Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix finds rootkit, hangs


  • Please log in to reply
24 replies to this topic

#1 engxladso

engxladso

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 20 June 2012 - 10:33 AM

Vista 64 bit PC has rogue antivirus. Ran Kaspersky rescue disk and Microsoft Defender Offline 64 bit from disk. Both programs found large numbers of trojans of various kinds. MS Defender Offline also found that services.exe was infected. A lot of files were hidden and there is a new B: partition listed in Windows Explorer.

Booted to safe mode with networking, ran Combofix. It got to Stage 50 and came up with a message stating that a system file was infected and it was trying to restore it. System file is c:\windows\system32\Services.exe. Then combofix gets no further. I note in taskmgr that pev.3xe gradually ups its RAM commitment to around 21MB then apparently restarts itself and RAM commitment goes back to 2 or 3MB. This cycle continues ad infinitum.

I have tried lots of rootkit and bootkit tools. GMER indicated that a bunch of registry keys were infected, but nothing else found anything.

I am on the verge of wiping and reinstalling Windows unless you can help me.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:24 AM

Posted 20 June 2012 - 10:58 AM

Do not run combofix.It should not be run without an expert guidance.

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 engxladso

engxladso
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 20 June 2012 - 12:32 PM

TDSS Killer log:

17:04:24.0956 1936 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
17:04:25.0096 1936 ============================================================
17:04:25.0096 1936 Current date / time: 2012/06/20 17:04:25.0096
17:04:25.0096 1936 SystemInfo:
17:04:25.0096 1936
17:04:25.0096 1936 OS Version: 6.0.6001 ServicePack: 1.0
17:04:25.0096 1936 Product type: Workstation
17:04:25.0096 1936 ComputerName: RICHARDMORGA-PC
17:04:25.0096 1936 UserName: RICHARD MORGAN
17:04:25.0096 1936 Windows directory: C:\Windows
17:04:25.0096 1936 System windows directory: C:\Windows
17:04:25.0096 1936 Running under WOW64
17:04:25.0096 1936 Processor architecture: Intel x64
17:04:25.0096 1936 Number of processors: 2
17:04:25.0096 1936 Page size: 0x1000
17:04:25.0096 1936 Boot type: Safe boot with network
17:04:25.0096 1936 ============================================================
17:04:25.0970 1936 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:04:25.0986 1936 Drive \Device\Harddisk5\DR7 - Size: 0x1DDBF8000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:04:25.0986 1936 ============================================================
17:04:25.0986 1936 \Device\Harddisk0\DR0:
17:04:25.0986 1936 MBR partitions:
17:04:25.0986 1936 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x251DAE0, BlocksNum 0x37E67D20
17:04:25.0986 1936 \Device\Harddisk5\DR7:
17:04:25.0986 1936 MBR partitions:
17:04:25.0986 1936 \Device\Harddisk5\DR7\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEEDD21
17:04:25.0986 1936 ============================================================
17:04:26.0017 1936 C: <-> \Device\Harddisk0\DR0\Partition0
17:04:26.0017 1936 ============================================================
17:04:26.0017 1936 Initialize success
17:04:26.0017 1936 ============================================================
17:04:54.0892 1192 ============================================================
17:04:54.0892 1192 Scan started
17:04:54.0892 1192 Mode: Manual; TDLFS;
17:04:54.0892 1192 ============================================================
17:04:55.0719 1192 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:04:55.0719 1192 !SASCORE - ok
17:04:55.0891 1192 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
17:04:55.0891 1192 ACPI - ok
17:04:55.0953 1192 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:04:55.0953 1192 adp94xx - ok
17:04:55.0984 1192 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:04:56.0000 1192 adpahci - ok
17:04:56.0016 1192 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:04:56.0016 1192 adpu160m - ok
17:04:56.0047 1192 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:04:56.0047 1192 adpu320 - ok
17:04:56.0094 1192 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
17:04:56.0094 1192 AeLookupSvc - ok
17:04:56.0187 1192 Afc (0d0e5281784c2c526ba43c2ecd374288) C:\Windows\syswow64\drivers\Afc.sys
17:04:56.0187 1192 Afc - ok
17:04:56.0250 1192 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
17:04:56.0250 1192 AFD - ok
17:04:56.0281 1192 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
17:04:56.0281 1192 agp440 - ok
17:04:56.0312 1192 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
17:04:56.0312 1192 aic78xx - ok
17:04:56.0343 1192 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
17:04:56.0343 1192 ALG - ok
17:04:56.0343 1192 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
17:04:56.0343 1192 aliide - ok
17:04:56.0359 1192 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
17:04:56.0374 1192 amdide - ok
17:04:56.0390 1192 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
17:04:56.0390 1192 AmdK8 - ok
17:04:56.0437 1192 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
17:04:56.0437 1192 Appinfo - ok
17:04:56.0530 1192 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:04:56.0530 1192 Apple Mobile Device - ok
17:04:56.0562 1192 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
17:04:56.0562 1192 arc - ok
17:04:56.0577 1192 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
17:04:56.0577 1192 arcsas - ok
17:04:56.0608 1192 aswFsBlk (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\Windows\system32\drivers\aswFsBlk.sys
17:04:56.0608 1192 aswFsBlk - ok
17:04:56.0640 1192 aswMonFlt (f3e75dd1bcc358fb4629357ad09e7c84) C:\Windows\system32\drivers\aswMonFlt.sys
17:04:56.0640 1192 aswMonFlt - ok
17:04:56.0671 1192 aswRdr (fccbdc045dc12afd1508205117e7ed11) C:\Windows\system32\drivers\aswRdr.sys
17:04:56.0671 1192 aswRdr - ok
17:04:56.0718 1192 aswSnx (5824dca602a0a30e866bc2ac98c6d970) C:\Windows\system32\drivers\aswSnx.sys
17:04:56.0718 1192 aswSnx - ok
17:04:56.0749 1192 aswSP (af07b4bef920f90205148f3a05e2974c) C:\Windows\system32\drivers\aswSP.sys
17:04:56.0749 1192 aswSP - ok
17:04:56.0780 1192 aswTdi (a3eca5af3b4823a523c285a8df0f9e4f) C:\Windows\system32\drivers\aswTdi.sys
17:04:56.0780 1192 aswTdi - ok
17:04:56.0796 1192 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
17:04:56.0796 1192 AsyncMac - ok
17:04:56.0796 1192 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
17:04:56.0796 1192 atapi - ok
17:04:56.0858 1192 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
17:04:56.0858 1192 AudioEndpointBuilder - ok
17:04:56.0858 1192 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
17:04:56.0874 1192 AudioSrv - ok
17:04:56.0936 1192 avast! Antivirus (7de3ee7dbee14c1f8375cb82466c9321) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:04:56.0936 1192 avast! Antivirus - ok
17:04:56.0967 1192 Beep - ok
17:04:57.0061 1192 BITS (d896a0d43f8ab81ecb1fc6c24decfd58) C:\Windows\system32\qmgr.dll
17:04:57.0076 1192 BITS - ok
17:04:57.0092 1192 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
17:04:57.0092 1192 blbdrive - ok
17:04:57.0170 1192 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:04:57.0170 1192 Bonjour Service - ok
17:04:57.0201 1192 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
17:04:57.0201 1192 bowser - ok
17:04:57.0217 1192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
17:04:57.0217 1192 BrFiltLo - ok
17:04:57.0232 1192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
17:04:57.0232 1192 BrFiltUp - ok
17:04:57.0264 1192 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
17:04:57.0264 1192 Browser - ok
17:04:57.0295 1192 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
17:04:57.0295 1192 Brserid - ok
17:04:57.0310 1192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
17:04:57.0310 1192 BrSerWdm - ok
17:04:57.0342 1192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
17:04:57.0342 1192 BrUsbMdm - ok
17:04:57.0342 1192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
17:04:57.0357 1192 BrUsbSer - ok
17:04:57.0373 1192 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
17:04:57.0373 1192 BTHMODEM - ok
17:04:57.0466 1192 catchme - ok
17:04:57.0482 1192 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
17:04:57.0482 1192 cdfs - ok
17:04:57.0498 1192 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
17:04:57.0498 1192 cdrom - ok
17:04:57.0529 1192 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
17:04:57.0544 1192 CertPropSvc - ok
17:04:57.0560 1192 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
17:04:57.0560 1192 circlass - ok
17:04:57.0591 1192 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
17:04:57.0591 1192 CLFS - ok
17:04:57.0654 1192 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:04:57.0654 1192 clr_optimization_v2.0.50727_32 - ok
17:04:57.0700 1192 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:04:57.0700 1192 clr_optimization_v2.0.50727_64 - ok
17:04:57.0763 1192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:04:57.0763 1192 clr_optimization_v4.0.30319_32 - ok
17:04:57.0794 1192 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:04:57.0794 1192 clr_optimization_v4.0.30319_64 - ok
17:04:57.0810 1192 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
17:04:57.0810 1192 cmdide - ok
17:04:57.0825 1192 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
17:04:57.0825 1192 Compbatt - ok
17:04:57.0841 1192 COMSysApp - ok
17:04:57.0856 1192 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
17:04:57.0856 1192 crcdisk - ok
17:04:57.0888 1192 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
17:04:57.0888 1192 CryptSvc - ok
17:04:57.0966 1192 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
17:04:57.0981 1192 DcomLaunch - ok
17:04:57.0997 1192 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
17:04:57.0997 1192 DfsC - ok
17:04:58.0200 1192 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
17:04:58.0231 1192 DFSR - ok
17:04:58.0324 1192 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
17:04:58.0324 1192 Dhcp - ok
17:04:58.0371 1192 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
17:04:58.0387 1192 disk - ok
17:04:58.0402 1192 Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
17:04:58.0418 1192 Dnscache - ok
17:04:58.0434 1192 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
17:04:58.0434 1192 dot3svc - ok
17:04:58.0465 1192 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
17:04:58.0480 1192 Dot4 - ok
17:04:58.0480 1192 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:04:58.0480 1192 Dot4Print - ok
17:04:58.0496 1192 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
17:04:58.0496 1192 dot4usb - ok
17:04:58.0512 1192 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
17:04:58.0512 1192 DPS - ok
17:04:58.0527 1192 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
17:04:58.0527 1192 drmkaud - ok
17:04:58.0590 1192 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
17:04:58.0590 1192 DXGKrnl - ok
17:04:58.0621 1192 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
17:04:58.0621 1192 E1G60 - ok
17:04:58.0636 1192 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
17:04:58.0652 1192 EapHost - ok
17:04:58.0652 1192 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
17:04:58.0668 1192 Ecache - ok
17:04:58.0730 1192 ehRecvr (33510be001ccdb5a01fcc88f4dd8dfc7) C:\Windows\ehome\ehRecvr.exe
17:04:58.0746 1192 ehRecvr - ok
17:04:58.0761 1192 ehSched (1abc6436b0edaa3d496d9c827f92820d) C:\Windows\ehome\ehsched.exe
17:04:58.0761 1192 ehSched - ok
17:04:58.0777 1192 ehstart (08f48cb2cd4019afb0456869b49cd76f) C:\Windows\ehome\ehstart.dll
17:04:58.0777 1192 ehstart - ok
17:04:58.0824 1192 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
17:04:58.0824 1192 elxstor - ok
17:04:58.0855 1192 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
17:04:58.0870 1192 EMDMgmt - ok
17:04:58.0886 1192 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
17:04:58.0886 1192 ErrDev - ok
17:04:58.0917 1192 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
17:04:58.0917 1192 EventSystem - ok
17:04:58.0948 1192 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
17:04:58.0948 1192 exfat - ok
17:04:58.0964 1192 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
17:04:58.0980 1192 fastfat - ok
17:04:59.0011 1192 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
17:04:59.0011 1192 fdc - ok
17:04:59.0026 1192 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
17:04:59.0026 1192 fdPHost - ok
17:04:59.0042 1192 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
17:04:59.0042 1192 FDResPub - ok
17:04:59.0058 1192 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
17:04:59.0058 1192 FileInfo - ok
17:04:59.0073 1192 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
17:04:59.0073 1192 Filetrace - ok
17:04:59.0089 1192 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:04:59.0089 1192 flpydisk - ok
17:04:59.0104 1192 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
17:04:59.0120 1192 FltMgr - ok
17:04:59.0167 1192 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:04:59.0167 1192 FontCache3.0.0.0 - ok
17:04:59.0198 1192 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
17:04:59.0198 1192 Fs_Rec - ok
17:04:59.0214 1192 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
17:04:59.0214 1192 gagp30kx - ok
17:04:59.0245 1192 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:04:59.0245 1192 GEARAspiWDM - ok
17:04:59.0292 1192 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
17:04:59.0292 1192 gpsvc - ok
17:04:59.0385 1192 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:04:59.0385 1192 gupdate - ok
17:04:59.0416 1192 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:04:59.0416 1192 gupdatem - ok
17:04:59.0448 1192 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:04:59.0448 1192 gusvc - ok
17:04:59.0479 1192 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
17:04:59.0494 1192 HdAudAddService - ok
17:04:59.0510 1192 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:04:59.0510 1192 HDAudBus - ok
17:04:59.0526 1192 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
17:04:59.0526 1192 HidBth - ok
17:04:59.0541 1192 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
17:04:59.0541 1192 HidIr - ok
17:04:59.0572 1192 hidserv (0aa154538544e988429da2d5aa803a6c) C:\Windows\System32\hidserv.dll
17:04:59.0572 1192 hidserv - ok
17:04:59.0572 1192 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
17:04:59.0572 1192 HidUsb - ok
17:04:59.0604 1192 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
17:04:59.0604 1192 hkmsvc - ok
17:04:59.0650 1192 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
17:04:59.0650 1192 HpCISSs - ok
17:04:59.0760 1192 hpqcxs08 (fcb563b0a23643e5f80b6ff1e60f610f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:04:59.0760 1192 hpqcxs08 - ok
17:04:59.0775 1192 hpqddsvc (25e443e27165c652723a92d9bdfd4649) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:04:59.0775 1192 hpqddsvc - ok
17:04:59.0822 1192 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
17:04:59.0838 1192 HTTP - ok
17:04:59.0869 1192 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
17:04:59.0869 1192 i2omp - ok
17:04:59.0884 1192 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
17:04:59.0884 1192 i8042prt - ok
17:04:59.0916 1192 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
17:04:59.0916 1192 iaStorV - ok
17:05:00.0025 1192 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:05:00.0040 1192 idsvc - ok
17:05:00.0056 1192 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
17:05:00.0056 1192 iirsp - ok
17:05:00.0118 1192 IKEEXT (3a3b232140c33376e134e7b61a0eaa44) C:\Windows\System32\ikeext.dll
17:05:00.0134 1192 IKEEXT - ok
17:05:00.0228 1192 IntcAzAudAddService (df4f4e06229b9fb63a64e7f59f3fc935) C:\Windows\system32\drivers\RTKVHD64.sys
17:05:00.0243 1192 IntcAzAudAddService - ok
17:05:00.0352 1192 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
17:05:00.0352 1192 intelide - ok
17:05:00.0368 1192 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
17:05:00.0368 1192 intelppm - ok
17:05:00.0384 1192 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
17:05:00.0384 1192 IPBusEnum - ok
17:05:00.0399 1192 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:05:00.0399 1192 IpFilterDriver - ok
17:05:00.0430 1192 iphlpsvc (3a0427f35e7f8c16bbc5b1be32b8de76) C:\Windows\System32\iphlpsvc.dll
17:05:00.0446 1192 iphlpsvc - ok
17:05:00.0446 1192 IpInIp - ok
17:05:00.0462 1192 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
17:05:00.0462 1192 IPMIDRV - ok
17:05:00.0493 1192 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
17:05:00.0493 1192 IPNAT - ok
17:05:00.0586 1192 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
17:05:00.0602 1192 iPod Service - ok
17:05:00.0618 1192 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
17:05:00.0618 1192 IRENUM - ok
17:05:00.0649 1192 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
17:05:00.0649 1192 isapnp - ok
17:05:00.0680 1192 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
17:05:00.0680 1192 iScsiPrt - ok
17:05:00.0711 1192 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
17:05:00.0711 1192 iteatapi - ok
17:05:00.0727 1192 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
17:05:00.0727 1192 iteraid - ok
17:05:00.0758 1192 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
17:05:00.0758 1192 kbdclass - ok
17:05:00.0758 1192 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:05:00.0758 1192 kbdhid - ok
17:05:00.0789 1192 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
17:05:00.0789 1192 KeyIso - ok
17:05:00.0836 1192 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
17:05:00.0836 1192 KSecDD - ok
17:05:00.0852 1192 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
17:05:00.0852 1192 ksthunk - ok
17:05:00.0898 1192 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
17:05:00.0914 1192 KtmRm - ok
17:05:00.0961 1192 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\System32\srvsvc.dll
17:05:00.0976 1192 LanmanServer - ok
17:05:01.0023 1192 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
17:05:01.0023 1192 LanmanWorkstation - ok
17:05:01.0132 1192 LightScribeService (75ac54b996f7c8e17594ebc32b6614bd) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:05:01.0132 1192 LightScribeService - ok
17:05:01.0148 1192 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
17:05:01.0148 1192 lltdio - ok
17:05:01.0179 1192 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
17:05:01.0179 1192 lltdsvc - ok
17:05:01.0195 1192 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
17:05:01.0195 1192 lmhosts - ok
17:05:01.0242 1192 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
17:05:01.0242 1192 LSI_FC - ok
17:05:01.0273 1192 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
17:05:01.0273 1192 LSI_SAS - ok
17:05:01.0304 1192 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
17:05:01.0304 1192 LSI_SCSI - ok
17:05:01.0320 1192 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
17:05:01.0320 1192 luafv - ok
17:05:01.0366 1192 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:05:01.0366 1192 MBAMProtector - ok
17:05:01.0429 1192 MBAMService (de199f3aa9c541a349af95a5c72a71af) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:05:01.0429 1192 MBAMService - ok
17:05:01.0476 1192 Mcx2Svc (6da30c0de0cc8525e89d612c5063cac1) C:\Windows\system32\Mcx2Svc.dll
17:05:01.0476 1192 Mcx2Svc - ok
17:05:01.0507 1192 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
17:05:01.0507 1192 megasas - ok
17:05:01.0538 1192 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
17:05:01.0554 1192 MegaSR - ok
17:05:01.0569 1192 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
17:05:01.0569 1192 MMCSS - ok
17:05:01.0585 1192 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
17:05:01.0585 1192 Modem - ok
17:05:01.0616 1192 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
17:05:01.0616 1192 monitor - ok
17:05:01.0632 1192 motccgp (5d1080dbd8ec5f2d6e550e01398e17cf) C:\Windows\system32\DRIVERS\motccgp.sys
17:05:01.0632 1192 motccgp - ok
17:05:01.0663 1192 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
17:05:01.0663 1192 motccgpfl - ok
17:05:01.0710 1192 MotoHelper (fa073bf55e99f21cfe3afb023cfd81dc) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
17:05:01.0725 1192 MotoHelper - ok
17:05:01.0741 1192 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
17:05:01.0741 1192 MotoSwitchService - ok
17:05:01.0756 1192 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
17:05:01.0756 1192 mouclass - ok
17:05:01.0772 1192 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
17:05:01.0772 1192 mouhid - ok
17:05:01.0788 1192 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
17:05:01.0788 1192 MountMgr - ok
17:05:01.0819 1192 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
17:05:01.0819 1192 mpio - ok
17:05:01.0834 1192 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
17:05:01.0834 1192 mpsdrv - ok
17:05:01.0850 1192 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
17:05:01.0850 1192 Mraid35x - ok
17:05:01.0866 1192 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
17:05:01.0866 1192 MRxDAV - ok
17:05:01.0912 1192 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:05:01.0912 1192 mrxsmb - ok
17:05:01.0944 1192 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:05:01.0944 1192 mrxsmb10 - ok
17:05:01.0959 1192 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:05:01.0959 1192 mrxsmb20 - ok
17:05:01.0975 1192 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
17:05:01.0975 1192 msahci - ok
17:05:02.0006 1192 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
17:05:02.0006 1192 msdsm - ok
17:05:02.0037 1192 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
17:05:02.0037 1192 MSDTC - ok
17:05:02.0068 1192 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
17:05:02.0068 1192 Msfs - ok
17:05:02.0100 1192 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
17:05:02.0100 1192 msisadrv - ok
17:05:02.0131 1192 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
17:05:02.0131 1192 MSiSCSI - ok
17:05:02.0131 1192 msiserver - ok
17:05:02.0162 1192 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
17:05:02.0162 1192 MSKSSRV - ok
17:05:02.0178 1192 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
17:05:02.0193 1192 MSPCLOCK - ok
17:05:02.0224 1192 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
17:05:02.0224 1192 MSPQM - ok
17:05:02.0256 1192 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
17:05:02.0256 1192 MsRPC - ok
17:05:02.0271 1192 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
17:05:02.0271 1192 mssmbios - ok
17:05:02.0287 1192 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
17:05:02.0287 1192 MSTEE - ok
17:05:02.0318 1192 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
17:05:02.0334 1192 MTsensor - ok
17:05:02.0334 1192 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
17:05:02.0349 1192 Mup - ok
17:05:02.0380 1192 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
17:05:02.0380 1192 napagent - ok
17:05:02.0412 1192 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
17:05:02.0412 1192 NativeWifiP - ok
17:05:02.0458 1192 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
17:05:02.0474 1192 NDIS - ok
17:05:02.0474 1192 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
17:05:02.0474 1192 NdisTapi - ok
17:05:02.0505 1192 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
17:05:02.0505 1192 Ndisuio - ok
17:05:02.0521 1192 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
17:05:02.0521 1192 NdisWan - ok
17:05:02.0536 1192 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
17:05:02.0536 1192 NDProxy - ok
17:05:02.0599 1192 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll
17:05:02.0599 1192 Net Driver HPZ12 - ok
17:05:02.0614 1192 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
17:05:02.0614 1192 Netaapl - ok
17:05:02.0630 1192 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
17:05:02.0630 1192 NetBIOS - ok
17:05:02.0661 1192 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
17:05:02.0661 1192 netbt - ok
17:05:02.0677 1192 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
17:05:02.0677 1192 Netlogon - ok
17:05:02.0724 1192 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
17:05:02.0724 1192 Netman - ok
17:05:02.0755 1192 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
17:05:02.0755 1192 netprofm - ok
17:05:02.0802 1192 NetTcpPortSharing (b84613b469b98e09f50a748c1d02e132) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:05:02.0802 1192 NetTcpPortSharing - ok
17:05:02.0833 1192 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
17:05:02.0848 1192 nfrd960 - ok
17:05:02.0864 1192 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
17:05:02.0864 1192 NlaSvc - ok
17:05:02.0942 1192 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
17:05:02.0942 1192 NMSAccessU - ok
17:05:02.0989 1192 Norton PC Checkup Application Launcher - ok
17:05:03.0004 1192 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
17:05:03.0004 1192 Npfs - ok
17:05:03.0036 1192 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
17:05:03.0036 1192 nsi - ok
17:05:03.0051 1192 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
17:05:03.0051 1192 nsiproxy - ok
17:05:03.0129 1192 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
17:05:03.0145 1192 Ntfs - ok
17:05:03.0207 1192 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
17:05:03.0207 1192 Null - ok
17:05:03.0316 1192 NVENETFD (e132423e77fdcd11880bab7a8dbac8aa) C:\Windows\system32\DRIVERS\nvmfdx64.sys
17:05:03.0332 1192 NVENETFD - ok
17:05:03.0738 1192 nvlddmkm (2e46bf23f5a5dba03689cc9d2acc1dac) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:05:03.0847 1192 nvlddmkm - ok
17:05:03.0972 1192 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
17:05:03.0972 1192 nvraid - ok
17:05:03.0987 1192 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
17:05:03.0987 1192 nvstor - ok
17:05:04.0034 1192 nvsvc (4296114f1bad12a7244ddfb57ceeea9e) C:\Windows\system32\nvvsvc.exe
17:05:04.0034 1192 nvsvc - ok
17:05:04.0065 1192 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
17:05:04.0065 1192 nv_agp - ok
17:05:04.0065 1192 NwlnkFlt - ok
17:05:04.0065 1192 NwlnkFwd - ok
17:05:04.0221 1192 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:05:04.0221 1192 odserv - ok
17:05:04.0237 1192 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
17:05:04.0237 1192 ohci1394 - ok
17:05:04.0284 1192 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:05:04.0284 1192 ose - ok
17:05:04.0330 1192 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
17:05:04.0346 1192 p2pimsvc - ok
17:05:04.0362 1192 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
17:05:04.0362 1192 p2psvc - ok
17:05:04.0408 1192 PAC7302 (b87efc9994f53124622fa2a0caa6d828) C:\Windows\system32\DRIVERS\PAC7302.SYS
17:05:04.0408 1192 PAC7302 - ok
17:05:04.0440 1192 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
17:05:04.0440 1192 Parport - ok
17:05:04.0455 1192 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
17:05:04.0455 1192 partmgr - ok
17:05:04.0471 1192 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
17:05:04.0471 1192 PcaSvc - ok
17:05:04.0580 1192 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
17:05:04.0580 1192 PCCUJobMgr - ok
17:05:04.0596 1192 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
17:05:04.0596 1192 pci - ok
17:05:04.0611 1192 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
17:05:04.0627 1192 pciide - ok
17:05:04.0658 1192 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
17:05:04.0658 1192 pcmcia - ok
17:05:04.0705 1192 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
17:05:04.0705 1192 PEAUTH - ok
17:05:04.0783 1192 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
17:05:04.0783 1192 PerfHost - ok
17:05:04.0876 1192 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
17:05:04.0892 1192 pla - ok
17:05:04.0923 1192 PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
17:05:04.0939 1192 PlugPlay - ok
17:05:04.0986 1192 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll
17:05:04.0986 1192 Pml Driver HPZ12 - ok
17:05:05.0032 1192 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
17:05:05.0032 1192 PNRPAutoReg - ok
17:05:05.0048 1192 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
17:05:05.0048 1192 PNRPsvc - ok
17:05:05.0095 1192 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
17:05:05.0095 1192 PolicyAgent - ok
17:05:05.0157 1192 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
17:05:05.0157 1192 PptpMiniport - ok
17:05:05.0173 1192 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
17:05:05.0173 1192 Processor - ok
17:05:05.0204 1192 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
17:05:05.0204 1192 ProfSvc - ok
17:05:05.0235 1192 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
17:05:05.0235 1192 ProtectedStorage - ok
17:05:05.0251 1192 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
17:05:05.0251 1192 PSched - ok
17:05:05.0313 1192 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
17:05:05.0329 1192 ql2300 - ok
17:05:05.0360 1192 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
17:05:05.0360 1192 ql40xx - ok
17:05:05.0376 1192 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
17:05:05.0391 1192 QWAVE - ok
17:05:05.0391 1192 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
17:05:05.0391 1192 QWAVEdrv - ok
17:05:05.0407 1192 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
17:05:05.0407 1192 RasAcd - ok
17:05:05.0422 1192 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
17:05:05.0438 1192 RasAuto - ok
17:05:05.0454 1192 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:05:05.0454 1192 Rasl2tp - ok
17:05:05.0469 1192 RasMan (2a63d46b01685fd4be9778ca3c231c2d) C:\Windows\System32\rasmans.dll
17:05:05.0485 1192 RasMan - ok
17:05:05.0500 1192 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
17:05:05.0500 1192 RasPppoe - ok
17:05:05.0500 1192 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
17:05:05.0516 1192 RasSstp - ok
17:05:05.0532 1192 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
17:05:05.0532 1192 rdbss - ok
17:05:05.0532 1192 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:05:05.0532 1192 RDPCDD - ok
17:05:05.0578 1192 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
17:05:05.0578 1192 rdpdr - ok
17:05:05.0594 1192 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
17:05:05.0594 1192 RDPENCDD - ok
17:05:05.0625 1192 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
17:05:05.0625 1192 RDPWD - ok
17:05:05.0641 1192 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
17:05:05.0641 1192 RemoteAccess - ok
17:05:05.0688 1192 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
17:05:05.0688 1192 RemoteRegistry - ok
17:05:05.0766 1192 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
17:05:05.0766 1192 RichVideo - ok
17:05:05.0797 1192 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
17:05:05.0797 1192 RpcLocator - ok
17:05:05.0859 1192 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
17:05:05.0859 1192 RpcSs - ok
17:05:05.0922 1192 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
17:05:05.0922 1192 rspndr - ok
17:05:05.0937 1192 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
17:05:05.0937 1192 SamSs - ok
17:05:06.0031 1192 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:05:06.0031 1192 SASDIFSV - ok
17:05:06.0062 1192 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:05:06.0062 1192 SASKUTIL - ok
17:05:06.0093 1192 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
17:05:06.0093 1192 sbp2port - ok
17:05:06.0218 1192 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:05:06.0218 1192 SBSDWSCService - ok
17:05:06.0249 1192 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
17:05:06.0265 1192 SCardSvr - ok
17:05:06.0312 1192 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
17:05:06.0327 1192 Schedule - ok
17:05:06.0358 1192 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
17:05:06.0358 1192 SCPolicySvc - ok
17:05:06.0358 1192 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
17:05:06.0374 1192 SDRSVC - ok
17:05:06.0421 1192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:05:06.0421 1192 secdrv - ok
17:05:06.0436 1192 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
17:05:06.0436 1192 seclogon - ok
17:05:06.0452 1192 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
17:05:06.0452 1192 SENS - ok
17:05:06.0452 1192 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
17:05:06.0452 1192 Serenum - ok
17:05:06.0483 1192 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
17:05:06.0483 1192 Serial - ok
17:05:06.0499 1192 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
17:05:06.0499 1192 sermouse - ok
17:05:06.0530 1192 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
17:05:06.0530 1192 SessionEnv - ok
17:05:06.0546 1192 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
17:05:06.0546 1192 sffdisk - ok
17:05:06.0577 1192 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
17:05:06.0577 1192 sffp_mmc - ok
17:05:06.0577 1192 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
17:05:06.0592 1192 sffp_sd - ok
17:05:06.0608 1192 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
17:05:06.0608 1192 sfloppy - ok
17:05:06.0655 1192 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
17:05:06.0655 1192 ShellHWDetection - ok
17:05:06.0670 1192 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
17:05:06.0670 1192 SiSRaid2 - ok
17:05:06.0702 1192 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
17:05:06.0702 1192 SiSRaid4 - ok
17:05:06.0795 1192 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
17:05:06.0826 1192 slsvc - ok
17:05:06.0904 1192 SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
17:05:06.0904 1192 SLUINotify - ok
17:05:06.0951 1192 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
17:05:06.0951 1192 Smb - ok
17:05:06.0967 1192 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
17:05:06.0967 1192 SNMPTRAP - ok
17:05:06.0982 1192 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
17:05:06.0982 1192 spldr - ok
17:05:07.0014 1192 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
17:05:07.0029 1192 Spooler - ok
17:05:07.0060 1192 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
17:05:07.0076 1192 srv - ok
17:05:07.0107 1192 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
17:05:07.0123 1192 srv2 - ok
17:05:07.0138 1192 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
17:05:07.0138 1192 srvnet - ok
17:05:07.0170 1192 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
17:05:07.0170 1192 SSDPSRV - ok
17:05:07.0201 1192 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
17:05:07.0201 1192 SstpSvc - ok
17:05:07.0216 1192 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
17:05:07.0216 1192 StarOpen - ok
17:05:07.0248 1192 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
17:05:07.0263 1192 stisvc - ok
17:05:07.0279 1192 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
17:05:07.0279 1192 swenum - ok
17:05:07.0310 1192 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
17:05:07.0310 1192 swprv - ok
17:05:07.0341 1192 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
17:05:07.0341 1192 Symc8xx - ok
17:05:07.0357 1192 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
17:05:07.0357 1192 Sym_hi - ok
17:05:07.0388 1192 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
17:05:07.0388 1192 Sym_u3 - ok
17:05:07.0435 1192 SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
17:05:07.0450 1192 SysMain - ok
17:05:07.0466 1192 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
17:05:07.0466 1192 TabletInputService - ok
17:05:07.0497 1192 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
17:05:07.0497 1192 TapiSrv - ok
17:05:07.0513 1192 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
17:05:07.0513 1192 TBS - ok
17:05:07.0591 1192 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
17:05:07.0606 1192 Tcpip - ok
17:05:07.0622 1192 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
17:05:07.0638 1192 Tcpip6 - ok
17:05:07.0653 1192 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
17:05:07.0669 1192 tcpipreg - ok
17:05:07.0669 1192 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
17:05:07.0669 1192 TDPIPE - ok
17:05:07.0700 1192 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
17:05:07.0700 1192 TDTCP - ok
17:05:07.0716 1192 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
17:05:07.0716 1192 tdx - ok
17:05:07.0731 1192 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
17:05:07.0731 1192 TermDD - ok
17:05:07.0778 1192 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
17:05:07.0778 1192 TermService - ok
17:05:07.0825 1192 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
17:05:07.0825 1192 Themes - ok
17:05:07.0840 1192 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
17:05:07.0840 1192 THREADORDER - ok
17:05:07.0872 1192 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
17:05:07.0872 1192 TrkWks - ok
17:05:07.0918 1192 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
17:05:07.0918 1192 TrustedInstaller - ok
17:05:07.0934 1192 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:05:07.0934 1192 tssecsrv - ok
17:05:07.0950 1192 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
17:05:07.0950 1192 tunmp - ok
17:05:07.0981 1192 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
17:05:07.0981 1192 tunnel - ok
17:05:07.0996 1192 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
17:05:07.0996 1192 uagp35 - ok
17:05:08.0028 1192 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
17:05:08.0043 1192 udfs - ok
17:05:08.0059 1192 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
17:05:08.0059 1192 UI0Detect - ok
17:05:08.0090 1192 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
17:05:08.0090 1192 uliagpkx - ok
17:05:08.0121 1192 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
17:05:08.0137 1192 uliahci - ok
17:05:08.0152 1192 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
17:05:08.0168 1192 UlSata - ok
17:05:08.0184 1192 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
17:05:08.0184 1192 ulsata2 - ok
17:05:08.0199 1192 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
17:05:08.0199 1192 umbus - ok
17:05:08.0230 1192 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
17:05:08.0230 1192 upnphost - ok
17:05:08.0262 1192 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:05:08.0262 1192 USBAAPL64 - ok
17:05:08.0293 1192 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
17:05:08.0308 1192 usbccgp - ok
17:05:08.0324 1192 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
17:05:08.0324 1192 usbcir - ok
17:05:08.0355 1192 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
17:05:08.0355 1192 usbehci - ok
17:05:08.0371 1192 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
17:05:08.0371 1192 usbhub - ok
17:05:08.0402 1192 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
17:05:08.0402 1192 usbohci - ok
17:05:08.0418 1192 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
17:05:08.0418 1192 usbprint - ok
17:05:08.0433 1192 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
17:05:08.0433 1192 usbscan - ok
17:05:08.0449 1192 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:05:08.0449 1192 USBSTOR - ok
17:05:08.0464 1192 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
17:05:08.0464 1192 usbuhci - ok
17:05:08.0496 1192 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
17:05:08.0496 1192 UxSms - ok
17:05:08.0527 1192 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
17:05:08.0527 1192 vds - ok
17:05:08.0558 1192 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
17:05:08.0558 1192 vga - ok
17:05:08.0558 1192 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
17:05:08.0558 1192 VgaSave - ok
17:05:08.0605 1192 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
17:05:08.0605 1192 viaide - ok
17:05:08.0620 1192 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
17:05:08.0620 1192 volmgr - ok
17:05:08.0652 1192 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
17:05:08.0652 1192 volmgrx - ok
17:05:08.0667 1192 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
17:05:08.0683 1192 volsnap - ok
17:05:08.0698 1192 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
17:05:08.0714 1192 vsmraid - ok
17:05:08.0776 1192 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
17:05:08.0792 1192 VSS - ok
17:05:08.0823 1192 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
17:05:08.0839 1192 W32Time - ok
17:05:08.0870 1192 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
17:05:08.0886 1192 WacomPen - ok
17:05:08.0901 1192 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
17:05:08.0901 1192 Wanarp - ok
17:05:08.0901 1192 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
17:05:08.0901 1192 Wanarpv6 - ok
17:05:08.0932 1192 wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
17:05:08.0948 1192 wcncsvc - ok
17:05:08.0964 1192 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
17:05:08.0964 1192 WcsPlugInService - ok
17:05:08.0979 1192 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
17:05:08.0979 1192 Wd - ok
17:05:09.0026 1192 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:05:09.0042 1192 Wdf01000 - ok
17:05:09.0057 1192 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
17:05:09.0057 1192 WdiServiceHost - ok
17:05:09.0057 1192 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
17:05:09.0073 1192 WdiSystemHost - ok
17:05:09.0088 1192 WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
17:05:09.0088 1192 WebClient - ok
17:05:09.0120 1192 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
17:05:09.0120 1192 Wecsvc - ok
17:05:09.0151 1192 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
17:05:09.0151 1192 wercplsupport - ok
17:05:09.0182 1192 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
17:05:09.0182 1192 WerSvc - ok
17:05:09.0213 1192 WinDefend - ok
17:05:09.0229 1192 WinHttpAutoProxySvc - ok
17:05:09.0291 1192 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
17:05:09.0291 1192 Winmgmt - ok
17:05:09.0400 1192 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
17:05:09.0416 1192 WinRM - ok
17:05:09.0525 1192 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
17:05:09.0541 1192 Wlansvc - ok
17:05:09.0619 1192 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe
17:05:09.0619 1192 WLSetupSvc - ok
17:05:09.0681 1192 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
17:05:09.0681 1192 WmiAcpi - ok
17:05:09.0744 1192 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
17:05:09.0744 1192 wmiApSrv - ok
17:05:09.0759 1192 WMPNetworkSvc - ok
17:05:09.0790 1192 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
17:05:09.0790 1192 WPCSvc - ok
17:05:09.0806 1192 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
17:05:09.0806 1192 WPDBusEnum - ok
17:05:09.0837 1192 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
17:05:09.0837 1192 WpdUsb - ok
17:05:09.0978 1192 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:05:09.0993 1192 WPFFontCache_v0400 - ok
17:05:10.0009 1192 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
17:05:10.0009 1192 ws2ifsl - ok
17:05:10.0040 1192 wscsvc (cb8ea6d95949384925ccfca21cc6dfd8) C:\Windows\system32\wscsvc.dll
17:05:10.0056 1192 wscsvc - ok
17:05:10.0056 1192 WSearch - ok
17:05:10.0196 1192 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
17:05:10.0227 1192 wuauserv - ok
17:05:10.0336 1192 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:05:10.0352 1192 WUDFRd - ok
17:05:10.0368 1192 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
17:05:10.0368 1192 wudfsvc - ok
17:05:10.0383 1192 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:05:11.0116 1192 \Device\Harddisk0\DR0 - ok
17:05:11.0132 1192 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk5\DR7
17:05:11.0226 1192 \Device\Harddisk5\DR7 - ok
17:05:11.0226 1192 Boot (0x1200) (cecdc4c6f2132c18a60bddf2ba352df9) \Device\Harddisk0\DR0\Partition0
17:05:11.0226 1192 \Device\Harddisk0\DR0\Partition0 - ok
17:05:11.0241 1192 Boot (0x1200) (319eaaba794570be74158ae765722528) \Device\Harddisk5\DR7\Partition0
17:05:11.0241 1192 \Device\Harddisk5\DR7\Partition0 - ok
17:05:11.0241 1192 ============================================================
17:05:11.0241 1192 Scan finished
17:05:11.0241 1192 ============================================================
17:05:11.0257 1376 Detected object count: 0
17:05:11.0257 1376 Actual detected object count: 0
17:07:02.0594 0804 Deinitialize success

#4 engxladso

engxladso
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 20 June 2012 - 12:33 PM

aswmbr log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-20 17:08:14
-----------------------------
17:08:14.744 OS Version: Windows x64 6.0.6001 Service Pack 1
17:08:14.744 Number of processors: 2 586 0x1706
17:08:14.744 ComputerName: RICHARDMORGA-PC UserName: RICHARD MORGAN
17:08:15.852 Initialize success
17:08:16.788 AVAST engine defs: 12061500
17:08:46.724 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5
17:08:46.724 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 476940MB BusType: 3
17:08:46.724 Disk 0 MBR read successfully
17:08:46.740 Disk 0 MBR scan
17:08:47.036 Disk 0 Windows VISTA default MBR code
17:08:47.067 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 19002 MB offset 2048
17:08:47.270 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 457935 MB offset 38918880
17:08:47.442 Disk 0 scanning C:\Windows\system32\drivers
17:08:56.864 Service scanning
17:09:08.533 Modules scanning
17:09:08.533 Disk 0 trace - called modules:
17:09:08.564 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:09:08.564 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a0b060]
17:09:08.564 3 CLASSPNP.SYS[fffffa6000fd5b3a] -> nt!IofCallDriver -> [0xfffffa8004857520]
17:09:08.580 5 acpi.sys[fffffa60008c2ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-5[0xfffffa8004891940]
17:09:09.547 AVAST engine scan C:\Windows
17:09:12.339 AVAST engine scan C:\Windows\system32
17:11:21.991 AVAST engine scan C:\Windows\system32\drivers
17:11:42.567 AVAST engine scan C:\Users\RICHARD MORGAN
17:23:26.751 AVAST engine scan C:\ProgramData
17:25:51.270 Scan finished successfully
17:26:21.658 Disk 0 MBR has been saved successfully to "E:\bLEEPING cOMputer help 20-06-12\MBR.dat"
17:26:21.674 The log file has been saved successfully to "E:\bLEEPING cOMputer help 20-06-12\aswMBR.txt"

ESET log:


C:\Program Files (x86)\GuffinsEI\Installr\2.bin\NPu4EISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\GuffinsEI\Installr\2.bin\u4EIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\2.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\RICHARD MORGAN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\299ed764-58871627 Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined

#5 engxladso

engxladso
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 20 June 2012 - 12:37 PM

Since I am on British time, I am going home now. Will carry out any more instructions from you tomorrow.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:24 AM

Posted 20 June 2012 - 01:05 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe

Click on LOOK,post the generated log

#7 engxladso

engxladso
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 21 June 2012 - 02:39 AM

System Look log:

SystemLook 30.07.11 by jpshortstuff
Log created at 08:33 on 21/06/2012 by RICHARD MORGAN
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\ERDNT\cache64\services.exe --a---- 384512 bytes [09:41 06/05/2011] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [20:58 24/09/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [20:58 24/09/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\System32\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] BA539D2CE99C05A180EC518EA2040D6A
C:\Windows\SysWOW64\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C

-= EOF =-

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:24 AM

Posted 21 June 2012 - 10:12 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#9 engxladso

engxladso
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 22 June 2012 - 03:26 AM

Mini Toolbox log:


MiniToolBox by Farbar Version: 09-06-2012
Ran by RICHARD MORGAN (administrator) on 22-06-2012 at 09:22:24
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : RICHARDMORGA-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : 00-22-15-95-04-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::52a:38bb:47:ff5d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 21 June 2012 18:35:06
Lease Expires . . . . . . . . . . : 25 June 2012 08:51:38
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.lan
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:807::1008
173.194.34.135
173.194.34.128
173.194.34.130
173.194.34.132
173.194.34.142
173.194.34.129
173.194.34.133
173.194.34.137
173.194.34.136
173.194.34.134
173.194.34.131



Pinging google.com [173.194.34.66] with 32 bytes of data:

Reply from 173.194.34.66: bytes=32 time=22ms TTL=54

Reply from 173.194.34.66: bytes=32 time=21ms TTL=54



Ping statistics for 173.194.34.66:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 22ms, Average = 21ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=234ms TTL=46

Reply from 98.139.183.24: bytes=32 time=164ms TTL=46



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 164ms, Maximum = 234ms, Average = 199ms

Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 22 15 95 04 9d ...... NVIDIA nForce 10/100 Mbps Ethernet
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.lan
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
18 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.12 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.12 276
192.168.0.12 255.255.255.255 On-link 192.168.0.12 276
192.168.0.255 255.255.255.255 On-link 192.168.0.12 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.12 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.12 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::52a:38bb:47:ff5d/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/22/2012 09:20:06 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_15302f0af3bbd1ec.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2.manifest.

Error: (06/22/2012 08:51:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (06/22/2012 08:51:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (06/22/2012 08:51:26 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2012 02:49:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (06/22/2012 02:49:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028

Error: (06/22/2012 02:49:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2012 02:49:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014

Error: (06/22/2012 02:49:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014

Error: (06/22/2012 02:49:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/21/2012 07:53:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: SYSTEM)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.129.43.0){B7FE6780-8461-4E6C-9846-551EEC0DA961}100

Error: (06/21/2012 06:35:24 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (06/21/2012 06:35:23 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (06/21/2012 06:35:23 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (06/21/2012 06:35:23 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (06/21/2012 06:35:10 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (06/21/2012 06:28:50 PM) (Source: Service Control Manager) (User: )
Description: aswSnx
aswSP
aswTdi
Beep
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (06/21/2012 06:28:50 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (06/21/2012 06:28:50 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (06/21/2012 06:28:50 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 1.0.0)
AIO_CDB_ToolboxIni64 (Version: 82.0.242.000)
Apple Mobile Device Support (Version: 4.0.0.96)
Bonjour (Version: 3.0.0.10)
Google Chrome (Version: 19.0.1084.56)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Solution Center 8.0 (Version: 8.0)
iTunes (Version: 10.5.0.142)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0)
NVIDIA Drivers
SmartDraw 2009
SUPERAntiSpyware (Version: 5.0.1108)

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 3836.64 MB
Available physical RAM: 1752.86 MB
Total Pagefile: 7892.82 MB
Available Pagefile: 6029.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.15 MB

========================= Partitions: =====================================

1 Drive c: (WinVista) (Fixed) (Total:447.2 GB) (Free:314.77 GB) NTFS
3 Drive e: (KINGSTON) (Removable) (Total:7.45 GB) (Free:0.26 GB) FAT32

========================= Users: ========================================

User accounts for \\RICHARDMORGA-PC

Administrator Guest RICHARD MORGAN


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:24 AM

Posted 22 June 2012 - 06:50 AM

Malwarebytes log??

Also

Download

Farbar Service Scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#11 engxladso

engxladso
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 22 June 2012 - 06:57 AM

MBAM log:


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.06.20.02

Windows Vista Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19088
RICHARD MORGAN :: RICHARDMORGA-PC [administrator]

20/06/2012 10:55:20
mbam-log-2012-06-20 (10-55-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 367692
Time elapsed: 44 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{0e32fcd4-7f06-4768-9f2b-869dc2ffffae} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKCR\TypeLib\{af25082c-7883-4ac5-9d15-784f3cfc78df} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKCR\Interface\{7906EEF8-33D6-442A-A07A-11A9A5701935} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKCR\GuffinsInstaller.Start.1 (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKCR\GuffinsInstaller.Start (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E32FCD4-7F06-4768-9F2B-869DC2FFFFAE} (PUP.FunWebProducts) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E32FCD4-7F06-4768-9F2B-869DC2FFFFAE} (PUP.FunWebProducts) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\GuffinsEI\Installr\2.bin\u4EZSETP.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\RICHARD MORGAN\Downloads\Guffins.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

(end)

#12 engxladso

engxladso
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 22 June 2012 - 07:00 AM

FSS log:
Farbar Service Scanner Version: 22-06-2012
Ran by RICHARD MORGAN (administrator) on 22-06-2012 at 12:59:29
Running from "E:\bLEEPING cOMputer help 20-06-12"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-21 03:49] - [2008-01-21 03:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2008-01-21 03:50] - [2008-01-21 03:50] - 0268288 ____A (Microsoft Corporation) FDAA0EDFCFB70CD529589AD654651B40

C:\Windows\System32\drivers\afd.sys
[2011-06-14 21:00] - [2011-04-21 14:42] - 0407552 ____A (Microsoft Corporation) 9BB97042FA331A0FB4BDD98B9280A50A

C:\Windows\System32\drivers\tdx.sys
[2008-01-21 03:49] - [2008-01-21 03:49] - 0094208 ____A (Microsoft Corporation) 8C39C72E0E853DE04748C0337D9B9216

C:\Windows\System32\Drivers\tcpip.sys
[2010-08-24 21:50] - [2010-06-16 17:40] - 1420176 ____A (Microsoft Corporation) 7D86275FB640011B372FD566C0EAFA8D

C:\Windows\System32\dnsrslvr.dll
[2011-04-16 18:43] - [2011-03-02 16:10] - 0117760 ____A (Microsoft Corporation) DAF05293C1264E251D3A25E7E24B2DDF

C:\Windows\System32\mpssvc.dll
[2008-01-21 03:49] - [2008-01-21 03:49] - 0601088 ____A (Microsoft Corporation) 8A670648C755867A3AA38DA50BA569AA

C:\Windows\System32\bfe.dll
[2008-01-21 03:50] - [2008-01-21 03:50] - 0458240 ____A (Microsoft Corporation) BC4737AAFFA5964E4F8827C9B8C0EB8E

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-01-21 03:47] - [2008-01-21 03:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2008-01-21 03:50] - [2008-01-21 03:50] - 1432576 ____A (Microsoft Corporation) 186BD53F8A408AD20F5A056C05678629

C:\Windows\System32\wscsvc.dll
[2008-01-21 03:47] - [2008-01-21 03:47] - 0074752 ____A (Microsoft Corporation) CB8EA6D95949384925CCFCA21CC6DFD8

C:\Windows\System32\wbem\WMIsvc.dll
[2008-01-21 03:50] - [2008-01-21 03:50] - 0221696 ____A (Microsoft Corporation) AC98F38FEAB066A8F983D54FF3F4FD4C

C:\Windows\System32\wuaueng.dll
[2009-10-21 09:22] - [2009-08-07 03:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll
[2008-01-21 03:50] - [2008-01-21 03:50] - 1082368 ____A (Microsoft Corporation) D896A0D43F8AB81ECB1FC6C24DECFD58

C:\Windows\System32\es.dll
[2008-12-30 18:09] - [2008-12-30 18:09] - 0361984 ____A (Microsoft Corporation) 6B1A97BF9FEFBDC83F3C7C7D0F826C66

C:\Windows\System32\cryptsvc.dll
[2008-01-21 03:49] - [2008-01-21 03:49] - 0165376 ____A (Microsoft Corporation) 4374F784121D8B3BB466B03F5E5EBD33

C:\Program Files\Windows Defender\MpSvc.dll
[2008-01-21 03:47] - [2008-01-21 03:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-04-16 12:39] - [2009-03-03 05:57] - 0718336 ____A (Microsoft Corporation) 52CDADE8289FF21F1F2215FF51A5F36C



**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:24 AM

Posted 22 June 2012 - 07:07 AM

Please re run MBAM and post the clean log

Create a restore point before trying this

Download

MpsSvc
BFE

Launch them ,click YES when you get UAC prompt

restart the PC

Press Windows+R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok


Press Windows+R key and type

services.msc and click ok

start base filtering engine service and then windows firewall service

Post the new FSS log

Good luck

#14 engxladso

engxladso
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 22 June 2012 - 07:14 AM

Is the clean mbam log from yesterday OK?

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:24 AM

Posted 22 June 2012 - 07:15 AM

Please post the clean log in normal mode :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users