Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan horse patched_c.lxt


  • Please log in to reply
15 replies to this topic

#1 h11cwg

h11cwg

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 10 July 2012 - 07:54 AM

This is a tricky one. Have tried Malwarebytes, AVG and SuperAntiSpyware. AVG detects it, but it seems to be masquerading as a Windows system file (services.exe) which cannot be deleted or the machine will not boot. Combofix will not install, fails halfway through the install and shuts down. Difficult to navigate the web because the Trojan also hijacks the browser and prevents it reaching the desired URL. I'm stumped!


*Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 10 July 2012 - 08:29 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 10 July 2012 - 08:58 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 h11cwg

h11cwg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 10 July 2012 - 10:56 AM

Many thanks - logs below...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-10 15:47:59
-----------------------------
15:47:59.938 OS Version: Windows x64 6.1.7600
15:47:59.938 Number of processors: 1 586 0x603
15:47:59.938 ComputerName: SURFGIRL_LAPTOP UserName: Kat
15:48:01.319 Initialize success
15:49:22.654 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
15:49:22.664 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 11
15:49:22.674 Disk 0 MBR read successfully
15:49:22.684 Disk 0 MBR scan
15:49:22.684 Disk 0 unknown MBR code
15:49:22.694 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
15:49:22.704 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 221388 MB offset 409600
15:49:22.744 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16783 MB offset 453812224
15:49:22.764 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
15:49:22.814 Disk 0 scanning C:\Windows\system32\drivers
15:49:30.047 Service scanning
15:50:05.899 Modules scanning
15:50:05.909 Disk 0 trace - called modules:
15:50:05.929 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys amdxata.sys storport.sys hal.dll amdsata.sys
15:50:06.260 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002591060]
15:50:06.270 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8002590040]
15:50:06.280 5 PCTCore64.sys[fffff880011a0f38] -> nt!IofCallDriver -> [0xfffffa800254a040]
15:50:06.290 7 amdxata.sys[fffff880010fb7a8] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa8002544060]
15:50:06.300 Scan finished successfully
15:51:53.205 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:51:53.205 The log file has been saved successfully to "C:\aswMBR.txt"



15:43:20.0556 1256 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:43:20.0756 1256 ============================================================
15:43:20.0756 1256 Current date / time: 2012/07/10 15:43:20.0756
15:43:20.0756 1256 SystemInfo:
15:43:20.0756 1256
15:43:20.0756 1256 OS Version: 6.1.7600 ServicePack: 0.0
15:43:20.0756 1256 Product type: Workstation
15:43:20.0756 1256 ComputerName: SURFGIRL_LAPTOP
15:43:20.0756 1256 UserName: Kat
15:43:20.0756 1256 Windows directory: C:\Windows
15:43:20.0756 1256 System windows directory: C:\Windows
15:43:20.0756 1256 Running under WOW64
15:43:20.0756 1256 Processor architecture: Intel x64
15:43:20.0756 1256 Number of processors: 1
15:43:20.0756 1256 Page size: 0x1000
15:43:20.0756 1256 Boot type: Normal boot
15:43:20.0756 1256 ============================================================
15:43:22.0347 1256 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:22.0377 1256 ============================================================
15:43:22.0377 1256 \Device\Harddisk0\DR0:
15:43:22.0377 1256 MBR partitions:
15:43:22.0377 1256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:43:22.0377 1256 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B066000
15:43:22.0377 1256 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B0CA000, BlocksNum 0x20C7800
15:43:22.0377 1256 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
15:43:22.0377 1256 ============================================================
15:43:22.0427 1256 C: <-> \Device\Harddisk0\DR0\Partition1
15:43:22.0477 1256 D: <-> \Device\Harddisk0\DR0\Partition2
15:43:22.0477 1256 ============================================================
15:43:22.0477 1256 Initialize success
15:43:22.0477 1256 ============================================================
15:43:50.0603 0524 ============================================================
15:43:50.0603 0524 Scan started
15:43:50.0603 0524 Mode: Manual; TDLFS;
15:43:50.0603 0524 ============================================================
15:43:53.0183 0524 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:43:53.0183 0524 !SASCORE - ok
15:43:53.0483 0524 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:43:53.0503 0524 1394ohci - ok
15:43:53.0623 0524 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:43:53.0633 0524 ACPI - ok
15:43:53.0673 0524 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:43:53.0673 0524 AcpiPmi - ok
15:43:53.0763 0524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:53.0773 0524 adp94xx - ok
15:43:53.0823 0524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:43:53.0833 0524 adpahci - ok
15:43:53.0893 0524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:43:53.0903 0524 adpu320 - ok
15:43:53.0943 0524 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:43:53.0943 0524 AeLookupSvc - ok
15:43:54.0053 0524 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
15:43:54.0053 0524 AERTFilters - ok
15:43:54.0143 0524 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
15:43:54.0153 0524 AFD - ok
15:43:54.0193 0524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:43:54.0203 0524 agp440 - ok
15:43:54.0243 0524 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:43:54.0243 0524 ALG - ok
15:43:54.0283 0524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:43:54.0283 0524 aliide - ok
15:43:54.0363 0524 AMD External Events Utility (4609419a19891c706455c1a747431af9) C:\Windows\system32\atiesrxx.exe
15:43:54.0363 0524 AMD External Events Utility - ok
15:43:54.0393 0524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:43:54.0403 0524 amdide - ok
15:43:54.0433 0524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:43:54.0433 0524 AmdK8 - ok
15:43:54.0913 0524 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys
15:43:55.0073 0524 amdkmdag - ok
15:43:55.0303 0524 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys
15:43:55.0323 0524 amdkmdap - ok
15:43:55.0363 0524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:43:55.0363 0524 AmdPPM - ok
15:43:55.0403 0524 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
15:43:55.0403 0524 amdsata - ok
15:43:55.0463 0524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:55.0473 0524 amdsbs - ok
15:43:55.0513 0524 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
15:43:55.0513 0524 amdxata - ok
15:43:55.0553 0524 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:43:55.0553 0524 AppID - ok
15:43:55.0603 0524 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:43:55.0603 0524 AppIDSvc - ok
15:43:55.0673 0524 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:43:55.0673 0524 Appinfo - ok
15:43:55.0823 0524 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:43:55.0833 0524 Apple Mobile Device - ok
15:43:55.0963 0524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:43:55.0963 0524 arc - ok
15:43:56.0033 0524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:43:56.0033 0524 arcsas - ok
15:43:56.0073 0524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:56.0073 0524 AsyncMac - ok
15:43:56.0103 0524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:43:56.0103 0524 atapi - ok
15:43:56.0163 0524 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
15:43:56.0163 0524 AtiPcie - ok
15:43:56.0263 0524 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:43:56.0283 0524 AudioEndpointBuilder - ok
15:43:56.0294 0524 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:43:56.0304 0524 AudioSrv - ok
15:43:56.0364 0524 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
15:43:56.0364 0524 Avgfwfd - ok
15:43:56.0644 0524 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
15:43:56.0694 0524 avgfws - ok
15:43:57.0164 0524 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:43:57.0194 0524 AVGIDSAgent - ok
15:43:57.0424 0524 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:43:57.0454 0524 AVGIDSDriver - ok
15:43:57.0494 0524 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:43:57.0494 0524 AVGIDSEH - ok
15:43:57.0554 0524 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:43:57.0554 0524 AVGIDSFilter - ok
15:43:58.0044 0524 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
15:43:58.0054 0524 Avgldx64 - ok
15:43:58.0094 0524 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:43:58.0094 0524 Avgmfx64 - ok
15:43:58.0154 0524 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:43:58.0154 0524 Avgrkx64 - ok
15:43:58.0204 0524 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
15:43:58.0214 0524 Avgtdia - ok
15:43:58.0364 0524 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:43:58.0374 0524 avgwd - ok
15:43:58.0454 0524 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:43:58.0454 0524 AxInstSV - ok
15:43:58.0544 0524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:43:58.0554 0524 b06bdrv - ok
15:43:58.0664 0524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:43:58.0684 0524 b57nd60a - ok
15:43:59.0124 0524 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:43:59.0194 0524 BCM43XX - ok
15:43:59.0374 0524 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:43:59.0384 0524 BDESVC - ok
15:43:59.0444 0524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:43:59.0444 0524 Beep - ok
15:43:59.0564 0524 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
15:43:59.0584 0524 BFE - ok
15:43:59.0734 0524 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
15:43:59.0754 0524 BITS - ok
15:43:59.0834 0524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:59.0834 0524 blbdrive - ok
15:44:00.0054 0524 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:44:00.0054 0524 Bonjour Service - ok
15:44:00.0104 0524 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
15:44:00.0104 0524 bowser - ok
15:44:00.0124 0524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:44:00.0124 0524 BrFiltLo - ok
15:44:00.0144 0524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:44:00.0144 0524 BrFiltUp - ok
15:44:00.0194 0524 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:44:00.0194 0524 BridgeMP - ok
15:44:00.0234 0524 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:44:00.0234 0524 Browser - ok
15:44:00.0284 0524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:44:00.0294 0524 Brserid - ok
15:44:00.0324 0524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:44:00.0324 0524 BrSerWdm - ok
15:44:00.0334 0524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:44:00.0334 0524 BrUsbMdm - ok
15:44:00.0364 0524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:44:00.0364 0524 BrUsbSer - ok
15:44:00.0384 0524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:44:00.0384 0524 BTHMODEM - ok
15:44:00.0454 0524 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:44:00.0454 0524 bthserv - ok
15:44:00.0484 0524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:44:00.0494 0524 cdfs - ok
15:44:00.0534 0524 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:44:00.0554 0524 cdrom - ok
15:44:00.0604 0524 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:44:00.0614 0524 CertPropSvc - ok
15:44:00.0684 0524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:44:00.0684 0524 circlass - ok
15:44:00.0744 0524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:44:00.0744 0524 CLFS - ok
15:44:00.0834 0524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:00.0834 0524 clr_optimization_v2.0.50727_32 - ok
15:44:00.0924 0524 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:44:00.0924 0524 clr_optimization_v2.0.50727_64 - ok
15:44:00.0974 0524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:44:00.0974 0524 CmBatt - ok
15:44:01.0024 0524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:44:01.0024 0524 cmdide - ok
15:44:01.0084 0524 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
15:44:01.0094 0524 CNG - ok
15:44:01.0134 0524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:44:01.0134 0524 Compbatt - ok
15:44:01.0164 0524 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:44:01.0164 0524 CompositeBus - ok
15:44:01.0184 0524 COMSysApp - ok
15:44:01.0224 0524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:44:01.0224 0524 crcdisk - ok
15:44:01.0284 0524 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
15:44:01.0294 0524 CryptSvc - ok
15:44:01.0364 0524 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:44:01.0374 0524 DcomLaunch - ok
15:44:01.0424 0524 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:44:01.0434 0524 defragsvc - ok
15:44:01.0514 0524 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
15:44:01.0524 0524 DfsC - ok
15:44:01.0614 0524 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:44:01.0634 0524 Dhcp - ok
15:44:01.0674 0524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:44:01.0674 0524 discache - ok
15:44:01.0734 0524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:44:01.0744 0524 Disk - ok
15:44:01.0824 0524 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
15:44:01.0824 0524 Dnscache - ok
15:44:01.0874 0524 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:44:01.0894 0524 dot3svc - ok
15:44:01.0934 0524 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:44:01.0954 0524 DPS - ok
15:44:01.0984 0524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:44:01.0984 0524 drmkaud - ok
15:44:02.0084 0524 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
15:44:02.0094 0524 DXGKrnl - ok
15:44:02.0144 0524 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:44:02.0154 0524 EapHost - ok
15:44:02.0384 0524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:44:02.0494 0524 ebdrv - ok
15:44:02.0664 0524 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
15:44:02.0664 0524 EFS - ok
15:44:02.0844 0524 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe
15:44:02.0854 0524 ehRecvr - ok
15:44:02.0954 0524 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:44:02.0954 0524 ehSched - ok
15:44:03.0094 0524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:44:03.0104 0524 elxstor - ok
15:44:03.0134 0524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:44:03.0134 0524 ErrDev - ok
15:44:03.0214 0524 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:44:03.0224 0524 EventSystem - ok
15:44:03.0264 0524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:44:03.0274 0524 exfat - ok
15:44:03.0314 0524 ezSharedSvc - ok
15:44:03.0354 0524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:44:03.0364 0524 fastfat - ok
15:44:03.0524 0524 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:44:03.0544 0524 Fax - ok
15:44:03.0624 0524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:44:03.0634 0524 fdc - ok
15:44:03.0684 0524 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:44:03.0694 0524 fdPHost - ok
15:44:03.0734 0524 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:44:03.0744 0524 FDResPub - ok
15:44:03.0774 0524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:44:03.0774 0524 FileInfo - ok
15:44:03.0804 0524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:44:03.0804 0524 Filetrace - ok
15:44:03.0834 0524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:44:03.0834 0524 flpydisk - ok
15:44:03.0884 0524 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:44:03.0904 0524 FltMgr - ok
15:44:04.0044 0524 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
15:44:04.0054 0524 FontCache - ok
15:44:04.0134 0524 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:04.0134 0524 FontCache3.0.0.0 - ok
15:44:04.0204 0524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:44:04.0204 0524 FsDepends - ok
15:44:04.0224 0524 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:44:04.0234 0524 Fs_Rec - ok
15:44:04.0284 0524 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
15:44:04.0284 0524 fvevol - ok
15:44:04.0314 0524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:44:04.0314 0524 gagp30kx - ok
15:44:04.0464 0524 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:44:04.0474 0524 GameConsoleService - ok
15:44:04.0514 0524 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:44:04.0514 0524 GEARAspiWDM - ok
15:44:04.0604 0524 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:44:04.0614 0524 gpsvc - ok
15:44:04.0744 0524 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:04.0744 0524 gupdate - ok
15:44:04.0794 0524 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:04.0794 0524 gupdatem - ok
15:44:04.0834 0524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:44:04.0834 0524 hcw85cir - ok
15:44:04.0884 0524 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:44:04.0894 0524 HdAudAddService - ok
15:44:04.0944 0524 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:44:04.0944 0524 HDAudBus - ok
15:44:04.0984 0524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:44:04.0984 0524 HidBatt - ok
15:44:05.0024 0524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:44:05.0034 0524 HidBth - ok
15:44:05.0054 0524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:44:05.0054 0524 HidIr - ok
15:44:05.0094 0524 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:44:05.0094 0524 hidserv - ok
15:44:05.0134 0524 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:44:05.0134 0524 HidUsb - ok
15:44:05.0164 0524 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:44:05.0174 0524 hkmsvc - ok
15:44:05.0214 0524 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:44:05.0234 0524 HomeGroupListener - ok
15:44:05.0274 0524 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:44:05.0294 0524 HomeGroupProvider - ok
15:44:05.0465 0524 HP Health Check Service (ddd8f84e0b5fdb8a33cb4ea227d9abf8) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:44:05.0465 0524 HP Health Check Service - ok
15:44:05.0605 0524 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
15:44:05.0605 0524 HP Wireless Assistant Service - ok
15:44:05.0695 0524 HPDrvMntSvc.exe (881f74074963cdad8c475d09dc3a0bb6) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:44:05.0695 0524 HPDrvMntSvc.exe - ok
15:44:05.0795 0524 hpqwmiex (fe51b163a618b1cbf015485d21c1bc68) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:44:05.0805 0524 hpqwmiex - ok
15:44:05.0935 0524 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:44:05.0935 0524 HpSAMD - ok
15:44:06.0015 0524 HPWMISVC (5aa89e152634954e15e9db265c6a8557) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:44:06.0015 0524 HPWMISVC - ok
15:44:06.0095 0524 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:44:06.0105 0524 HTTP - ok
15:44:06.0135 0524 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:44:06.0135 0524 hwpolicy - ok
15:44:06.0175 0524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:44:06.0175 0524 i8042prt - ok
15:44:06.0275 0524 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
15:44:06.0285 0524 iaStorV - ok
15:44:06.0455 0524 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:06.0485 0524 idsvc - ok
15:44:06.0975 0524 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:44:07.0105 0524 igfx - ok
15:44:07.0315 0524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:44:07.0315 0524 iirsp - ok
15:44:07.0475 0524 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:44:07.0515 0524 IKEEXT - ok
15:44:07.0745 0524 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys
15:44:07.0795 0524 IntcAzAudAddService - ok
15:44:07.0975 0524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:44:07.0985 0524 intelide - ok
15:44:08.0055 0524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:44:08.0055 0524 intelppm - ok
15:44:08.0085 0524 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:44:08.0085 0524 IPBusEnum - ok
15:44:08.0135 0524 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:44:08.0135 0524 IpFilterDriver - ok
15:44:08.0215 0524 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
15:44:08.0235 0524 iphlpsvc - ok
15:44:08.0275 0524 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:44:08.0275 0524 IPMIDRV - ok
15:44:08.0336 0524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:44:08.0336 0524 IPNAT - ok
15:44:08.0516 0524 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:44:08.0536 0524 iPod Service - ok
15:44:08.0576 0524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:44:08.0586 0524 IRENUM - ok
15:44:08.0606 0524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:44:08.0606 0524 isapnp - ok
15:44:08.0666 0524 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:44:08.0666 0524 iScsiPrt - ok
15:44:08.0706 0524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:44:08.0706 0524 kbdclass - ok
15:44:08.0746 0524 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:44:08.0746 0524 kbdhid - ok
15:44:08.0786 0524 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:44:08.0786 0524 KeyIso - ok
15:44:08.0826 0524 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
15:44:08.0826 0524 KSecDD - ok
15:44:08.0876 0524 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
15:44:08.0886 0524 KSecPkg - ok
15:44:08.0916 0524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:44:08.0916 0524 ksthunk - ok
15:44:08.0976 0524 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:44:08.0986 0524 KtmRm - ok
15:44:09.0066 0524 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
15:44:09.0076 0524 LanmanServer - ok
15:44:09.0126 0524 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:44:09.0126 0524 LanmanWorkstation - ok
15:44:09.0246 0524 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:44:09.0246 0524 LightScribeService - ok
15:44:09.0306 0524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:44:09.0306 0524 lltdio - ok
15:44:09.0386 0524 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:44:09.0396 0524 lltdsvc - ok
15:44:09.0426 0524 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:44:09.0426 0524 lmhosts - ok
15:44:09.0526 0524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:44:09.0526 0524 LSI_FC - ok
15:44:09.0566 0524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:44:09.0576 0524 LSI_SAS - ok
15:44:09.0616 0524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:44:09.0626 0524 LSI_SAS2 - ok
15:44:09.0666 0524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:44:09.0686 0524 LSI_SCSI - ok
15:44:09.0766 0524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:44:09.0766 0524 luafv - ok
15:44:09.0846 0524 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:44:09.0846 0524 Mcx2Svc - ok
15:44:09.0896 0524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:44:09.0896 0524 megasas - ok
15:44:09.0956 0524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:44:09.0976 0524 MegaSR - ok
15:44:10.0026 0524 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:44:10.0026 0524 MMCSS - ok
15:44:10.0056 0524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:44:10.0056 0524 Modem - ok
15:44:10.0096 0524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:44:10.0096 0524 monitor - ok
15:44:10.0136 0524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:44:10.0136 0524 mouclass - ok
15:44:10.0176 0524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:44:10.0176 0524 mouhid - ok
15:44:10.0206 0524 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:44:10.0206 0524 mountmgr - ok
15:44:10.0256 0524 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:44:10.0266 0524 mpio - ok
15:44:10.0306 0524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:44:10.0306 0524 mpsdrv - ok
15:44:10.0346 0524 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:44:10.0356 0524 MRxDAV - ok
15:44:10.0396 0524 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:44:10.0406 0524 mrxsmb - ok
15:44:10.0446 0524 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:44:10.0456 0524 mrxsmb10 - ok
15:44:10.0496 0524 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:44:10.0506 0524 mrxsmb20 - ok
15:44:10.0556 0524 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\Windows\system32\DRIVERS\msahci.sys
15:44:10.0556 0524 msahci - ok
15:44:10.0606 0524 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:44:10.0606 0524 msdsm - ok
15:44:10.0656 0524 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:44:10.0666 0524 MSDTC - ok
15:44:10.0706 0524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:44:10.0706 0524 Msfs - ok
15:44:10.0736 0524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:44:10.0736 0524 mshidkmdf - ok
15:44:10.0766 0524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:44:10.0766 0524 msisadrv - ok
15:44:10.0826 0524 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:44:10.0846 0524 MSiSCSI - ok
15:44:10.0856 0524 msiserver - ok
15:44:10.0906 0524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:44:10.0906 0524 MSKSSRV - ok
15:44:10.0936 0524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:44:10.0946 0524 MSPCLOCK - ok
15:44:10.0976 0524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:44:10.0976 0524 MSPQM - ok
15:44:11.0036 0524 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:44:11.0056 0524 MsRPC - ok
15:44:11.0076 0524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:44:11.0076 0524 mssmbios - ok
15:44:11.0096 0524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:44:11.0096 0524 MSTEE - ok
15:44:11.0136 0524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:44:11.0136 0524 MTConfig - ok
15:44:11.0166 0524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:44:11.0176 0524 Mup - ok
15:44:11.0236 0524 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:44:11.0246 0524 napagent - ok
15:44:11.0326 0524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:44:11.0336 0524 NativeWifiP - ok
15:44:11.0446 0524 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:44:11.0456 0524 NDIS - ok
15:44:11.0486 0524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:44:11.0496 0524 NdisCap - ok
15:44:11.0536 0524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:44:11.0536 0524 NdisTapi - ok
15:44:11.0586 0524 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:44:11.0586 0524 Ndisuio - ok
15:44:11.0626 0524 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:44:11.0636 0524 NdisWan - ok
15:44:11.0696 0524 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:44:11.0696 0524 NDProxy - ok
15:44:11.0746 0524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:44:11.0746 0524 NetBIOS - ok
15:44:11.0806 0524 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:44:11.0816 0524 NetBT - ok
15:44:11.0836 0524 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:44:11.0836 0524 Netlogon - ok
15:44:11.0946 0524 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:44:11.0966 0524 Netman - ok
15:44:12.0056 0524 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:44:12.0056 0524 netprofm - ok
15:44:12.0146 0524 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:44:12.0146 0524 NetTcpPortSharing - ok
15:44:12.0546 0524 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:44:12.0676 0524 netw5v64 - ok
15:44:12.0876 0524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:44:12.0876 0524 nfrd960 - ok
15:44:12.0966 0524 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:44:12.0976 0524 NlaSvc - ok
15:44:12.0996 0524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:44:12.0996 0524 Npfs - ok
15:44:13.0036 0524 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:44:13.0046 0524 nsi - ok
15:44:13.0056 0524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:44:13.0056 0524 nsiproxy - ok
15:44:13.0226 0524 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
15:44:13.0266 0524 Ntfs - ok
15:44:13.0456 0524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:44:13.0456 0524 Null - ok
15:44:13.0506 0524 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
15:44:13.0546 0524 nvraid - ok
15:44:13.0646 0524 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
15:44:13.0666 0524 nvstor - ok
15:44:13.0726 0524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:44:13.0736 0524 nv_agp - ok
15:44:13.0786 0524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:44:13.0786 0524 ohci1394 - ok
15:44:13.0916 0524 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:44:13.0926 0524 ose - ok
15:44:14.0333 0524 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:44:14.0448 0524 osppsvc - ok
15:44:14.0678 0524 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:44:14.0698 0524 p2pimsvc - ok
15:44:14.0758 0524 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:44:14.0768 0524 p2psvc - ok
15:44:14.0838 0524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:44:14.0838 0524 Parport - ok
15:44:14.0878 0524 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:44:14.0878 0524 partmgr - ok
15:44:14.0928 0524 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:44:14.0928 0524 PcaSvc - ok
15:44:14.0968 0524 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:44:14.0968 0524 pci - ok
15:44:15.0008 0524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:44:15.0008 0524 pciide - ok
15:44:15.0068 0524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:44:15.0078 0524 pcmcia - ok
15:44:15.0178 0524 PCTCore (d48bd0ff27afb97005b33c9b6d26da3f) C:\Windows\system32\drivers\PCTCore64.sys
15:44:15.0188 0524 PCTCore - ok
15:44:15.0268 0524 pctDS (1335454528adfa13e1d3c4fa3fdbdc42) C:\Windows\system32\drivers\pctDS64.sys
15:44:15.0268 0524 pctDS - ok
15:44:15.0318 0524 PCTSD (9b7670b21e7fcbe9da9c4a751f31cca6) C:\Windows\system32\Drivers\PCTSD64.sys
15:44:15.0328 0524 PCTSD - ok
15:44:15.0378 0524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:44:15.0388 0524 pcw - ok
15:44:15.0498 0524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:44:15.0538 0524 PEAUTH - ok
15:44:15.0698 0524 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:44:15.0708 0524 PerfHost - ok
15:44:15.0878 0524 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:44:15.0918 0524 pla - ok
15:44:15.0968 0524 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
15:44:15.0988 0524 PlugPlay - ok
15:44:15.0998 0524 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:44:16.0028 0524 PNRPAutoReg - ok
15:44:16.0068 0524 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:44:16.0078 0524 PNRPsvc - ok
15:44:16.0138 0524 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:44:16.0148 0524 PolicyAgent - ok
15:44:16.0198 0524 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:44:16.0208 0524 Power - ok
15:44:16.0298 0524 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:44:16.0308 0524 PptpMiniport - ok
15:44:16.0338 0524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:44:16.0338 0524 Processor - ok
15:44:16.0408 0524 PROCEXP113 (c56a9ed0192c5a2b39691e54f2132a2f) C:\Windows\system32\Drivers\PROCEXP113.SYS
15:44:16.0408 0524 PROCEXP113 - ok
15:44:16.0448 0524 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
15:44:16.0458 0524 ProfSvc - ok
15:44:16.0488 0524 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:44:16.0488 0524 ProtectedStorage - ok
15:44:16.0558 0524 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:44:16.0558 0524 Psched - ok
15:44:16.0698 0524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:44:16.0738 0524 ql2300 - ok
15:44:16.0938 0524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:44:16.0948 0524 ql40xx - ok
15:44:16.0998 0524 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:44:17.0028 0524 QWAVE - ok
15:44:17.0048 0524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:44:17.0048 0524 QWAVEdrv - ok
15:44:17.0078 0524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:44:17.0078 0524 RasAcd - ok
15:44:17.0108 0524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:44:17.0118 0524 RasAgileVpn - ok
15:44:17.0158 0524 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:44:17.0158 0524 RasAuto - ok
15:44:17.0188 0524 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:44:17.0188 0524 Rasl2tp - ok
15:44:17.0248 0524 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:44:17.0258 0524 RasMan - ok
15:44:17.0288 0524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:44:17.0298 0524 RasPppoe - ok
15:44:17.0348 0524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:44:17.0348 0524 RasSstp - ok
15:44:17.0398 0524 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:44:17.0408 0524 rdbss - ok
15:44:17.0448 0524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:44:17.0448 0524 rdpbus - ok
15:44:17.0508 0524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:44:17.0508 0524 RDPCDD - ok
15:44:17.0548 0524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:44:17.0548 0524 RDPENCDD - ok
15:44:17.0618 0524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:44:17.0618 0524 RDPREFMP - ok
15:44:17.0668 0524 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:44:17.0668 0524 RDPWD - ok
15:44:17.0728 0524 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:44:17.0728 0524 rdyboost - ok
15:44:17.0788 0524 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:44:17.0788 0524 RemoteAccess - ok
15:44:17.0838 0524 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:44:17.0848 0524 RemoteRegistry - ok
15:44:17.0878 0524 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:44:17.0878 0524 RpcEptMapper - ok
15:44:17.0918 0524 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:44:17.0918 0524 RpcLocator - ok
15:44:17.0978 0524 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:44:17.0978 0524 RpcSs - ok
15:44:18.0048 0524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:44:18.0048 0524 rspndr - ok
15:44:18.0128 0524 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:44:18.0138 0524 RTL8167 - ok
15:44:18.0258 0524 RtVOsdService (5fff3e71b4724bb10918fd6dd7413d99) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
15:44:18.0268 0524 RtVOsdService - ok
15:44:18.0318 0524 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:44:18.0318 0524 SamSs - ok
15:44:18.0418 0524 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:44:18.0418 0524 SASDIFSV - ok
15:44:18.0448 0524 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:44:18.0448 0524 SASKUTIL - ok
15:44:18.0488 0524 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:44:18.0488 0524 sbp2port - ok
15:44:18.0548 0524 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:44:18.0548 0524 SCardSvr - ok
15:44:18.0568 0524 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:44:18.0568 0524 scfilter - ok
15:44:18.0678 0524 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
15:44:18.0688 0524 Schedule - ok
15:44:18.0728 0524 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:44:18.0728 0524 SCPolicySvc - ok
15:44:18.0888 0524 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
15:44:18.0898 0524 sdAuxService - ok
15:44:19.0008 0524 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
15:44:19.0018 0524 sdbus - ok
15:44:19.0128 0524 sdCoreService (d2b30a5a8f57c00b0fa84a8880e9ec5b) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
15:44:19.0148 0524 sdCoreService - ok
15:44:19.0198 0524 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:44:19.0208 0524 SDRSVC - ok
15:44:19.0278 0524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:44:19.0278 0524 secdrv - ok
15:44:19.0308 0524 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:44:19.0308 0524 seclogon - ok
15:44:19.0338 0524 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:44:19.0348 0524 SENS - ok
15:44:19.0378 0524 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:44:19.0378 0524 SensrSvc - ok
15:44:19.0418 0524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:44:19.0428 0524 Serenum - ok
15:44:19.0468 0524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:44:19.0468 0524 Serial - ok
15:44:19.0518 0524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:44:19.0518 0524 sermouse - ok
15:44:19.0608 0524 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:44:19.0608 0524 SessionEnv - ok
15:44:19.0648 0524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:44:19.0658 0524 sffdisk - ok
15:44:19.0688 0524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:44:19.0688 0524 sffp_mmc - ok
15:44:19.0728 0524 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:44:19.0728 0524 sffp_sd - ok
15:44:19.0778 0524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:44:19.0778 0524 sfloppy - ok
15:44:19.0848 0524 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:44:19.0868 0524 ShellHWDetection - ok
15:44:19.0908 0524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:44:19.0908 0524 SiSRaid2 - ok
15:44:19.0938 0524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:44:19.0938 0524 SiSRaid4 - ok
15:44:19.0998 0524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:44:19.0998 0524 Smb - ok
15:44:20.0068 0524 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:44:20.0078 0524 SNMPTRAP - ok
15:44:20.0088 0524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:44:20.0088 0524 spldr - ok
15:44:20.0148 0524 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
15:44:20.0158 0524 Spooler - ok
15:44:20.0408 0524 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:44:20.0498 0524 sppsvc - ok
15:44:20.0678 0524 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:44:20.0678 0524 sppuinotify - ok
15:44:20.0778 0524 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys
15:44:20.0788 0524 srv - ok
15:44:20.0838 0524 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys
15:44:20.0848 0524 srv2 - ok
15:44:20.0918 0524 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:44:20.0928 0524 SrvHsfHDA - ok
15:44:21.0078 0524 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:44:21.0108 0524 SrvHsfV92 - ok
15:44:21.0368 0524 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:44:21.0378 0524 SrvHsfWinac - ok
15:44:21.0418 0524 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys
15:44:21.0428 0524 srvnet - ok
15:44:21.0538 0524 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:44:21.0578 0524 SSDPSRV - ok
15:44:21.0618 0524 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:44:21.0628 0524 SstpSvc - ok
15:44:21.0658 0524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:44:21.0658 0524 stexstor - ok
15:44:21.0738 0524 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:44:21.0758 0524 stisvc - ok
15:44:21.0778 0524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:44:21.0778 0524 swenum - ok
15:44:21.0838 0524 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:44:21.0858 0524 swprv - ok
15:44:21.0958 0524 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
15:44:21.0968 0524 SynTP - ok
15:44:22.0158 0524 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:44:22.0198 0524 SysMain - ok
15:44:22.0368 0524 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:44:22.0378 0524 TabletInputService - ok
15:44:22.0428 0524 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:44:22.0438 0524 TapiSrv - ok
15:44:22.0468 0524 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:44:22.0468 0524 TBS - ok
15:44:22.0688 0524 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
15:44:22.0738 0524 Tcpip - ok
15:44:23.0128 0524 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
15:44:23.0138 0524 TCPIP6 - ok
15:44:23.0268 0524 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:44:23.0268 0524 tcpipreg - ok
15:44:23.0318 0524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:44:23.0318 0524 TDPIPE - ok
15:44:23.0328 0524 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:44:23.0328 0524 TDTCP - ok
15:44:23.0368 0524 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:44:23.0368 0524 tdx - ok
15:44:23.0408 0524 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:44:23.0418 0524 TermDD - ok
15:44:23.0498 0524 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:44:23.0528 0524 TermService - ok
15:44:23.0558 0524 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:44:23.0568 0524 Themes - ok
15:44:23.0598 0524 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:44:23.0598 0524 THREADORDER - ok
15:44:23.0638 0524 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:44:23.0638 0524 TrkWks - ok
15:44:23.0738 0524 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:44:23.0738 0524 TrustedInstaller - ok
15:44:23.0798 0524 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:23.0798 0524 tssecsrv - ok
15:44:23.0848 0524 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:44:23.0848 0524 tunnel - ok
15:44:23.0888 0524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:44:23.0898 0524 uagp35 - ok
15:44:23.0968 0524 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
15:44:23.0978 0524 udfs - ok
15:44:24.0038 0524 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:44:24.0038 0524 UI0Detect - ok
15:44:24.0078 0524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:44:24.0078 0524 uliagpkx - ok
15:44:24.0148 0524 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:44:24.0148 0524 umbus - ok
15:44:24.0178 0524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:44:24.0178 0524 UmPass - ok
15:44:24.0248 0524 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:44:24.0258 0524 upnphost - ok
15:44:24.0308 0524 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:44:24.0318 0524 USBAAPL64 - ok
15:44:24.0378 0524 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
15:44:24.0378 0524 usbaudio - ok
15:44:24.0418 0524 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:24.0418 0524 usbccgp - ok
15:44:24.0468 0524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:44:24.0478 0524 usbcir - ok
15:44:24.0518 0524 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
15:44:24.0518 0524 usbehci - ok
15:44:24.0578 0524 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
15:44:24.0578 0524 usbfilter - ok
15:44:24.0658 0524 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
15:44:24.0658 0524 usbhub - ok
15:44:24.0698 0524 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:44:24.0698 0524 usbohci - ok
15:44:24.0738 0524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:44:24.0738 0524 usbprint - ok
15:44:24.0788 0524 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:24.0798 0524 USBSTOR - ok
15:44:24.0828 0524 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:24.0828 0524 usbuhci - ok
15:44:24.0918 0524 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
15:44:24.0918 0524 usbvideo - ok
15:44:24.0968 0524 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:44:24.0978 0524 UxSms - ok
15:44:25.0028 0524 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:44:25.0028 0524 VaultSvc - ok
15:44:25.0068 0524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:44:25.0078 0524 vdrvroot - ok
15:44:25.0148 0524 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:44:25.0158 0524 vds - ok
15:44:25.0188 0524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:25.0188 0524 vga - ok
15:44:25.0218 0524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:44:25.0218 0524 VgaSave - ok
15:44:25.0278 0524 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:44:25.0288 0524 vhdmp - ok
15:44:25.0308 0524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:44:25.0308 0524 viaide - ok
15:44:25.0348 0524 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:44:25.0348 0524 volmgr - ok
15:44:25.0399 0524 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:44:25.0409 0524 volmgrx - ok
15:44:25.0479 0524 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:44:25.0499 0524 volsnap - ok
15:44:25.0589 0524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:44:25.0599 0524 vsmraid - ok
15:44:25.0809 0524 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:44:25.0859 0524 VSS - ok
15:44:25.0989 0524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:44:25.0989 0524 vwifibus - ok
15:44:26.0019 0524 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:44:26.0019 0524 vwififlt - ok
15:44:26.0089 0524 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:44:26.0109 0524 W32Time - ok
15:44:26.0159 0524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:44:26.0159 0524 WacomPen - ok
15:44:26.0209 0524 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:26.0219 0524 WANARP - ok
15:44:26.0239 0524 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:26.0239 0524 Wanarpv6 - ok
15:44:26.0399 0524 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:44:26.0429 0524 wbengine - ok
15:44:26.0599 0524 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:44:26.0619 0524 WbioSrvc - ok
15:44:26.0669 0524 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
15:44:26.0689 0524 wcncsvc - ok
15:44:26.0719 0524 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:44:26.0729 0524 WcsPlugInService - ok
15:44:26.0779 0524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:44:26.0779 0524 Wd - ok
15:44:26.0869 0524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:44:26.0889 0524 Wdf01000 - ok
15:44:26.0909 0524 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:44:26.0919 0524 WdiServiceHost - ok
15:44:26.0929 0524 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:44:26.0929 0524 WdiSystemHost - ok
15:44:26.0969 0524 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
15:44:26.0989 0524 WebClient - ok
15:44:27.0039 0524 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:44:27.0049 0524 Wecsvc - ok
15:44:27.0069 0524 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:44:27.0079 0524 wercplsupport - ok
15:44:27.0109 0524 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:44:27.0109 0524 WerSvc - ok
15:44:27.0169 0524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:44:27.0169 0524 WfpLwf - ok
15:44:27.0199 0524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:44:27.0199 0524 WIMMount - ok
15:44:27.0289 0524 WinDefend - ok
15:44:27.0309 0524 WinHttpAutoProxySvc - ok
15:44:27.0379 0524 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:44:27.0399 0524 Winmgmt - ok
15:44:27.0599 0524 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:44:27.0669 0524 WinRM - ok
15:44:27.0889 0524 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
15:44:27.0899 0524 WinUsb - ok
15:44:28.0009 0524 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:44:28.0029 0524 Wlansvc - ok
15:44:28.0449 0524 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:44:28.0499 0524 wlidsvc - ok
15:44:28.0679 0524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:44:28.0689 0524 WmiAcpi - ok
15:44:28.0779 0524 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:44:28.0799 0524 wmiApSrv - ok
15:44:28.0869 0524 WMPNetworkSvc - ok
15:44:28.0919 0524 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:44:28.0929 0524 WPCSvc - ok
15:44:28.0959 0524 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:44:28.0969 0524 WPDBusEnum - ok
15:44:29.0029 0524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:44:29.0029 0524 ws2ifsl - ok
15:44:29.0079 0524 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:44:29.0089 0524 wscsvc - ok
15:44:29.0099 0524 WSearch - ok
15:44:29.0379 0524 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:44:29.0429 0524 wuauserv - ok
15:44:29.0669 0524 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:44:29.0669 0524 WudfPf - ok
15:44:29.0749 0524 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:29.0779 0524 WUDFRd - ok
15:44:29.0849 0524 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:44:29.0849 0524 wudfsvc - ok
15:44:29.0899 0524 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:44:29.0929 0524 WwanSvc - ok
15:44:30.0049 0524 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:44:30.0069 0524 yukonw7 - ok
15:44:30.0119 0524 MBR (0x1B8) (c64a7dc11fb958c8f04946d163075f96) \Device\Harddisk0\DR0
15:44:30.0559 0524 \Device\Harddisk0\DR0 - ok
15:44:30.0569 0524 Boot (0x1200) (4198720f0f27fbfacb2fef006274e229) \Device\Harddisk0\DR0\Partition0
15:44:30.0579 0524 \Device\Harddisk0\DR0\Partition0 - ok
15:44:30.0619 0524 Boot (0x1200) (aa01e830374bf2cc1421fa60c1f966fd) \Device\Harddisk0\DR0\Partition1
15:44:30.0629 0524 \Device\Harddisk0\DR0\Partition1 - ok
15:44:30.0659 0524 Boot (0x1200) (d3e58eda945017e2e085963ef20a29cb) \Device\Harddisk0\DR0\Partition2
15:44:30.0659 0524 \Device\Harddisk0\DR0\Partition2 - ok
15:44:30.0679 0524 Boot (0x1200) (4a10f3364a019fee8f6bab2ba04a12b2) \Device\Harddisk0\DR0\Partition3
15:44:30.0679 0524 \Device\Harddisk0\DR0\Partition3 - ok
15:44:30.0689 0524 ============================================================
15:44:30.0689 0524 Scan finished
15:44:30.0689 0524 ============================================================
15:44:30.0709 3264 Detected object count: 0
15:44:30.0709 3264 Actual detected object count: 0
15:47:34.0576 3100 Deinitialize success


ESET

C:\Qoobox\Quarantine\C\Windows\Installer\{8d45ce1c-0564-13c6-91cb-16e9f73ad0ef}\U\80000000.@.vir Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{8d45ce1c-0564-13c6-91cb-16e9f73ad0ef}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 10 July 2012 - 02:06 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{8d45ce1c-0564-13c6-91cb-16e9f73ad0ef}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 h11cwg

h11cwg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 11 July 2012 - 02:27 AM

Am out today - will do this asap tonight... many thanks.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 11 July 2012 - 08:16 AM

:thumbup2:

#7 h11cwg

h11cwg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 11 July 2012 - 02:25 PM

OK - Logs below. MWB didn't find any infections, which is a bit of a disappointment as I know it's still there, so await your next instructions!


SystemLook 30.07.11 by jpshortstuff
Log created at 18:56 on 11/07/2012 by Kat
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 329216 bytes [23:19 13/07/2009] [01:39 14/07/2009] 50BEA589F7D7958BDD2528A8F69D05CC
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{8d45ce1c-0564-13c6-91cb-16e9f73ad0ef}"
C:\Qoobox\Quarantine\C\Windows\Installer\{8d45ce1c-0564-13c6-91cb-16e9f73ad0ef} d------ [11:07 10/07/2012]
C:\Windows\Installer\{8d45ce1c-0564-13c6-91cb-16e9f73ad0ef} d------ [09:36 09/01/2011]

-= EOF =-


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.11.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Kat :: SURFGIRL_LAPTOP [administrator]

11/07/2012 19:09:12
mbam-log-2012-07-11 (19-09-12).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 376358
Time elapsed: 41 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



MiniToolBox by Farbar Version: 25-06-2012
Ran by Kat (administrator) on 11-07-2012 at 20:16:43
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom 4313 802.11b/g/n = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : SurfGirl_Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Broadcom 4313 802.11b/g/n
Physical Address. . . . . . . . . : AC-81-12-30-F2-A9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3186:eed7:8e94:6519%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 11 July 2012 18:52:37
Lease Expires . . . . . . . . . . : 12 July 2012 19:27:10
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 330072338
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-BB-2C-F0-98-4B-E1-92-02-41
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 98-4B-E1-92-02-41
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{068DD17E-20EB-4414-B6BB-D41FB5D10BCE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:28b8:43b:3f57:fefb(Preferred)
Link-local IPv6 Address . . . . . : fe80::28b8:43b:3f57:fefb%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Pinging google.com [74.125.230.132] with 32 bytes of data:
Reply from 74.125.230.132: bytes=32 time=28ms TTL=52
Reply from 74.125.230.132: bytes=32 time=28ms TTL=52

Ping statistics for 74.125.230.132:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 28ms, Average = 28ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=140ms TTL=44
Reply from 98.139.183.24: bytes=32 time=147ms TTL=44

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 140ms, Maximum = 147ms, Average = 143ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...ac 81 12 30 f2 a9 ......Broadcom 4313 802.11b/g/n
11...98 4b e1 92 02 41 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:5ef5:79fb:28b8:43b:3f57:fefb/128
On-link
13 281 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::28b8:43b:3f57:fefb/128
On-link
13 281 fe80::3186:eed7:8e94:6519/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog9 12 mswsock.dll [File Not found] ()
x64-Catalog9 13 mswsock.dll [File Not found] ()
x64-Catalog9 14 mswsock.dll [File Not found] ()
x64-Catalog9 15 mswsock.dll [File Not found] ()
x64-Catalog9 16 mswsock.dll [File Not found] ()
x64-Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/11/2012 08:11:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (07/11/2012 08:09:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (07/11/2012 08:09:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/11/2012 08:07:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (07/10/2012 06:35:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (07/10/2012 05:07:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x072a4b8f
Faulting process id: 0xff8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/10/2012 04:57:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (07/10/2012 04:57:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (07/10/2012 03:52:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (07/10/2012 00:10:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x751fc9f1
Faulting process id: 0x18d4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (07/11/2012 06:52:41 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/11/2012 06:52:41 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/10/2012 06:37:29 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/10/2012 06:37:29 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/10/2012 06:37:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/10/2012 06:36:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv

Error: (07/10/2012 06:36:50 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/10/2012 06:36:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/10/2012 06:17:10 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (07/10/2012 06:17:09 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (07/11/2012 08:11:16 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (07/11/2012 08:09:54 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/11/2012 08:09:53 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/11/2012 08:07:37 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (07/10/2012 06:35:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (07/10/2012 05:07:37 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7600.163854a5bc69eunknown0.0.0.000000000c0000005072a4b8fff801cd5eb56b45970aC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown5d897f51-caa9-11e1-ae80-984be1920241

Error: (07/10/2012 04:57:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Kat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6VWV2MM\esetsmartinstaller_enu[1].exe

Error: (07/10/2012 04:57:25 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Kat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6VWV2MM\esetsmartinstaller_enu[1].exe

Error: (07/10/2012 03:52:09 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Kat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6VWV2MM\esetsmartinstaller_enu[1].exe

Error: (07/10/2012 00:10:52 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005751fc9f118d401cd5e8caa000984C:\Windows\SysWOW64\svchost.exeunknowne8eaa261-ca7f-11e1-81b3-984be1920241


=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader 9.5.1 MUI (Version: 9.5.1)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Agatha Christie - Death on the Nile (Version: 2.2.0.95)
AMD USB Filter Driver (Version: 1.0.15.94)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.12.1.0)
ATI Catalyst Install Manager (Version: 3.0.765.0)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.1913)
AVG PC Tuneup (Version: 10.0.0.27)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0617.855.14122)
Catalyst Control Center Graphics Full Existing (Version: 2010.0617.855.14122)
Catalyst Control Center Graphics Full New (Version: 2010.0617.855.14122)
Catalyst Control Center Graphics Light (Version: 2010.0617.855.14122)
Catalyst Control Center Graphics Previews Common (Version: 2010.0617.855.14122)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0617.855.14122)
Catalyst Control Center InstallProxy (Version: 2010.0617.855.14122)
Catalyst Control Center Localization All (Version: 2010.0617.855.14122)
ccc-core-static (Version: 2010.0617.855.14122)
ccc-utility64 (Version: 2010.0617.855.14122)
CCC Help Chinese Standard (Version: 2010.0617.0854.14122)
CCC Help Chinese Traditional (Version: 2010.0617.0854.14122)
CCC Help Czech (Version: 2010.0617.0854.14122)
CCC Help Danish (Version: 2010.0617.0854.14122)
CCC Help Dutch (Version: 2010.0617.0854.14122)
CCC Help English (Version: 2010.0617.0854.14122)
CCC Help Finnish (Version: 2010.0617.0854.14122)
CCC Help French (Version: 2010.0617.0854.14122)
CCC Help German (Version: 2010.0617.0854.14122)
CCC Help Greek (Version: 2010.0617.0854.14122)
CCC Help Hungarian (Version: 2010.0617.0854.14122)
CCC Help Italian (Version: 2010.0617.0854.14122)
CCC Help Japanese (Version: 2010.0617.0854.14122)
CCC Help Korean (Version: 2010.0617.0854.14122)
CCC Help Norwegian (Version: 2010.0617.0854.14122)
CCC Help Polish (Version: 2010.0617.0854.14122)
CCC Help Portuguese (Version: 2010.0617.0854.14122)
CCC Help Russian (Version: 2010.0617.0854.14122)
CCC Help Spanish (Version: 2010.0617.0854.14122)
CCC Help Swedish (Version: 2010.0617.0854.14122)
CCC Help Thai (Version: 2010.0617.0854.14122)
CCC Help Turkish (Version: 2010.0617.0854.14122)
Chuzzle Deluxe (Version: 2.2.0.95)
CyberLink DVD Suite (Version: 7.0.3003)
CyberLink PowerDVD 9 (Version: 9.0.1.4217)
CyberLink YouCam (Version: 3.0.2511)
Dora's Carnival Adventure (Version: 2.2.0.95)
Energy Star Digital Logo (Version: 1.0.1)
Escape Rosecliff Island (Version: 2.2.0.95)
ESET Online Scanner v3
ESU for Microsoft Windows 7 (Version: 1.0.0)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
Google Chrome (Version: 20.0.1132.47)
HP Advisor (Version: 3.4.10262.3295)
HP Customer Experience Enhancements (Version: 6.0.1.4)
HP Documentation (Version: 1.1.1.0)
HP Game Console
HP Games (Version: 1.0.1.3)
HP Photo Creations (Version: 1.0.0.3611)
HP Power Manager (Version: 1.0.3)
HP Quick Launch (Version: 2.1.5)
HP Setup (Version: 8.1.4186.3400)
HP Software Framework (Version: 4.0.39.1)
HP Support Assistant (Version: 5.0.13.2)
HP Wireless Assistant (Version: 4.0.9.0)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 25 (Version: 6.0.250)
Jewel Quest - Heritage (Version: 2.2.0.95)
Junk Mail filter update (Version: 14.0.8117.416)
LabelPrint (Version: 2.5.2907)
LightScribe System Software (Version: 1.18.15.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MediaWidget 6.0
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Single Image 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 14.0.1468.721)
PC Tools Spyware Doctor with AntiVirus 9.0 (Version: 9.0)
Penguins! (Version: 2.2.0.95)
PhotoNow! (Version: 1.1.6904)
Plants vs. Zombies (Version: 2.2.0.95)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4204)
PowerDirector (Version: 8.0.3003)
QuickTime (Version: 7.72.80.56)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.18.322.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6122)
Recovery Manager (Version: 5.5.3023)
RtVOsd (Version: 1.0.3)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.5 (Version: 5.5.124)
SUPERAntiSpyware (Version: 5.5.1006)
Synaptics Pointing Device Driver (Version: 15.0.18.0)
Virtual Villagers - The Secret City (Version: 2.2.0.95)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Yahoo! Detect
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 74%
Total physical RAM: 1786.9 MB
Available physical RAM: 459.85 MB
Total Pagefile: 3573.8 MB
Available Pagefile: 1482.65 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.42 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:216.2 GB) (Free:135.78 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:16.39 GB) (Free:2.37 GB) NTFS

========================= Users: ========================================

User accounts for \\SURFGIRL_LAPTOP

Administrator Guest Kat


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 11 July 2012 - 07:19 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Windows\Installer\{8d45ce1c-0564-13c6-91cb-16e9f73ad0ef}


delete the folder

Post the new system look log

Press Windows+R key and type

combofix /uninstall and click ok

Never use combofix without expert guidance.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#9 BullwinkleJ

BullwinkleJ

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 12 July 2012 - 07:37 PM

I'm having the same problem. AVG has detected trojan horse patched_c.lxt but there are no options to fix the problem.

Help!

Should I follow he same steps listed above?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 12 July 2012 - 08:46 PM

BullwinkleJ

No,create a new topic

Thanks

#11 h11cwg

h11cwg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 13 July 2012 - 12:53 PM

Sorry it took so long - looking good though! My limited grasp of this stuff is good enough to know that with your INVALUABLE help, progress is being made! Look forward to your instructions...

Regards

Bill

System Look:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:48 on 13/07/2012 by Kat
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{8d45ce1c-0564-13c6-91cb-16e9f73ad0ef}"
C:\Qoobox\Quarantine\C\Windows\Installer\{8d45ce1c-0564-13c6-91cb-16e9f73ad0ef} d------ [11:07 10/07/2012]

-= EOF =-

FSS Log:


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll
[2009-07-14 00:21] - [2009-07-14 02:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\mpssvc.dll
[2009-07-14 01:09] - [2009-07-14 02:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 00:36] - [2009-07-14 02:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 13 July 2012 - 01:01 PM

C:\Qoobox\Quarantine\C\Windows\Installer\{8d45ce1c-0564-13c6-91cb-16e9f73ad0ef} d------ [11:07 10/07/2012]

Please uninstall combofix as instructed before.

Create a restore point before trying this

Download

mpssvc.reg

Launch it,click YES

Restart the PC,

Delete C:\windows\system32\services.exe.old

post the new FSS log

#13 h11cwg

h11cwg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 17 July 2012 - 02:52 AM

Sorry I didn't respond - I missed this post form you somehow... However, Combofix does not show up as being present in 'Programs and Features' so cannot uninstall. Will carry out all other instuctions as requested. PC seems stable now, with no threats being reported by AVG,

Cheers

Bill

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:51 AM

Posted 17 July 2012 - 06:28 AM

Sorry I didn't respond - I missed this post form you somehow... However, Combofix does not show up as being present in 'Programs and Features' so cannot uninstall.


Please follow my previous instructions regarding uninstalling combofix.I never said to uninstall it from program features :thumbup2:

#15 h11cwg

h11cwg
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 17 July 2012 - 01:37 PM

My mistake.. uninstall command used as instructed. Windows says: 'Windows cannot find Combofix'. Syntax cut and pasted from your post. Noted that a dialogue box appears on startup 'There was a problem starting C:\users\Kat\Appdata\Local\Temp\negav.dll The specified module could not be found. Everything else OK, FSS log below, Cheers Bill

Farbar Service Scanner Version: 08-07-2012
Ran by Kat (administrator) on 17-07-2012 at 19:22:13
Running from "C:\Program Files\Cleanup and Scan Utilities"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll
[2009-07-14 00:21] - [2009-07-14 02:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\mpssvc.dll
[2009-07-14 01:09] - [2009-07-14 02:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 00:36] - [2009-07-14 02:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users