Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Caught the "trojan sirefef" virus -- Need help removing


  • Please log in to reply
45 replies to this topic

#1 thebigshow

thebigshow

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 15 July 2012 - 09:44 PM

Just as the topic indicates. I noticed a thread someone else was infected as well. Looked like the resolution involved user specific variables so any help would be appreciated!!

Windows 7 64bit

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:43 AM

Posted 15 July 2012 - 09:58 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 thebigshow

thebigshow
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 16 July 2012 - 06:37 AM

TDS Log:

21:07:37.0098 4604 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
21:07:38.0003 4604 ============================================================
21:07:38.0003 4604 Current date / time: 2012/07/15 21:07:38.0003
21:07:38.0003 4604 SystemInfo:
21:07:38.0003 4604
21:07:38.0003 4604 OS Version: 6.1.7601 ServicePack: 1.0
21:07:38.0003 4604 Product type: Workstation
21:07:38.0003 4604 ComputerName: VAIO_DESKTOP
21:07:38.0003 4604 UserName: Steve & Candy
21:07:38.0003 4604 Windows directory: C:\Windows
21:07:38.0003 4604 System windows directory: C:\Windows
21:07:38.0003 4604 Running under WOW64
21:07:38.0003 4604 Processor architecture: Intel x64
21:07:38.0003 4604 Number of processors: 4
21:07:38.0003 4604 Page size: 0x1000
21:07:38.0003 4604 Boot type: Normal boot
21:07:38.0003 4604 ============================================================
21:07:39.0672 4604 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:07:39.0672 4604 ============================================================
21:07:39.0672 4604 \Device\Harddisk0\DR0:
21:07:39.0672 4604 MBR partitions:
21:07:39.0672 4604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x13E0800, BlocksNum 0x32000
21:07:39.0672 4604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1412800, BlocksNum 0x732F3DB0
21:07:39.0672 4604 ============================================================
21:07:39.0703 4604 C: <-> \Device\Harddisk0\DR0\Partition1
21:07:39.0703 4604 ============================================================
21:07:39.0703 4604 Initialize success
21:07:39.0703 4604 ============================================================
21:08:04.0585 4636 ============================================================
21:08:04.0585 4636 Scan started
21:08:04.0585 4636 Mode: Manual; TDLFS;
21:08:04.0585 4636 ============================================================
21:08:05.0584 4636 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:08:05.0677 4636 1394ohci - ok
21:08:05.0833 4636 ACDaemon (35f57598f0589feb3c3abc1621bf329f) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:08:05.0911 4636 ACDaemon - ok
21:08:05.0974 4636 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:08:06.0036 4636 ACPI - ok
21:08:06.0098 4636 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:08:06.0145 4636 AcpiPmi - ok
21:08:06.0254 4636 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:08:06.0254 4636 AdobeARMservice - ok
21:08:06.0332 4636 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:08:06.0348 4636 adp94xx - ok
21:08:06.0410 4636 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:08:06.0426 4636 adpahci - ok
21:08:06.0442 4636 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:08:06.0457 4636 adpu320 - ok
21:08:06.0473 4636 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:08:06.0488 4636 AeLookupSvc - ok
21:08:06.0535 4636 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:08:06.0613 4636 AFD - ok
21:08:06.0660 4636 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:08:06.0660 4636 agp440 - ok
21:08:06.0691 4636 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:08:06.0691 4636 ALG - ok
21:08:06.0722 4636 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:08:06.0722 4636 aliide - ok
21:08:06.0738 4636 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:08:06.0738 4636 amdide - ok
21:08:06.0754 4636 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:08:06.0769 4636 AmdK8 - ok
21:08:06.0785 4636 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:08:06.0785 4636 AmdPPM - ok
21:08:06.0832 4636 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:08:06.0894 4636 amdsata - ok
21:08:06.0925 4636 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:08:06.0941 4636 amdsbs - ok
21:08:06.0956 4636 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:08:07.0019 4636 amdxata - ok
21:08:07.0034 4636 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:08:07.0097 4636 AppID - ok
21:08:07.0128 4636 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:08:07.0128 4636 AppIDSvc - ok
21:08:07.0206 4636 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:08:07.0206 4636 Appinfo - ok
21:08:07.0300 4636 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:08:07.0315 4636 arc - ok
21:08:07.0378 4636 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:08:07.0378 4636 arcsas - ok
21:08:07.0424 4636 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:08:07.0487 4636 ArcSoftKsUFilter - ok
21:08:07.0518 4636 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:08:07.0518 4636 AsyncMac - ok
21:08:07.0534 4636 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:08:07.0534 4636 atapi - ok
21:08:07.0627 4636 athr (cca705cdf038d5bc243203ce4416b345) C:\Windows\system32\DRIVERS\athrx.sys
21:08:07.0690 4636 athr - ok
21:08:07.0970 4636 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:08:08.0033 4636 AudioEndpointBuilder - ok
21:08:08.0048 4636 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:08:08.0048 4636 AudioSrv - ok
21:08:08.0142 4636 AVerAVF2 (4e18e76c393d29339dd081e5939c1e35) C:\Windows\system32\DRIVERS\AVerAVF2.sys
21:08:08.0220 4636 AVerAVF2 - ok
21:08:08.0251 4636 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:08:08.0314 4636 AxInstSV - ok
21:08:08.0376 4636 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:08:08.0407 4636 b06bdrv - ok
21:08:08.0438 4636 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:08:08.0454 4636 b57nd60a - ok
21:08:08.0485 4636 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:08:08.0485 4636 BDESVC - ok
21:08:08.0501 4636 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:08:08.0516 4636 Beep - ok
21:08:08.0735 4636 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:08:08.0860 4636 BITS - ok
21:08:08.0875 4636 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:08:08.0875 4636 blbdrive - ok
21:08:08.0922 4636 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:08:08.0984 4636 bowser - ok
21:08:09.0000 4636 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:08:09.0000 4636 BrFiltLo - ok
21:08:09.0031 4636 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:08:09.0031 4636 BrFiltUp - ok
21:08:09.0062 4636 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:08:09.0094 4636 Browser - ok
21:08:09.0281 4636 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:08:09.0296 4636 Brserid - ok
21:08:09.0312 4636 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:08:09.0328 4636 BrSerWdm - ok
21:08:09.0390 4636 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:08:09.0390 4636 BrUsbMdm - ok
21:08:09.0421 4636 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:08:09.0421 4636 BrUsbSer - ok
21:08:09.0452 4636 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:08:09.0452 4636 BthEnum - ok
21:08:09.0468 4636 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:08:09.0468 4636 BTHMODEM - ok
21:08:09.0468 4636 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:08:09.0484 4636 BthPan - ok
21:08:09.0530 4636 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:08:09.0593 4636 BTHPORT - ok
21:08:09.0655 4636 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:08:09.0655 4636 bthserv - ok
21:08:09.0671 4636 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:08:09.0733 4636 BTHUSB - ok
21:08:09.0796 4636 btwampfl (71a07b6fc98030935e60edbffe9e9c85) C:\Windows\system32\drivers\btwampfl.sys
21:08:09.0920 4636 btwampfl - ok
21:08:09.0983 4636 btwaudio (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers\btwaudio.sys
21:08:10.0045 4636 btwaudio - ok
21:08:10.0154 4636 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\drivers\btwavdt.sys
21:08:10.0295 4636 btwavdt - ok
21:08:10.0373 4636 btwdins (1af4adb12e5ec25041166da38c3b42c9) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:08:10.0388 4636 btwdins - ok
21:08:10.0404 4636 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:08:10.0466 4636 btwl2cap - ok
21:08:10.0482 4636 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys
21:08:10.0544 4636 btwrchid - ok
21:08:10.0560 4636 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:08:10.0560 4636 cdfs - ok
21:08:10.0591 4636 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:08:10.0638 4636 cdrom - ok
21:08:10.0685 4636 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:08:10.0732 4636 CertPropSvc - ok
21:08:10.0747 4636 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:08:10.0747 4636 circlass - ok
21:08:10.0778 4636 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:08:10.0778 4636 CLFS - ok
21:08:10.0841 4636 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:08:10.0856 4636 clr_optimization_v2.0.50727_32 - ok
21:08:10.0903 4636 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:08:10.0919 4636 clr_optimization_v2.0.50727_64 - ok
21:08:10.0919 4636 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:08:10.0934 4636 CmBatt - ok
21:08:10.0966 4636 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:08:10.0966 4636 cmdide - ok
21:08:11.0122 4636 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
21:08:11.0168 4636 CNG - ok
21:08:11.0200 4636 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:08:11.0200 4636 Compbatt - ok
21:08:11.0293 4636 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:08:11.0340 4636 CompositeBus - ok
21:08:11.0340 4636 COMSysApp - ok
21:08:11.0387 4636 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:08:11.0387 4636 crcdisk - ok
21:08:11.0434 4636 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:08:11.0434 4636 CryptSvc - ok
21:08:11.0496 4636 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:08:11.0496 4636 DcomLaunch - ok
21:08:11.0543 4636 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:08:11.0558 4636 defragsvc - ok
21:08:11.0590 4636 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:08:11.0636 4636 DfsC - ok
21:08:11.0792 4636 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:08:11.0839 4636 Dhcp - ok
21:08:11.0855 4636 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:08:11.0870 4636 discache - ok
21:08:11.0870 4636 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:08:11.0886 4636 Disk - ok
21:08:11.0917 4636 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:08:11.0980 4636 Dnscache - ok
21:08:12.0011 4636 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:08:12.0058 4636 dot3svc - ok
21:08:12.0089 4636 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:08:12.0120 4636 DPS - ok
21:08:12.0151 4636 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:08:12.0151 4636 drmkaud - ok
21:08:12.0323 4636 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:08:12.0416 4636 DXGKrnl - ok
21:08:12.0448 4636 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
21:08:12.0510 4636 e1yexpress - ok
21:08:12.0541 4636 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:08:12.0541 4636 EapHost - ok
21:08:12.0682 4636 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:08:12.0760 4636 ebdrv - ok
21:08:12.0853 4636 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:08:12.0853 4636 EFS - ok
21:08:12.0916 4636 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:08:12.0994 4636 ehRecvr - ok
21:08:13.0009 4636 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:08:13.0009 4636 ehSched - ok
21:08:13.0181 4636 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:08:13.0196 4636 elxstor - ok
21:08:13.0228 4636 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:08:13.0243 4636 ErrDev - ok
21:08:13.0274 4636 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:08:13.0274 4636 EventSystem - ok
21:08:13.0321 4636 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:08:13.0321 4636 exfat - ok
21:08:13.0368 4636 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:08:13.0368 4636 fastfat - ok
21:08:13.0430 4636 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:08:13.0493 4636 Fax - ok
21:08:13.0524 4636 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:08:13.0524 4636 fdc - ok
21:08:13.0555 4636 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:08:13.0555 4636 fdPHost - ok
21:08:13.0571 4636 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:08:13.0571 4636 FDResPub - ok
21:08:13.0571 4636 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:08:13.0586 4636 FileInfo - ok
21:08:13.0586 4636 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:08:13.0586 4636 Filetrace - ok
21:08:13.0618 4636 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:08:13.0618 4636 flpydisk - ok
21:08:13.0649 4636 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:08:13.0727 4636 FltMgr - ok
21:08:13.0820 4636 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:08:13.0883 4636 FontCache - ok
21:08:13.0945 4636 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:08:13.0945 4636 FontCache3.0.0.0 - ok
21:08:13.0961 4636 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:08:13.0961 4636 FsDepends - ok
21:08:14.0008 4636 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:08:14.0054 4636 Fs_Rec - ok
21:08:14.0086 4636 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:08:14.0148 4636 fvevol - ok
21:08:14.0164 4636 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:08:14.0164 4636 gagp30kx - ok
21:08:14.0273 4636 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:08:14.0366 4636 gpsvc - ok
21:08:14.0444 4636 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:08:14.0522 4636 gupdate - ok
21:08:14.0554 4636 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:08:14.0554 4636 gupdatem - ok
21:08:14.0569 4636 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:08:14.0569 4636 hcw85cir - ok
21:08:14.0616 4636 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:08:14.0694 4636 HdAudAddService - ok
21:08:14.0725 4636 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:08:14.0772 4636 HDAudBus - ok
21:08:14.0803 4636 HECIx64 (e91aff2610114ccaebb90d4d991bb6b2) C:\Windows\system32\drivers\HECIx64.sys
21:08:14.0866 4636 HECIx64 - ok
21:08:14.0897 4636 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:08:14.0897 4636 HidBatt - ok
21:08:14.0912 4636 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:08:14.0912 4636 HidBth - ok
21:08:14.0944 4636 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:08:14.0944 4636 HidIr - ok
21:08:14.0959 4636 hidkmdf (05e2bd6f8de6501a9988c620b642c889) C:\Windows\system32\drivers\hidkmdf.sys
21:08:15.0006 4636 hidkmdf - ok
21:08:15.0053 4636 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:08:15.0053 4636 hidserv - ok
21:08:15.0084 4636 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:08:15.0146 4636 HidUsb - ok
21:08:15.0193 4636 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:08:15.0240 4636 hkmsvc - ok
21:08:15.0271 4636 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:08:15.0334 4636 HomeGroupListener - ok
21:08:15.0412 4636 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:08:15.0458 4636 HomeGroupProvider - ok
21:08:15.0505 4636 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:08:15.0568 4636 HpSAMD - ok
21:08:15.0614 4636 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:08:15.0708 4636 HTTP - ok
21:08:15.0739 4636 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:08:15.0786 4636 hwpolicy - ok
21:08:15.0802 4636 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:08:15.0817 4636 i8042prt - ok
21:08:15.0880 4636 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:08:15.0942 4636 iaStorV - ok
21:08:16.0020 4636 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:08:16.0098 4636 idsvc - ok
21:08:16.0129 4636 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:08:16.0129 4636 iirsp - ok
21:08:16.0192 4636 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:08:16.0270 4636 IKEEXT - ok
21:08:16.0472 4636 IntcAzAudAddService (a4baf427952099d5874bac8783890df8) C:\Windows\system32\drivers\RTKVHD64.sys
21:08:16.0550 4636 IntcAzAudAddService - ok
21:08:16.0644 4636 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:08:16.0644 4636 intelide - ok
21:08:16.0675 4636 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:08:16.0675 4636 intelppm - ok
21:08:16.0706 4636 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:08:16.0706 4636 IPBusEnum - ok
21:08:16.0738 4636 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:08:16.0800 4636 IpFilterDriver - ok
21:08:16.0816 4636 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:08:16.0862 4636 IPMIDRV - ok
21:08:16.0878 4636 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:08:16.0878 4636 IPNAT - ok
21:08:16.0894 4636 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:08:16.0909 4636 IRENUM - ok
21:08:16.0925 4636 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:08:16.0925 4636 isapnp - ok
21:08:16.0940 4636 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:08:17.0003 4636 iScsiPrt - ok
21:08:17.0065 4636 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:08:17.0065 4636 IviRegMgr - ok
21:08:17.0081 4636 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:08:17.0081 4636 kbdclass - ok
21:08:17.0096 4636 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:08:17.0143 4636 kbdhid - ok
21:08:17.0174 4636 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:08:17.0174 4636 KeyIso - ok
21:08:17.0206 4636 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
21:08:17.0268 4636 KSecDD - ok
21:08:17.0284 4636 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
21:08:17.0346 4636 KSecPkg - ok
21:08:17.0362 4636 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:08:17.0377 4636 ksthunk - ok
21:08:17.0408 4636 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:08:17.0424 4636 KtmRm - ok
21:08:17.0502 4636 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:08:17.0549 4636 LanmanServer - ok
21:08:17.0580 4636 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:08:17.0611 4636 LanmanWorkstation - ok
21:08:17.0627 4636 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:08:17.0627 4636 lltdio - ok
21:08:17.0674 4636 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:08:17.0674 4636 lltdsvc - ok
21:08:17.0705 4636 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:08:17.0720 4636 lmhosts - ok
21:08:17.0736 4636 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:08:17.0752 4636 LSI_FC - ok
21:08:17.0798 4636 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:08:17.0798 4636 LSI_SAS - ok
21:08:17.0814 4636 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:08:17.0830 4636 LSI_SAS2 - ok
21:08:17.0861 4636 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:08:17.0861 4636 LSI_SCSI - ok
21:08:17.0892 4636 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:08:17.0892 4636 luafv - ok
21:08:17.0923 4636 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
21:08:17.0970 4636 MBAMProtector - ok
21:08:18.0048 4636 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:08:18.0064 4636 MBAMService - ok
21:08:18.0110 4636 McAfeeEngineService (639da8f468552785e15f0f2fd8db44b3) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
21:08:18.0110 4636 McAfeeEngineService - ok
21:08:18.0173 4636 McAfeeFramework (1b963d79740b187795407cd03e2f7b4d) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
21:08:18.0173 4636 McAfeeFramework - ok
21:08:18.0204 4636 McShield (4e09d8c4c861348a7f1c12a5aa9c4de7) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
21:08:18.0204 4636 McShield - ok
21:08:18.0251 4636 McTaskManager (3774aad155f31d58d932861d0a4fd641) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
21:08:18.0251 4636 McTaskManager - ok
21:08:18.0329 4636 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:08:18.0376 4636 Mcx2Svc - ok
21:08:18.0422 4636 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:08:18.0438 4636 megasas - ok
21:08:18.0485 4636 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:08:18.0485 4636 MegaSR - ok
21:08:18.0532 4636 mfeapfk (e2d642a38a8dc4722f859092f731b6a3) C:\Windows\system32\drivers\mfeapfk.sys
21:08:18.0594 4636 mfeapfk - ok
21:08:18.0625 4636 mfeavfk (ae23ed41216e160f54e5ef1a5ee325f7) C:\Windows\system32\drivers\mfeavfk.sys
21:08:18.0688 4636 mfeavfk - ok
21:08:18.0734 4636 mfehidk (bc76bc7129b2206098ac220b656f15b7) C:\Windows\system32\drivers\mfehidk.sys
21:08:18.0797 4636 mfehidk - ok
21:08:18.0828 4636 mferkdet (c7c15d125aa697be97087d197c9fad08) C:\Windows\system32\drivers\mferkdet.sys
21:08:18.0875 4636 mferkdet - ok
21:08:18.0906 4636 mfetdik (41ca4c4292004486d004d357b9c19718) C:\Windows\system32\drivers\mfetdik.sys
21:08:18.0953 4636 mfetdik - ok
21:08:18.0968 4636 mfevtp (c39855495e82ec6b02e6190c34a1b752) C:\Windows\system32\mfevtps.exe
21:08:18.0968 4636 mfevtp - ok
21:08:19.0031 4636 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:08:19.0093 4636 Microsoft Office Groove Audit Service - ok
21:08:19.0124 4636 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:08:19.0124 4636 MMCSS - ok
21:08:19.0156 4636 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:08:19.0156 4636 Modem - ok
21:08:19.0187 4636 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:08:19.0187 4636 monitor - ok
21:08:19.0218 4636 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:08:19.0234 4636 mouclass - ok
21:08:19.0249 4636 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:08:19.0265 4636 mouhid - ok
21:08:19.0296 4636 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:08:19.0358 4636 mountmgr - ok
21:08:19.0421 4636 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:08:19.0483 4636 MozillaMaintenance - ok
21:08:19.0639 4636 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:08:19.0717 4636 mpio - ok
21:08:19.0842 4636 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:08:19.0858 4636 mpsdrv - ok
21:08:19.0889 4636 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:08:19.0951 4636 MRxDAV - ok
21:08:19.0967 4636 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:08:20.0014 4636 mrxsmb - ok
21:08:20.0045 4636 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:08:20.0107 4636 mrxsmb10 - ok
21:08:20.0123 4636 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:08:20.0185 4636 mrxsmb20 - ok
21:08:20.0216 4636 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:08:20.0263 4636 msahci - ok
21:08:20.0294 4636 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:08:20.0357 4636 msdsm - ok
21:08:20.0388 4636 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:08:20.0388 4636 MSDTC - ok
21:08:20.0419 4636 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:08:20.0419 4636 Msfs - ok
21:08:20.0435 4636 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:08:20.0435 4636 mshidkmdf - ok
21:08:20.0466 4636 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:08:20.0466 4636 msisadrv - ok
21:08:20.0497 4636 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:08:20.0497 4636 MSiSCSI - ok
21:08:20.0513 4636 msiserver - ok
21:08:20.0528 4636 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:08:20.0544 4636 MSKSSRV - ok
21:08:20.0560 4636 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:08:20.0560 4636 MSPCLOCK - ok
21:08:20.0575 4636 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:08:20.0575 4636 MSPQM - ok
21:08:20.0622 4636 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:08:20.0684 4636 MsRPC - ok
21:08:20.0700 4636 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:08:20.0700 4636 mssmbios - ok
21:08:20.0762 4636 MSSQL$DDNI - ok
21:08:20.0809 4636 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:08:20.0887 4636 MSSQLServerADHelper100 - ok
21:08:20.0903 4636 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:08:20.0903 4636 MSTEE - ok
21:08:20.0934 4636 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:08:20.0934 4636 MTConfig - ok
21:08:20.0950 4636 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:08:20.0965 4636 Mup - ok
21:08:21.0012 4636 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:08:21.0090 4636 napagent - ok
21:08:21.0121 4636 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:08:21.0137 4636 NativeWifiP - ok
21:08:21.0215 4636 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:08:21.0277 4636 NDIS - ok
21:08:21.0293 4636 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:08:21.0308 4636 NdisCap - ok
21:08:21.0324 4636 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:08:21.0340 4636 NdisTapi - ok
21:08:21.0371 4636 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:08:21.0418 4636 Ndisuio - ok
21:08:21.0464 4636 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:08:21.0511 4636 NdisWan - ok
21:08:21.0542 4636 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:08:21.0589 4636 NDProxy - ok
21:08:21.0605 4636 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:08:21.0605 4636 NetBIOS - ok
21:08:21.0667 4636 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:08:21.0761 4636 NetBT - ok
21:08:21.0808 4636 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:08:21.0808 4636 Netlogon - ok
21:08:21.0839 4636 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:08:21.0870 4636 Netman - ok
21:08:21.0886 4636 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:08:21.0901 4636 netprofm - ok
21:08:22.0073 4636 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:08:22.0073 4636 NetTcpPortSharing - ok
21:08:22.0104 4636 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:08:22.0120 4636 nfrd960 - ok
21:08:22.0198 4636 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:08:22.0229 4636 NlaSvc - ok
21:08:22.0260 4636 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:08:22.0260 4636 Npfs - ok
21:08:22.0276 4636 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:08:22.0291 4636 nsi - ok
21:08:22.0291 4636 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:08:22.0307 4636 nsiproxy - ok
21:08:22.0400 4636 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:08:22.0463 4636 Ntfs - ok
21:08:22.0525 4636 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:08:22.0541 4636 Null - ok
21:08:22.0931 4636 nvlddmkm (ac507e153b5cee43b862a08fcf5b3936) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:08:23.0009 4636 nvlddmkm - ok
21:08:23.0087 4636 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:08:23.0134 4636 nvraid - ok
21:08:23.0165 4636 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:08:23.0243 4636 nvstor - ok
21:08:23.0305 4636 nvsvc (e36bb965ea8446afd8b9eab71c30aaab) C:\Windows\system32\nvvsvc.exe
21:08:23.0305 4636 nvsvc - ok
21:08:23.0352 4636 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:08:23.0352 4636 nv_agp - ok
21:08:23.0368 4636 NW1950 (f5a2b1ecbff97d9df1779d0d448cc9e7) C:\Windows\system32\drivers\NW1950.sys
21:08:23.0430 4636 NW1950 - ok
21:08:23.0477 4636 Oasis2Service (07571684567859da796a566cc78ffa74) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
21:08:23.0477 4636 Oasis2Service - ok
21:08:23.0555 4636 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:08:23.0633 4636 odserv - ok
21:08:23.0680 4636 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:08:23.0680 4636 ohci1394 - ok
21:08:23.0695 4636 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:08:23.0758 4636 ose - ok
21:08:23.0804 4636 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:08:23.0804 4636 p2pimsvc - ok
21:08:23.0851 4636 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:08:23.0867 4636 p2psvc - ok
21:08:23.0898 4636 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:08:23.0898 4636 Parport - ok
21:08:23.0929 4636 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:08:23.0992 4636 partmgr - ok
21:08:24.0007 4636 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:08:24.0038 4636 PcaSvc - ok
21:08:24.0085 4636 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:08:24.0148 4636 pci - ok
21:08:24.0163 4636 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:08:24.0179 4636 pciide - ok
21:08:24.0335 4636 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:08:24.0350 4636 pcmcia - ok
21:08:24.0382 4636 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:08:24.0382 4636 pcw - ok
21:08:24.0428 4636 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:08:24.0444 4636 PEAUTH - ok
21:08:24.0522 4636 PenCommService (6b5cc7b3cafaf0ac49229cd35e32bb00) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
21:08:24.0522 4636 PenCommService - ok
21:08:24.0569 4636 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:08:24.0584 4636 PerfHost - ok
21:08:24.0709 4636 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:08:24.0772 4636 pla - ok
21:08:24.0818 4636 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:08:24.0881 4636 PlugPlay - ok
21:08:24.0959 4636 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
21:08:24.0974 4636 PMBDeviceInfoProvider - ok
21:08:24.0990 4636 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:08:25.0006 4636 PNRPAutoReg - ok
21:08:25.0021 4636 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:08:25.0021 4636 PNRPsvc - ok
21:08:25.0068 4636 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:08:25.0146 4636 PolicyAgent - ok
21:08:25.0162 4636 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:08:25.0177 4636 Power - ok
21:08:25.0240 4636 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:08:25.0302 4636 PptpMiniport - ok
21:08:25.0349 4636 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:08:25.0349 4636 Processor - ok
21:08:25.0380 4636 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:08:25.0442 4636 ProfSvc - ok
21:08:25.0458 4636 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:08:25.0458 4636 ProtectedStorage - ok
21:08:25.0505 4636 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:08:25.0583 4636 Psched - ok
21:08:25.0630 4636 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:08:25.0630 4636 PSI_SVC_2 - ok
21:08:25.0661 4636 PulseUsb (edc3cc1d029601c8da3ff8bcfb08881f) C:\Windows\system32\DRIVERS\PulseUsb.sys
21:08:25.0723 4636 PulseUsb - ok
21:08:25.0754 4636 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:08:25.0817 4636 PxHlpa64 - ok
21:08:25.0910 4636 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:08:25.0942 4636 ql2300 - ok
21:08:26.0035 4636 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:08:26.0051 4636 ql40xx - ok
21:08:26.0066 4636 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:08:26.0082 4636 QWAVE - ok
21:08:26.0098 4636 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:08:26.0098 4636 QWAVEdrv - ok
21:08:26.0113 4636 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:08:26.0129 4636 RasAcd - ok
21:08:26.0144 4636 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:08:26.0144 4636 RasAgileVpn - ok
21:08:26.0160 4636 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:08:26.0176 4636 RasAuto - ok
21:08:26.0238 4636 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:08:26.0285 4636 Rasl2tp - ok
21:08:26.0300 4636 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:08:26.0347 4636 RasMan - ok
21:08:26.0378 4636 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:08:26.0394 4636 RasPppoe - ok
21:08:26.0410 4636 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:08:26.0410 4636 RasSstp - ok
21:08:26.0441 4636 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:08:26.0503 4636 rdbss - ok
21:08:26.0519 4636 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:08:26.0519 4636 rdpbus - ok
21:08:26.0550 4636 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:08:26.0550 4636 RDPCDD - ok
21:08:26.0566 4636 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:08:26.0566 4636 RDPENCDD - ok
21:08:26.0581 4636 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:08:26.0581 4636 RDPREFMP - ok
21:08:26.0628 4636 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:08:26.0675 4636 RDPWD - ok
21:08:26.0722 4636 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:08:26.0784 4636 rdyboost - ok
21:08:26.0800 4636 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
21:08:26.0846 4636 regi - ok
21:08:26.0878 4636 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:08:26.0878 4636 RemoteAccess - ok
21:08:26.0893 4636 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:08:26.0909 4636 RemoteRegistry - ok
21:08:26.0924 4636 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:08:26.0924 4636 RFCOMM - ok
21:08:26.0956 4636 rimspci (6ded176a14770339f1415cfdbcc9e07f) C:\Windows\system32\drivers\rimssne64.sys
21:08:27.0018 4636 rimspci - ok
21:08:27.0049 4636 risdsnpe (ddf5f666c2a5b3729e8bea01fb999cc0) C:\Windows\system32\drivers\risdsne64.sys
21:08:27.0096 4636 risdsnpe - ok
21:08:27.0112 4636 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:08:27.0127 4636 RpcEptMapper - ok
21:08:27.0143 4636 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:08:27.0143 4636 RpcLocator - ok
21:08:27.0221 4636 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:08:27.0221 4636 RpcSs - ok
21:08:27.0252 4636 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:08:27.0268 4636 rspndr - ok
21:08:27.0346 4636 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:08:27.0346 4636 SamSs - ok
21:08:27.0361 4636 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:08:27.0439 4636 sbp2port - ok
21:08:27.0580 4636 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy1\SDWinSec.exe
21:08:27.0658 4636 SBSDWSCService - ok
21:08:27.0704 4636 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:08:27.0704 4636 SCardSvr - ok
21:08:27.0751 4636 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:08:27.0798 4636 scfilter - ok
21:08:27.0876 4636 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:08:27.0938 4636 Schedule - ok
21:08:27.0970 4636 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:08:27.0970 4636 SCPolicySvc - ok
21:08:28.0016 4636 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:08:28.0079 4636 sdbus - ok
21:08:28.0126 4636 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:08:28.0157 4636 SDRSVC - ok
21:08:28.0172 4636 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:08:28.0172 4636 secdrv - ok
21:08:28.0188 4636 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:08:28.0235 4636 seclogon - ok
21:08:28.0266 4636 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:08:28.0266 4636 SENS - ok
21:08:28.0282 4636 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:08:28.0282 4636 SensrSvc - ok
21:08:28.0297 4636 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:08:28.0313 4636 Serenum - ok
21:08:28.0344 4636 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:08:28.0344 4636 Serial - ok
21:08:28.0375 4636 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:08:28.0375 4636 sermouse - ok
21:08:28.0422 4636 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:08:28.0484 4636 SessionEnv - ok
21:08:28.0516 4636 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
21:08:28.0562 4636 SFEP - ok
21:08:28.0609 4636 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:08:28.0625 4636 sffdisk - ok
21:08:28.0625 4636 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:08:28.0640 4636 sffp_mmc - ok
21:08:28.0656 4636 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:08:28.0718 4636 sffp_sd - ok
21:08:28.0734 4636 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:08:28.0734 4636 sfloppy - ok
21:08:28.0796 4636 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:08:28.0843 4636 ShellHWDetection - ok
21:08:28.0874 4636 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:08:28.0874 4636 SiSRaid2 - ok
21:08:28.0890 4636 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:08:28.0890 4636 SiSRaid4 - ok
21:08:28.0921 4636 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:08:28.0937 4636 Smb - ok
21:08:28.0937 4636 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:08:28.0952 4636 SNMPTRAP - ok
21:08:29.0046 4636 SOHCImp (c3e69db0a4e59564230e053232f39ac7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
21:08:29.0108 4636 SOHCImp - ok
21:08:29.0155 4636 SOHDms (65cc4779a29c3e82b987bd4961790dff) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
21:08:29.0264 4636 SOHDms - ok
21:08:29.0280 4636 SOHDs (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
21:08:29.0342 4636 SOHDs - ok
21:08:29.0498 4636 SpfService (b8047e776e50fc2384801083a77900e0) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
21:08:29.0592 4636 SpfService - ok
21:08:29.0608 4636 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:08:29.0608 4636 spldr - ok
21:08:29.0654 4636 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:08:29.0654 4636 Spooler - ok
21:08:29.0826 4636 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:08:29.0842 4636 sppsvc - ok
21:08:29.0920 4636 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:08:29.0935 4636 sppuinotify - ok
21:08:29.0998 4636 SQLAgent$DDNI (a892134c28777978ecde8283dc57ac0f) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE
21:08:30.0091 4636 SQLAgent$DDNI - ok
21:08:30.0122 4636 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:08:30.0200 4636 SQLBrowser - ok
21:08:30.0247 4636 SQLWriter (f92e5f93be572b512da3c016b675ede0) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:08:30.0247 4636 SQLWriter - ok
21:08:30.0294 4636 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:08:30.0372 4636 srv - ok
21:08:30.0419 4636 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:08:30.0481 4636 srv2 - ok
21:08:30.0512 4636 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:08:30.0559 4636 srvnet - ok
21:08:30.0606 4636 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:08:30.0606 4636 SSDPSRV - ok
21:08:30.0622 4636 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:08:30.0637 4636 SstpSvc - ok
21:08:30.0653 4636 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:08:30.0653 4636 stexstor - ok
21:08:30.0746 4636 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:08:30.0809 4636 stisvc - ok
21:08:30.0840 4636 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:08:30.0840 4636 swenum - ok
21:08:30.0871 4636 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:08:30.0902 4636 swprv - ok
21:08:31.0012 4636 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:08:31.0027 4636 SysMain - ok
21:08:31.0090 4636 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:08:31.0152 4636 TabletInputService - ok
21:08:31.0183 4636 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:08:31.0246 4636 TapiSrv - ok
21:08:31.0277 4636 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:08:31.0277 4636 TBS - ok
21:08:31.0402 4636 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:08:31.0448 4636 Tcpip - ok
21:08:31.0682 4636 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:08:31.0698 4636 TCPIP6 - ok
21:08:31.0792 4636 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:08:31.0854 4636 tcpipreg - ok
21:08:31.0870 4636 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:08:31.0885 4636 TDPIPE - ok
21:08:31.0916 4636 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:08:31.0963 4636 TDTCP - ok
21:08:32.0010 4636 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:08:32.0088 4636 tdx - ok
21:08:32.0104 4636 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:08:32.0135 4636 TermDD - ok
21:08:32.0182 4636 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:08:32.0228 4636 TermService - ok
21:08:32.0260 4636 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:08:32.0260 4636 Themes - ok
21:08:32.0291 4636 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:08:32.0291 4636 THREADORDER - ok
21:08:32.0306 4636 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:08:32.0322 4636 TrkWks - ok
21:08:32.0353 4636 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:08:32.0353 4636 TrustedInstaller - ok
21:08:32.0384 4636 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:08:32.0447 4636 tssecsrv - ok
21:08:32.0509 4636 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:08:32.0556 4636 TsUsbFlt - ok
21:08:32.0603 4636 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:08:32.0665 4636 tunnel - ok
21:08:32.0681 4636 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:08:32.0681 4636 uagp35 - ok
21:08:32.0743 4636 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
21:08:32.0743 4636 uCamMonitor - ok
21:08:32.0790 4636 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:08:32.0852 4636 udfs - ok
21:08:32.0884 4636 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:08:32.0884 4636 UI0Detect - ok
21:08:32.0915 4636 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:08:32.0915 4636 uliagpkx - ok
21:08:32.0930 4636 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:08:32.0977 4636 umbus - ok
21:08:33.0008 4636 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:08:33.0024 4636 UmPass - ok
21:08:33.0055 4636 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:08:33.0071 4636 upnphost - ok
21:08:33.0118 4636 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:08:33.0180 4636 usbccgp - ok
21:08:33.0227 4636 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:08:33.0242 4636 usbcir - ok
21:08:33.0258 4636 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:08:33.0320 4636 usbehci - ok
21:08:33.0352 4636 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:08:33.0430 4636 usbhub - ok
21:08:33.0445 4636 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
21:08:33.0461 4636 usbohci - ok
21:08:33.0492 4636 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
21:08:33.0492 4636 usbprint - ok
21:08:33.0523 4636 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:08:33.0570 4636 USBSTOR - ok
21:08:33.0617 4636 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:08:33.0726 4636 usbuhci - ok
21:08:33.0773 4636 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:08:33.0882 4636 usbvideo - ok
21:08:33.0898 4636 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:08:33.0913 4636 UxSms - ok
21:08:34.0038 4636 VAIO Entertainment TV Device Arbitration Service (8e68e4aa2d7abbf7c9159d9d2a38ae0f) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
21:08:34.0085 4636 VAIO Entertainment TV Device Arbitration Service - ok
21:08:34.0210 4636 VAIO Event Service (218f78b39832a2a0761ce2422828a57c) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
21:08:34.0210 4636 VAIO Event Service - ok
21:08:34.0397 4636 VAIO Power Management (1cf1a4dd7a58c966c9014b83c7229cf3) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
21:08:34.0522 4636 VAIO Power Management - ok
21:08:34.0568 4636 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:08:34.0568 4636 VaultSvc - ok
21:08:34.0631 4636 VCFw (6888526aeb8ddabde6f778fd40fc0693) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
21:08:34.0756 4636 VCFw - ok
21:08:34.0802 4636 VcmIAlzMgr (10e212bfb7eab152a64c1aaec2f7f4e0) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
21:08:34.0818 4636 VcmIAlzMgr - ok
21:08:34.0849 4636 VcmINSMgr (7a88cfd3fe99f2c9b95a6e2a08b96e14) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
21:08:34.0849 4636 VcmINSMgr - ok
21:08:34.0880 4636 VcmXmlIfHelper (8efaaccc7bfa1e9031efdfb01a1b0d69) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
21:08:34.0943 4636 VcmXmlIfHelper - ok
21:08:35.0005 4636 VCService (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
21:08:35.0052 4636 VCService - ok
21:08:35.0302 4636 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:08:35.0317 4636 vdrvroot - ok
21:08:35.0364 4636 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:08:35.0458 4636 vds - ok
21:08:35.0489 4636 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:08:35.0504 4636 vga - ok
21:08:35.0504 4636 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:08:35.0520 4636 VgaSave - ok
21:08:35.0551 4636 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:08:35.0598 4636 vhdmp - ok
21:08:35.0629 4636 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:08:35.0645 4636 viaide - ok
21:08:35.0676 4636 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:08:35.0723 4636 volmgr - ok
21:08:35.0785 4636 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:08:35.0863 4636 volmgrx - ok
21:08:35.0910 4636 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:08:35.0988 4636 volsnap - ok
21:08:36.0082 4636 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:08:36.0113 4636 vsmraid - ok
21:08:36.0284 4636 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:08:36.0362 4636 VSS - ok
21:08:36.0518 4636 VUAgent (d62d16e057be87f5b84a54d1b83822c4) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
21:08:36.0534 4636 VUAgent - ok
21:08:36.0565 4636 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:08:36.0565 4636 vwifibus - ok
21:08:36.0596 4636 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:08:36.0596 4636 vwififlt - ok
21:08:36.0612 4636 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:08:36.0612 4636 vwifimp - ok
21:08:36.0659 4636 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:08:36.0674 4636 W32Time - ok
21:08:36.0706 4636 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:08:36.0706 4636 WacomPen - ok
21:08:36.0737 4636 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:08:36.0799 4636 WANARP - ok
21:08:36.0815 4636 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:08:36.0815 4636 Wanarpv6 - ok
21:08:36.0893 4636 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:08:36.0955 4636 WatAdminSvc - ok
21:08:37.0064 4636 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:08:37.0158 4636 wbengine - ok
21:08:37.0205 4636 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:08:37.0236 4636 WbioSrvc - ok
21:08:37.0298 4636 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:08:37.0330 4636 wcncsvc - ok
21:08:37.0345 4636 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:08:37.0361 4636 WcsPlugInService - ok
21:08:37.0376 4636 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:08:37.0376 4636 Wd - ok
21:08:37.0423 4636 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:08:37.0439 4636 Wdf01000 - ok
21:08:37.0439 4636 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:08:37.0454 4636 WdiServiceHost - ok
21:08:37.0454 4636 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:08:37.0454 4636 WdiSystemHost - ok
21:08:37.0501 4636 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:08:37.0564 4636 WebClient - ok
21:08:37.0595 4636 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:08:37.0595 4636 Wecsvc - ok
21:08:37.0626 4636 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:08:37.0626 4636 wercplsupport - ok
21:08:37.0642 4636 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:08:37.0642 4636 WerSvc - ok
21:08:37.0657 4636 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:08:37.0657 4636 WfpLwf - ok
21:08:37.0673 4636 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:08:37.0688 4636 WIMMount - ok
21:08:37.0688 4636 WinHttpAutoProxySvc - ok
21:08:37.0735 4636 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:08:37.0751 4636 Winmgmt - ok
21:08:37.0891 4636 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:08:37.0954 4636 WinRM - ok
21:08:38.0032 4636 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:08:38.0047 4636 Wlansvc - ok
21:08:38.0078 4636 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:08:38.0078 4636 WmiAcpi - ok
21:08:38.0110 4636 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:08:38.0125 4636 wmiApSrv - ok
21:08:38.0156 4636 WMPNetworkSvc - ok
21:08:38.0172 4636 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:08:38.0172 4636 WPCSvc - ok
21:08:38.0188 4636 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:08:38.0234 4636 WPDBusEnum - ok
21:08:38.0266 4636 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:08:38.0266 4636 ws2ifsl - ok
21:08:38.0266 4636 WSearch - ok
21:08:38.0406 4636 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:08:38.0422 4636 wuauserv - ok
21:08:38.0484 4636 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:08:38.0531 4636 WudfPf - ok
21:08:38.0593 4636 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:08:38.0671 4636 WUDFRd - ok
21:08:38.0718 4636 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:08:38.0780 4636 wudfsvc - ok
21:08:38.0796 4636 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:08:38.0812 4636 WwanSvc - ok
21:08:38.0858 4636 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:08:39.0155 4636 \Device\Harddisk0\DR0 - ok
21:08:39.0155 4636 Boot (0x1200) (0de6a315dd94ce2ce304616294ebe190) \Device\Harddisk0\DR0\Partition0
21:08:39.0155 4636 \Device\Harddisk0\DR0\Partition0 - ok
21:08:39.0170 4636 Boot (0x1200) (10b673bde8c8766255a3de94a9689f11) \Device\Harddisk0\DR0\Partition1
21:08:39.0170 4636 \Device\Harddisk0\DR0\Partition1 - ok
21:08:39.0170 4636 ============================================================
21:08:39.0170 4636 Scan finished
21:08:39.0170 4636 ============================================================
21:08:39.0186 4628 Detected object count: 0
21:08:39.0186 4628 Actual detected object count: 0
21:10:06.0359 2184 Deinitialize success

===============================================================================================
ASW Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 21:10:58
-----------------------------
21:10:58.263 OS Version: Windows x64 6.1.7601 Service Pack 1
21:10:58.263 Number of processors: 4 586 0x170A
21:10:58.263 ComputerName: VAIO_DESKTOP UserName:
21:10:59.729 Initialize success
21:12:45.343 AVAST engine defs: 12071501
21:13:43.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:13:43.578 Disk 0 Vendor: WDC_WD1001FAES-55W7A0 05.01D05 Size: 953869MB BusType: 3
21:13:43.593 Disk 0 MBR read successfully
21:13:43.593 Disk 0 MBR scan
21:13:43.609 Disk 0 Windows 7 default MBR code
21:13:43.609 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10176 MB offset 2048
21:13:43.625 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 20842496
21:13:43.640 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 943591 MB offset 21047296
21:13:43.703 Disk 0 scanning C:\Windows\system32\drivers
21:13:59.037 Service scanning
21:14:28.241 Modules scanning
21:14:28.241 Disk 0 trace - called modules:
21:14:28.256 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:14:28.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cf9060]
21:14:28.272 3 CLASSPNP.SYS[fffff8800121c43f] -> nt!IofCallDriver -> [0xfffffa8007962520]
21:14:28.287 5 ACPI.sys[fffff88000ef37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007956060]
21:14:30.253 AVAST engine scan C:\Windows
21:14:33.935 AVAST engine scan C:\Windows\system32
21:19:38.978 AVAST engine scan C:\Windows\system32\drivers
21:19:57.136 AVAST engine scan C:\Users\Steve & Candy
21:41:43.046 AVAST engine scan C:\ProgramData
21:44:19.516 Scan finished successfully
21:47:51.504 Disk 0 MBR has been saved successfully to "C:\Users\Steve & Candy\Desktop\fixlogs\MBR.dat"
21:47:51.504 The log file has been saved successfully to "C:\Users\Steve & Candy\Desktop\fixlogs\aswMBR.txt"

=======================================================================================================================
ESET Log:

C:\Users\Steve & Candy\Downloads\cnet_FFSetup270_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Windows\Installer\{2310b48f-278d-b75f-6122-f1e5a83e7fff}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:43 AM

Posted 16 July 2012 - 09:35 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#5 thebigshow

thebigshow
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 16 July 2012 - 05:31 PM

MBAM Log:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Steve & Candy :: VAIO_DESKTOP [administrator]

Protection: Enabled

7/16/2012 5:10:43 PM
mbam-log-2012-07-16 (17-10-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211739
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
=====================================================
MiniToolBox Log: **Note: When "getting ip config" was in the status while running, the error surfaced (3x):
nslookup.exe - Ordinal Not Found
The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll


MiniToolBox by Farbar Version: 15-07-2012
Ran by Steve & Candy (administrator) on 16-07-2012 at 17:22:07
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "88.191.129.214"
"network.proxy.http_port", 80
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com

There are 15236 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Intel® 82567V-2 Gigabit Network Connection = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/16/2012 00:44:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: McShield.exe, version: 14.1.0.515, time stamp: 0x4a79054b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e21213c
Exception code: 0x000006be
Fault offset: 0x000000000000cacd
Faulting process id: 0x1118
Faulting application start time: 0xMcShield.exe0
Faulting application path: McShield.exe1
Faulting module path: McShield.exe2
Report Id: McShield.exe3

Error: (07/16/2012 00:44:03 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: Exception in McShield.Exe!

Exception details follow :

VSCORE.14.1.0.515
Exception Code : 0X00000000000006BE
Exception Address : 0X000007FEFD62CACD
Exception Parameters : 0

More information :
Exception in initialisation : progress = 53.

Error: (07/16/2012 00:44:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: mfeann.exe, version: 14.1.0.515, time stamp: 0x4a790520
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x0000000000027665
Faulting process id: 0x1220
Faulting application start time: 0xmfeann.exe0
Faulting application path: mfeann.exe1
Faulting module path: mfeann.exe2
Report Id: mfeann.exe3

Error: (07/16/2012 00:43:52 PM) (Source: McLogEvent) (User: )
Description: The McShield service terminated unexpectedly.

Please review event 5019 or 5051 for details.
The McShield service will be restarted in 5 seconds;

Error: (07/16/2012 00:43:51 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: A thread in process C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3364 (0xd24)

Thread address : 0x000000007714164A

Thread message :

Build VSCORE.14.1.0.515 / 5400.1158
Object being scanned = \Device\HarddiskVolume3\Program Files\Sony\VAIO Help and Support\en-us\WebCam_demo.exe
by C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (07/16/2012 07:23:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (07/16/2012 07:22:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (07/16/2012 07:21:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/15/2012 10:38:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7542c9f1
Faulting process id: 0x1598
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/15/2012 10:38:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7542c9f1
Faulting process id: 0xb90
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (07/16/2012 05:10:37 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/16/2012 05:10:37 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/16/2012 05:09:33 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/16/2012 05:09:33 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/16/2012 05:09:03 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (07/16/2012 05:09:01 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/16/2012 05:07:34 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/16/2012 05:07:34 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/16/2012 05:07:27 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{38936D5E-AF80-4F9F-9E9C-F21FA582C303} because another computer on the network has the same name. The server could not start.

Error: (07/16/2012 00:44:04 PM) (Source: Service Control Manager) (User: )
Description: The McAfee McShield service terminated unexpectedly. It has done this 2 time(s).


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================


========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 8127.18 MB
Available physical RAM: 6291.94 MB
Total Pagefile: 16252.55 MB
Available Pagefile: 13945.15 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.52 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:921.48 GB) (Free:804.77 GB) NTFS

========================= Users: ========================================

User accounts for \\VAIO_DESKTOP

Administrator Guest Steve & Candy


**** End of log ****
============================================================================

FSS Log:


Farbar Service Scanner Version: 08-07-2012
Ran by Steve & Candy (administrator) on 16-07-2012 at 17:27:28
Running from "\\MOYER-LAPTOP\Users\Moyer\Desktop\fixcomputer"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by thebigshow, 16 July 2012 - 05:38 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:43 AM

Posted 16 July 2012 - 08:06 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{2310b48f-278d-b75f-6122-f1e5a83e7fff}

Click on LOOK,post the generated log

Create a restore point before trying this

Download

MpsSvc
BFE
wscsvc
defender


Launch them ,click YES when you get UAC prompt

restart the PC

Post the FSS log

Edited by narenxp, 16 July 2012 - 08:07 PM.


#7 thebigshow

thebigshow
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 16 July 2012 - 08:27 PM

At the end you say Post the FSS log; Am I to run FSS after restarting the PC after adding the registry values?

Here is the systemlook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:19 on 16/07/2012 by Steve & Candy
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{2310b48f-278d-b75f-6122-f1e5a83e7fff}"
C:\Users\Steve & Candy\AppData\Local\{2310b48f-278d-b75f-6122-f1e5a83e7fff} d--hs-- [00:01 11/01/2012]
C:\Windows\Installer\{2310b48f-278d-b75f-6122-f1e5a83e7fff} d--hs-- [00:01 11/01/2012]

-= EOF =-

Edited by thebigshow, 16 July 2012 - 08:29 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:43 AM

Posted 16 July 2012 - 08:34 PM

At the end you say Post the FSS log; Am I to run FSS after restarting the PC after adding the registry values?


Yes

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Steve & Candy\AppData\Local\{2310b48f-278d-b75f-6122-f1e5a83e7fff}
C:\Windows\Installer\{2310b48f-278d-b75f-6122-f1e5a83e7fff}

delete both the folders


Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Post the new SYSTEM LOOK log

#9 thebigshow

thebigshow
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 16 July 2012 - 08:52 PM

Ok, I re-ran FSS, and here is the log:

Farbar Service Scanner Version: 08-07-2012
Ran by Steve & Candy (administrator) on 16-07-2012 at 20:46:41
Running from "\\MOYER-LAPTOP\Users\Moyer\Desktop\fixcomputer"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



I cannot delete C:\Windows\Installer\{2310b48f-278d-b75f-6122-f1e5a83e7fff} . There is a system file inside "@" that says it is in use... Where do I go from here? Continue with your instructions eventhough the folder would not delete?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:43 AM

Posted 16 July 2012 - 08:56 PM

I cannot delete C:\Windows\Installer\{2310b48f-278d-b75f-6122-f1e5a83e7fff} . There is a system file inside "@" that says it is in use... Where do I go from here? Continue with your instructions eventhough the folder would not delete?


Finish the next step,restart the PC and delete the folder

#11 thebigshow

thebigshow
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 16 July 2012 - 09:09 PM

completed the services.bat step.

deleted the windows file that could not previously be deleted.

re-ran system look using previously defined script, and here are the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:06 on 16/07/2012 by Steve & Candy
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{2310b48f-278d-b75f-6122-f1e5a83e7fff}"
No folders found.

-= EOF =-

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:43 AM

Posted 16 July 2012 - 09:13 PM

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

Go to C:\windows\system32 folder

Delete the SERVICES.EXE.OLD file

good luck

#13 thebigshow

thebigshow
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 16 July 2012 - 09:18 PM

just to be clear, you say post the FSS log; do you intend for me to re-run FSS with the previous defined scripts again? (sorry, don't want to take a wrong step or be out of sequence). Thanks

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:43 AM

Posted 16 July 2012 - 09:21 PM

Please run it again and post the new one.I'm always here to help you :thumbsup:

#15 thebigshow

thebigshow
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 16 July 2012 - 09:27 PM

Ran the tool

restarted system

deleted system32\services.exe.old, McAfee virus alert popped up detecting a virus, and the file was deleted.

re-ran FSS, and here are the results:

Farbar Service Scanner Version: 08-07-2012
Ran by Steve & Candy (administrator) on 16-07-2012 at 21:24:27
Running from "\\MOYER-LAPTOP\Users\Moyer\Desktop\fixcomputer"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users