Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Citadel Malware Delivers Reveton Ransomware in Attempts to Extort Money


  • Please log in to reply
16 replies to this topic

#1 Adirondack

Adirondack

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 23 June 2012 - 11:31 AM

I was recently infected by the FBI Citadel Ransomware (link below) . I used a combination of (1) FixNCR.reg; (2)MalwareBytes in SafeMode;(3) a system restore to take back control of my PC.

I also updated Malwarebytes and MS Security Essentials and ran full scans. Malwarebytes did remove a ransomware item. Based on the characteristics of Citadel, I am concerned about the possibiity of ongoing data collection on my computer. I request support to walk me through the process of ensuring I am running fully clean & safe

Link:
Citade_Ransomeware_Description

Thanks,

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:40 AM

Posted 23 June 2012 - 12:29 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Adirondack

Adirondack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 23 June 2012 - 04:05 PM

13:09:45.0233 4408 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
13:09:45.0264 4408 ============================================================
13:09:45.0264 4408 Current date / time: 2012/06/23 13:09:45.0264
13:09:45.0264 4408 SystemInfo:
13:09:45.0264 4408
13:09:45.0264 4408 OS Version: 6.0.6002 ServicePack: 2.0
13:09:45.0264 4408 Product type: Workstation
13:09:45.0264 4408 ComputerName: OFFICE-PC
13:09:45.0264 4408 UserName: Shambos
13:09:45.0264 4408 Windows directory: C:\Windows
13:09:45.0264 4408 System windows directory: C:\Windows
13:09:45.0264 4408 Running under WOW64
13:09:45.0264 4408 Processor architecture: Intel x64
13:09:45.0264 4408 Number of processors: 8
13:09:45.0264 4408 Page size: 0x1000
13:09:45.0264 4408 Boot type: Normal boot
13:09:45.0264 4408 ============================================================
13:09:45.0623 4408 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:09:45.0638 4408 Drive \Device\Harddisk5\DR5 - Size: 0xF3D00000 (3.81 Gb), SectorSize: 0x200, Cylinders: 0x1F1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:09:45.0654 4408 ============================================================
13:09:45.0654 4408 \Device\Harddisk0\DR0:
13:09:45.0654 4408 MBR partitions:
13:09:45.0654 4408 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x72A302A8
13:09:45.0654 4408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x72A302E7, BlocksNum 0x1CD56DA
13:09:45.0654 4408 \Device\Harddisk5\DR5:
13:09:45.0654 4408 MBR partitions:
13:09:45.0654 4408 \Device\Harddisk5\DR5\Partition0: MBR, Type 0xB, StartLBA 0x380, BlocksNum 0x79E480
13:09:45.0654 4408 ============================================================
13:09:45.0685 4408 C: <-> \Device\Harddisk0\DR0\Partition0
13:09:45.0732 4408 D: <-> \Device\Harddisk0\DR0\Partition1
13:09:45.0732 4408 ============================================================
13:09:45.0732 4408 Initialize success
13:09:45.0732 4408 ============================================================
13:10:07.0853 3452 ============================================================
13:10:07.0853 3452 Scan started
13:10:07.0853 3452 Mode: Manual;
13:10:07.0853 3452 ============================================================
13:10:08.0274 3452 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:10:08.0289 3452 ACPI - ok
13:10:08.0352 3452 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:10:08.0352 3452 AdobeFlashPlayerUpdateSvc - ok
13:10:08.0399 3452 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:10:08.0399 3452 adp94xx - ok
13:10:08.0414 3452 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:10:08.0430 3452 adpahci - ok
13:10:08.0445 3452 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:10:08.0445 3452 adpu160m - ok
13:10:08.0461 3452 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:10:08.0461 3452 adpu320 - ok
13:10:08.0492 3452 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
13:10:08.0492 3452 AeLookupSvc - ok
13:10:08.0570 3452 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
13:10:08.0570 3452 AFD - ok
13:10:08.0586 3452 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:10:08.0586 3452 agp440 - ok
13:10:08.0617 3452 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:10:08.0617 3452 aic78xx - ok
13:10:08.0633 3452 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
13:10:08.0633 3452 ALG - ok
13:10:08.0648 3452 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:10:08.0648 3452 aliide - ok
13:10:08.0695 3452 AMD External Events Utility (0de7bf2a2e64a841f9abf9558870d9c4) C:\Windows\system32\atiesrxx.exe
13:10:08.0695 3452 AMD External Events Utility - ok
13:10:08.0711 3452 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:10:08.0711 3452 amdide - ok
13:10:08.0742 3452 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:10:08.0742 3452 AmdK8 - ok
13:10:08.0960 3452 amdkmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atipmdag.sys
13:10:09.0038 3452 amdkmdag - ok
13:10:09.0335 3452 amdkmdap (91e1daf0193bd2ab90b1b35c987237fe) C:\Windows\system32\DRIVERS\atikmpag.sys
13:10:09.0350 3452 amdkmdap - ok
13:10:09.0381 3452 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
13:10:09.0381 3452 Appinfo - ok
13:10:09.0475 3452 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:10:09.0475 3452 Apple Mobile Device - ok
13:10:09.0506 3452 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:10:09.0506 3452 arc - ok
13:10:09.0537 3452 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:10:09.0537 3452 arcsas - ok
13:10:09.0647 3452 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:10:09.0647 3452 aspnet_state - ok
13:10:09.0678 3452 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:10:09.0678 3452 AsyncMac - ok
13:10:09.0709 3452 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
13:10:09.0709 3452 atapi - ok
13:10:09.0927 3452 atikmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atikmdag.sys
13:10:10.0037 3452 atikmdag - ok
13:10:10.0239 3452 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:10:10.0239 3452 AudioEndpointBuilder - ok
13:10:10.0239 3452 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:10:10.0239 3452 AudioSrv - ok
13:10:10.0286 3452 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
13:10:10.0286 3452 BcmSqlStartupSvc - ok
13:10:10.0411 3452 Beep - ok
13:10:10.0505 3452 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
13:10:10.0520 3452 BITS - ok
13:10:10.0536 3452 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:10:10.0536 3452 blbdrive - ok
13:10:10.0614 3452 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:10:10.0614 3452 Bonjour Service - ok
13:10:10.0645 3452 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:10:10.0661 3452 bowser - ok
13:10:10.0692 3452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:10:10.0692 3452 BrFiltLo - ok
13:10:10.0692 3452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:10:10.0707 3452 BrFiltUp - ok
13:10:10.0723 3452 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
13:10:10.0723 3452 Browser - ok
13:10:10.0739 3452 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:10:10.0739 3452 Brserid - ok
13:10:10.0754 3452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:10:10.0754 3452 BrSerWdm - ok
13:10:10.0785 3452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:10:10.0785 3452 BrUsbMdm - ok
13:10:10.0801 3452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:10:10.0801 3452 BrUsbSer - ok
13:10:10.0832 3452 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
13:10:10.0832 3452 BTCFilterService - ok
13:10:10.0848 3452 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:10:10.0848 3452 BTHMODEM - ok
13:10:10.0895 3452 catchme - ok
13:10:10.0895 3452 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:10:10.0910 3452 cdfs - ok
13:10:10.0941 3452 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:10:10.0941 3452 cdrom - ok
13:10:10.0988 3452 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:10:10.0988 3452 CertPropSvc - ok
13:10:11.0019 3452 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
13:10:11.0019 3452 circlass - ok
13:10:11.0066 3452 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:10:11.0082 3452 CLFS - ok
13:10:11.0144 3452 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:10:11.0144 3452 clr_optimization_v2.0.50727_32 - ok
13:10:11.0160 3452 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:10:11.0160 3452 clr_optimization_v2.0.50727_64 - ok
13:10:11.0253 3452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:10:11.0253 3452 clr_optimization_v4.0.30319_32 - ok
13:10:11.0285 3452 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:10:11.0285 3452 clr_optimization_v4.0.30319_64 - ok
13:10:11.0300 3452 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:10:11.0300 3452 cmdide - ok
13:10:11.0300 3452 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
13:10:11.0300 3452 Compbatt - ok
13:10:11.0316 3452 COMSysApp - ok
13:10:11.0316 3452 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:10:11.0316 3452 crcdisk - ok
13:10:11.0394 3452 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
13:10:11.0394 3452 CryptSvc - ok
13:10:11.0456 3452 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
13:10:11.0456 3452 DcomLaunch - ok
13:10:11.0565 3452 DeviceMonitorService (74c1305f6f784a725b0a40d693ff4a09) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
13:10:11.0565 3452 DeviceMonitorService - ok
13:10:11.0597 3452 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:10:11.0597 3452 DfsC - ok
13:10:11.0706 3452 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
13:10:11.0768 3452 DFSR - ok
13:10:11.0862 3452 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
13:10:11.0862 3452 Dhcp - ok
13:10:11.0909 3452 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:10:11.0909 3452 disk - ok
13:10:11.0955 3452 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
13:10:11.0955 3452 Dnscache - ok
13:10:11.0987 3452 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
13:10:12.0002 3452 dot3svc - ok
13:10:12.0033 3452 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
13:10:12.0033 3452 Dot4 - ok
13:10:12.0065 3452 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:10:12.0065 3452 Dot4Print - ok
13:10:12.0080 3452 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
13:10:12.0080 3452 dot4usb - ok
13:10:12.0127 3452 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
13:10:12.0127 3452 DPS - ok
13:10:12.0174 3452 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:10:12.0174 3452 drmkaud - ok
13:10:12.0236 3452 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:10:12.0267 3452 DXGKrnl - ok
13:10:12.0299 3452 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:10:12.0299 3452 E1G60 - ok
13:10:12.0345 3452 e1yexpress (fa9004f600f7e2d7c45509932c7c7f94) C:\Windows\system32\DRIVERS\e1y60x64.sys
13:10:12.0345 3452 e1yexpress - ok
13:10:12.0361 3452 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
13:10:12.0361 3452 EapHost - ok
13:10:12.0377 3452 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:10:12.0377 3452 Ecache - ok
13:10:12.0611 3452 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
13:10:12.0611 3452 ehRecvr - ok
13:10:12.0642 3452 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
13:10:12.0642 3452 ehSched - ok
13:10:12.0642 3452 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
13:10:12.0642 3452 ehstart - ok
13:10:12.0673 3452 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:10:12.0689 3452 elxstor - ok
13:10:12.0704 3452 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
13:10:12.0720 3452 EMDMgmt - ok
13:10:12.0735 3452 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:10:12.0735 3452 ErrDev - ok
13:10:12.0798 3452 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
13:10:12.0798 3452 EventSystem - ok
13:10:12.0860 3452 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:10:12.0860 3452 exfat - ok
13:10:12.0860 3452 ezSharedSvc - ok
13:10:12.0907 3452 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:10:12.0907 3452 fastfat - ok
13:10:12.0923 3452 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:10:12.0923 3452 fdc - ok
13:10:12.0938 3452 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
13:10:12.0938 3452 fdPHost - ok
13:10:12.0938 3452 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
13:10:12.0938 3452 FDResPub - ok
13:10:12.0954 3452 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:10:12.0954 3452 FileInfo - ok
13:10:12.0954 3452 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:10:12.0954 3452 Filetrace - ok
13:10:12.0969 3452 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:10:12.0969 3452 flpydisk - ok
13:10:12.0985 3452 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:10:13.0001 3452 FltMgr - ok
13:10:13.0172 3452 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
13:10:13.0188 3452 FontCache - ok
13:10:13.0219 3452 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:10:13.0219 3452 FontCache3.0.0.0 - ok
13:10:13.0266 3452 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
13:10:13.0266 3452 Fs_Rec - ok
13:10:13.0297 3452 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:10:13.0297 3452 gagp30kx - ok
13:10:13.0406 3452 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:10:13.0406 3452 GamesAppService - ok
13:10:13.0437 3452 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:10:13.0437 3452 GEARAspiWDM - ok
13:10:13.0500 3452 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
13:10:13.0515 3452 gpsvc - ok
13:10:13.0593 3452 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:10:13.0593 3452 gupdate - ok
13:10:13.0609 3452 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:10:13.0609 3452 gupdatem - ok
13:10:13.0656 3452 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
13:10:13.0656 3452 HdAudAddService - ok
13:10:13.0687 3452 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:10:13.0703 3452 HDAudBus - ok
13:10:13.0734 3452 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:10:13.0734 3452 HidBth - ok
13:10:13.0765 3452 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
13:10:13.0765 3452 HidIr - ok
13:10:13.0781 3452 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
13:10:13.0781 3452 hidserv - ok
13:10:13.0781 3452 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:10:13.0781 3452 HidUsb - ok
13:10:13.0812 3452 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
13:10:13.0812 3452 hkmsvc - ok
13:10:13.0859 3452 HP Health Check Service (aa9ef0b395097f24d289f64445b2fd2e) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
13:10:13.0874 3452 HP Health Check Service - ok
13:10:13.0905 3452 HPBtnSrv (deab3bf5aefbdc3f9ac0e020926ec81d) C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
13:10:13.0905 3452 HPBtnSrv - ok
13:10:13.0937 3452 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:10:13.0937 3452 HpCISSs - ok
13:10:14.0015 3452 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:10:14.0015 3452 hpqcxs08 - ok
13:10:14.0077 3452 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:10:14.0077 3452 hpqddsvc - ok
13:10:14.0124 3452 HPSLPSVC (298a6890a7ac415dabb35047d168f13b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:10:14.0124 3452 HPSLPSVC - ok
13:10:14.0592 3452 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:10:14.0717 3452 HTTP - ok
13:10:14.0748 3452 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:10:14.0763 3452 i2omp - ok
13:10:14.0779 3452 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:10:14.0779 3452 i8042prt - ok
13:10:14.0841 3452 IAANTMON (f79525634b192f5a18de503568f94ef3) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:10:14.0857 3452 IAANTMON - ok
13:10:14.0888 3452 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
13:10:14.0888 3452 iaStor - ok
13:10:14.0919 3452 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:10:14.0919 3452 iaStorV - ok
13:10:14.0997 3452 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:10:15.0013 3452 idsvc - ok
13:10:15.0029 3452 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:10:15.0029 3452 iirsp - ok
13:10:15.0075 3452 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
13:10:15.0091 3452 IKEEXT - ok
13:10:15.0185 3452 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
13:10:15.0200 3452 IntcAzAudAddService - ok
13:10:15.0278 3452 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:10:15.0278 3452 intelide - ok
13:10:15.0278 3452 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:10:15.0278 3452 intelppm - ok
13:10:15.0387 3452 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
13:10:15.0387 3452 IntuitUpdateService - ok
13:10:15.0465 3452 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:10:15.0465 3452 IntuitUpdateServiceV4 - ok
13:10:15.0481 3452 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
13:10:15.0481 3452 IPBusEnum - ok
13:10:15.0512 3452 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:10:15.0512 3452 IpFilterDriver - ok
13:10:15.0512 3452 IpInIp - ok
13:10:15.0543 3452 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:10:15.0543 3452 IPMIDRV - ok
13:10:15.0559 3452 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:10:15.0559 3452 IPNAT - ok
13:10:15.0637 3452 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe
13:10:15.0637 3452 iPod Service - ok
13:10:15.0653 3452 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:10:15.0653 3452 IRENUM - ok
13:10:15.0699 3452 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:10:15.0699 3452 isapnp - ok
13:10:15.0746 3452 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:10:15.0746 3452 iScsiPrt - ok
13:10:15.0762 3452 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:10:15.0762 3452 iteatapi - ok
13:10:15.0793 3452 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:10:15.0793 3452 iteraid - ok
13:10:15.0840 3452 JRAID (79a55e8907f34ab569029505418c35ef) C:\Windows\system32\drivers\jraid.sys
13:10:15.0840 3452 JRAID - ok
13:10:15.0855 3452 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:10:15.0855 3452 kbdclass - ok
13:10:15.0887 3452 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
13:10:15.0887 3452 kbdhid - ok
13:10:15.0902 3452 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:10:15.0902 3452 KeyIso - ok
13:10:15.0933 3452 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
13:10:15.0933 3452 KSecDD - ok
13:10:15.0965 3452 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:10:15.0965 3452 ksthunk - ok
13:10:15.0996 3452 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
13:10:16.0011 3452 KtmRm - ok
13:10:16.0043 3452 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
13:10:16.0043 3452 LanmanServer - ok
13:10:16.0074 3452 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
13:10:16.0074 3452 LanmanWorkstation - ok
13:10:16.0105 3452 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:10:16.0121 3452 LightScribeService - ok
13:10:16.0121 3452 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:10:16.0121 3452 lltdio - ok
13:10:16.0152 3452 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
13:10:16.0152 3452 lltdsvc - ok
13:10:16.0167 3452 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
13:10:16.0167 3452 lmhosts - ok
13:10:16.0183 3452 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:10:16.0183 3452 LSI_FC - ok
13:10:16.0199 3452 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:10:16.0214 3452 LSI_SAS - ok
13:10:16.0230 3452 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:10:16.0230 3452 LSI_SCSI - ok
13:10:16.0245 3452 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:10:16.0261 3452 luafv - ok
13:10:16.0292 3452 Maxtor Sync Service (440240468734c8dd2d26ad3dee7b0278) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
13:10:16.0292 3452 Maxtor Sync Service - ok
13:10:16.0339 3452 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:10:16.0339 3452 MBAMProtector - ok
13:10:16.0386 3452 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:10:16.0401 3452 MBAMService - ok
13:10:16.0401 3452 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
13:10:16.0401 3452 Mcx2Svc - ok
13:10:16.0433 3452 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:10:16.0433 3452 megasas - ok
13:10:16.0479 3452 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:10:16.0479 3452 MegaSR - ok
13:10:16.0495 3452 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:10:16.0511 3452 MMCSS - ok
13:10:16.0526 3452 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:10:16.0526 3452 Modem - ok
13:10:16.0542 3452 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:10:16.0542 3452 monitor - ok
13:10:16.0589 3452 motccgp (c94a2ea3fdfa5d650884926b710b7db1) C:\Windows\system32\DRIVERS\motccgp.sys
13:10:16.0589 3452 motccgp - ok
13:10:16.0604 3452 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
13:10:16.0604 3452 motccgpfl - ok
13:10:16.0635 3452 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys
13:10:16.0635 3452 motmodem - ok
13:10:16.0682 3452 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
13:10:16.0682 3452 MotoHelper - ok
13:10:16.0729 3452 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
13:10:16.0729 3452 MotoSwitchService - ok
13:10:16.0760 3452 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
13:10:16.0760 3452 Motousbnet - ok
13:10:16.0791 3452 motusbdevice (d075b1d964a314d240f5498773ee89df) C:\Windows\system32\DRIVERS\motusbdevice.sys
13:10:16.0791 3452 motusbdevice - ok
13:10:16.0823 3452 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:10:16.0823 3452 mouclass - ok
13:10:16.0854 3452 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:10:16.0854 3452 mouhid - ok
13:10:16.0854 3452 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:10:16.0854 3452 MountMgr - ok
13:10:16.0885 3452 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
13:10:16.0885 3452 MpFilter - ok
13:10:16.0901 3452 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:10:16.0901 3452 mpio - ok
13:10:16.0932 3452 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:10:16.0932 3452 mpsdrv - ok
13:10:16.0947 3452 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:10:16.0947 3452 Mraid35x - ok
13:10:16.0979 3452 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:10:16.0979 3452 MRxDAV - ok
13:10:17.0010 3452 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:10:17.0010 3452 mrxsmb - ok
13:10:17.0025 3452 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:10:17.0041 3452 mrxsmb10 - ok
13:10:17.0041 3452 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:10:17.0041 3452 mrxsmb20 - ok
13:10:17.0057 3452 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:10:17.0072 3452 msahci - ok
13:10:17.0150 3452 MSCamSvc (023e10227d83b47d3b72c9ffcd323704) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
13:10:17.0150 3452 MSCamSvc - ok
13:10:17.0166 3452 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:10:17.0166 3452 msdsm - ok
13:10:17.0197 3452 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
13:10:17.0197 3452 MSDTC - ok
13:10:17.0259 3452 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:10:17.0259 3452 Msfs - ok
13:10:17.0275 3452 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:10:17.0275 3452 msisadrv - ok
13:10:17.0306 3452 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
13:10:17.0306 3452 MSiSCSI - ok
13:10:17.0306 3452 msiserver - ok
13:10:17.0322 3452 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:10:17.0322 3452 MSKSSRV - ok
13:10:17.0353 3452 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:10:17.0353 3452 MsMpSvc - ok
13:10:17.0369 3452 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:10:17.0369 3452 MSPCLOCK - ok
13:10:17.0384 3452 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:10:17.0384 3452 MSPQM - ok
13:10:17.0431 3452 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:10:17.0431 3452 MsRPC - ok
13:10:17.0431 3452 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:10:17.0431 3452 mssmbios - ok
13:10:17.0493 3452 MSSQL$MSSMLBIZ - ok
13:10:17.0540 3452 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:10:17.0540 3452 MSSQLServerADHelper - ok
13:10:17.0556 3452 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:10:17.0556 3452 MSTEE - ok
13:10:17.0571 3452 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:10:17.0571 3452 Mup - ok
13:10:17.0618 3452 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
13:10:17.0634 3452 napagent - ok
13:10:17.0696 3452 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:10:17.0696 3452 NativeWifiP - ok
13:10:17.0743 3452 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:10:17.0743 3452 NDIS - ok
13:10:17.0774 3452 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:10:17.0774 3452 NdisTapi - ok
13:10:17.0790 3452 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:10:17.0790 3452 Ndisuio - ok
13:10:17.0805 3452 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:10:17.0805 3452 NdisWan - ok
13:10:17.0821 3452 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:10:17.0821 3452 NDProxy - ok
13:10:17.0868 3452 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
13:10:17.0868 3452 Net Driver HPZ12 - ok
13:10:17.0883 3452 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:10:17.0883 3452 NetBIOS - ok
13:10:17.0899 3452 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:10:17.0899 3452 netbt - ok
13:10:17.0915 3452 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:10:17.0930 3452 Netlogon - ok
13:10:17.0946 3452 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
13:10:17.0961 3452 Netman - ok
13:10:18.0086 3452 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:10:18.0086 3452 NetMsmqActivator - ok
13:10:18.0102 3452 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:10:18.0102 3452 NetPipeActivator - ok
13:10:18.0133 3452 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
13:10:18.0133 3452 netprofm - ok
13:10:18.0195 3452 netr28x (653a267797a4de4a69014ed61945067a) C:\Windows\system32\DRIVERS\netr28x.sys
13:10:18.0211 3452 netr28x - ok
13:10:18.0211 3452 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:10:18.0211 3452 NetTcpActivator - ok
13:10:18.0211 3452 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:10:18.0211 3452 NetTcpPortSharing - ok
13:10:18.0242 3452 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:10:18.0242 3452 nfrd960 - ok
13:10:18.0273 3452 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:10:18.0273 3452 NisDrv - ok
13:10:18.0336 3452 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:10:18.0336 3452 NisSrv - ok
13:10:18.0367 3452 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
13:10:18.0367 3452 NlaSvc - ok
13:10:18.0398 3452 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:10:18.0398 3452 Npfs - ok
13:10:18.0414 3452 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
13:10:18.0414 3452 nsi - ok
13:10:18.0414 3452 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:10:18.0414 3452 nsiproxy - ok
13:10:18.0507 3452 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:10:18.0539 3452 Ntfs - ok
13:10:18.0617 3452 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:10:18.0617 3452 Null - ok
13:10:18.0632 3452 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:10:18.0632 3452 nvraid - ok
13:10:18.0648 3452 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:10:18.0648 3452 nvstor - ok
13:10:18.0663 3452 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:10:18.0679 3452 nv_agp - ok
13:10:18.0679 3452 NwlnkFlt - ok
13:10:18.0679 3452 NwlnkFwd - ok
13:10:18.0726 3452 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:10:18.0741 3452 odserv - ok
13:10:18.0773 3452 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
13:10:18.0773 3452 ohci1394 - ok
13:10:18.0804 3452 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:10:18.0804 3452 ose - ok
13:10:18.0851 3452 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:10:18.0866 3452 p2pimsvc - ok
13:10:18.0866 3452 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:10:18.0866 3452 p2psvc - ok
13:10:18.0913 3452 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:10:18.0913 3452 Parport - ok
13:10:18.0944 3452 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
13:10:18.0960 3452 partmgr - ok
13:10:18.0960 3452 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
13:10:18.0960 3452 PcaSvc - ok
13:10:19.0053 3452 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
13:10:19.0131 3452 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
13:10:19.0147 3452 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:10:19.0147 3452 pci - ok
13:10:19.0163 3452 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
13:10:19.0163 3452 pciide - ok
13:10:19.0178 3452 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:10:19.0178 3452 pcmcia - ok
13:10:19.0225 3452 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:10:19.0241 3452 PEAUTH - ok
13:10:19.0287 3452 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
13:10:19.0287 3452 PerfHost - ok
13:10:19.0287 3452 pfc - ok
13:10:19.0334 3452 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
13:10:19.0350 3452 pla - ok
13:10:19.0412 3452 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
13:10:19.0412 3452 PlugPlay - ok
13:10:19.0459 3452 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
13:10:19.0459 3452 Pml Driver HPZ12 - ok
13:10:19.0490 3452 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:10:19.0490 3452 PNRPAutoReg - ok
13:10:19.0490 3452 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:10:19.0506 3452 PNRPsvc - ok
13:10:19.0553 3452 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
13:10:19.0553 3452 PolicyAgent - ok
13:10:19.0584 3452 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:10:19.0584 3452 PptpMiniport - ok
13:10:19.0615 3452 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
13:10:19.0615 3452 Processor - ok
13:10:19.0646 3452 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
13:10:19.0646 3452 ProfSvc - ok
13:10:19.0677 3452 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:10:19.0677 3452 ProtectedStorage - ok
13:10:19.0724 3452 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:10:19.0724 3452 PSched - ok
13:10:19.0787 3452 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:10:19.0802 3452 ql2300 - ok
13:10:19.0818 3452 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:10:19.0818 3452 ql40xx - ok
13:10:19.0849 3452 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
13:10:19.0849 3452 QWAVE - ok
13:10:19.0865 3452 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:10:19.0865 3452 QWAVEdrv - ok
13:10:19.0865 3452 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:10:19.0865 3452 RasAcd - ok
13:10:19.0911 3452 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
13:10:19.0911 3452 RasAuto - ok
13:10:19.0927 3452 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:10:19.0927 3452 Rasl2tp - ok
13:10:19.0943 3452 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
13:10:19.0943 3452 RasMan - ok
13:10:19.0989 3452 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:10:19.0989 3452 RasPppoe - ok
13:10:20.0036 3452 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:10:20.0036 3452 RasSstp - ok
13:10:20.0067 3452 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:10:20.0083 3452 rdbss - ok
13:10:20.0083 3452 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:10:20.0083 3452 RDPCDD - ok
13:10:20.0114 3452 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:10:20.0114 3452 rdpdr - ok
13:10:20.0114 3452 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:10:20.0114 3452 RDPENCDD - ok
13:10:20.0145 3452 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
13:10:20.0145 3452 RDPWD - ok
13:10:20.0177 3452 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
13:10:20.0177 3452 RemoteAccess - ok
13:10:20.0223 3452 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
13:10:20.0223 3452 RemoteRegistry - ok
13:10:20.0239 3452 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
13:10:20.0239 3452 RpcLocator - ok
13:10:20.0301 3452 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
13:10:20.0301 3452 RpcSs - ok
13:10:20.0317 3452 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:10:20.0317 3452 rspndr - ok
13:10:20.0348 3452 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:10:20.0348 3452 SamSs - ok
13:10:20.0364 3452 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:10:20.0364 3452 sbp2port - ok
13:10:20.0395 3452 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
13:10:20.0395 3452 SCardSvr - ok
13:10:20.0473 3452 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
13:10:20.0473 3452 Schedule - ok
13:10:20.0504 3452 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:10:20.0504 3452 SCPolicySvc - ok
13:10:20.0520 3452 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
13:10:20.0520 3452 SDRSVC - ok
13:10:20.0535 3452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:10:20.0535 3452 secdrv - ok
13:10:20.0551 3452 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
13:10:20.0551 3452 seclogon - ok
13:10:20.0551 3452 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
13:10:20.0567 3452 SENS - ok
13:10:20.0582 3452 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
13:10:20.0582 3452 Serenum - ok
13:10:20.0613 3452 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
13:10:20.0613 3452 Serial - ok
13:10:20.0629 3452 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:10:20.0629 3452 sermouse - ok
13:10:20.0629 3452 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
13:10:20.0629 3452 SessionEnv - ok
13:10:20.0645 3452 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:10:20.0645 3452 sffdisk - ok
13:10:20.0660 3452 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:10:20.0660 3452 sffp_mmc - ok
13:10:20.0676 3452 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:10:20.0676 3452 sffp_sd - ok
13:10:20.0691 3452 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:10:20.0691 3452 sfloppy - ok
13:10:20.0707 3452 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
13:10:20.0707 3452 SharedAccess - ok
13:10:20.0754 3452 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
13:10:20.0754 3452 ShellHWDetection - ok
13:10:20.0769 3452 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:10:20.0769 3452 SiSRaid2 - ok
13:10:20.0785 3452 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:10:20.0785 3452 SiSRaid4 - ok
13:10:20.0910 3452 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
13:10:20.0972 3452 slsvc - ok
13:10:21.0081 3452 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
13:10:21.0081 3452 SLUINotify - ok
13:10:21.0128 3452 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:10:21.0128 3452 Smb - ok
13:10:21.0175 3452 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
13:10:21.0175 3452 SNMPTRAP - ok
13:10:21.0222 3452 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:10:21.0222 3452 spldr - ok
13:10:21.0237 3452 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
13:10:21.0237 3452 Spooler - ok
13:10:21.0300 3452 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:10:21.0300 3452 SQLBrowser - ok
13:10:21.0347 3452 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:10:21.0347 3452 SQLWriter - ok
13:10:21.0393 3452 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:10:21.0393 3452 srv - ok
13:10:21.0425 3452 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:10:21.0425 3452 srv2 - ok
13:10:21.0440 3452 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:10:21.0440 3452 srvnet - ok
13:10:21.0456 3452 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
13:10:21.0456 3452 SSDPSRV - ok
13:10:21.0471 3452 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
13:10:21.0471 3452 SstpSvc - ok
13:10:21.0503 3452 Steam Client Service - ok
13:10:21.0549 3452 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
13:10:21.0549 3452 StillCam - ok
13:10:21.0596 3452 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
13:10:21.0612 3452 stisvc - ok
13:10:21.0612 3452 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:10:21.0612 3452 swenum - ok
13:10:21.0659 3452 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
13:10:21.0674 3452 swprv - ok
13:10:21.0690 3452 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:10:21.0690 3452 Symc8xx - ok
13:10:21.0705 3452 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:10:21.0705 3452 Sym_hi - ok
13:10:21.0737 3452 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:10:21.0737 3452 Sym_u3 - ok
13:10:21.0783 3452 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
13:10:21.0799 3452 SysMain - ok
13:10:21.0846 3452 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
13:10:21.0846 3452 TabletInputService - ok
13:10:21.0893 3452 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
13:10:21.0893 3452 TapiSrv - ok
13:10:21.0908 3452 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
13:10:21.0908 3452 TBS - ok
13:10:21.0986 3452 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys
13:10:22.0002 3452 Tcpip - ok
13:10:22.0017 3452 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys
13:10:22.0017 3452 Tcpip6 - ok
13:10:22.0049 3452 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys
13:10:22.0049 3452 tcpipreg - ok
13:10:22.0064 3452 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:10:22.0064 3452 TDPIPE - ok
13:10:22.0064 3452 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:10:22.0064 3452 TDTCP - ok
13:10:22.0111 3452 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:10:22.0111 3452 tdx - ok
13:10:22.0158 3452 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:10:22.0158 3452 TermDD - ok
13:10:22.0173 3452 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
13:10:22.0189 3452 TermService - ok
13:10:22.0220 3452 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
13:10:22.0220 3452 Themes - ok
13:10:22.0251 3452 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:10:22.0251 3452 THREADORDER - ok
13:10:22.0267 3452 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
13:10:22.0267 3452 TrkWks - ok
13:10:22.0329 3452 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
13:10:22.0329 3452 TrustedInstaller - ok
13:10:22.0329 3452 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:10:22.0329 3452 tssecsrv - ok
13:10:22.0376 3452 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:10:22.0376 3452 tunmp - ok
13:10:22.0423 3452 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:10:22.0423 3452 tunnel - ok
13:10:22.0423 3452 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:10:22.0423 3452 uagp35 - ok
13:10:22.0470 3452 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:10:22.0470 3452 udfs - ok
13:10:22.0485 3452 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
13:10:22.0485 3452 UI0Detect - ok
13:10:22.0501 3452 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:10:22.0501 3452 uliagpkx - ok
13:10:22.0517 3452 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:10:22.0517 3452 uliahci - ok
13:10:22.0532 3452 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:10:22.0532 3452 UlSata - ok
13:10:22.0563 3452 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:10:22.0563 3452 ulsata2 - ok
13:10:22.0563 3452 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:10:22.0563 3452 umbus - ok
13:10:22.0595 3452 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
13:10:22.0595 3452 upnphost - ok
13:10:22.0595 3452 urvpndrv - ok
13:10:22.0626 3452 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
13:10:22.0626 3452 USBAAPL64 - ok
13:10:22.0657 3452 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
13:10:22.0657 3452 usbaudio - ok
13:10:22.0704 3452 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:10:22.0704 3452 usbccgp - ok
13:10:22.0719 3452 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
13:10:22.0719 3452 usbcir - ok
13:10:22.0735 3452 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:10:22.0735 3452 usbehci - ok
13:10:22.0751 3452 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:10:22.0751 3452 usbhub - ok
13:10:22.0766 3452 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
13:10:22.0766 3452 usbohci - ok
13:10:22.0782 3452 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
13:10:22.0782 3452 usbprint - ok
13:10:22.0829 3452 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
13:10:22.0829 3452 usbscan - ok
13:10:22.0860 3452 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:10:22.0860 3452 USBSTOR - ok
13:10:22.0860 3452 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:10:22.0860 3452 usbuhci - ok
13:10:22.0907 3452 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
13:10:22.0907 3452 UxSms - ok
13:10:22.0953 3452 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
13:10:22.0969 3452 vds - ok
13:10:22.0985 3452 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:10:22.0985 3452 vga - ok
13:10:22.0985 3452 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:10:22.0985 3452 VgaSave - ok
13:10:22.0985 3452 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:10:22.0985 3452 viaide - ok
13:10:23.0000 3452 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:10:23.0000 3452 volmgr - ok
13:10:23.0047 3452 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:10:23.0063 3452 volmgrx - ok
13:10:23.0094 3452 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:10:23.0094 3452 volsnap - ok
13:10:23.0125 3452 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:10:23.0125 3452 vsmraid - ok
13:10:23.0203 3452 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
13:10:23.0219 3452 VSS - ok
13:10:23.0312 3452 VX3000 (e13b31e0ada64cf1513d993f436ca39d) C:\Windows\system32\DRIVERS\VX3000.sys
13:10:23.0375 3452 VX3000 - ok
13:10:23.0437 3452 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
13:10:23.0453 3452 W32Time - ok
13:10:23.0468 3452 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:10:23.0468 3452 WacomPen - ok
13:10:23.0484 3452 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:10:23.0484 3452 Wanarp - ok
13:10:23.0484 3452 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:10:23.0484 3452 Wanarpv6 - ok
13:10:23.0515 3452 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
13:10:23.0531 3452 wcncsvc - ok
13:10:23.0546 3452 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
13:10:23.0546 3452 WcsPlugInService - ok
13:10:23.0562 3452 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:10:23.0562 3452 Wd - ok
13:10:23.0593 3452 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:10:23.0609 3452 Wdf01000 - ok
13:10:23.0624 3452 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:10:23.0624 3452 WdiServiceHost - ok
13:10:23.0624 3452 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:10:23.0624 3452 WdiSystemHost - ok
13:10:23.0640 3452 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
13:10:23.0640 3452 WebClient - ok
13:10:23.0687 3452 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
13:10:23.0687 3452 Wecsvc - ok
13:10:23.0702 3452 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
13:10:23.0702 3452 wercplsupport - ok
13:10:23.0702 3452 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
13:10:23.0718 3452 WerSvc - ok
13:10:23.0718 3452 WinHttpAutoProxySvc - ok
13:10:23.0780 3452 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
13:10:23.0780 3452 Winmgmt - ok
13:10:23.0874 3452 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
13:10:23.0936 3452 WinRM - ok
13:10:24.0014 3452 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
13:10:24.0030 3452 Wlansvc - ok
13:10:24.0123 3452 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:10:24.0139 3452 wlidsvc - ok
13:10:24.0170 3452 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:10:24.0170 3452 WmiAcpi - ok
13:10:24.0201 3452 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
13:10:24.0201 3452 wmiApSrv - ok
13:10:24.0217 3452 WMPNetworkSvc - ok
13:10:24.0233 3452 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
13:10:24.0233 3452 WPCSvc - ok
13:10:24.0279 3452 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
13:10:24.0279 3452 WPDBusEnum - ok
13:10:24.0342 3452 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:10:24.0342 3452 WpdUsb - ok
13:10:24.0498 3452 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:10:24.0513 3452 WPFFontCache_v0400 - ok
13:10:24.0513 3452 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:10:24.0513 3452 ws2ifsl - ok
13:10:24.0576 3452 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
13:10:24.0576 3452 wscsvc - ok
13:10:24.0576 3452 WSearch - ok
13:10:24.0685 3452 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:10:24.0701 3452 wuauserv - ok
13:10:24.0763 3452 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:10:24.0779 3452 WUDFRd - ok
13:10:24.0779 3452 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
13:10:24.0779 3452 wudfsvc - ok
13:10:24.0825 3452 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
13:10:25.0106 3452 \Device\Harddisk0\DR0 - ok
13:10:25.0122 3452 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk5\DR5
13:10:25.0122 3452 \Device\Harddisk5\DR5 - ok
13:10:25.0122 3452 Boot (0x1200) (eafc1cfdcbf48ab0a556922d5ea3fdf3) \Device\Harddisk0\DR0\Partition0
13:10:25.0122 3452 \Device\Harddisk0\DR0\Partition0 - ok
13:10:25.0122 3452 Boot (0x1200) (e1aa8b79365d10372a7e5159ba49ffcd) \Device\Harddisk0\DR0\Partition1
13:10:25.0122 3452 \Device\Harddisk0\DR0\Partition1 - ok
13:10:25.0122 3452 Boot (0x1200) (4c437d79e9cfe5c715f55fafd2f2795a) \Device\Harddisk5\DR5\Partition0
13:10:25.0122 3452 \Device\Harddisk5\DR5\Partition0 - ok
13:10:25.0122 3452 ============================================================
13:10:25.0122 3452 Scan finished
13:10:25.0122 3452 ============================================================
13:10:25.0137 1584 Detected object count: 0
13:10:25.0137 1584 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 13:14:15
-----------------------------
13:14:15.905 OS Version: Windows x64 6.0.6002 Service Pack 2
13:14:15.905 Number of processors: 8 586 0x1A05
13:14:15.905 ComputerName: OFFICE-PC UserName: Shambos
13:14:33.186 Initialze error C000010E - driver not loaded
13:16:31.704 AVAST engine defs: 12062300
13:16:49.999 Service scanning
13:17:14.611 Modules scanning
13:17:14.611 Disk 0 trace - called modules:
13:17:14.611
13:17:15.968 AVAST engine scan C:\Windows
13:17:32.485 AVAST engine scan C:\Windows\system32
13:21:52.326 AVAST engine scan C:\Windows\system32\drivers
13:22:20.322 AVAST engine scan C:\Users\Shambos
13:40:04.846 The log file has been saved successfully to "J:\Step2\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 13:14:15
-----------------------------
13:14:15.905 OS Version: Windows x64 6.0.6002 Service Pack 2
13:14:15.905 Number of processors: 8 586 0x1A05
13:14:15.905 ComputerName: OFFICE-PC UserName: Shambos
13:14:33.186 Initialze error C000010E - driver not loaded
13:16:31.704 AVAST engine defs: 12062300
13:16:49.999 Service scanning
13:17:14.611 Modules scanning
13:17:14.611 Disk 0 trace - called modules:
13:17:14.611
13:17:15.968 AVAST engine scan C:\Windows
13:17:32.485 AVAST engine scan C:\Windows\system32
13:21:52.326 AVAST engine scan C:\Windows\system32\drivers
13:22:20.322 AVAST engine scan C:\Users\Shambos
13:40:04.846 The log file has been saved successfully to "J:\Step2\aswMBR.txt"
13:47:52.400 AVAST engine scan C:\ProgramData
13:50:02.049 Scan finished successfully
13:51:17.620 The log file has been saved successfully to "J:\Step2\aswMBR.txt"


C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan cleaned by deleting - quarantined
C:\ProgramData\WildTangent\528821fe-58e4-439c-81de-49f36a16aa12-extr.exe a variant of Win32/Kryptik.SH trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:40 AM

Posted 23 June 2012 - 04:13 PM

Please re run ASWMBR and post the new log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 Adirondack

Adirondack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 23 June 2012 - 05:51 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 16:23:11
-----------------------------
16:23:11.074 OS Version: Windows x64 6.0.6002 Service Pack 2
16:23:11.074 Number of processors: 8 586 0x1A05
16:23:11.090 ComputerName: OFFICE-PC UserName: Shambos
16:23:14.615 Initialize success
16:23:22.727 AVAST engine defs: 12062300
16:23:29.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:23:29.045 Disk 0 Vendor: ST310005 HP22 Size: 953869MB BusType: 8
16:23:29.061 Disk 0 MBR read successfully
16:23:29.061 Disk 0 MBR scan
16:23:29.107 Disk 0 unknown MBR code
16:23:29.123 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 939104 MB offset 63
16:23:29.154 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14762 MB offset 1923285735
16:23:29.201 Disk 0 scanning C:\Windows\system32\drivers
16:23:42.414 Service scanning
16:24:06.266 Modules scanning
16:24:06.266 Disk 0 trace - called modules:
16:24:06.282 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
16:24:06.282 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80073da790]
16:24:06.781 3 CLASSPNP.SYS[fffffa60011cdc33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006b64050]
16:24:08.060 AVAST engine scan C:\Windows
16:24:19.698 AVAST engine scan C:\Windows\system32
16:28:49.437 AVAST engine scan C:\Windows\system32\drivers
16:29:10.965 AVAST engine scan C:\Users\Shambos
17:02:26.128 AVAST engine scan C:\ProgramData
17:05:20.859 Scan finished successfully
17:46:02.222 Disk 0 MBR has been saved successfully to "J:\Step2\MBR.dat"
17:46:08.384 The log file has been saved successfully to "J:\Step2\aswMBR2.txt"


I'm running MBAM Full Scan now...Thanks

#6 Adirondack

Adirondack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 23 June 2012 - 08:48 PM

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Shambos :: OFFICE-PC [administrator]

Protection: Enabled

6/23/2012 5:47:43 PM
mbam-log-2012-06-23 (17-47-43).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 550587
Time elapsed: 1 hour(s), 8 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#7 Adirondack

Adirondack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 23 June 2012 - 09:07 PM

This is the results of the quick scan after I rebooted the PC:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Shambos :: OFFICE-PC [administrator]

Protection: Enabled

6/23/2012 9:02:15 PM
mbam-log-2012-06-23 (21-02-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233328
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 Adirondack

Adirondack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 23 June 2012 - 09:26 PM

Mini Toolbox Results:

MiniToolBox by Farbar Version: 09-06-2012
Ran by Shambos (administrator) on 23-06-2012 at 21:19:14
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

802.11n Wireless PCI Express Card LAN Adapter = Wireless Network Connection (Connected)
Intel® 82567V-2 Gigabit Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Office-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11n Wireless PCI Express Card LAN Adapter
Physical Address. . . . . . . . . : 00-22-5F-D9-38-B9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::51a5:a313:6f37:73e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 23, 2012 9:18:30 PM
Lease Expires . . . . . . . . . . : Sunday, June 24, 2012 9:18:29 PM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 184558175
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-1D-08-F7-00-26-18-9A-17-D9
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82567V-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-26-18-9A-17-D9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A9151CF9-6CBD-4A5A-AEE0-93701FDB9FB2}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0AF5DC94-E4EB-4FC4-A043-5521FF838DC9}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 10.0.0.1

Name: google.com
Addresses: 2607:f8b0:4000:801::100e
74.125.227.142
74.125.227.128
74.125.227.129
74.125.227.130
74.125.227.131
74.125.227.132
74.125.227.133
74.125.227.134
74.125.227.135
74.125.227.136
74.125.227.137



Pinging google.com [74.125.227.34] with 32 bytes of data:

Reply from 74.125.227.34: bytes=32 time=9ms TTL=54

Reply from 74.125.227.34: bytes=32 time=13ms TTL=54



Ping statistics for 74.125.227.34:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 9ms, Maximum = 13ms, Average = 11ms

Server: UnKnown
Address: 10.0.0.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=141ms TTL=50

Reply from 72.30.38.140: bytes=32 time=61ms TTL=50



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 61ms, Maximum = 141ms, Average = 101ms

Server: UnKnown
Address: 10.0.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 22 5f d9 38 b9 ...... 802.11n Wireless PCI Express Card LAN Adapter
10 ...00 26 18 9a 17 d9 ...... Intel® 82567V-2 Gigabit Network Connection
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.{A9151CF9-6CBD-4A5A-AEE0-93701FDB9FB2}
14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 isatap.{0AF5DC94-E4EB-4FC4-A043-5521FF838DC9}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.4 25
10.0.0.0 255.255.255.0 On-link 10.0.0.4 281
10.0.0.4 255.255.255.255 On-link 10.0.0.4 281
10.0.0.255 255.255.255.255 On-link 10.0.0.4 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::51a5:a313:6f37:73e/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
ATTENTION: The LibraryPath should be %SystemRoot%\system32\NLAapi.dll

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/23/2012 08:52:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2012 01:51:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (06/23/2012 01:09:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (06/23/2012 11:47:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2012 08:32:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 10:12:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2012 06:41:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2012 11:34:43 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/21/2012 11:34:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/21/2012 11:13:36 PM) (Source: HP Advisor) (User: )
Description: Timestamp: 06/21/2012 23:13:36.471;
Category: FATAL;
Priority:(4);
Win32 Thread Id: [3924];
Message: Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of an object.
at HPAdvisor.MainFrame.Business.SearchManager.Initialize()
at HPAdvisor.MyApp.OnStartup(StartupEventArgs e)
at System.Windows.Application.<.ctor>b__0(Object unused)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler);
EventId: 400;
Severity: Critical;
Machine: OFFICE-PC;
Application Domain: HPAdvisor.exe;
Process Id: 3920;
Process Name: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe;
Extended Properties:


System errors:
=============
Error: (06/23/2012 08:52:57 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (06/23/2012 08:52:57 PM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)BFE

Error: (06/23/2012 08:52:57 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (06/23/2012 08:52:57 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (06/23/2012 08:52:57 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (06/23/2012 11:47:29 AM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (06/23/2012 11:47:29 AM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)BFE

Error: (06/23/2012 11:47:29 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (06/23/2012 11:47:29 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (06/23/2012 11:47:29 AM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060


Microsoft Office Sessions:
=========================
Error: (12/02/2010 09:32:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash.

Error: (12/02/2010 09:32:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3927 seconds with 420 seconds of active time. This session ended with a crash.

Error: (04/27/2010 11:06:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.6527.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 427 seconds with 360 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228)
Apple Mobile Device Support (Version: 3.4.0.25)
ATI Catalyst Install Manager (Version: 3.0.710.0)
Bonjour (Version: 2.0.5.0)
ccc-utility64 (Version: 2009.0428.2148.37311)
Hardware Diagnostic Tools (Version: 5.1.5144.16)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3 (Version: 10.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP MediaSmart SmartMenu (Version: 2.1.12)
HP Officejet 6500 E709 Series (Version: 12.0)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Remote Software (Version: 1.0.5.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
Intel® Matrix Storage Manager
iTunes (Version: 10.2.2.14)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft IntelliType Pro 7.1 (Version: 7.10.344.0)
Microsoft LifeCam (Version: 3.0.215.0)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)
Network64 (Version: 120.0.194.000)
OCR Software by I.R.I.S. 12.0 (Version: 12.0)
Shop for HP Supplies (Version: 12)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Language Selector (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 6134.26 MB
Available physical RAM: 3994.05 MB
Total Pagefile: 12470.05 MB
Available Pagefile: 9936.19 MB
Total Virtual: 4095.88 MB
Available Virtual: 3992.38 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:917.09 GB) (Free:635.46 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:14.42 GB) (Free:2.05 GB) NTFS
8 Drive j: () (Removable) (Total:3.8 GB) (Free:1.49 GB) FAT32

========================= Users: ========================================

User accounts for \\OFFICE-PC

Administrator Guest Shambos


**** End of log ****

Thanks,

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:40 AM

Posted 23 June 2012 - 09:51 PM

Download

Farbar Service Scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#10 Adirondack

Adirondack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 24 June 2012 - 07:29 AM

Farbar Service Scanner Version: 23-06-2012
Ran by Shambos (administrator) on 24-06-2012 at 07:26:41
Running from "J:\Step2"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 01:30] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 07:14] - [2012-03-30 07:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 15:09] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2009-09-16 16:36] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-16 16:36] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-12 14:42] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-16 16:36] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:40 AM

Posted 24 June 2012 - 07:48 AM

Create a restore point before trying this

Download

MpsSvc
defender
BFE

Launch them ,click YES when you get UAC prompt

restart the PC

Press Windows+R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Similarly go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

Do the same thing -provide full control to everyone

Press Windows+R key and type

services.msc and click ok

start base filtering engine service and then windows firewall service

Post the new FSS log

Good luck

#12 Adirondack

Adirondack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 24 June 2012 - 11:20 AM

Forum Addict,

Post activity FSS Log attached below;

Question: I understand starting up MS firewall & Kind of understand base filtering. What is the purpose of making the services full access to "Everyone"?

Thanks,


Farbar Service Scanner Version: 23-06-2012
Ran by Shambos (administrator) on 24-06-2012 at 11:14:03
Running from "J:\Step2"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 01:30] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 07:14] - [2012-03-30 07:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 15:09] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2009-09-16 16:36] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-16 16:36] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-16 16:35] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-12 14:42] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-16 16:36] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:40 AM

Posted 24 June 2012 - 11:58 AM

Question: I understand starting up MS firewall & Kind of understand base filtering. What is the purpose of making the services full access to "Everyone"?

Permissions have been corrupted by malware.We need to provide access to start it.

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 Adirondack

Adirondack
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 24 June 2012 - 12:57 PM

Forum Addict,
I am grateful that you have this "addiction". Thank you for your knowledge, great instructions & for making me healthy & protected again. I have completed all the actions you have prescribed. How else can I thank you?

Gratefully,
Adirondack

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:40 AM

Posted 24 June 2012 - 01:33 PM

Appreciate your feedback

safe surfing :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users