Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:win64/Sirefef


  • Please log in to reply
13 replies to this topic

#1 jfparla

jfparla

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 21 June 2012 - 08:05 PM

I am helping a friend who used your guides to try to remove the "Live Security Platinum" malware.

She followed the guide, but while running Malwarebytes in safe mode, a message stating Windows encountered an error and was restarting in 60 seconds appeared. In about 60 seconds, Windows restarted before Malwarebytes had completed.

From that point on starting Windows normally, in Safe Mode, and Safe Mode with networking results in the above message, and a restart in 60 seconds. She tried running FixExec as mentioned in the Guide. I helped her and got it to run in Safe Mode before it restarted, but the restart message continues.

I restored to an earlier restore point about 1 week before the symptoms occurred. That seems to have stopped the restart message. The computer runs in all modes, and does not seem to have any errors.

I do not trust the clean-up. Any suggestions on how to be sure the machine is clean(er)?

Thanks for your attention.

jfparla

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 AM

Posted 21 June 2012 - 08:18 PM

Boot the PC into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 22 June 2012 - 08:34 AM

Thanks. Here are the results.

ESET Ran the 1st time and the machine restarted during Windows Update schedule. I was not at the machine when ESET finished and the restart took place. I ran it again. I included the 2nd ESET results and the quarentine information, which I believe is from the 1st ESET run.

Sorry...It has been a while since I posted...how do I attached the results? There used to be an attachments line to add the results, but I do not see it.

Edited by jfparla, 22 June 2012 - 08:52 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 AM

Posted 22 June 2012 - 10:29 AM

Just copy paste the contents here

#5 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 22 June 2012 - 10:45 AM

OK...Thanks

TDSSKiller Results:

22:20:18.0404 3420 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
22:20:18.0414 3420 ============================================================
22:20:18.0414 3420 Current date / time: 2012/06/21 22:20:18.0414
22:20:18.0414 3420 SystemInfo:
22:20:18.0414 3420
22:20:18.0414 3420 OS Version: 6.1.7601 ServicePack: 1.0
22:20:18.0414 3420 Product type: Workstation
22:20:18.0414 3420 ComputerName: PAMSPEER-HP
22:20:18.0414 3420 UserName: Pam Speer
22:20:18.0414 3420 Windows directory: C:\Windows
22:20:18.0414 3420 System windows directory: C:\Windows
22:20:18.0414 3420 Running under WOW64
22:20:18.0414 3420 Processor architecture: Intel x64
22:20:18.0414 3420 Number of processors: 8
22:20:18.0414 3420 Page size: 0x1000
22:20:18.0414 3420 Boot type: Normal boot
22:20:18.0414 3420 ============================================================
22:20:19.0847 3420 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:20:19.0882 3420 Drive \Device\Harddisk5\DR5 - Size: 0xF0FFA000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:20:19.0884 3420 ============================================================
22:20:19.0884 3420 \Device\Harddisk0\DR0:
22:20:19.0884 3420 MBR partitions:
22:20:19.0884 3420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:20:19.0884 3420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4915A800
22:20:19.0884 3420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4918D000, BlocksNum 0x16CA800
22:20:19.0884 3420 \Device\Harddisk5\DR5:
22:20:19.0884 3420 MBR partitions:
22:20:19.0884 3420 ============================================================
22:20:19.0942 3420 C: <-> \Device\Harddisk0\DR0\Partition1
22:20:20.0077 3420 D: <-> \Device\Harddisk0\DR0\Partition2
22:20:20.0077 3420 ============================================================
22:20:20.0077 3420 Initialize success
22:20:20.0077 3420 ============================================================
22:20:57.0197 4428 ============================================================
22:20:57.0197 4428 Scan started
22:20:57.0197 4428 Mode: Manual; TDLFS;
22:20:57.0197 4428 ============================================================
22:20:58.0397 4428 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:20:58.0397 4428 1394ohci - ok
22:20:58.0447 4428 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:20:58.0452 4428 ACPI - ok
22:20:58.0497 4428 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:20:58.0507 4428 AcpiPmi - ok
22:20:58.0707 4428 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
22:20:58.0772 4428 Adobe LM Service - ok
22:20:58.0917 4428 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
22:20:58.0922 4428 AdobeActiveFileMonitor9.0 - ok
22:20:58.0997 4428 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:20:58.0997 4428 AdobeARMservice - ok
22:20:59.0197 4428 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:20:59.0202 4428 AdobeFlashPlayerUpdateSvc - ok
22:20:59.0302 4428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:20:59.0317 4428 adp94xx - ok
22:20:59.0377 4428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:20:59.0387 4428 adpahci - ok
22:20:59.0412 4428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:20:59.0427 4428 adpu320 - ok
22:20:59.0462 4428 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:20:59.0462 4428 AeLookupSvc - ok
22:20:59.0607 4428 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:20:59.0642 4428 AFD - ok
22:20:59.0702 4428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:20:59.0717 4428 agp440 - ok
22:20:59.0742 4428 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:20:59.0777 4428 ALG - ok
22:20:59.0827 4428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:20:59.0837 4428 aliide - ok
22:20:59.0922 4428 AMD External Events Utility (c6f7a4e77158af1b937f872392ff1b13) C:\Windows\system32\atiesrxx.exe
22:20:59.0977 4428 AMD External Events Utility - ok
22:20:59.0997 4428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:21:00.0002 4428 amdide - ok
22:21:00.0032 4428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:21:00.0042 4428 AmdK8 - ok
22:21:00.0762 4428 amdkmdag (21d749e3c8140b16c40a8273fd747899) C:\Windows\system32\DRIVERS\atikmdag.sys
22:21:00.0962 4428 amdkmdag - ok
22:21:01.0172 4428 amdkmdap (1aa6f50a8e7f8413377c979cef5218a5) C:\Windows\system32\DRIVERS\atikmpag.sys
22:21:01.0192 4428 amdkmdap - ok
22:21:01.0242 4428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:21:01.0252 4428 AmdPPM - ok
22:21:01.0322 4428 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:21:01.0332 4428 amdsata - ok
22:21:01.0362 4428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:21:01.0382 4428 amdsbs - ok
22:21:01.0402 4428 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:21:01.0402 4428 amdxata - ok
22:21:01.0482 4428 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:21:01.0502 4428 AppID - ok
22:21:01.0532 4428 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:21:01.0552 4428 AppIDSvc - ok
22:21:01.0612 4428 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:21:01.0612 4428 Appinfo - ok
22:21:01.0762 4428 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:01.0762 4428 Apple Mobile Device - ok
22:21:01.0822 4428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:21:01.0842 4428 arc - ok
22:21:01.0852 4428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:21:01.0862 4428 arcsas - ok
22:21:01.0922 4428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:01.0922 4428 AsyncMac - ok
22:21:01.0972 4428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:21:01.0982 4428 atapi - ok
22:21:02.0062 4428 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
22:21:02.0072 4428 AtiHdmiService - ok
22:21:02.0222 4428 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:21:02.0262 4428 AudioEndpointBuilder - ok
22:21:02.0272 4428 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:21:02.0272 4428 AudioSrv - ok
22:21:02.0342 4428 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:21:02.0382 4428 AxInstSV - ok
22:21:02.0472 4428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:21:02.0492 4428 b06bdrv - ok
22:21:02.0552 4428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:21:02.0582 4428 b57nd60a - ok
22:21:02.0652 4428 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:21:02.0662 4428 BDESVC - ok
22:21:02.0682 4428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:21:02.0682 4428 Beep - ok
22:21:02.0812 4428 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:21:02.0812 4428 BITS - ok
22:21:02.0872 4428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:21:02.0882 4428 blbdrive - ok
22:21:03.0042 4428 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:21:03.0052 4428 Bonjour Service - ok
22:21:03.0122 4428 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:21:03.0122 4428 bowser - ok
22:21:03.0172 4428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:21:03.0182 4428 BrFiltLo - ok
22:21:03.0192 4428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:21:03.0202 4428 BrFiltUp - ok
22:21:03.0242 4428 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:21:03.0252 4428 Browser - ok
22:21:03.0292 4428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:21:03.0312 4428 Brserid - ok
22:21:03.0332 4428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:21:03.0342 4428 BrSerWdm - ok
22:21:03.0352 4428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:21:03.0362 4428 BrUsbMdm - ok
22:21:03.0372 4428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:21:03.0382 4428 BrUsbSer - ok
22:21:03.0402 4428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:21:03.0412 4428 BTHMODEM - ok
22:21:03.0472 4428 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:21:03.0512 4428 bthserv - ok
22:21:03.0542 4428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:21:03.0552 4428 cdfs - ok
22:21:03.0613 4428 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:21:03.0633 4428 cdrom - ok
22:21:03.0703 4428 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:21:03.0733 4428 CertPropSvc - ok
22:21:03.0783 4428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:21:03.0783 4428 circlass - ok
22:21:03.0833 4428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:21:03.0843 4428 CLFS - ok
22:21:03.0903 4428 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:21:03.0923 4428 clr_optimization_v2.0.50727_32 - ok
22:21:03.0983 4428 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:21:03.0993 4428 clr_optimization_v2.0.50727_64 - ok
22:21:04.0123 4428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:21:04.0133 4428 clr_optimization_v4.0.30319_32 - ok
22:21:04.0193 4428 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:21:04.0193 4428 clr_optimization_v4.0.30319_64 - ok
22:21:04.0263 4428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:21:04.0273 4428 CmBatt - ok
22:21:04.0313 4428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:21:04.0323 4428 cmdide - ok
22:21:04.0443 4428 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:21:04.0463 4428 CNG - ok
22:21:04.0513 4428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:21:04.0523 4428 Compbatt - ok
22:21:04.0593 4428 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:21:04.0603 4428 CompositeBus - ok
22:21:04.0603 4428 COMSysApp - ok
22:21:04.0623 4428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:21:04.0633 4428 crcdisk - ok
22:21:04.0683 4428 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:21:04.0683 4428 CryptSvc - ok
22:21:04.0813 4428 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:21:04.0823 4428 DcomLaunch - ok
22:21:04.0883 4428 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:21:04.0903 4428 defragsvc - ok
22:21:04.0943 4428 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:21:04.0953 4428 DfsC - ok
22:21:05.0043 4428 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:21:05.0063 4428 Dhcp - ok
22:21:05.0143 4428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:21:05.0143 4428 discache - ok
22:21:05.0203 4428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:21:05.0203 4428 Disk - ok
22:21:05.0273 4428 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:21:05.0303 4428 Dnscache - ok
22:21:05.0363 4428 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:21:05.0403 4428 dot3svc - ok
22:21:05.0423 4428 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:21:05.0433 4428 DPS - ok
22:21:05.0493 4428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:21:05.0503 4428 drmkaud - ok
22:21:05.0603 4428 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:21:05.0623 4428 DXGKrnl - ok
22:21:05.0663 4428 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:21:05.0683 4428 EapHost - ok
22:21:05.0943 4428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:21:06.0013 4428 ebdrv - ok
22:21:06.0153 4428 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:21:06.0173 4428 EFS - ok
22:21:06.0293 4428 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:21:06.0323 4428 ehRecvr - ok
22:21:06.0363 4428 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:21:06.0383 4428 ehSched - ok
22:21:06.0523 4428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:21:06.0543 4428 elxstor - ok
22:21:06.0583 4428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:21:06.0583 4428 ErrDev - ok
22:21:06.0653 4428 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:21:06.0653 4428 EventSystem - ok
22:21:06.0723 4428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:21:06.0743 4428 exfat - ok
22:21:06.0763 4428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:21:06.0773 4428 fastfat - ok
22:21:06.0923 4428 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:21:06.0933 4428 Fax - ok
22:21:06.0993 4428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:21:07.0003 4428 fdc - ok
22:21:07.0073 4428 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:21:07.0093 4428 fdPHost - ok
22:21:07.0113 4428 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:21:07.0113 4428 FDResPub - ok
22:21:07.0183 4428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:21:07.0183 4428 FileInfo - ok
22:21:07.0203 4428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:21:07.0213 4428 Filetrace - ok
22:21:07.0233 4428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:21:07.0243 4428 flpydisk - ok
22:21:07.0333 4428 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:21:07.0333 4428 FltMgr - ok
22:21:07.0483 4428 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:21:07.0493 4428 FontCache - ok
22:21:07.0573 4428 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:21:07.0583 4428 FontCache3.0.0.0 - ok
22:21:07.0728 4428 FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
22:21:07.0733 4428 FreeAgentGoNext Service - ok
22:21:07.0823 4428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:21:07.0833 4428 FsDepends - ok
22:21:07.0888 4428 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:21:07.0893 4428 Fs_Rec - ok
22:21:07.0968 4428 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:21:07.0973 4428 fvevol - ok
22:21:08.0028 4428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:21:08.0048 4428 gagp30kx - ok
22:21:08.0173 4428 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:21:08.0238 4428 GamesAppService - ok
22:21:08.0263 4428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:21:08.0268 4428 GEARAspiWDM - ok
22:21:08.0378 4428 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:21:08.0408 4428 gpsvc - ok
22:21:08.0458 4428 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:08.0458 4428 gupdate - ok
22:21:08.0523 4428 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:21:08.0528 4428 gupdatem - ok
22:21:08.0603 4428 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:21:08.0658 4428 gusvc - ok
22:21:08.0713 4428 hcw85cir (25581dcfe6cb06cc0e48fa5b63f67532) C:\Windows\system32\drivers\hcw85cir3.sys
22:21:08.0723 4428 hcw85cir - ok
22:21:08.0833 4428 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:21:08.0858 4428 HdAudAddService - ok
22:21:08.0928 4428 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:21:08.0933 4428 HDAudBus - ok
22:21:08.0998 4428 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:21:09.0013 4428 HECIx64 - ok
22:21:09.0043 4428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:21:09.0058 4428 HidBatt - ok
22:21:09.0083 4428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:21:09.0098 4428 HidBth - ok
22:21:09.0148 4428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:21:09.0158 4428 HidIr - ok
22:21:09.0183 4428 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:21:09.0188 4428 hidserv - ok
22:21:09.0268 4428 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:21:09.0268 4428 HidUsb - ok
22:21:09.0348 4428 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:21:09.0383 4428 hkmsvc - ok
22:21:09.0423 4428 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:21:09.0448 4428 HomeGroupListener - ok
22:21:09.0493 4428 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:21:09.0493 4428 HomeGroupProvider - ok
22:21:09.0568 4428 HP Health Check Service - ok
22:21:09.0643 4428 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:21:09.0658 4428 HpSAMD - ok
22:21:09.0703 4428 HpStkm01 (5e6c5acf2b0e1a94d240147819c8a437) C:\Windows\system32\DRIVERS\HpStkm01.SYS
22:21:09.0718 4428 HpStkm01 - ok
22:21:09.0858 4428 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:21:09.0898 4428 HTTP - ok
22:21:09.0958 4428 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:21:09.0958 4428 hwpolicy - ok
22:21:10.0068 4428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:21:10.0078 4428 i8042prt - ok
22:21:10.0138 4428 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
22:21:10.0148 4428 iaStor - ok
22:21:10.0268 4428 IAStorDataMgrSvc (f627bc830ee548527966288e4968aac0) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:21:10.0268 4428 IAStorDataMgrSvc - ok
22:21:10.0338 4428 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:21:10.0358 4428 iaStorV - ok
22:21:10.0488 4428 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:21:10.0538 4428 idsvc - ok
22:21:10.0608 4428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:21:10.0618 4428 iirsp - ok
22:21:10.0748 4428 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:21:10.0778 4428 IKEEXT - ok
22:21:11.0038 4428 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
22:21:11.0068 4428 IntcAzAudAddService - ok
22:21:11.0218 4428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:21:11.0228 4428 intelide - ok
22:21:11.0288 4428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:21:11.0288 4428 intelppm - ok
22:21:11.0348 4428 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:21:11.0378 4428 IPBusEnum - ok
22:21:11.0438 4428 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:11.0448 4428 IpFilterDriver - ok
22:21:11.0468 4428 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:21:11.0478 4428 IPMIDRV - ok
22:21:11.0498 4428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:21:11.0508 4428 IPNAT - ok
22:21:11.0678 4428 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:21:11.0688 4428 iPod Service - ok
22:21:11.0728 4428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:21:11.0738 4428 IRENUM - ok
22:21:11.0808 4428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:21:11.0828 4428 isapnp - ok
22:21:11.0858 4428 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:21:11.0878 4428 iScsiPrt - ok
22:21:11.0918 4428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:11.0918 4428 kbdclass - ok
22:21:11.0978 4428 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:21:11.0978 4428 kbdhid - ok
22:21:12.0058 4428 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:12.0058 4428 KeyIso - ok
22:21:12.0088 4428 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:21:12.0098 4428 KSecDD - ok
22:21:12.0138 4428 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:21:12.0138 4428 KSecPkg - ok
22:21:12.0168 4428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:21:12.0178 4428 ksthunk - ok
22:21:12.0258 4428 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:21:12.0288 4428 KtmRm - ok
22:21:12.0348 4428 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:21:12.0358 4428 LanmanServer - ok
22:21:12.0438 4428 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:21:12.0448 4428 LanmanWorkstation - ok
22:21:12.0538 4428 LightScribeService (3503f257b3203f824b1567238ebe17e2) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:21:12.0538 4428 LightScribeService - ok
22:21:12.0598 4428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:21:12.0618 4428 lltdio - ok
22:21:12.0698 4428 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:21:12.0738 4428 lltdsvc - ok
22:21:12.0798 4428 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:21:12.0828 4428 lmhosts - ok
22:21:12.0908 4428 LMS (e38775922d4a4c05b5d96733ab4ce169) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:21:12.0908 4428 LMS - ok
22:21:12.0958 4428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:21:12.0978 4428 LSI_FC - ok
22:21:13.0008 4428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:21:13.0028 4428 LSI_SAS - ok
22:21:13.0048 4428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:21:13.0058 4428 LSI_SAS2 - ok
22:21:13.0078 4428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:21:13.0088 4428 LSI_SCSI - ok
22:21:13.0138 4428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:21:13.0158 4428 luafv - ok
22:21:13.0228 4428 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:21:13.0268 4428 Mcx2Svc - ok
22:21:13.0288 4428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:21:13.0298 4428 megasas - ok
22:21:13.0358 4428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:21:13.0378 4428 MegaSR - ok
22:21:13.0408 4428 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:21:13.0428 4428 MMCSS - ok
22:21:13.0448 4428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:21:13.0458 4428 Modem - ok
22:21:13.0508 4428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:21:13.0508 4428 monitor - ok
22:21:13.0618 4428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:21:13.0618 4428 mouclass - ok
22:21:13.0648 4428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:21:13.0648 4428 mouhid - ok
22:21:13.0728 4428 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:21:13.0728 4428 mountmgr - ok
22:21:13.0808 4428 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
22:21:13.0808 4428 MpFilter - ok
22:21:13.0838 4428 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:21:13.0848 4428 mpio - ok
22:21:13.0868 4428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:21:13.0878 4428 mpsdrv - ok
22:21:13.0938 4428 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:21:13.0958 4428 MRxDAV - ok
22:21:13.0988 4428 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:13.0998 4428 mrxsmb - ok
22:21:14.0058 4428 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:14.0058 4428 mrxsmb10 - ok
22:21:14.0118 4428 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:14.0118 4428 mrxsmb20 - ok
22:21:14.0158 4428 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:21:14.0178 4428 msahci - ok
22:21:14.0298 4428 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
22:21:14.0298 4428 MSCamSvc - ok
22:21:14.0328 4428 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:21:14.0338 4428 msdsm - ok
22:21:14.0398 4428 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:21:14.0438 4428 MSDTC - ok
22:21:14.0498 4428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:21:14.0508 4428 Msfs - ok
22:21:14.0558 4428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:21:14.0568 4428 mshidkmdf - ok
22:21:14.0628 4428 MSHUSBVideo (26668cc2920de2497a8e369b16e48ca3) C:\Windows\system32\Drivers\nx6000.sys
22:21:14.0638 4428 MSHUSBVideo - ok
22:21:14.0678 4428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:21:14.0678 4428 msisadrv - ok
22:21:14.0718 4428 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:21:14.0748 4428 MSiSCSI - ok
22:21:14.0748 4428 msiserver - ok
22:21:14.0798 4428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:21:14.0798 4428 MSKSSRV - ok
22:21:14.0918 4428 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:21:14.0918 4428 MsMpSvc - ok
22:21:14.0938 4428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:14.0948 4428 MSPCLOCK - ok
22:21:14.0988 4428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:21:15.0008 4428 MSPQM - ok
22:21:15.0088 4428 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:21:15.0088 4428 MsRPC - ok
22:21:15.0138 4428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:21:15.0138 4428 mssmbios - ok
22:21:15.0148 4428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:21:15.0158 4428 MSTEE - ok
22:21:15.0168 4428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:21:15.0178 4428 MTConfig - ok
22:21:15.0198 4428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:21:15.0198 4428 Mup - ok
22:21:15.0278 4428 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:21:15.0318 4428 napagent - ok
22:21:15.0398 4428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:21:15.0428 4428 NativeWifiP - ok
22:21:15.0588 4428 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:21:15.0608 4428 NDIS - ok
22:21:15.0628 4428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:21:15.0638 4428 NdisCap - ok
22:21:15.0698 4428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:15.0708 4428 NdisTapi - ok
22:21:15.0738 4428 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:15.0748 4428 Ndisuio - ok
22:21:15.0808 4428 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:15.0828 4428 NdisWan - ok
22:21:15.0898 4428 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:21:15.0908 4428 NDProxy - ok
22:21:15.0958 4428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:21:15.0968 4428 NetBIOS - ok
22:21:16.0028 4428 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:21:16.0048 4428 NetBT - ok
22:21:16.0128 4428 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:16.0128 4428 Netlogon - ok
22:21:16.0208 4428 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:21:16.0208 4428 Netman - ok
22:21:16.0268 4428 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:21:16.0268 4428 netprofm - ok
22:21:16.0398 4428 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
22:21:16.0418 4428 netr28x - ok
22:21:16.0518 4428 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:21:16.0548 4428 NetTcpPortSharing - ok
22:21:16.0608 4428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:21:16.0618 4428 nfrd960 - ok
22:21:16.0698 4428 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:21:16.0718 4428 NisDrv - ok
22:21:16.0898 4428 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:21:16.0938 4428 NisSrv - ok
22:21:17.0078 4428 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:21:17.0088 4428 NlaSvc - ok
22:21:17.0108 4428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:21:17.0128 4428 Npfs - ok
22:21:17.0138 4428 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:21:17.0158 4428 nsi - ok
22:21:17.0168 4428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:21:17.0178 4428 nsiproxy - ok
22:21:17.0333 4428 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:21:17.0348 4428 Ntfs - ok
22:21:17.0463 4428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:21:17.0471 4428 Null - ok
22:21:17.0536 4428 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:21:17.0551 4428 nvraid - ok
22:21:17.0566 4428 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:21:17.0578 4428 nvstor - ok
22:21:17.0631 4428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:21:17.0653 4428 nv_agp - ok
22:21:17.0816 4428 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:21:17.0873 4428 odserv - ok
22:21:17.0906 4428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:21:17.0913 4428 ohci1394 - ok
22:21:17.0978 4428 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:21:18.0023 4428 ose - ok
22:21:18.0058 4428 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:21:18.0078 4428 p2pimsvc - ok
22:21:18.0121 4428 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:21:18.0151 4428 p2psvc - ok
22:21:18.0211 4428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:21:18.0228 4428 Parport - ok
22:21:18.0263 4428 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:21:18.0266 4428 partmgr - ok
22:21:18.0291 4428 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:21:18.0294 4428 PcaSvc - ok
22:21:18.0371 4428 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:21:18.0376 4428 pci - ok
22:21:18.0434 4428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:21:18.0444 4428 pciide - ok
22:21:18.0481 4428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:21:18.0499 4428 pcmcia - ok
22:21:18.0516 4428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:21:18.0516 4428 pcw - ok
22:21:18.0571 4428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:21:18.0576 4428 PEAUTH - ok
22:21:18.0685 4428 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:21:18.0710 4428 PerfHost - ok
22:21:18.0852 4428 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:21:18.0890 4428 pla - ok
22:21:19.0027 4428 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:21:19.0035 4428 PlugPlay - ok
22:21:19.0057 4428 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:21:19.0085 4428 PNRPAutoReg - ok
22:21:19.0137 4428 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:21:19.0142 4428 PNRPsvc - ok
22:21:19.0250 4428 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:21:19.0287 4428 PolicyAgent - ok
22:21:19.0355 4428 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:21:19.0377 4428 Power - ok
22:21:19.0470 4428 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:21:19.0490 4428 PptpMiniport - ok
22:21:19.0510 4428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:21:19.0520 4428 Processor - ok
22:21:19.0620 4428 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:21:19.0660 4428 ProfSvc - ok
22:21:19.0700 4428 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:19.0700 4428 ProtectedStorage - ok
22:21:19.0770 4428 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:21:19.0790 4428 Psched - ok
22:21:19.0880 4428 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
22:21:19.0880 4428 PxHlpa64 - ok
22:21:20.0060 4428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:21:20.0090 4428 ql2300 - ok
22:21:20.0240 4428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:21:20.0250 4428 ql40xx - ok
22:21:20.0290 4428 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:21:20.0330 4428 QWAVE - ok
22:21:20.0360 4428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:21:20.0370 4428 QWAVEdrv - ok
22:21:20.0380 4428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:21:20.0390 4428 RasAcd - ok
22:21:20.0440 4428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:21:20.0450 4428 RasAgileVpn - ok
22:21:20.0490 4428 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:21:20.0500 4428 RasAuto - ok
22:21:20.0540 4428 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:20.0560 4428 Rasl2tp - ok
22:21:20.0610 4428 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:21:20.0640 4428 RasMan - ok
22:21:20.0670 4428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:20.0680 4428 RasPppoe - ok
22:21:20.0690 4428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:21:20.0700 4428 RasSstp - ok
22:21:20.0790 4428 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:21:20.0820 4428 rdbss - ok
22:21:20.0830 4428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:21:20.0840 4428 rdpbus - ok
22:21:20.0890 4428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:20.0890 4428 RDPCDD - ok
22:21:20.0900 4428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:21:20.0910 4428 RDPENCDD - ok
22:21:20.0920 4428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:21:20.0930 4428 RDPREFMP - ok
22:21:21.0000 4428 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:21:21.0020 4428 RDPWD - ok
22:21:21.0130 4428 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:21:21.0130 4428 rdyboost - ok
22:21:21.0200 4428 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:21:21.0230 4428 RemoteAccess - ok
22:21:21.0300 4428 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:21:21.0330 4428 RemoteRegistry - ok
22:21:21.0350 4428 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:21:21.0370 4428 RpcEptMapper - ok
22:21:21.0380 4428 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:21:21.0390 4428 RpcLocator - ok
22:21:21.0470 4428 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:21:21.0470 4428 RpcSs - ok
22:21:21.0540 4428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:21:21.0550 4428 rspndr - ok
22:21:21.0640 4428 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:21:21.0660 4428 RTL8167 - ok
22:21:21.0690 4428 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:21.0700 4428 SamSs - ok
22:21:21.0750 4428 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:21:21.0760 4428 sbp2port - ok
22:21:21.0830 4428 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:21:21.0860 4428 SCardSvr - ok
22:21:21.0900 4428 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:21:21.0900 4428 scfilter - ok
22:21:22.0020 4428 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:21:22.0050 4428 Schedule - ok
22:21:22.0080 4428 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:21:22.0090 4428 SCPolicySvc - ok
22:21:22.0130 4428 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:21:22.0140 4428 SDRSVC - ok
22:21:22.0220 4428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:21:22.0220 4428 secdrv - ok
22:21:22.0250 4428 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:21:22.0280 4428 seclogon - ok
22:21:22.0330 4428 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:21:22.0330 4428 SENS - ok
22:21:22.0350 4428 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:21:22.0380 4428 SensrSvc - ok
22:21:22.0430 4428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:21:22.0440 4428 Serenum - ok
22:21:22.0460 4428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:21:22.0480 4428 Serial - ok
22:21:22.0540 4428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:21:22.0550 4428 sermouse - ok
22:21:22.0590 4428 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:21:22.0630 4428 SessionEnv - ok
22:21:22.0660 4428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:21:22.0670 4428 sffdisk - ok
22:21:22.0680 4428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:21:22.0690 4428 sffp_mmc - ok
22:21:22.0700 4428 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:21:22.0710 4428 sffp_sd - ok
22:21:22.0770 4428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:21:22.0780 4428 sfloppy - ok
22:21:22.0910 4428 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:21:22.0960 4428 SharedAccess - ok
22:21:23.0040 4428 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:21:23.0070 4428 ShellHWDetection - ok
22:21:23.0090 4428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:21:23.0090 4428 SiSRaid2 - ok
22:21:23.0130 4428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:21:23.0140 4428 SiSRaid4 - ok
22:21:23.0240 4428 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:21:23.0240 4428 SkypeUpdate - ok
22:21:23.0300 4428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:21:23.0320 4428 Smb - ok
22:21:23.0390 4428 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:21:23.0410 4428 SNMPTRAP - ok
22:21:23.0430 4428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:21:23.0430 4428 spldr - ok
22:21:23.0520 4428 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:21:23.0560 4428 Spooler - ok
22:21:23.0940 4428 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:21:24.0020 4428 sppsvc - ok
22:21:24.0130 4428 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:21:24.0170 4428 sppuinotify - ok
22:21:24.0250 4428 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:21:24.0250 4428 srv - ok
22:21:24.0320 4428 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:21:24.0330 4428 srv2 - ok
22:21:24.0370 4428 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:21:24.0370 4428 srvnet - ok
22:21:24.0440 4428 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:21:24.0450 4428 SSDPSRV - ok
22:21:24.0470 4428 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:21:24.0500 4428 SstpSvc - ok
22:21:24.0510 4428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:21:24.0520 4428 stexstor - ok
22:21:24.0620 4428 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:21:24.0630 4428 stisvc - ok
22:21:24.0670 4428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:21:24.0690 4428 swenum - ok
22:21:24.0740 4428 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:21:24.0780 4428 swprv - ok
22:21:25.0010 4428 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:21:25.0060 4428 SysMain - ok
22:21:25.0180 4428 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:21:25.0210 4428 TabletInputService - ok
22:21:25.0260 4428 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:21:25.0290 4428 TapiSrv - ok
22:21:25.0310 4428 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:21:25.0330 4428 TBS - ok
22:21:25.0550 4428 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:21:25.0570 4428 Tcpip - ok
22:21:25.0920 4428 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:21:25.0930 4428 TCPIP6 - ok
22:21:26.0000 4428 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:21:26.0000 4428 tcpipreg - ok
22:21:26.0060 4428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:21:26.0070 4428 TDPIPE - ok
22:21:26.0100 4428 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:21:26.0110 4428 TDTCP - ok
22:21:26.0150 4428 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:21:26.0170 4428 tdx - ok
22:21:26.0240 4428 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:21:26.0260 4428 TermDD - ok
22:21:26.0330 4428 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:21:26.0360 4428 TermService - ok
22:21:26.0390 4428 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:21:26.0410 4428 Themes - ok
22:21:26.0430 4428 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:21:26.0430 4428 THREADORDER - ok
22:21:26.0450 4428 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:21:26.0450 4428 TrkWks - ok
22:21:26.0530 4428 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:21:26.0570 4428 TrustedInstaller - ok
22:21:26.0600 4428 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:21:26.0611 4428 tssecsrv - ok
22:21:26.0671 4428 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:21:26.0681 4428 TsUsbFlt - ok
22:21:26.0751 4428 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:21:26.0771 4428 tunnel - ok
22:21:26.0801 4428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:21:26.0811 4428 uagp35 - ok
22:21:26.0881 4428 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:21:26.0901 4428 udfs - ok
22:21:26.0931 4428 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:21:26.0961 4428 UI0Detect - ok
22:21:27.0074 4428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:21:27.0086 4428 uliagpkx - ok
22:21:27.0109 4428 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:21:27.0119 4428 umbus - ok
22:21:27.0137 4428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:21:27.0154 4428 UmPass - ok
22:21:27.0535 4428 UNS (02c298382359653bec4c737c2ab7f9c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:21:27.0560 4428 UNS - ok
22:21:27.0701 4428 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:21:27.0712 4428 upnphost - ok
22:21:27.0885 4428 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:21:27.0906 4428 usbaudio - ok
22:21:27.0953 4428 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:21:27.0954 4428 usbccgp - ok
22:21:28.0001 4428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:21:28.0034 4428 usbcir - ok
22:21:28.0060 4428 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:21:28.0068 4428 usbehci - ok
22:21:28.0184 4428 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:21:28.0204 4428 usbhub - ok
22:21:28.0227 4428 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:21:28.0232 4428 usbohci - ok
22:21:28.0293 4428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:21:28.0310 4428 usbprint - ok
22:21:28.0330 4428 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:21:28.0331 4428 USBSTOR - ok
22:21:28.0352 4428 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:21:28.0357 4428 usbuhci - ok
22:21:28.0420 4428 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:21:28.0429 4428 usbvideo - ok
22:21:28.0444 4428 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:21:28.0459 4428 UxSms - ok
22:21:28.0498 4428 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:21:28.0499 4428 VaultSvc - ok
22:21:28.0544 4428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:21:28.0544 4428 vdrvroot - ok
22:21:28.0607 4428 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:21:28.0625 4428 vds - ok
22:21:28.0677 4428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:21:28.0683 4428 vga - ok
22:21:28.0694 4428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:21:28.0700 4428 VgaSave - ok
22:21:28.0729 4428 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:21:28.0739 4428 vhdmp - ok
22:21:28.0816 4428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:21:28.0821 4428 viaide - ok
22:21:28.0863 4428 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:21:28.0864 4428 volmgr - ok
22:21:28.0923 4428 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:21:28.0926 4428 volmgrx - ok
22:21:28.0984 4428 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:21:28.0985 4428 volsnap - ok
22:21:29.0030 4428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:21:29.0060 4428 vsmraid - ok
22:21:29.0180 4428 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:21:29.0210 4428 VSS - ok
22:21:29.0290 4428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:21:29.0300 4428 vwifibus - ok
22:21:29.0380 4428 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:21:29.0390 4428 vwififlt - ok
22:21:29.0430 4428 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:21:29.0440 4428 vwifimp - ok
22:21:29.0540 4428 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:21:29.0560 4428 W32Time - ok
22:21:29.0590 4428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:21:29.0600 4428 WacomPen - ok
22:21:29.0660 4428 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:29.0670 4428 WANARP - ok
22:21:29.0670 4428 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:29.0670 4428 Wanarpv6 - ok
22:21:29.0800 4428 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:21:30.0020 4428 WatAdminSvc - ok
22:21:30.0150 4428 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:21:30.0190 4428 wbengine - ok
22:21:30.0460 4428 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:21:30.0470 4428 WbioSrvc - ok
22:21:30.0690 4428 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:21:30.0740 4428 wcncsvc - ok
22:21:30.0760 4428 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:21:30.0780 4428 WcsPlugInService - ok
22:21:30.0870 4428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:21:30.0870 4428 Wd - ok
22:21:30.0920 4428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:21:30.0940 4428 Wdf01000 - ok
22:21:30.0980 4428 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:21:30.0980 4428 WdiServiceHost - ok
22:21:30.0980 4428 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:21:30.0980 4428 WdiSystemHost - ok
22:21:31.0040 4428 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:21:31.0060 4428 WebClient - ok
22:21:31.0110 4428 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:21:31.0120 4428 Wecsvc - ok
22:21:31.0170 4428 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:21:31.0180 4428 wercplsupport - ok
22:21:31.0290 4428 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:21:31.0290 4428 WerSvc - ok
22:21:31.0360 4428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:21:31.0380 4428 WfpLwf - ok
22:21:31.0420 4428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:21:31.0430 4428 WIMMount - ok
22:21:31.0430 4428 WinHttpAutoProxySvc - ok
22:21:31.0500 4428 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:21:31.0500 4428 Winmgmt - ok
22:21:31.0700 4428 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:21:31.0740 4428 WinRM - ok
22:21:31.0990 4428 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:21:32.0000 4428 WinUsb - ok
22:21:32.0110 4428 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:21:32.0110 4428 Wlansvc - ok
22:21:32.0490 4428 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:21:32.0530 4428 wlidsvc - ok
22:21:32.0791 4428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:21:32.0791 4428 WmiAcpi - ok
22:21:32.0891 4428 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:21:32.0911 4428 wmiApSrv - ok
22:21:33.0081 4428 WMPNetworkSvc - ok
22:21:33.0191 4428 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:21:33.0201 4428 WPCSvc - ok
22:21:33.0321 4428 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:21:33.0331 4428 WPDBusEnum - ok
22:21:33.0431 4428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:21:33.0431 4428 ws2ifsl - ok
22:21:33.0441 4428 WSearch - ok
22:21:34.0081 4428 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:21:34.0161 4428 wuauserv - ok
22:21:34.0591 4428 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:21:34.0621 4428 WudfPf - ok
22:21:34.0731 4428 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:21:34.0731 4428 WUDFRd - ok
22:21:34.0821 4428 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:21:34.0831 4428 wudfsvc - ok
22:21:34.0911 4428 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:21:34.0931 4428 WwanSvc - ok
22:21:35.0261 4428 ZSMC301b (99217bd11bee7f21e873f6e39b93aafd) C:\Windows\system32\Drivers\usbVM31b.sys
22:21:35.0281 4428 ZSMC301b - ok
22:21:35.0321 4428 MBR (0x1B8) (3e98712cfb03fe844b8e8b788472e578) \Device\Harddisk0\DR0
22:21:36.0727 4428 \Device\Harddisk0\DR0 - ok
22:21:36.0731 4428 MBR (0x1B8) (dc8e2be03b7f560065f4ca8aca0c6714) \Device\Harddisk5\DR5
22:22:37.0809 4428 \Device\Harddisk5\DR5 - ok
22:22:37.0819 4428 Boot (0x1200) (752d0a6e665b96c92e9c269570afc48e) \Device\Harddisk0\DR0\Partition0
22:22:37.0819 4428 \Device\Harddisk0\DR0\Partition0 - ok
22:22:37.0819 4428 Boot (0x1200) (b2b9f247e247931a09b047b8de63744e) \Device\Harddisk0\DR0\Partition1
22:22:37.0829 4428 \Device\Harddisk0\DR0\Partition1 - ok
22:22:37.0849 4428 Boot (0x1200) (f0db248632737b3dba7eb73d41f51a00) \Device\Harddisk0\DR0\Partition2
22:22:37.0859 4428 \Device\Harddisk0\DR0\Partition2 - ok
22:22:37.0859 4428 ============================================================
22:22:37.0859 4428 Scan finished
22:22:37.0859 4428 ============================================================
22:22:37.0859 2508 Detected object count: 0
22:22:37.0859 2508 Actual detected object count: 0

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<

aswMBR Results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-21 22:30:15
-----------------------------
22:30:15.228 OS Version: Windows x64 6.1.7601 Service Pack 1
22:30:15.228 Number of processors: 8 586 0x1E05
22:30:15.228 ComputerName: PAMSPEER-HP UserName: Pam Speer
22:30:16.978 Initialize success
22:30:22.859 AVAST engine download error: 0
22:30:42.118 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:30:42.118 Disk 0 Vendor: Hitachi_ JPGO Size: 610480MB BusType: 8
22:30:42.123 Disk 5 \Device\Harddisk5\DR5 -> \Device\00000075
22:30:42.123 Disk 5 Vendor: Size: 610480MB BusType: 0
22:30:42.143 Disk 0 MBR read successfully
22:30:42.148 Disk 0 MBR scan
22:30:42.148 Disk 0 unknown MBR code
22:30:42.153 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:30:42.163 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 598709 MB offset 206848
22:30:42.203 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11669 MB offset 1226362880
22:30:42.253 Disk 0 scanning C:\Windows\system32\drivers
22:30:48.793 Service scanning
22:31:02.966 Modules scanning
22:31:02.981 Disk 0 trace - called modules:
22:31:03.001 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:31:03.008 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062d2790]
22:31:03.013 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005ff4050]
22:31:03.018 Scan finished successfully
22:31:39.052 Disk 0 MBR has been saved successfully to "F:\BleepTicket20120621\MBR.dat"
22:31:39.072 The log file has been saved successfully to "F:\BleepTicket20120621\aswMBR.txt"


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

ESET Results:

E:\BleepTicket20120621\ESETResults1

E:\BleepTicket20120621\ESETResults2

The above are screenshots I hope you can see them

The scan results files from ESET are:

c:\Users\...\AppData\Local\Temp\Low\Temporary Internet Files\Content.ES\PXFGRIMQ\cy

c:User\...\AppData\Local\Temp\ms0cfg32.exe

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 AM

Posted 22 June 2012 - 10:48 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Post the generated log

Download

MiniToolBox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe

Click on LOOK,post the generated log

#7 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 22 June 2012 - 05:40 PM

Here are the Results you requested:

Malwarebytes Results:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.22.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
OWNER:: OWNER-HP [administrator]

6/22/2012 2:16:03 PM
mbam-log-2012-06-22 (14-16-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 494540
Time elapsed: 1 hour(s), 8 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Minitool Results:

MiniToolBox by Farbar Version: 09-06-2012
Ran by OWNER (administrator) on 22-06-2012 at 15:28:37
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
802.11n Wireless LAN Card = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : OWNER-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : HomeNetBRouter

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 70-F1-A1-B3-FA-53
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 70-F1-A1-B3-FA-52
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : HomeNetBRouter
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 6C-62-6D-50-16-DE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9c3:d:f99a:4c2%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.108(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 22, 2012 2:11:59 PM
Lease Expires . . . . . . . . . . : Saturday, June 23, 2012 2:11:59 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 258761325
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-DF-E3-DB-6C-62-6D-50-16-DE
DNS Servers . . . . . . . . . . . : 68.105.28.11
68.105.29.11
68.105.28.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{61B9B184-8F77-4C41-B706-C320C7D00DB2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain.actdsltmp:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{62917A20-D874-4C37-92CE-BAC029C40389}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns1.cox.net
Address: 68.105.28.11

Name: google.com.HomeNetBRouter
Address: 72.215.225.9


Pinging google.com [74.125.224.168] with 32 bytes of data:
Reply from 74.125.224.168: bytes=32 time=23ms TTL=57
Reply from 74.125.224.168: bytes=32 time=23ms TTL=57

Ping statistics for 74.125.224.168:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 23ms, Average = 23ms
Server: cdns1.cox.net
Address: 68.105.28.11

Name: yahoo.com.HomeNetBRouter
Address: 72.215.225.9


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=39ms TTL=56
Reply from 72.30.38.140: bytes=32 time=40ms TTL=56

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 39ms, Maximum = 40ms, Average = 39ms
Server: cdns1.cox.net
Address: 68.105.28.11

Name: bleepingcomputer.com.HomeNetBRouter
Address: 72.215.225.9


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...70 f1 a1 b3 fa 53 ......Microsoft Virtual WiFi Miniport Adapter
12...70 f1 a1 b3 fa 52 ......802.11n Wireless LAN Card
11...6c 62 6d 50 16 de ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.108 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.108 276
192.168.1.108 255.255.255.255 On-link 192.168.1.108 276
192.168.1.255 255.255.255.255 On-link 192.168.1.108 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.108 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.108 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::9c3:d:f99a:4c2/128 On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/22/2012 03:54:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/22/2012 03:53:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/22/2012 03:53:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/22/2012 00:34:11 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/22/2012 00:34:11 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/22/2012 00:34:10 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/22/2012 00:34:10 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/22/2012 00:34:10 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/22/2012 00:34:10 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/22/2012 00:34:10 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (06/22/2012 02:14:16 PM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
%%2

Error: (06/22/2012 02:12:08 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/22/2012 02:12:06 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (06/22/2012 02:12:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/22/2012 03:27:03 AM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
%%2

Error: (06/22/2012 03:24:58 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/22/2012 03:24:58 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (06/22/2012 03:24:56 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/21/2012 10:18:16 PM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
%%2

Error: (06/21/2012 10:17:09 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 3.2.0.2070)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Photoshop Elements 9 (Version: 9.0.3.0)
Adobe Photoshop Lightroom 2.7 64-bit (Version: 2.7)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Stock Photos 1.0 (Version: 001.000.000)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.782.0)
ATI Catalyst Registration (Version: 3.00.0000)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Blackhawk Striker 2 (Version: 2.2.0.82)
Blasterball 3 (Version: 2.2.0.82)
Bonjour (Version: 3.0.0.10)
Build-a-lot 2 (Version: 2.2.0.82)
Cake Mania (Version: 2.2.0.82)
Carbonite Online Backup Setup (Version: 3.8.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0706.2128.36662)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0706.2128.36662)
Catalyst Control Center InstallProxy (Version: 2010.0310.1824.32984)
Catalyst Control Center InstallProxy (Version: 2010.0706.2128.36662)
ccc-core-static (Version: 2010.0706.2128.36662)
ccc-utility64 (Version: 2010.0706.2128.36662)
CCC Help English (Version: 2010.0706.2127.36662)
CCleaner (Version: 3.05)
Chuzzle Deluxe (Version: 2.2.0.82)
CyberLink DVD Suite Deluxe (Version: 7.0.2712)
D3DX10 (Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)
Dora's Carnival Adventure (Version: 2.2.0.82)
Dropbox (Version: 1.1.35)
Elements 9 Organizer (Version: 9.0)
Elements STI Installer (Version: 1.0)
Escape Rosecliff Island (Version: 2.2.0.82)
ESET Online Scanner v3
Faerie Solitaire (Version: 2.2.0.82)
FATE (Version: 2.2.0.82)
Google Chrome (Version: 19.0.1084.56)
Google Earth (Version: 6.1.0.5001)
Google Gmail Notifier
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
Hardware Diagnostic Tools (Version: 6.0.5418.39)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Customer Experience Enhancements (Version: 6.0.1.4)
HP Games (Version: 1.0.0.80)
HP Odometer (Version: 2.10.0000)
HP Product Detection (Version: 11.14.0001)
HP Setup (Version: 1.2.4048.3310)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.002.003.003)
HP Wireless Deluxe Desktop Combo (Version: 1.0.0.1)
HydraVision (Version: 4.2.162.0)
iCloud (Version: 1.1.0.40)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.5.7.1002)
iTunes (Version: 10.6.1.7)
Jacquie Lawson Village Advent Calendar (Version: 2.0.0)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Jewel Quest 3 (Version: 2.2.0.82)
Jewel Quest Solitaire 2 (Version: 2.2.0.82)
Junk Mail filter update (Version: 15.4.3502.0922)
Kernel for Windows Data Recovery ver 11.01.01
KODAK Picture CD Volume 3 Issue 1
LabelPrint (Version: 2.5.2610)
LightScribe System Software (Version: 1.18.11.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Ultimate 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The New York Fortune (Version: 2.2.0.82)
Penguins! (Version: 2.2.0.82)
Photo Story 3 for Windows (Version: 3.0.1115.11)
Plants vs. Zombies (Version: 2.2.0.82)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.82)
Polar Bowler (Version: 2.2.0.82)
Polar Golfer (Version: 2.2.0.82)
QuickTime (Version: 7.72.80.56)
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Recovery Manager (Version: 5.5.2719)
Safari (Version: 5.34.57.2)
Seagate Manager Installer (Version: 2.01.0600)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.158)
Spybot - Search & Destroy (Version: 1.6.2)
TextTwist 2 (Version: 2.2.0.82)
The Lord of the Rings FREE Trial (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Families (Version: 2.2.0.82)
Virtual Villagers - The Secret City (Version: 2.2.0.82)
WebIQ Technology Engine (Version: 1.5.7100)
Wheel of Fortune 2 (Version: 2.2.0.82)
WildTangent Games App (HP Games) (Version: 4.0.5.12)
Winamp (Version: 5.61 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zuma's Revenge (Version: 2.2.0.82)

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 6103.08 MB
Available physical RAM: 4052.4 MB
Total Pagefile: 12204.35 MB
Available Pagefile: 10147.27 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.49 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:584.68 GB) (Free:428.07 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.4 GB) (Free:1.39 GB) NTFS
4 Drive f: (CentonBlue4GB) (Removable) (Total:3.77 GB) (Free:3.24 GB) NTFS

========================= Users: ========================================

User accounts for \\PAMOWNER-HP

Administrator Guest Pam OWNER


**** End of log ****


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

SystemLook Results:

SystemLook 30.07.11 by jpshortstuff
Log created at 15:32 on 22/06/2012 by Pam OWNER
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Edited by jfparla, 23 June 2012 - 05:14 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 AM

Posted 22 June 2012 - 06:03 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#9 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 22 June 2012 - 07:50 PM

FSS Results:

Farbar Service Scanner Version: 22-06-2012 01
Ran by Pam OWNER (administrator) on 22-06-2012 at 17:46:18
Running from "F:\BleepTicket20120621\Tools"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by jfparla, 23 June 2012 - 05:28 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 AM

Posted 22 June 2012 - 08:46 PM

Create a restore point before trying this

Download

MpsSvc
wscsvc
defender
BFE

Launch them ,click YES when you get UAC prompt

restart the PC

Press Windows+R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Similarly go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

Do the same thing -provide full control to everyone

Press Windows+R key and type

services.msc and click ok

start base filtering engine service,windows firewall service ,security center service

Post the new FSS log

Good luck

Edited by narenxp, 22 June 2012 - 08:47 PM.


#11 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 22 June 2012 - 09:36 PM

FSS #2 Results:

Farbar Service Scanner Version: 22-06-2012 01
Ran by Pam OWNER (administrator) on 22-06-2012 at 19:31:24
Running from "F:\BleepTicket20120621\Tools"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by jfparla, 23 June 2012 - 05:19 PM.


#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 AM

Posted 23 June 2012 - 12:47 AM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 jfparla

jfparla
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 23 June 2012 - 05:27 PM

narenxp...

Thanks for your help.

Your directions were concise, and your responses timely.

A few questions:

Do you think the damage was caused by a single incident?

I want to edit Post#5 (change owner name)...I do not get an edit option as I do with the other posts...any ideas?

I love the services you and Bleeping Computer offer...how can I provide a small donation for support?

Thanks again...YOU ROCK!!!

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:31 AM

Posted 23 June 2012 - 08:47 PM

Do you think the damage was caused by a single incident?

Probably yes

You should read this

http://www.bleepingcomputer.com/forums/topic287710.html

I want to edit Post#5 (change owner name)...I do not get an edit option as I do with the other posts...any ideas?

why do you want to edit it? You can just ignore it.You may need to ask the moderators if your edit option is disabled

I love the services you and Bleeping Computer offer...how can I provide a small donation for support?

As a site bleeping computer doesnot accept donations

safe surfing :thumbup2:

Edited by narenxp, 23 June 2012 - 08:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users