Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Win64.ZAccess.bm


  • Please log in to reply
22 replies to this topic

#1 leenew27

leenew27

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 17 June 2012 - 04:37 PM

Hi,

This is my first time on this site, so please bear with me if I'm not up to speed on a lot of the previous posts regarding this particular Trojan.

Basically, I noticed a few weeks ago that my laptop didn't seem to running as quick as normal. I was using AVG-free as my anti-virus (yeah, I know - sorry!) and didn't use anything else. Anyway, I started to get messages from AVG regarding threats being blocked, but as the frequency of these alerts increased; I decided to install some new anti-virus software. I have installed Kaspersky, which keeps on showing that I have the aforementioned trojan on the laptop. I have tried to disinfect it and remove via a reboot; but as I have read on several forums I realise that this won't get rid of the trojan.

I'm hoping that someone might be able to offer some advice on how to get rid of this. I've looked at some guides posted on different sites, but all offer different advice and there's no consistency.

Thanks in advance for any help you can give.

Edited by Budapest, 17 June 2012 - 05:07 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 AM

Posted 17 June 2012 - 06:21 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 leenew27

leenew27
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 27 June 2012 - 10:40 AM

Hi,

Thanks for replying to me! Sorry it took so long to reply, I didn't realise someone had responded to me.

Okay, so:

TDSSkiller -

09:58:25.0702 3756 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
09:58:26.0596 3756 ============================================================
09:58:26.0596 3756 Current date / time: 2012/06/27 09:58:26.0596
09:58:26.0596 3756 SystemInfo:
09:58:26.0596 3756
09:58:26.0596 3756 OS Version: 6.1.7600 ServicePack: 0.0
09:58:26.0596 3756 Product type: Workstation
09:58:26.0596 3756 ComputerName: 100BOUNDARY
09:58:26.0596 3756 UserName: Lee
09:58:26.0596 3756 Windows directory: C:\Windows
09:58:26.0596 3756 System windows directory: C:\Windows
09:58:26.0596 3756 Running under WOW64
09:58:26.0596 3756 Processor architecture: Intel x64
09:58:26.0596 3756 Number of processors: 1
09:58:26.0596 3756 Page size: 0x1000
09:58:26.0596 3756 Boot type: Normal boot
09:58:26.0596 3756 ============================================================
09:58:29.0516 3756 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:58:29.0532 3756 ============================================================
09:58:29.0532 3756 \Device\Harddisk0\DR0:
09:58:29.0532 3756 MBR partitions:
09:58:29.0532 3756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:58:29.0532 3756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B86F800
09:58:29.0532 3756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8D3800, BlocksNum 0x18F1800
09:58:29.0532 3756 ============================================================
09:58:29.0548 3756 C: <-> \Device\Harddisk0\DR0\Partition1
09:58:29.0610 3756 D: <-> \Device\Harddisk0\DR0\Partition2
09:58:29.0610 3756 ============================================================
09:58:29.0610 3756 Initialize success
09:58:29.0610 3756 ============================================================
09:58:50.0515 1388 ============================================================
09:58:50.0515 1388 Scan started
09:58:50.0515 1388 Mode: Manual; TDLFS;
09:58:50.0515 1388 ============================================================
09:58:52.0496 1388 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
09:58:52.0501 1388 1394ohci - ok
09:58:52.0535 1388 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
09:58:52.0550 1388 ACPI - ok
09:58:52.0571 1388 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
09:58:52.0574 1388 AcpiPmi - ok
09:58:52.0619 1388 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:58:52.0634 1388 adp94xx - ok
09:58:52.0669 1388 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:58:52.0683 1388 adpahci - ok
09:58:52.0707 1388 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:58:52.0711 1388 adpu320 - ok
09:58:52.0742 1388 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:58:52.0745 1388 AeLookupSvc - ok
09:58:52.0839 1388 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
09:58:52.0855 1388 AESTFilters - ok
09:58:52.0933 1388 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
09:58:52.0948 1388 AFD - ok
09:58:53.0026 1388 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
09:58:53.0057 1388 AgereSoftModem - ok
09:58:53.0104 1388 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
09:58:53.0104 1388 agp440 - ok
09:58:53.0135 1388 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:58:53.0135 1388 ALG - ok
09:58:53.0151 1388 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
09:58:53.0167 1388 aliide - ok
09:58:53.0182 1388 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
09:58:53.0182 1388 amdide - ok
09:58:53.0213 1388 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:58:53.0213 1388 AmdK8 - ok
09:58:53.0245 1388 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:58:53.0245 1388 AmdPPM - ok
09:58:53.0307 1388 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
09:58:53.0307 1388 amdsata - ok
09:58:53.0354 1388 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:58:53.0354 1388 amdsbs - ok
09:58:53.0391 1388 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
09:58:53.0394 1388 amdxata - ok
09:58:53.0416 1388 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
09:58:53.0419 1388 AppID - ok
09:58:53.0450 1388 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:58:53.0451 1388 AppIDSvc - ok
09:58:53.0478 1388 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
09:58:53.0481 1388 Appinfo - ok
09:58:53.0605 1388 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:58:53.0608 1388 Apple Mobile Device - ok
09:58:53.0639 1388 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:58:53.0643 1388 arc - ok
09:58:53.0665 1388 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:58:53.0668 1388 arcsas - ok
09:58:53.0714 1388 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
09:58:53.0716 1388 aswFsBlk - ok
09:58:53.0798 1388 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
09:58:53.0800 1388 aswMonFlt - ok
09:58:53.0822 1388 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
09:58:53.0825 1388 aswRdr - ok
09:58:53.0893 1388 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
09:58:53.0960 1388 aswSnx - ok
09:58:53.0997 1388 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
09:58:54.0012 1388 aswSP - ok
09:58:54.0039 1388 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
09:58:54.0042 1388 aswTdi - ok
09:58:54.0077 1388 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:58:54.0080 1388 AsyncMac - ok
09:58:54.0097 1388 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
09:58:54.0098 1388 atapi - ok
09:58:54.0197 1388 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
09:58:54.0263 1388 athr - ok
09:58:54.0413 1388 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
09:58:54.0428 1388 AudioEndpointBuilder - ok
09:58:54.0442 1388 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
09:58:54.0447 1388 AudioSrv - ok
09:58:54.0559 1388 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:58:54.0560 1388 avast! Antivirus - ok
09:58:54.0604 1388 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
09:58:54.0607 1388 AxInstSV - ok
09:58:54.0679 1388 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:58:54.0694 1388 b06bdrv - ok
09:58:54.0747 1388 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:58:54.0758 1388 b57nd60a - ok
09:58:54.0868 1388 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:58:54.0872 1388 BBSvc - ok
09:58:54.0907 1388 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:58:54.0910 1388 BDESVC - ok
09:58:54.0929 1388 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:58:54.0931 1388 Beep - ok
09:58:54.0998 1388 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
09:58:55.0047 1388 BITS - ok
09:58:55.0074 1388 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:58:55.0077 1388 blbdrive - ok
09:58:55.0179 1388 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:58:55.0194 1388 Bonjour Service - ok
09:58:55.0241 1388 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
09:58:55.0244 1388 bowser - ok
09:58:55.0266 1388 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:58:55.0270 1388 BrFiltLo - ok
09:58:55.0292 1388 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:58:55.0294 1388 BrFiltUp - ok
09:58:55.0333 1388 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
09:58:55.0337 1388 Browser - ok
09:58:55.0384 1388 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:58:55.0397 1388 Brserid - ok
09:58:55.0424 1388 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:58:55.0427 1388 BrSerWdm - ok
09:58:55.0446 1388 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:58:55.0448 1388 BrUsbMdm - ok
09:58:55.0467 1388 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:58:55.0470 1388 BrUsbSer - ok
09:58:55.0498 1388 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:58:55.0502 1388 BTHMODEM - ok
09:58:55.0543 1388 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:58:55.0547 1388 bthserv - ok
09:58:55.0576 1388 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:58:55.0579 1388 cdfs - ok
09:58:55.0622 1388 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
09:58:55.0626 1388 cdrom - ok
09:58:55.0670 1388 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
09:58:55.0673 1388 CertPropSvc - ok
09:58:55.0748 1388 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:58:55.0751 1388 circlass - ok
09:58:55.0787 1388 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:58:55.0803 1388 CLFS - ok
09:58:55.0878 1388 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:58:55.0883 1388 clr_optimization_v2.0.50727_32 - ok
09:58:55.0914 1388 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:58:55.0918 1388 clr_optimization_v2.0.50727_64 - ok
09:58:55.0965 1388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:58:55.0981 1388 clr_optimization_v4.0.30319_32 - ok
09:58:56.0012 1388 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:58:56.0012 1388 clr_optimization_v4.0.30319_64 - ok
09:58:56.0043 1388 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:58:56.0043 1388 CmBatt - ok
09:58:56.0059 1388 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
09:58:56.0059 1388 cmdide - ok
09:58:56.0153 1388 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
09:58:56.0168 1388 CNG - ok
09:58:56.0309 1388 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
09:58:56.0309 1388 Com4QLBEx - ok
09:58:56.0340 1388 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:58:56.0340 1388 Compbatt - ok
09:58:56.0371 1388 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:58:56.0371 1388 CompositeBus - ok
09:58:56.0387 1388 COMSysApp - ok
09:58:56.0418 1388 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:58:56.0418 1388 crcdisk - ok
09:58:56.0492 1388 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
09:58:56.0497 1388 CryptSvc - ok
09:58:56.0644 1388 CTDevice_Srv (a5bea0e5c297f5f3835638a87e512fba) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
09:58:56.0647 1388 CTDevice_Srv - ok
09:58:56.0687 1388 CTUPnPSv (8e26d772f53b7883a651e0e4a9598f21) C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
09:58:56.0691 1388 CTUPnPSv - ok
09:58:56.0760 1388 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
09:58:56.0780 1388 DcomLaunch - ok
09:58:56.0830 1388 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:58:56.0841 1388 defragsvc - ok
09:58:56.0890 1388 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
09:58:56.0894 1388 DfsC - ok
09:58:56.0940 1388 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
09:58:56.0955 1388 Dhcp - ok
09:58:56.0993 1388 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:58:56.0996 1388 discache - ok
09:58:57.0027 1388 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:58:57.0030 1388 Disk - ok
09:58:57.0087 1388 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
09:58:57.0098 1388 Dnscache - ok
09:58:57.0130 1388 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
09:58:57.0145 1388 dot3svc - ok
09:58:57.0171 1388 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
09:58:57.0176 1388 DPS - ok
09:58:57.0207 1388 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:58:57.0210 1388 drmkaud - ok
09:58:57.0289 1388 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
09:58:57.0353 1388 DXGKrnl - ok
09:58:57.0384 1388 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:58:57.0389 1388 EapHost - ok
09:58:57.0523 1388 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:58:57.0632 1388 ebdrv - ok
09:58:57.0757 1388 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
09:58:57.0773 1388 EFS - ok
09:58:57.0851 1388 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
09:58:57.0866 1388 ehRecvr - ok
09:58:57.0913 1388 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:58:57.0913 1388 ehSched - ok
09:58:57.0960 1388 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:58:57.0975 1388 elxstor - ok
09:58:58.0007 1388 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
09:58:58.0007 1388 ErrDev - ok
09:58:58.0086 1388 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:58:58.0103 1388 EventSystem - ok
09:58:58.0132 1388 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:58:58.0137 1388 exfat - ok
09:58:58.0160 1388 ezSharedSvc - ok
09:58:58.0275 1388 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:58:58.0280 1388 fastfat - ok
09:58:58.0338 1388 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
09:58:58.0358 1388 Fax - ok
09:58:58.0378 1388 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:58:58.0381 1388 fdc - ok
09:58:58.0422 1388 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:58:58.0425 1388 fdPHost - ok
09:58:58.0446 1388 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:58:58.0450 1388 FDResPub - ok
09:58:58.0474 1388 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:58:58.0477 1388 FileInfo - ok
09:58:58.0502 1388 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:58:58.0505 1388 Filetrace - ok
09:58:58.0527 1388 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:58:58.0530 1388 flpydisk - ok
09:58:58.0559 1388 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
09:58:58.0570 1388 FltMgr - ok
09:58:58.0664 1388 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
09:58:58.0693 1388 FontCache - ok
09:58:58.0776 1388 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:58:58.0779 1388 FontCache3.0.0.0 - ok
09:58:58.0882 1388 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:58:58.0885 1388 FsDepends - ok
09:58:58.0947 1388 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
09:58:58.0950 1388 fssfltr - ok
09:58:59.0099 1388 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:58:59.0162 1388 fsssvc - ok
09:58:59.0318 1388 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
09:58:59.0318 1388 Fs_Rec - ok
09:58:59.0380 1388 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:58:59.0380 1388 fvevol - ok
09:58:59.0505 1388 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:58:59.0505 1388 gagp30kx - ok
09:58:59.0634 1388 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
09:58:59.0644 1388 GameConsoleService - ok
09:58:59.0681 1388 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:58:59.0684 1388 GEARAspiWDM - ok
09:58:59.0737 1388 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
09:58:59.0788 1388 gpsvc - ok
09:58:59.0814 1388 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:58:59.0816 1388 hcw85cir - ok
09:58:59.0861 1388 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
09:58:59.0879 1388 HdAudAddService - ok
09:58:59.0917 1388 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:58:59.0921 1388 HDAudBus - ok
09:58:59.0940 1388 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:58:59.0944 1388 HidBatt - ok
09:58:59.0972 1388 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:58:59.0976 1388 HidBth - ok
09:58:59.0998 1388 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:59:00.0001 1388 HidIr - ok
09:59:00.0023 1388 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
09:59:00.0027 1388 hidserv - ok
09:59:00.0062 1388 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
09:59:00.0065 1388 HidUsb - ok
09:59:00.0090 1388 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
09:59:00.0095 1388 hkmsvc - ok
09:59:00.0125 1388 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
09:59:00.0138 1388 HomeGroupListener - ok
09:59:00.0180 1388 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
09:59:00.0193 1388 HomeGroupProvider - ok
09:59:00.0326 1388 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:59:00.0330 1388 HP Support Assistant Service - ok
09:59:00.0418 1388 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:59:00.0421 1388 HPDrvMntSvc.exe - ok
09:59:00.0570 1388 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
09:59:00.0586 1388 hpqcxs08 - ok
09:59:00.0609 1388 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
09:59:00.0609 1388 hpqddsvc - ok
09:59:00.0656 1388 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:59:00.0656 1388 HpqKbFiltr - ok
09:59:00.0734 1388 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:59:00.0796 1388 hpqwmiex - ok
09:59:00.0827 1388 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:59:00.0843 1388 HpSAMD - ok
09:59:00.0937 1388 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
09:59:00.0999 1388 HPSLPSVC - ok
09:59:01.0061 1388 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
09:59:01.0124 1388 HTTP - ok
09:59:01.0180 1388 huawei_enumerator (2342e7fecca0d4e31bea5ff6a4e20885) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
09:59:01.0184 1388 huawei_enumerator - ok
09:59:01.0205 1388 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
09:59:01.0206 1388 hwpolicy - ok
09:59:01.0228 1388 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:59:01.0232 1388 i8042prt - ok
09:59:01.0310 1388 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
09:59:01.0326 1388 iaStorV - ok
09:59:01.0438 1388 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:59:01.0487 1388 idsvc - ok
09:59:01.0844 1388 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:59:02.0025 1388 igfx - ok
09:59:02.0147 1388 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:59:02.0163 1388 iirsp - ok
09:59:02.0225 1388 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
09:59:02.0272 1388 IKEEXT - ok
09:59:02.0334 1388 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
09:59:02.0334 1388 IntcHdmiAddService - ok
09:59:02.0350 1388 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
09:59:02.0350 1388 intelide - ok
09:59:02.0397 1388 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:59:02.0397 1388 intelppm - ok
09:59:02.0412 1388 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:59:02.0412 1388 IPBusEnum - ok
09:59:02.0444 1388 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:59:02.0444 1388 IpFilterDriver - ok
09:59:02.0475 1388 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:59:02.0475 1388 IPMIDRV - ok
09:59:02.0490 1388 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:59:02.0506 1388 IPNAT - ok
09:59:02.0646 1388 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
09:59:02.0720 1388 iPod Service - ok
09:59:02.0747 1388 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:59:02.0751 1388 IRENUM - ok
09:59:02.0774 1388 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
09:59:02.0777 1388 isapnp - ok
09:59:02.0808 1388 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
09:59:02.0813 1388 iScsiPrt - ok
09:59:03.0159 1388 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:59:03.0297 1388 kbdclass - ok
09:59:03.0417 1388 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
09:59:03.0420 1388 kbdhid - ok
09:59:03.0463 1388 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
09:59:03.0468 1388 KeyIso - ok
09:59:03.0487 1388 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
09:59:03.0491 1388 KSecDD - ok
09:59:03.0518 1388 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
09:59:03.0522 1388 KSecPkg - ok
09:59:03.0542 1388 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:59:03.0545 1388 ksthunk - ok
09:59:03.0591 1388 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:59:03.0609 1388 KtmRm - ok
09:59:03.0657 1388 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
09:59:03.0675 1388 LanmanServer - ok
09:59:03.0716 1388 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
09:59:03.0716 1388 LanmanWorkstation - ok
09:59:03.0826 1388 LightScribeService (c34411a244029f1c08687f7c752c4563) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:59:03.0826 1388 LightScribeService - ok
09:59:03.0841 1388 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:59:03.0857 1388 lltdio - ok
09:59:03.0888 1388 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:59:03.0904 1388 lltdsvc - ok
09:59:03.0919 1388 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:59:03.0919 1388 lmhosts - ok
09:59:03.0966 1388 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:59:03.0966 1388 LSI_FC - ok
09:59:03.0982 1388 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:59:03.0997 1388 LSI_SAS - ok
09:59:04.0013 1388 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:59:04.0013 1388 LSI_SAS2 - ok
09:59:04.0044 1388 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:59:04.0044 1388 LSI_SCSI - ok
09:59:04.0060 1388 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:59:04.0075 1388 luafv - ok
09:59:04.0106 1388 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
09:59:04.0106 1388 MBAMProtector - ok
09:59:04.0200 1388 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:59:04.0216 1388 MBAMService - ok
09:59:04.0247 1388 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:59:04.0247 1388 megasas - ok
09:59:04.0275 1388 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:59:04.0286 1388 MegaSR - ok
09:59:04.0382 1388 Microsoft SharePoint Workspace Audit Service - ok
09:59:04.0448 1388 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:59:04.0453 1388 MMCSS - ok
09:59:04.0472 1388 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:59:04.0475 1388 Modem - ok
09:59:04.0503 1388 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:59:04.0506 1388 monitor - ok
09:59:04.0540 1388 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:59:04.0543 1388 mouclass - ok
09:59:04.0571 1388 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:59:04.0573 1388 mouhid - ok
09:59:04.0600 1388 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
09:59:04.0602 1388 mountmgr - ok
09:59:04.0626 1388 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
09:59:04.0631 1388 mpio - ok
09:59:04.0653 1388 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:59:04.0656 1388 mpsdrv - ok
09:59:04.0685 1388 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
09:59:04.0688 1388 MRxDAV - ok
09:59:04.0738 1388 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:59:04.0742 1388 mrxsmb - ok
09:59:04.0801 1388 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:59:04.0817 1388 mrxsmb10 - ok
09:59:04.0842 1388 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:59:04.0846 1388 mrxsmb20 - ok
09:59:04.0864 1388 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
09:59:04.0867 1388 msahci - ok
09:59:04.0886 1388 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
09:59:04.0891 1388 msdsm - ok
09:59:04.0921 1388 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:59:04.0929 1388 MSDTC - ok
09:59:04.0964 1388 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:59:04.0967 1388 Msfs - ok
09:59:04.0995 1388 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:59:04.0997 1388 mshidkmdf - ok
09:59:05.0013 1388 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
09:59:05.0016 1388 msisadrv - ok
09:59:05.0096 1388 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:59:05.0102 1388 MSiSCSI - ok
09:59:05.0113 1388 msiserver - ok
09:59:05.0147 1388 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:59:05.0150 1388 MSKSSRV - ok
09:59:05.0186 1388 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:59:05.0189 1388 MSPCLOCK - ok
09:59:05.0211 1388 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:59:05.0213 1388 MSPQM - ok
09:59:05.0248 1388 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
09:59:05.0257 1388 MsRPC - ok
09:59:05.0273 1388 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:59:05.0273 1388 mssmbios - ok
09:59:05.0304 1388 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:59:05.0304 1388 MSTEE - ok
09:59:05.0335 1388 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:59:05.0335 1388 MTConfig - ok
09:59:05.0367 1388 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:59:05.0367 1388 Mup - ok
09:59:05.0413 1388 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
09:59:05.0429 1388 napagent - ok
09:59:05.0476 1388 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:59:05.0491 1388 NativeWifiP - ok
09:59:05.0647 1388 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files (x86)\Nero\Update\NASvc.exe
09:59:05.0663 1388 NAUpdate - ok
09:59:05.0741 1388 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
09:59:05.0772 1388 NDIS - ok
09:59:05.0830 1388 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:59:05.0834 1388 NdisCap - ok
09:59:05.0866 1388 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:59:05.0869 1388 NdisTapi - ok
09:59:05.0892 1388 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
09:59:05.0895 1388 Ndisuio - ok
09:59:05.0920 1388 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:59:05.0924 1388 NdisWan - ok
09:59:05.0942 1388 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
09:59:05.0945 1388 NDProxy - ok
09:59:06.0025 1388 Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b) C:\Windows\system32\HPZinw12.dll
09:59:06.0030 1388 Net Driver HPZ12 - ok
09:59:06.0046 1388 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:59:06.0049 1388 NetBIOS - ok
09:59:06.0075 1388 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
09:59:06.0087 1388 NetBT - ok
09:59:06.0136 1388 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
09:59:06.0139 1388 Netlogon - ok
09:59:06.0198 1388 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:59:06.0215 1388 Netman - ok
09:59:06.0255 1388 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:59:06.0274 1388 netprofm - ok
09:59:06.0345 1388 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:59:06.0349 1388 NetTcpPortSharing - ok
09:59:06.0566 1388 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
09:59:06.0669 1388 netw5v64 - ok
09:59:06.0767 1388 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:59:06.0770 1388 nfrd960 - ok
09:59:06.0811 1388 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
09:59:06.0827 1388 NlaSvc - ok
09:59:06.0858 1388 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:59:06.0858 1388 Npfs - ok
09:59:06.0874 1388 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:59:06.0874 1388 nsi - ok
09:59:06.0936 1388 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:59:06.0936 1388 nsiproxy - ok
09:59:07.0045 1388 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
09:59:07.0076 1388 Ntfs - ok
09:59:07.0139 1388 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:59:07.0154 1388 Null - ok
09:59:07.0248 1388 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
09:59:07.0248 1388 nvraid - ok
09:59:07.0264 1388 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
09:59:07.0279 1388 nvstor - ok
09:59:07.0310 1388 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
09:59:07.0310 1388 nv_agp - ok
09:59:07.0342 1388 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
09:59:07.0342 1388 ohci1394 - ok
09:59:07.0443 1388 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:59:07.0448 1388 ose - ok
09:59:07.0808 1388 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:59:07.0911 1388 osppsvc - ok
09:59:08.0028 1388 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:59:08.0047 1388 p2pimsvc - ok
09:59:08.0090 1388 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:59:08.0108 1388 p2psvc - ok
09:59:08.0164 1388 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:59:08.0168 1388 Parport - ok
09:59:08.0216 1388 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
09:59:08.0220 1388 partmgr - ok
09:59:08.0247 1388 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:59:08.0260 1388 PcaSvc - ok
09:59:08.0295 1388 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
09:59:08.0301 1388 pci - ok
09:59:08.0324 1388 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
09:59:08.0327 1388 pciide - ok
09:59:08.0363 1388 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:59:08.0367 1388 pcmcia - ok
09:59:08.0476 1388 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:59:08.0476 1388 pcw - ok
09:59:08.0523 1388 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:59:08.0538 1388 PEAUTH - ok
09:59:08.0632 1388 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:59:08.0632 1388 PerfHost - ok
09:59:08.0772 1388 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
09:59:08.0804 1388 pla - ok
09:59:08.0866 1388 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
09:59:08.0882 1388 PlugPlay - ok
09:59:08.0980 1388 Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76) C:\Windows\system32\HPZipm12.dll
09:59:08.0985 1388 Pml Driver HPZ12 - ok
09:59:09.0004 1388 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:59:09.0010 1388 PNRPAutoReg - ok
09:59:09.0044 1388 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:59:09.0049 1388 PNRPsvc - ok
09:59:09.0097 1388 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
09:59:09.0119 1388 PolicyAgent - ok
09:59:09.0160 1388 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:59:09.0173 1388 Power - ok
09:59:09.0233 1388 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
09:59:09.0236 1388 PptpMiniport - ok
09:59:09.0273 1388 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:59:09.0276 1388 Processor - ok
09:59:09.0334 1388 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
09:59:09.0351 1388 ProfSvc - ok
09:59:09.0395 1388 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
09:59:09.0398 1388 ProtectedStorage - ok
09:59:09.0433 1388 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
09:59:09.0436 1388 Psched - ok
09:59:09.0512 1388 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:59:09.0565 1388 ql2300 - ok
09:59:09.0660 1388 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:59:09.0664 1388 ql40xx - ok
09:59:09.0700 1388 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:59:09.0716 1388 QWAVE - ok
09:59:09.0734 1388 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:59:09.0737 1388 QWAVEdrv - ok
09:59:09.0762 1388 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:59:09.0765 1388 RasAcd - ok
09:59:09.0808 1388 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:59:09.0810 1388 RasAgileVpn - ok
09:59:09.0841 1388 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:59:09.0847 1388 RasAuto - ok
09:59:09.0868 1388 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:59:09.0872 1388 Rasl2tp - ok
09:59:09.0902 1388 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
09:59:09.0920 1388 RasMan - ok
09:59:09.0944 1388 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:59:09.0944 1388 RasPppoe - ok
09:59:09.0975 1388 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:59:09.0975 1388 RasSstp - ok
09:59:10.0006 1388 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
09:59:10.0022 1388 rdbss - ok
09:59:10.0038 1388 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:59:10.0038 1388 rdpbus - ok
09:59:10.0069 1388 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:59:10.0069 1388 RDPCDD - ok
09:59:10.0100 1388 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:59:10.0116 1388 RDPENCDD - ok
09:59:10.0131 1388 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:59:10.0131 1388 RDPREFMP - ok
09:59:10.0194 1388 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
09:59:10.0194 1388 RDPWD - ok
09:59:10.0225 1388 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
09:59:10.0225 1388 rdyboost - ok
09:59:10.0303 1388 RemoteAccess - ok
09:59:10.0334 1388 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:59:10.0350 1388 RemoteRegistry - ok
09:59:10.0443 1388 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
09:59:10.0459 1388 RichVideo - ok
09:59:10.0576 1388 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
09:59:10.0579 1388 RimUsb - ok
09:59:10.0684 1388 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
09:59:10.0687 1388 RimVSerPort - ok
09:59:10.0725 1388 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
09:59:10.0728 1388 ROOTMODEM - ok
09:59:10.0745 1388 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:59:10.0752 1388 RpcEptMapper - ok
09:59:10.0782 1388 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:59:10.0786 1388 RpcLocator - ok
09:59:10.0880 1388 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
09:59:10.0888 1388 RpcSs - ok
09:59:10.0918 1388 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:59:10.0922 1388 rspndr - ok
09:59:10.0979 1388 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
09:59:10.0987 1388 RSUSBSTOR - ok
09:59:11.0056 1388 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:59:11.0071 1388 RTL8167 - ok
09:59:11.0119 1388 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
09:59:11.0122 1388 SamSs - ok
09:59:11.0176 1388 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
09:59:11.0180 1388 sbp2port - ok
09:59:11.0219 1388 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:59:11.0232 1388 SCardSvr - ok
09:59:11.0250 1388 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
09:59:11.0253 1388 scfilter - ok
09:59:11.0323 1388 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
09:59:11.0351 1388 Schedule - ok
09:59:11.0389 1388 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
09:59:11.0391 1388 SCPolicySvc - ok
09:59:11.0425 1388 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
09:59:11.0429 1388 sdbus - ok
09:59:11.0456 1388 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
09:59:11.0463 1388 SDRSVC - ok
09:59:11.0548 1388 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:59:11.0564 1388 SeaPort - ok
09:59:11.0595 1388 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:59:11.0595 1388 secdrv - ok
09:59:11.0626 1388 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
09:59:11.0626 1388 seclogon - ok
09:59:11.0642 1388 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
09:59:11.0658 1388 SENS - ok
09:59:11.0673 1388 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:59:11.0673 1388 SensrSvc - ok
09:59:11.0720 1388 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:59:11.0720 1388 Serenum - ok
09:59:11.0736 1388 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:59:11.0751 1388 Serial - ok
09:59:11.0767 1388 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:59:11.0782 1388 sermouse - ok
09:59:11.0829 1388 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
09:59:11.0829 1388 SessionEnv - ok
09:59:11.0860 1388 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
09:59:11.0860 1388 sffdisk - ok
09:59:11.0876 1388 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:59:11.0876 1388 sffp_mmc - ok
09:59:11.0907 1388 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:59:11.0907 1388 sffp_sd - ok
09:59:11.0938 1388 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:59:11.0938 1388 sfloppy - ok
09:59:12.0016 1388 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
09:59:12.0032 1388 ShellHWDetection - ok
09:59:12.0066 1388 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:59:12.0069 1388 SiSRaid2 - ok
09:59:12.0093 1388 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:59:12.0096 1388 SiSRaid4 - ok
09:59:12.0133 1388 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:59:12.0137 1388 Smb - ok
09:59:12.0177 1388 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:59:12.0182 1388 SNMPTRAP - ok
09:59:12.0203 1388 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:59:12.0206 1388 spldr - ok
09:59:12.0257 1388 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
09:59:12.0281 1388 Spooler - ok
09:59:12.0419 1388 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
09:59:12.0489 1388 sppsvc - ok
09:59:12.0602 1388 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:59:12.0608 1388 sppuinotify - ok
09:59:12.0702 1388 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
09:59:12.0718 1388 srv - ok
09:59:12.0755 1388 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
09:59:12.0772 1388 srv2 - ok
09:59:12.0827 1388 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:59:12.0838 1388 SrvHsfHDA - ok
09:59:12.0915 1388 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:59:12.0947 1388 SrvHsfV92 - ok
09:59:13.0040 1388 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:59:13.0059 1388 SrvHsfWinac - ok
09:59:13.0091 1388 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
09:59:13.0091 1388 srvnet - ok
09:59:13.0137 1388 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:59:13.0137 1388 SSDPSRV - ok
09:59:13.0169 1388 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:59:13.0169 1388 SstpSvc - ok
09:59:13.0262 1388 STacSV (3bd758c56a55930cd6db89e3dedcf322) C:\Program Files\IDT\WDM\STacSV64.exe
09:59:13.0262 1388 STacSV - ok
09:59:13.0340 1388 Steam Client Service - ok
09:59:13.0371 1388 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:59:13.0387 1388 stexstor - ok
09:59:13.0434 1388 STHDA (a3fb7ad8720d7e02aa0111a6b51c2744) C:\Windows\system32\DRIVERS\stwrt64.sys
09:59:13.0449 1388 STHDA - ok
09:59:13.0496 1388 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
09:59:13.0496 1388 StillCam - ok
09:59:13.0574 1388 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
09:59:13.0640 1388 stisvc - ok
09:59:13.0658 1388 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:59:13.0660 1388 swenum - ok
09:59:13.0743 1388 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:59:13.0764 1388 swprv - ok
09:59:13.0843 1388 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
09:59:13.0854 1388 SynTP - ok
09:59:13.0939 1388 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
09:59:13.0983 1388 SysMain - ok
09:59:14.0065 1388 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
09:59:14.0072 1388 TabletInputService - ok
09:59:14.0101 1388 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
09:59:14.0120 1388 TapiSrv - ok
09:59:14.0144 1388 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:59:14.0151 1388 TBS - ok
09:59:14.0287 1388 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
09:59:14.0326 1388 Tcpip - ok
09:59:14.0504 1388 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
09:59:14.0516 1388 TCPIP6 - ok
09:59:14.0599 1388 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
09:59:14.0602 1388 tcpipreg - ok
09:59:14.0617 1388 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:59:14.0633 1388 TDPIPE - ok
09:59:14.0679 1388 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
09:59:14.0679 1388 TDTCP - ok
09:59:14.0711 1388 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
09:59:14.0711 1388 tdx - ok
09:59:14.0742 1388 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
09:59:14.0742 1388 TermDD - ok
09:59:14.0804 1388 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
09:59:14.0820 1388 TermService - ok
09:59:14.0851 1388 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:59:14.0851 1388 Themes - ok
09:59:14.0898 1388 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:59:14.0898 1388 THREADORDER - ok
09:59:14.0929 1388 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:59:14.0929 1388 TrkWks - ok
09:59:14.0991 1388 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
09:59:15.0007 1388 TrustedInstaller - ok
09:59:15.0038 1388 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:59:15.0038 1388 tssecsrv - ok
09:59:15.0257 1388 TuneUp.UtilitiesSvc (f6a2adaafdf6eb575f6410737345a225) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
09:59:15.0328 1388 TuneUp.UtilitiesSvc - ok
09:59:15.0393 1388 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
09:59:15.0396 1388 TuneUpUtilitiesDrv - ok
09:59:15.0524 1388 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
09:59:15.0529 1388 tunnel - ok
09:59:15.0551 1388 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:59:15.0554 1388 uagp35 - ok
09:59:15.0585 1388 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
09:59:15.0600 1388 udfs - ok
09:59:15.0642 1388 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:59:15.0648 1388 UI0Detect - ok
09:59:15.0677 1388 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:59:15.0680 1388 uliagpkx - ok
09:59:15.0719 1388 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
09:59:15.0723 1388 umbus - ok
09:59:15.0748 1388 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:59:15.0755 1388 UmPass - ok
09:59:15.0798 1388 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:59:15.0816 1388 upnphost - ok
09:59:15.0860 1388 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
09:59:15.0863 1388 USBAAPL64 - ok
09:59:15.0915 1388 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
09:59:15.0919 1388 usbccgp - ok
09:59:15.0949 1388 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
09:59:15.0954 1388 usbcir - ok
09:59:15.0983 1388 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
09:59:15.0986 1388 usbehci - ok
09:59:16.0029 1388 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
09:59:16.0044 1388 usbhub - ok
09:59:16.0080 1388 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
09:59:16.0083 1388 usbohci - ok
09:59:16.0105 1388 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:59:16.0108 1388 usbprint - ok
09:59:16.0172 1388 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:59:16.0176 1388 USBSTOR - ok
09:59:16.0202 1388 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:59:16.0205 1388 usbuhci - ok
09:59:16.0243 1388 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
09:59:16.0243 1388 usbvideo - ok
09:59:16.0290 1388 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:59:16.0290 1388 UxSms - ok
09:59:16.0353 1388 UxTuneUp (f7983ebf91cba6b51b944ada32f9ff92) C:\Windows\System32\uxtuneup.dll
09:59:16.0353 1388 UxTuneUp - ok
09:59:16.0415 1388 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
09:59:16.0415 1388 VaultSvc - ok
09:59:16.0446 1388 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:59:16.0446 1388 vdrvroot - ok
09:59:16.0540 1388 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
09:59:16.0587 1388 vds - ok
09:59:16.0618 1388 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:59:16.0633 1388 vga - ok
09:59:16.0649 1388 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:59:16.0665 1388 VgaSave - ok
09:59:16.0696 1388 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
09:59:16.0696 1388 vhdmp - ok
09:59:16.0727 1388 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
09:59:16.0727 1388 viaide - ok
09:59:16.0853 1388 VmbService (7e4769483d416aa04b916aab7ef0dbaf) C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
09:59:16.0857 1388 VmbService - ok
09:59:16.0922 1388 vodafone_K3805-z_cdc_acm (8e06ca41344b90bf60701ca61515c3c4) C:\Windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys
09:59:16.0925 1388 vodafone_K3805-z_cdc_acm - ok
09:59:16.0972 1388 vodafone_K3805-z_cdc_ecm (ec1df5164b659c59ea796843a9d290dd) C:\Windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys
09:59:16.0975 1388 vodafone_K3805-z_cdc_ecm - ok
09:59:17.0038 1388 vodafone_K3805-z_cpo (cbeae8f0fe727386da202e67b3760294) C:\Windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys
09:59:17.0042 1388 vodafone_K3805-z_cpo - ok
09:59:17.0084 1388 vodafone_K3805-z_dc_enum (1e4d31fec921300c5f262c52f5fcc666) C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
09:59:17.0087 1388 vodafone_K3805-z_dc_enum - ok
09:59:17.0125 1388 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
09:59:17.0127 1388 volmgr - ok
09:59:17.0174 1388 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
09:59:17.0193 1388 volmgrx - ok
09:59:17.0268 1388 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
09:59:17.0279 1388 volsnap - ok
09:59:17.0308 1388 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:59:17.0322 1388 vsmraid - ok
09:59:17.0412 1388 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
09:59:17.0471 1388 VSS - ok
09:59:17.0579 1388 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:59:17.0582 1388 vwifibus - ok
09:59:17.0613 1388 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:59:17.0616 1388 vwififlt - ok
09:59:17.0643 1388 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:59:17.0645 1388 vwifimp - ok
09:59:17.0679 1388 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:59:17.0695 1388 W32Time - ok
09:59:17.0728 1388 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:59:17.0731 1388 WacomPen - ok
09:59:17.0766 1388 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:59:17.0766 1388 WANARP - ok
09:59:17.0782 1388 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:59:17.0797 1388 Wanarpv6 - ok
09:59:17.0875 1388 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:59:17.0906 1388 WatAdminSvc - ok
09:59:17.0984 1388 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
09:59:18.0016 1388 wbengine - ok
09:59:18.0109 1388 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:59:18.0125 1388 WbioSrvc - ok
09:59:18.0187 1388 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
09:59:18.0203 1388 wcncsvc - ok
09:59:18.0218 1388 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:59:18.0234 1388 WcsPlugInService - ok
09:59:18.0281 1388 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:59:18.0281 1388 Wd - ok
09:59:18.0312 1388 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:59:18.0345 1388 Wdf01000 - ok
09:59:18.0365 1388 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:59:18.0378 1388 WdiServiceHost - ok
09:59:18.0388 1388 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:59:18.0393 1388 WdiSystemHost - ok
09:59:18.0445 1388 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
09:59:18.0461 1388 WebClient - ok
09:59:18.0496 1388 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:59:18.0504 1388 Wecsvc - ok
09:59:18.0534 1388 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:59:18.0540 1388 wercplsupport - ok
09:59:18.0580 1388 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:59:18.0590 1388 WerSvc - ok
09:59:18.0627 1388 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:59:18.0630 1388 WfpLwf - ok
09:59:18.0654 1388 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:59:18.0656 1388 WIMMount - ok
09:59:18.0673 1388 WinHttpAutoProxySvc - ok
09:59:18.0785 1388 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:59:18.0791 1388 Winmgmt - ok
09:59:18.0893 1388 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
09:59:18.0942 1388 WinRM - ok
09:59:19.0076 1388 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
09:59:19.0079 1388 WinUsb - ok
09:59:19.0133 1388 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:59:19.0159 1388 Wlansvc - ok
09:59:19.0273 1388 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:59:19.0276 1388 wlcrasvc - ok
09:59:19.0429 1388 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:59:19.0491 1388 wlidsvc - ok
09:59:19.0585 1388 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:59:19.0585 1388 WmiAcpi - ok
09:59:19.0663 1388 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:59:19.0678 1388 wmiApSrv - ok
09:59:19.0741 1388 WMPNetworkSvc - ok
09:59:19.0756 1388 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:59:19.0756 1388 WPCSvc - ok
09:59:19.0788 1388 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
09:59:19.0803 1388 WPDBusEnum - ok
09:59:19.0834 1388 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:59:19.0834 1388 ws2ifsl - ok
09:59:19.0850 1388 WSearch - ok
09:59:19.0975 1388 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
09:59:20.0028 1388 wuauserv - ok
09:59:20.0162 1388 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
09:59:20.0166 1388 WudfPf - ok
09:59:20.0216 1388 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:59:20.0221 1388 WUDFRd - ok
09:59:20.0248 1388 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
09:59:20.0255 1388 wudfsvc - ok
09:59:20.0286 1388 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:59:20.0330 1388 WwanSvc - ok
09:59:20.0382 1388 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
09:59:20.0399 1388 yukonw7 - ok
09:59:20.0492 1388 MBR (0x1B8) (5174896b4e3667c9d1b468bb3bc77b0a) \Device\Harddisk0\DR0
09:59:20.0758 1388 \Device\Harddisk0\DR0 - ok
09:59:20.0769 1388 Boot (0x1200) (964f5e42a3c58b66fd75d99a52723e90) \Device\Harddisk0\DR0\Partition0
09:59:20.0771 1388 \Device\Harddisk0\DR0\Partition0 - ok
09:59:20.0809 1388 Boot (0x1200) (e4a82a64b6599350de54f1e79027fdcf) \Device\Harddisk0\DR0\Partition1
09:59:20.0812 1388 \Device\Harddisk0\DR0\Partition1 - ok
09:59:20.0847 1388 Boot (0x1200) (dd30943fb594013ae478bcb9f8d532ab) \Device\Harddisk0\DR0\Partition2
09:59:20.0849 1388 \Device\Harddisk0\DR0\Partition2 - ok
09:59:20.0854 1388 ============================================================
09:59:20.0854 1388 Scan finished
09:59:20.0854 1388 ============================================================
09:59:20.0872 0872 Detected object count: 0
09:59:20.0872 0872 Actual detected object count: 0
10:02:38.0719 2636 Deinitialize success



aswMBR -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-27 10:04:01
-----------------------------
10:04:01.430 OS Version: Windows x64 6.1.7600
10:04:01.431 Number of processors: 1 586 0x170A
10:04:01.432 ComputerName: 100BOUNDARY UserName: Lee
10:04:04.348 Initialize success
10:04:04.884 AVAST engine defs: 12062700
10:04:18.024 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:04:18.039 Disk 0 Vendor: ST9250410AS 0006HPM1 Size: 238475MB BusType: 11
10:04:18.133 Disk 0 MBR read successfully
10:04:18.133 Disk 0 MBR scan
10:04:18.148 Disk 0 unknown MBR code
10:04:18.148 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:04:18.164 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 225503 MB offset 409600
10:04:18.195 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12771 MB offset 462239744
10:04:18.265 Disk 0 scanning C:\Windows\system32\drivers
10:04:33.173 Service scanning
10:04:56.306 Modules scanning
10:04:56.315 Disk 0 trace - called modules:
10:04:56.342 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:04:56.677 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002746060]
10:04:56.683 3 CLASSPNP.SYS[fffff8800107743f] -> nt!IofCallDriver -> [0xfffffa80023061e0]
10:04:56.690 5 ACPI.sys[fffff88000ed9781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002619060]
10:04:57.112 AVAST engine scan C:\Windows
10:04:59.446 AVAST engine scan C:\Windows\system32
10:08:10.440 AVAST engine scan C:\Windows\system32\drivers
10:08:24.769 AVAST engine scan C:\Users\Lee
10:40:17.206 AVAST engine scan C:\ProgramData
10:45:09.513 Scan finished successfully
10:48:40.296 Disk 0 MBR has been saved successfully to "C:\Users\Lee\Desktop\MBR.dat"
10:48:40.312 The log file has been saved successfully to "C:\Users\Lee\Desktop\aswMBR.txt"


ESET Online Scanner -

C:\Windows\Installer\{6dff0e20-4635-7fa5-8ba0-742bf7b89e19}\U\trz59A1.tmp Win64/Sirefef.AE trojan cleaned by deleting - quarantined



I hope this is okay - thanks for any help you can offer on this!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 AM

Posted 27 June 2012 - 01:08 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{6dff0e20-4635-7fa5-8ba0-742bf7b89e19}

Click on LOOK,post the generated log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 leenew27

leenew27
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 28 June 2012 - 03:39 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 09:12 on 28/06/2012 by Lee
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{6dff0e20-4635-7fa5-8ba0-742bf7b89e19}"
C:\Users\Lee\AppData\Local\{6dff0e20-4635-7fa5-8ba0-742bf7b89e19} d--hs-- [22:59 11/01/2012]
C:\Windows\Installer\{6dff0e20-4635-7fa5-8ba0-742bf7b89e19} d--hs-- [22:59 11/01/2012]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{6dff0e20-4635-7fa5-8ba0-742bf7b89e19} d--hs-- [22:59 11/01/2012]

-= EOF =-




MiniToolBox by Farbar Version: 25-06-2012
Ran by Lee (administrator) on 28-06-2012 at 09:32:52
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 www.xilisoft.com
127.0.0.1 cms.olym.xilisoft.net
127.0.0.1 online.xilisoft.com
127.0.0.1 www.xilisoft.com

========================= IP Configuration: ================================

Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : 100Boundary
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 0C-60-76-81-CF-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ce1:abb6:76bb:ce85%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 27 June 2012 22:37:16
Lease Expires . . . . . . . . . . : 29 June 2012 08:57:15
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 319578230
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-84-51-F0-00-26-9E-DC-93-86
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : C8-0A-A9-AE-C9-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DFA73C34-D672-4DB2-9EA4-8FB0704A4147}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{56876AE8-7F1C-460B-82BF-8FB1B9C36017}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 28:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B1213384-C8FF-4BD8-BB43-96BAF545264B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: www.routerlogin.com
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:808::1007
173.194.34.163
173.194.34.164
173.194.34.165
173.194.34.166
173.194.34.167
173.194.34.168
173.194.34.169
173.194.34.174
173.194.34.160
173.194.34.161
173.194.34.162


Pinging google.com [173.194.34.105] with 32 bytes of data:
Reply from 173.194.34.105: bytes=32 time=135ms TTL=57
Reply from 173.194.34.105: bytes=32 time=330ms TTL=57

Ping statistics for 173.194.34.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 135ms, Maximum = 330ms, Average = 232ms
Server: www.routerlogin.com
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=222ms TTL=50
Reply from 98.139.183.24: bytes=32 time=257ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 222ms, Maximum = 257ms, Average = 239ms
Server: www.routerlogin.com
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...0c 60 76 81 cf 0a ......Atheros AR9285 802.11b/g/n WiFi Adapter
11...c8 0a a9 ae c9 61 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
35...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
38...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.4 281
192.168.0.4 255.255.255.255 On-link 192.168.0.4 281
192.168.0.255 255.255.255.255 On-link 192.168.0.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::ce1:abb6:76bb:ce85/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/27/2012 00:40:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/27/2012 10:49:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/27/2012 10:02:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/26/2012 10:05:44 PM) (Source: VmbService) (User: )
Description: GetClient

Error: (06/26/2012 09:59:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2673608

Error: (06/26/2012 09:59:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2673608

Error: (06/26/2012 09:59:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/26/2012 09:07:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (06/26/2012 04:02:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mcx2svc.dll, version: 0.0.0.0, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x0000897a
Faulting process id: 0x9c4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/26/2012 04:01:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: mcx2svc.dll, version: 0.0.0.0, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x0000897a
Faulting process id: 0x638
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (06/28/2012 07:05:46 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/28/2012 07:05:46 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/27/2012 10:37:24 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/27/2012 10:37:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/27/2012 10:37:18 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/27/2012 10:37:18 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (06/27/2012 09:06:38 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (06/27/2012 09:06:38 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (06/27/2012 08:33:23 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/27/2012 08:33:19 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (06/27/2012 00:40:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Lee\Downloads\esetsmartinstaller_enu (1).exe

Error: (06/27/2012 10:49:42 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Lee\Downloads\esetsmartinstaller_enu.exe

Error: (06/27/2012 10:02:09 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Common Files\AVSMedia\ActiveX\AVSShellConverter64.dll

Error: (06/26/2012 10:05:44 PM) (Source: VmbService)(User: )
Description: GetClient

Error: (06/26/2012 09:59:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2673608

Error: (06/26/2012 09:59:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2673608

Error: (06/26/2012 09:59:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/26/2012 09:07:38 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (06/26/2012 04:02:19 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mcx2svc.dll0.0.0.02a425e19c00000050000897a9c401cd53acac31f197C:\Windows\SysWOW64\svchost.exec:\windows\syswow64\mcx2svc.dllec828345-bf9f-11e1-89bc-c80aa9aec961

Error: (06/26/2012 04:01:13 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100mcx2svc.dll0.0.0.02a425e19c00000050000897a63801cd53ac813a5154C:\Windows\SysWOW64\svchost.exec:\windows\syswow64\mcx2svc.dllc5050f19-bf9f-11e1-89bc-c80aa9aec961


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.4)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.10)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Adobe Shockwave Player (Version: 11.0)
Amazon MP3 Downloader 1.0.9
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.12.5.0)
Atheros Driver Installation Program (Version: 9.0)
µTorrent (Version: 3.1.3)
avast! Internet Security (Version: 7.0.1426.0)
AVG PC Tuneup 2011 (Version: 10.0.0.26)
AVS Audio Editor version 7.0
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
B110 (Version: 140.0.283.000)
Bigasoft iPhone Ringtone Maker 1.7.0.3662
Bing Bar (Version: 7.0.609.0)
BlackBerry Desktop Software 6.0.2 (Version: 6.0.2.44)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 140.0.212.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conduit Engine (Version: )
ConvertXtoDVD 4.1.8.344 (Version: 4.1.8.344)
Coupon Printer for Windows (Version: 5.0.0.0)
Creative Centrale (Version: 1.16.02)
Creative Software Update (Version: 1.03.01)
Creative ZEN X-Fi User's Guide
Creative ZEN X-Fi Video Converter
Creative ZEN X-Fi Video Converter (Version: 1.00.03)
CyberLink DVD Suite (Version: 7.0.2111)
CyberLink MediaShow (Version: 4.1.3325)
CyberLink PowerDVD 8 (Version: 8.0.1.1005)
CyberLink YouCam (Version: 3.0.2201)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
ESET Online Scanner v3
Football Manager 2010
Football Manager 2011 Russian (Version: 11.0.0.0)
GOM Player (Version: 2.1.28.5039)
Google Chrome (Version: 19.0.1084.56)
GPBaseService2 (Version: 140.0.211.000)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Advisor (Version: 3.3.9512.3162)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Games (Version: 1.0.0.71)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Quick Launch Buttons (Version: 6.50.7.1)
HP Setup (Version: 1.2.3560.3170)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Support Assistant (Version: 6.1.12.1)
HP Update (Version: 5.002.002.002)
HP User Guides 0148 (Version: 1.01.0005)
HP Wireless Assistant (Version: 3.50.9.1)
HPAppStudio (Version: 140.0.95.000)
HPPhotoGadget (Version: 140.0.524.000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
iCloud (Version: 1.1.0.40)
IDT Audio (Version: 1.0.6284.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1883)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 15 (64-bit) (Version: 6.0.150)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ SE Development Kit 6 Update 15 (64-bit) (Version: 1.6.0.150)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.2111)
LightScribe System Software (Version: 1.18.22.2)
Magic Desktop
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MarketResearch (Version: 140.0.212.000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.43.12698)
Nero Burning ROM 11 (Version: 11.0.10400)
Nero Burning ROM 11 (Version: 11.0.12200.23.100)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero ControlCenter 11 (Version: 11.0.12300.0.23)
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300)
Nero Core Components 11 (Version: 11.0.14700.1.9)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.10623.22.0)
nero.prerequisites.msi (Version: 11.0.20007)
Network64 (Version: 140.0.215.000)
Network64 (Version: 140.0.221.000)
Norton Online Backup (Version: 1.2.20.0)
Power2Go (Version: 6.0.3311)
PowerDirector (Version: 7.0.3311)
PS_AIO_07_B110_SW_Min (Version: 140.0.142.000)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.71.80.42)
QuickTransfer (Version: 140.0.98.000)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0007)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30104)
Recovery Manager (Version: 5.5.2214)
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 14.0)
Sky Go Desktop
Skype™ 4.0 (Version: 4.0.227)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.214.000)
SopCast 3.4.7 (Version: 3.4.7)
Status (Version: 140.0.256.000)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 13.2.4.12)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
TuneUp Utilities 2012 (Version: 12.0.3600.79)
TuneUp Utilities Language Pack (en-GB) (Version: 12.0.3600.79)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentBar Toolbar (Version: 6.2.7.3)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Vodafone Mobile Broadband (Version: 10.1.108.29105)
vShare Plugin
WebReg (Version: 140.0.212.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
Xilisoft iPhone Ringtone Maker (Version: 2.0.4.0326)
Xilisoft Video Converter Ultimate (Version: 7.1.0.20120222)
Xilisoft Video Converter Ultimate 6 (Version: 6.0.12.0914)

========================= Memory info: ===================================

Percentage of memory in use: 85%
Total physical RAM: 1978.93 MB
Available physical RAM: 296 MB
Total Pagefile: 3957.87 MB
Available Pagefile: 1857.66 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.94 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:220.22 GB) (Free:57.02 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.83 GB) NTFS
3 Drive e: (FM2011RU) (CDROM) (Total:2.46 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\100BOUNDARY

Administrator Guest Joanne
Lee


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 AM

Posted 28 June 2012 - 03:44 AM

malwarebytes log?

#7 leenew27

leenew27
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 28 June 2012 - 03:58 AM

Sorry, didn't realise that was required too.


2012/06/28 07:05:52 +0100 100BOUNDARY Lee MESSAGE Starting protection
2012/06/28 07:05:56 +0100 100BOUNDARY Lee MESSAGE Protection started successfully
2012/06/28 07:05:59 +0100 100BOUNDARY Lee MESSAGE Starting IP protection
2012/06/28 07:05:59 +0100 100BOUNDARY Lee ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753


Is this the correct one?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 AM

Posted 28 June 2012 - 04:06 AM

No we need the other one.This is the protection log

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 AM

Posted 28 June 2012 - 05:54 AM

Please attach MALWAREBYTES log with these logs

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad

@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
del services.exe.old
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER


Open your C drive

On top ,click on organize-folder and search options

Click on view tab and scroll down

Checkmark show hidden files
Uncheck Hide operating system files

CLick ok

Delete all these {6dff0e20-4635-7fa5-8ba0-742bf7b89e19} folders

C:\Users\Lee\AppData\Local\{6dff0e20-4635-7fa5-8ba0-742bf7b89e19}
C:\Windows\Installer\{6dff0e20-4635-7fa5-8ba0-742bf7b89e19}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{6dff0e20-4635-7fa5-8ba0-742bf7b89e19}


Now,Launch system look once again

copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{6dff0e20-4635-7fa5-8ba0-742bf7b89e19}

Click on LOOK,post the generated log


Download

Farbar Service Scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Edited by narenxp, 28 June 2012 - 05:54 AM.


#10 leenew27

leenew27
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 28 June 2012 - 06:00 AM

For whatever reason, the original scan from this morning after rebooting. I've run another scan, as these are the logs from it:


Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Lee :: 100BOUNDARY [administrator]

Protection: Enabled

28/06/2012 11:43:56
mbam-log-2012-06-28 (11-43-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 550375
Time elapsed: 10 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 AM

Posted 28 June 2012 - 06:18 AM

Follow my previous instruction :thumbup2:

#12 leenew27

leenew27
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 28 June 2012 - 07:13 AM

Hi,

I'm in the middle of doing this, but I am having difficulty removing one of the files:

C:\Windows\Installer\{6dff0e20-4635-7fa5-8ba0-742bf7b89e19}

When I try and delete I get an error message to say that the file cannot be deleted as it is currently open / being used by another program. The only options are to try again or cancel. Any suggestion?

Thanks!

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:52 AM

Posted 28 June 2012 - 07:27 AM

Run ESET online scanner in normal mode,remove the threats ,restart the PC and delete the folder

#14 John_87

John_87

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 28 June 2012 - 09:30 AM

Download

http://www.malwarebytes.org/
Install,update and run a full scan

Download

http://www.superantispyware.com/
Install,update and run a full scan

You can use microsoft security essentials antivirus

#15 leenew27

leenew27
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 28 June 2012 - 10:34 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 16:06 on 28/06/2012 by Lee
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{6dff0e20-4635-7fa5-8ba0-742bf7b89e19}"
No folders found.

-= EOF =-

Farbar Service Scanner Version: 25-06-2012 01
Ran by Lee (administrator) on 28-06-2012 at 16:22:14
Running from "C:\Users\Lee\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 06:04] - [2011-12-28 04:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 00:18] - [2012-03-30 12:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 01:09] - [2009-07-14 02:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 00:36] - [2009-07-14 02:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-14 13:21] - [2012-04-24 06:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users