64 6.1.7601 Service Pack 1
14:07:22.558 Number of processors: 8 586 0x1A05
14:07:22.558 ComputerName: BOBBYS-PC UserName: Bobby's
14:07:23.946 Initialize success
14:07:24.055 AVAST engine defs: 12061501
14:07:33.103 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
14:07:33.103 Disk 0 Vendor: WDC_WD5000AADS-00S9B0 01.00A01 Size: 476940MB BusType: 3
14:07:33.119 Disk 0 MBR read successfully
14:07:33.119 Disk 0 MBR scan
14:07:33.119 Disk 0 Windows 7 default MBR code
14:07:33.119 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:07:33.134 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:07:33.150 Disk 0 scanning C:\Windows\system32\drivers
14:07:39.062 Service scanning
14:07:53.118 Modules scanning
14:07:53.118 Disk 0 trace - called modules:
14:07:53.134 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
14:07:53.134 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d07790]
14:07:53.134 3 CLASSPNP.SYS[fffff880015a343f] -> nt!IofCallDriver -> [0xfffffa8004ac5580]
14:07:53.149 5 ACPI.sys[fffff88000f6b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa8004ac9060]
14:07:54.288 AVAST engine scan C:\Windows
14:07:58.734 AVAST engine scan C:\Windows\system32
14:09:15.315 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:09:16.032 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:09:42.552 AVAST engine scan C:\Windows\system32\drivers
14:10:27.402 AVAST engine scan C:\Users\Bobby's
14:12:29.862 AVAST engine scan C:\ProgramData
14:13:10.017 Scan finished successfully
14:13:59.391 Disk 0 MBR has been saved successfully to "C:\Users\Bobby's\Documents\MBR.dat"
14:13:59.407 The log file has been saved successfully to "C:\Users\Bobby's\Documents\aswMBR.txt"

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:20 AM

Posted 15 June 2012 - 11:55 PM

Now,Press Windows+R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,press Windows+R key and type

services.msc and click ok

start base filtering engine service and then windows firewall service
Similarly start security center and windows updates service

Post the new FSS log


Click on startmenu and type

cmd

right click on it and select run as administrator and run these commands

cd c:\windows\assembly
attrib -s -h -r desktop.ini
ren desktop.ini desktop.ini.old


Now launch malwarebytes,click on MORE TOOLS

Click on RUN TOOL

Browse to C:\windows\assembly\GAC_32 & C:\windows\assembly\GAC_64

delete the desktop.ini files ,re run aswmbr and post the new log

#15 lffoar

lffoar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Adelaide South Australia
  • Local time:02:50 AM

Posted 16 June 2012 - 12:29 AM

Farbar Service Scanner Version: 09-06-2012
Ran by Bobby's (administrator) on 16-06-2012 at 14:33:52
Running from "C:\Users\Bobby's\Desktop\Logs"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

When I try to run "cd c:\windows\assembly" "attrib -s -h -r desktop.ini" or "ren desktop.ini desktop.ini.old" it says "the system cannot find the file specified" or "unable to find file"
I cannot find any "desktop.ini files" in "C:\windows\assembly\GAC_32 & C:\windows\assembly\GAC_64"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users