Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't connect to www.google.com after successful removal of Live Security Platinum virus


  • Please log in to reply
25 replies to this topic

#1 spunky2008

spunky2008

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 19 July 2012 - 07:59 PM

Hi,

I am using Windows Vista Business and have recently been infected by the Live Security Platinum virus and have cleaned it using the method from here.

Everything seems recovery ok but I can't connect to www.google.com by either the IE or ping. I have use ipconfig to flush the DNS but it doesn't help. The other PCs behind the same router can connect or ping www.google.com (will jump to www.l.google.com) successfully so I am pretty sure it is not the problem of the gateway.

I have also checked the host file in the affected PC but it seems normal. There is also NO proxy setting in the IE.

Could you help me on it? Thanks a lot!

P.S. I noticed that the "windows defender" in the control panel can't be opened and gave error message when double-clicked. However, since I have never used it, I am not sure now it is the problem even before the infection.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:11 AM

Posted 19 July 2012 - 08:01 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#3 spunky2008

spunky2008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 19 July 2012 - 09:08 PM

Here it is:

Farbar Service Scanner Version: 19-07-2012
Ran by administrator on 19-07-2012 at 19:06:06
Microsoft? Windows Vista? Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 23:38] - [2012-03-30 05:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-11-13 22:12] - [2008-01-19 00:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:11 AM

Posted 19 July 2012 - 09:09 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#5 spunky2008

spunky2008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 19 July 2012 - 10:03 PM

TDSSkiller log:

19:57:16.0490 5800 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
19:57:16.0928 5800 ============================================================
19:57:16.0929 5800 Current date / time: 2012/07/19 19:57:16.0928
19:57:16.0929 5800 SystemInfo:
19:57:16.0929 5800
19:57:16.0929 5800 OS Version: 6.0.6002 ServicePack: 2.0
19:57:16.0929 5800 Product type: Workstation
19:57:16.0929 5800 ComputerName: LU-PC
19:57:16.0929 5800 UserName: lu
19:57:16.0929 5800 Windows directory: C:\Windows
19:57:16.0929 5800 System windows directory: C:\Windows
19:57:16.0929 5800 Processor architecture: Intel x86
19:57:16.0929 5800 Number of processors: 2
19:57:16.0929 5800 Page size: 0x1000
19:57:16.0929 5800 Boot type: Normal boot
19:57:16.0929 5800 ============================================================
19:57:17.0661 5800 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:57:17.0663 5800 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:57:21.0499 5800 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:57:31.0534 5800 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:57:37.0201 5800 ============================================================
19:57:37.0201 5800 \Device\Harddisk0\DR0:
19:57:37.0216 5800 MBR partitions:
19:57:37.0216 5800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
19:57:37.0216 5800 \Device\Harddisk1\DR1:
19:57:37.0216 5800 MBR partitions:
19:57:37.0216 5800 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
19:57:37.0216 5800 \Device\Harddisk2\DR2:
19:57:37.0217 5800 MBR partitions:
19:57:37.0217 5800 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0
19:57:37.0217 5800 \Device\Harddisk3\DR3:
19:57:37.0217 5800 MBR partitions:
19:57:37.0217 5800 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
19:57:37.0217 5800 ============================================================
19:57:37.0246 5800 C: <-> \Device\Harddisk0\DR0\Partition0
19:57:37.0273 5800 F: <-> \Device\Harddisk3\DR3\Partition0
19:57:37.0314 5800 G: <-> \Device\Harddisk2\DR2\Partition0
19:57:37.0315 5800 H: <-> \Device\Harddisk1\DR1\Partition0
19:57:37.0315 5800 ============================================================
19:57:37.0315 5800 Initialize success
19:57:37.0315 5800 ============================================================
19:57:54.0194 3036 ============================================================
19:57:54.0194 3036 Scan started
19:57:54.0194 3036 Mode: Manual; TDLFS;
19:57:54.0194 3036 ============================================================
19:57:55.0516 3036 3040 - ok
19:57:55.0742 3036 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
19:57:55.0743 3036 61883 - ok
19:57:55.0807 3036 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:57:55.0811 3036 ACPI - ok
19:57:55.0918 3036 AcPrfMgrSvc (a125765807a56b6323635cddc5ef0770) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
19:57:55.0919 3036 AcPrfMgrSvc - ok
19:57:55.0976 3036 AcSvc (977457d42bc46e46d1fea8d375685de9) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
19:57:55.0978 3036 AcSvc - ok
19:57:56.0122 3036 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:56.0123 3036 AdobeFlashPlayerUpdateSvc - ok
19:57:56.0192 3036 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:57:56.0201 3036 adp94xx - ok
19:57:56.0254 3036 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:57:56.0259 3036 adpahci - ok
19:57:56.0293 3036 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:57:56.0295 3036 adpu160m - ok
19:57:56.0384 3036 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:57:56.0386 3036 adpu320 - ok
19:57:56.0437 3036 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:57:56.0438 3036 AeLookupSvc - ok
19:57:56.0513 3036 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:57:56.0515 3036 AFD - ok
19:57:56.0544 3036 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:57:56.0545 3036 agp440 - ok
19:57:56.0588 3036 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:57:56.0590 3036 aic78xx - ok
19:57:56.0628 3036 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:57:56.0630 3036 ALG - ok
19:57:56.0653 3036 Alidevice (2f17c06cda54bfbe13c4046b19055f7b) C:\Windows\system32\drivers\Alidevice.sys
19:57:56.0654 3036 Alidevice - ok
19:57:56.0677 3036 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:57:56.0678 3036 aliide - ok
19:57:56.0700 3036 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:57:56.0702 3036 amdagp - ok
19:57:56.0723 3036 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:57:56.0724 3036 amdide - ok
19:57:56.0739 3036 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:57:56.0740 3036 AmdK7 - ok
19:57:56.0753 3036 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:57:56.0754 3036 AmdK8 - ok
19:57:57.0095 3036 amdkmdag (383f70040be9acaa627dd7b42d0e8dd4) C:\Windows\system32\DRIVERS\atikmdag.sys
19:57:57.0116 3036 amdkmdag - ok
19:57:57.0272 3036 amdkmdap (1b2529f48203bc08416ac95423025324) C:\Windows\system32\DRIVERS\atikmpag.sys
19:57:57.0273 3036 amdkmdap - ok
19:57:57.0328 3036 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:57:57.0330 3036 Appinfo - ok
19:57:57.0448 3036 Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:57:57.0450 3036 Apple Mobile Device - ok
19:57:57.0506 3036 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
19:57:57.0508 3036 AppMgmt - ok
19:57:57.0566 3036 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:57:57.0568 3036 arc - ok
19:57:57.0596 3036 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:57:57.0598 3036 arcsas - ok
19:57:57.0638 3036 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:57:57.0639 3036 AsyncMac - ok
19:57:57.0684 3036 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:57:57.0685 3036 atapi - ok
19:57:57.0786 3036 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys
19:57:57.0791 3036 athr - ok
19:57:57.0877 3036 Ati External Event Utility (9b1afa12b11e7465977ec7e30d2558e6) C:\Windows\system32\Ati2evxx.exe
19:57:57.0888 3036 Ati External Event Utility - ok
19:57:57.0964 3036 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:57:57.0971 3036 AudioEndpointBuilder - ok
19:57:57.0976 3036 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:57:57.0978 3036 Audiosrv - ok
19:57:58.0065 3036 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
19:57:58.0067 3036 Avc - ok
19:57:58.0267 3036 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
19:57:58.0269 3036 BBSvc - ok
19:57:58.0344 3036 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
19:57:58.0346 3036 BBUpdate - ok
19:57:58.0403 3036 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:57:58.0404 3036 Beep - ok
19:57:58.0427 3036 blbdrive - ok
19:57:58.0539 3036 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
19:57:58.0542 3036 Bonjour Service - ok
19:57:58.0596 3036 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:57:58.0597 3036 bowser - ok
19:57:58.0627 3036 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:57:58.0628 3036 BrFiltLo - ok
19:57:58.0638 3036 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:57:58.0639 3036 BrFiltUp - ok
19:57:58.0682 3036 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:57:58.0684 3036 Browser - ok
19:57:58.0709 3036 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:57:58.0710 3036 Brserid - ok
19:57:58.0738 3036 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:57:58.0739 3036 BrSerWdm - ok
19:57:58.0755 3036 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:57:58.0756 3036 BrUsbMdm - ok
19:57:58.0765 3036 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:57:58.0766 3036 BrUsbSer - ok
19:57:58.0792 3036 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:57:58.0793 3036 BTHMODEM - ok
19:57:58.0861 3036 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
19:57:58.0862 3036 BthServ - ok
19:57:58.0908 3036 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:57:58.0909 3036 cdfs - ok
19:57:58.0965 3036 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:57:58.0967 3036 cdrom - ok
19:57:59.0019 3036 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:57:59.0020 3036 CertPropSvc - ok
19:57:59.0051 3036 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:57:59.0052 3036 circlass - ok
19:57:59.0114 3036 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:57:59.0118 3036 CLFS - ok
19:57:59.0188 3036 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:59.0190 3036 clr_optimization_v2.0.50727_32 - ok
19:57:59.0229 3036 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:57:59.0230 3036 CmBatt - ok
19:57:59.0250 3036 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:57:59.0251 3036 cmdide - ok
19:57:59.0302 3036 CnxtHdAudService (9688ff5e474dd03129aa8ca375add252) C:\Windows\system32\drivers\CHDRT32.sys
19:57:59.0304 3036 CnxtHdAudService - ok
19:57:59.0329 3036 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:57:59.0330 3036 Compbatt - ok
19:57:59.0335 3036 COMSysApp - ok
19:57:59.0381 3036 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:57:59.0381 3036 crcdisk - ok
19:57:59.0401 3036 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:57:59.0402 3036 Crusoe - ok
19:57:59.0462 3036 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:57:59.0463 3036 CryptSvc - ok
19:57:59.0524 3036 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
19:57:59.0530 3036 CSC - ok
19:57:59.0629 3036 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
19:57:59.0638 3036 CscService - ok
19:57:59.0685 3036 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
19:57:59.0686 3036 CVirtA - ok
19:57:59.0883 3036 CVPND (8b8b082010775093081debe9621bedf0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
19:57:59.0891 3036 CVPND - ok
19:58:00.0062 3036 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\Windows\system32\Drivers\CVPNDRVA.sys
19:58:00.0064 3036 CVPNDRVA - ok
19:58:00.0148 3036 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:58:00.0153 3036 DcomLaunch - ok
19:58:00.0198 3036 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:58:00.0199 3036 DfsC - ok
19:58:00.0375 3036 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:58:00.0408 3036 DFSR - ok
19:58:00.0561 3036 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:58:00.0563 3036 Dhcp - ok
19:58:00.0631 3036 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:58:00.0632 3036 disk - ok
19:58:00.0679 3036 DNE (694616f813fb627a32c9e32dec133078) C:\Windows\system32\DRIVERS\dne2000.sys
19:58:00.0679 3036 DNE - ok
19:58:00.0733 3036 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:58:00.0734 3036 Dnscache - ok
19:58:00.0774 3036 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:58:00.0778 3036 dot3svc - ok
19:58:00.0827 3036 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:58:00.0830 3036 DPS - ok
19:58:00.0853 3036 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:58:00.0854 3036 drmkaud - ok
19:58:00.0921 3036 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
19:58:00.0922 3036 dsNcAdpt - ok
19:58:01.0125 3036 dsNcService (586855d6fd2bd978723b502306d6ec78) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
19:58:01.0128 3036 dsNcService - ok
19:58:01.0221 3036 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:58:01.0231 3036 DXGKrnl - ok
19:58:01.0267 3036 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:58:01.0270 3036 E1G60 - ok
19:58:01.0322 3036 e1yexpress (668819862ffde09028b975b74d376030) C:\Windows\system32\DRIVERS\e1y6032.sys
19:58:01.0323 3036 e1yexpress - ok
19:58:01.0394 3036 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:58:01.0396 3036 EapHost - ok
19:58:01.0453 3036 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:58:01.0455 3036 Ecache - ok
19:58:01.0506 3036 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:58:01.0511 3036 elxstor - ok
19:58:01.0587 3036 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:58:01.0597 3036 EMDMgmt - ok
19:58:01.0683 3036 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:58:01.0686 3036 EventSystem - ok
19:58:01.0752 3036 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:58:01.0755 3036 exfat - ok
19:58:01.0815 3036 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:58:01.0818 3036 fastfat - ok
19:58:01.0893 3036 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
19:58:01.0902 3036 Fax - ok
19:58:01.0941 3036 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:58:01.0942 3036 fdc - ok
19:58:02.0005 3036 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:58:02.0006 3036 fdPHost - ok
19:58:02.0035 3036 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:58:02.0036 3036 FDResPub - ok
19:58:02.0090 3036 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:58:02.0091 3036 FileInfo - ok
19:58:02.0133 3036 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:58:02.0134 3036 Filetrace - ok
19:58:02.0293 3036 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:58:02.0296 3036 FLEXnet Licensing Service - ok
19:58:02.0326 3036 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:58:02.0327 3036 flpydisk - ok
19:58:02.0384 3036 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:58:02.0387 3036 FltMgr - ok
19:58:02.0562 3036 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
19:58:02.0576 3036 FontCache - ok
19:58:02.0701 3036 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:58:02.0702 3036 FontCache3.0.0.0 - ok
19:58:02.0749 3036 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
19:58:02.0751 3036 fssfltr - ok
19:58:02.0891 3036 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:58:02.0903 3036 fsssvc - ok
19:58:02.0954 3036 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:58:02.0955 3036 Fs_Rec - ok
19:58:02.0985 3036 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:58:02.0987 3036 gagp30kx - ok
19:58:03.0040 3036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:58:03.0041 3036 GEARAspiWDM - ok
19:58:03.0121 3036 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:58:03.0131 3036 gpsvc - ok
19:58:03.0183 3036 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:58:03.0187 3036 HdAudAddService - ok
19:58:03.0268 3036 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:58:03.0278 3036 HDAudBus - ok
19:58:03.0326 3036 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys
19:58:03.0328 3036 HECI - ok
19:58:03.0363 3036 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:58:03.0364 3036 HidBth - ok
19:58:03.0380 3036 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:58:03.0381 3036 HidIr - ok
19:58:03.0433 3036 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:58:03.0435 3036 hidserv - ok
19:58:03.0467 3036 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:58:03.0468 3036 HidUsb - ok
19:58:03.0585 3036 HitmanProScheduler (da53819fbb21e6ff91d377283597a6c6) C:\Program Files\HitmanPro\hmpsched.exe
19:58:03.0586 3036 HitmanProScheduler - ok
19:58:03.0649 3036 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:58:03.0651 3036 hkmsvc - ok
19:58:03.0698 3036 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:58:03.0700 3036 HpCISSs - ok
19:58:03.0745 3036 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:58:03.0749 3036 HSFHWAZL - ok
19:58:03.0842 3036 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:58:03.0849 3036 HSF_DPV - ok
19:58:03.0877 3036 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:58:03.0879 3036 HSXHWAZL - ok
19:58:03.0973 3036 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:58:03.0981 3036 HTTP - ok
19:58:04.0017 3036 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:58:04.0018 3036 i2omp - ok
19:58:04.0120 3036 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:58:04.0121 3036 i8042prt - ok
19:58:04.0203 3036 iaStor (abfebc5f846c71afebd7f8f6ba740c03) C:\Windows\system32\DRIVERS\iaStor.sys
19:58:04.0205 3036 iaStor - ok
19:58:04.0235 3036 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:58:04.0240 3036 iaStorV - ok
19:58:04.0282 3036 IBMPMDRV (ff2dbf3b183516eec87dad241ec50e7a) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
19:58:04.0283 3036 IBMPMDRV - ok
19:58:04.0296 3036 IBMPMSVC (41328443d34c1e4d680d9d2766b94354) C:\Windows\system32\ibmpmsvc.exe
19:58:04.0297 3036 IBMPMSVC - ok
19:58:04.0427 3036 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:58:04.0430 3036 IDriverT - ok
19:58:04.0585 3036 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:58:04.0600 3036 idsvc - ok
19:58:04.0640 3036 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:58:04.0642 3036 iirsp - ok
19:58:04.0709 3036 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:58:04.0717 3036 IKEEXT - ok
19:58:04.0734 3036 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
19:58:04.0735 3036 intelide - ok
19:58:04.0931 3036 intelkmd (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:58:04.0944 3036 intelkmd - ok
19:58:05.0109 3036 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:58:05.0110 3036 intelppm - ok
19:58:05.0175 3036 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:58:05.0177 3036 IPBusEnum - ok
19:58:05.0225 3036 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:58:05.0226 3036 IpFilterDriver - ok
19:58:05.0229 3036 IpInIp - ok
19:58:05.0279 3036 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:58:05.0280 3036 IPMIDRV - ok
19:58:05.0320 3036 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:58:05.0322 3036 IPNAT - ok
19:58:05.0467 3036 iPod Service (8e5e5a8cc84da3f683e3bbc045138d52) C:\Program Files\iPod\bin\iPodService.exe
19:58:05.0472 3036 iPod Service - ok
19:58:05.0510 3036 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:58:05.0511 3036 IRENUM - ok
19:58:05.0553 3036 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:58:05.0554 3036 isapnp - ok
19:58:05.0607 3036 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:58:05.0610 3036 iScsiPrt - ok
19:58:05.0647 3036 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:58:05.0648 3036 iteatapi - ok
19:58:05.0668 3036 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:58:05.0670 3036 iteraid - ok
19:58:05.0713 3036 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:58:05.0714 3036 kbdclass - ok
19:58:05.0762 3036 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:58:05.0763 3036 kbdhid - ok
19:58:05.0808 3036 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:58:05.0810 3036 KeyIso - ok
19:58:05.0851 3036 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:58:05.0853 3036 KSecDD - ok
19:58:05.0916 3036 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:58:05.0923 3036 KtmRm - ok
19:58:05.0997 3036 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:58:06.0002 3036 LanmanServer - ok
19:58:06.0062 3036 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:58:06.0067 3036 LanmanWorkstation - ok
19:58:06.0099 3036 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
19:58:06.0100 3036 lenovo.smi - ok
19:58:06.0148 3036 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:58:06.0149 3036 lltdio - ok
19:58:06.0204 3036 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:58:06.0208 3036 lltdsvc - ok
19:58:06.0232 3036 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:58:06.0234 3036 lmhosts - ok
19:58:06.0318 3036 LMS (dfcdb6c952e0394a6d7e4efbcc916839) C:\Program Files\Intel\AMT\LMS.exe
19:58:06.0319 3036 LMS - ok
19:58:06.0358 3036 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:58:06.0359 3036 LSI_FC - ok
19:58:06.0376 3036 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:58:06.0378 3036 LSI_SAS - ok
19:58:06.0405 3036 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:58:06.0406 3036 LSI_SCSI - ok
19:58:06.0452 3036 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:58:06.0454 3036 luafv - ok
19:58:06.0509 3036 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:58:06.0510 3036 mdmxsdk - ok
19:58:06.0530 3036 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:58:06.0531 3036 megasas - ok
19:58:06.0576 3036 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:58:06.0578 3036 MMCSS - ok
19:58:06.0621 3036 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:58:06.0622 3036 Modem - ok
19:58:06.0677 3036 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:58:06.0677 3036 monitor - ok
19:58:06.0725 3036 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:58:06.0728 3036 mouclass - ok
19:58:06.0783 3036 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:58:06.0784 3036 mouhid - ok
19:58:06.0838 3036 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:58:06.0839 3036 MountMgr - ok
19:58:06.0866 3036 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:58:06.0868 3036 mpio - ok
19:58:06.0915 3036 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:58:06.0916 3036 mpsdrv - ok
19:58:06.0932 3036 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:58:06.0933 3036 Mraid35x - ok
19:58:06.0986 3036 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:58:06.0988 3036 MRxDAV - ok
19:58:07.0045 3036 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:58:07.0047 3036 mrxsmb - ok
19:58:07.0124 3036 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:58:07.0127 3036 mrxsmb10 - ok
19:58:07.0135 3036 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:58:07.0136 3036 mrxsmb20 - ok
19:58:07.0165 3036 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:58:07.0165 3036 msahci - ok
19:58:07.0191 3036 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:58:07.0193 3036 msdsm - ok
19:58:07.0244 3036 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:58:07.0248 3036 MSDTC - ok
19:58:07.0287 3036 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
19:58:07.0289 3036 MSDV - ok
19:58:07.0321 3036 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:58:07.0321 3036 Msfs - ok
19:58:07.0364 3036 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:58:07.0364 3036 msisadrv - ok
19:58:07.0415 3036 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:58:07.0418 3036 MSiSCSI - ok
19:58:07.0422 3036 msiserver - ok
19:58:07.0474 3036 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:58:07.0475 3036 MSKSSRV - ok
19:58:07.0496 3036 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:58:07.0497 3036 MSPCLOCK - ok
19:58:07.0540 3036 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:58:07.0540 3036 MSPQM - ok
19:58:07.0617 3036 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:58:07.0619 3036 MsRPC - ok
19:58:07.0637 3036 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:58:07.0638 3036 mssmbios - ok
19:58:07.0656 3036 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:58:07.0657 3036 MSTEE - ok
19:58:07.0710 3036 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:58:07.0711 3036 Mup - ok
19:58:07.0787 3036 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:58:07.0793 3036 napagent - ok
19:58:07.0849 3036 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:58:07.0852 3036 NativeWifiP - ok
19:58:07.0932 3036 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:58:07.0940 3036 NDIS - ok
19:58:07.0994 3036 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:58:07.0995 3036 NdisTapi - ok
19:58:08.0047 3036 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:58:08.0048 3036 Ndisuio - ok
19:58:08.0101 3036 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:58:08.0104 3036 NdisWan - ok
19:58:08.0166 3036 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:58:08.0167 3036 NDProxy - ok
19:58:08.0234 3036 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
19:58:08.0236 3036 Net Driver HPZ12 - ok
19:58:08.0247 3036 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:58:08.0248 3036 NetBIOS - ok
19:58:08.0298 3036 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:58:08.0301 3036 netbt - ok
19:58:08.0353 3036 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:58:08.0354 3036 Netlogon - ok
19:58:08.0414 3036 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:58:08.0420 3036 Netman - ok
19:58:08.0482 3036 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:58:08.0488 3036 netprofm - ok
19:58:08.0587 3036 netr28u (f6ec945abd884b285e3e7bcaf899eadb) C:\Windows\system32\DRIVERS\netr28u.sys
19:58:08.0602 3036 netr28u - ok
19:58:08.0714 3036 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:58:08.0716 3036 NetTcpPortSharing - ok
19:58:08.0782 3036 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:58:08.0783 3036 nfrd960 - ok
19:58:08.0839 3036 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:58:08.0843 3036 NlaSvc - ok
19:58:08.0876 3036 NOWMEMDF (22eddbd0b31562a7633c370013471774) C:\Windows\system32\NOWMEMDF.sys
19:58:08.0879 3036 NOWMEMDF - ok
19:58:08.0930 3036 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:58:08.0931 3036 Npfs - ok
19:58:08.0990 3036 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:58:08.0992 3036 nsi - ok
19:58:09.0014 3036 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:58:09.0015 3036 nsiproxy - ok
19:58:09.0130 3036 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:58:09.0147 3036 Ntfs - ok
19:58:09.0171 3036 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:58:09.0172 3036 ntrigdigi - ok
19:58:09.0187 3036 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:58:09.0188 3036 Null - ok
19:58:09.0213 3036 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:58:09.0215 3036 nvraid - ok
19:58:09.0231 3036 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:58:09.0233 3036 nvstor - ok
19:58:09.0261 3036 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:58:09.0264 3036 nv_agp - ok
19:58:09.0267 3036 NwlnkFlt - ok
19:58:09.0272 3036 NwlnkFwd - ok
19:58:09.0435 3036 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:58:09.0442 3036 odserv - ok
19:58:09.0490 3036 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:58:09.0491 3036 ohci1394 - ok
19:58:09.0541 3036 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:58:09.0544 3036 ose - ok
19:58:09.0638 3036 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:58:09.0650 3036 p2pimsvc - ok
19:58:09.0657 3036 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:58:09.0662 3036 p2psvc - ok
19:58:09.0714 3036 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
19:58:09.0716 3036 Parport - ok
19:58:09.0774 3036 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:58:09.0775 3036 partmgr - ok
19:58:09.0810 3036 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
19:58:09.0811 3036 Parvdm - ok
19:58:09.0867 3036 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:58:09.0869 3036 PcaSvc - ok
19:58:09.0927 3036 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:58:09.0929 3036 pci - ok
19:58:09.0936 3036 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:58:09.0937 3036 pciide - ok
19:58:10.0004 3036 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
19:58:10.0007 3036 pcmcia - ok
19:58:10.0097 3036 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:58:10.0112 3036 PEAUTH - ok
19:58:10.0259 3036 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:58:10.0285 3036 pla - ok
19:58:10.0459 3036 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:58:10.0465 3036 PlugPlay - ok
19:58:10.0642 3036 PMBDeviceInfoProvider (3072137896bfccf4b190d248f583b48e) C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
19:58:10.0645 3036 PMBDeviceInfoProvider - ok
19:58:10.0723 3036 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
19:58:10.0725 3036 Pml Driver HPZ12 - ok
19:58:10.0815 3036 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:58:10.0820 3036 PNRPAutoReg - ok
19:58:10.0844 3036 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:58:10.0849 3036 PNRPsvc - ok
19:58:10.0911 3036 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:58:10.0918 3036 PolicyAgent - ok
19:58:11.0037 3036 Power Manager DBC Service (4b38479a103b08832cdfad43994d268d) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
19:58:11.0038 3036 Power Manager DBC Service - ok
19:58:11.0112 3036 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:58:11.0113 3036 PptpMiniport - ok
19:58:11.0144 3036 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:58:11.0145 3036 Processor - ok
19:58:11.0194 3036 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:58:11.0198 3036 ProfSvc - ok
19:58:11.0241 3036 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:58:11.0243 3036 ProtectedStorage - ok
19:58:11.0294 3036 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\Windows\system32\DRIVERS\psadd.sys
19:58:11.0294 3036 psadd - ok
19:58:11.0348 3036 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:58:11.0349 3036 PSched - ok
19:58:11.0441 3036 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:58:11.0456 3036 ql2300 - ok
19:58:11.0516 3036 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:58:11.0519 3036 ql40xx - ok
19:58:11.0579 3036 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:58:11.0585 3036 QWAVE - ok
19:58:11.0641 3036 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:58:11.0642 3036 QWAVEdrv - ok
19:58:11.0722 3036 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
19:58:11.0723 3036 RapiMgr - ok
19:58:11.0783 3036 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:58:11.0784 3036 RasAcd - ok
19:58:11.0838 3036 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:58:11.0842 3036 RasAuto - ok
19:58:11.0896 3036 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:58:11.0898 3036 Rasl2tp - ok
19:58:11.0962 3036 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:58:11.0968 3036 RasMan - ok
19:58:12.0009 3036 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:58:12.0011 3036 RasPppoe - ok
19:58:12.0066 3036 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:58:12.0068 3036 RasSstp - ok
19:58:12.0135 3036 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:58:12.0139 3036 rdbss - ok
19:58:12.0191 3036 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:58:12.0192 3036 RDPCDD - ok
19:58:12.0221 3036 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
19:58:12.0227 3036 rdpdr - ok
19:58:12.0231 3036 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:58:12.0232 3036 RDPENCDD - ok
19:58:12.0308 3036 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:58:12.0312 3036 RDPWD - ok
19:58:12.0362 3036 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:58:12.0365 3036 RemoteAccess - ok
19:58:12.0427 3036 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:58:12.0431 3036 RemoteRegistry - ok
19:58:12.0484 3036 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:58:12.0486 3036 RpcLocator - ok
19:58:12.0569 3036 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:58:12.0574 3036 RpcSs - ok
19:58:12.0620 3036 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:58:12.0622 3036 rspndr - ok
19:58:12.0653 3036 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:58:12.0654 3036 SamSs - ok
19:58:12.0702 3036 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:58:12.0704 3036 sbp2port - ok
19:58:12.0753 3036 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:58:12.0756 3036 SCardSvr - ok
19:58:12.0838 3036 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:58:12.0850 3036 Schedule - ok
19:58:12.0862 3036 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:58:12.0863 3036 SCPolicySvc - ok
19:58:12.0919 3036 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:58:12.0922 3036 SDRSVC - ok
19:58:12.0937 3036 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:58:12.0938 3036 secdrv - ok
19:58:12.0986 3036 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:58:12.0988 3036 seclogon - ok
19:58:13.0005 3036 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:58:13.0007 3036 SENS - ok
19:58:13.0031 3036 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:58:13.0032 3036 Serenum - ok
19:58:13.0066 3036 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:58:13.0068 3036 Serial - ok
19:58:13.0114 3036 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:58:13.0115 3036 sermouse - ok
19:58:13.0178 3036 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:58:13.0182 3036 SessionEnv - ok
19:58:13.0217 3036 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:58:13.0218 3036 sffdisk - ok
19:58:13.0229 3036 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:58:13.0230 3036 sffp_mmc - ok
19:58:13.0255 3036 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:58:13.0256 3036 sffp_sd - ok
19:58:13.0272 3036 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:58:13.0273 3036 sfloppy - ok
19:58:13.0367 3036 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:58:13.0373 3036 ShellHWDetection - ok
19:58:13.0421 3036 Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
19:58:13.0421 3036 Shockprf - ok
19:58:13.0553 3036 SinforSP (aa64d6b6862222440d6679f888c4c8de) C:\Program Files\Sinfor\SSL\Promote\SinforPromoteService.exe
19:58:13.0553 3036 SinforSP - ok
19:58:13.0590 3036 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:58:13.0592 3036 sisagp - ok
19:58:13.0646 3036 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:58:13.0647 3036 SiSRaid2 - ok
19:58:13.0667 3036 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:58:13.0669 3036 SiSRaid4 - ok
19:58:13.0919 3036 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:58:13.0976 3036 slsvc - ok
19:58:14.0121 3036 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:58:14.0124 3036 SLUINotify - ok
19:58:14.0193 3036 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:58:14.0194 3036 Smb - ok
19:58:14.0251 3036 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:58:14.0253 3036 SNMPTRAP - ok
19:58:15.0064 3036 SNP2STD (6426e28531423b9b088892c176de1b29) C:\Windows\system32\DRIVERS\snp2sxp.sys
19:58:15.0366 3036 SNP2STD - ok
19:58:16.0135 3036 SNP2UVC (537cd54295cdbcc4dcffe95e234387ae) C:\Windows\system32\DRIVERS\snp2uvc.sys
19:58:16.0187 3036 SNP2UVC - ok
19:58:16.0363 3036 SplashtopRemoteService (5fa669007bd7874fbb70199211fff64d) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
19:58:16.0366 3036 SplashtopRemoteService - ok
19:58:16.0518 3036 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:58:16.0519 3036 spldr - ok
19:58:16.0596 3036 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:58:16.0600 3036 Spooler - ok
19:58:16.0678 3036 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
19:58:16.0678 3036 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
19:58:16.0680 3036 sptd ( LockedFile.Multi.Generic ) - warning
19:58:16.0680 3036 sptd - detected LockedFile.Multi.Generic (1)
19:58:16.0755 3036 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:58:16.0760 3036 srv - ok
19:58:16.0821 3036 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:58:16.0824 3036 srv2 - ok
19:58:16.0842 3036 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:58:16.0844 3036 srvnet - ok
19:58:16.0906 3036 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:58:16.0911 3036 SSDPSRV - ok
19:58:16.0968 3036 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:58:16.0971 3036 SstpSvc - ok
19:58:17.0147 3036 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
19:58:17.0149 3036 SSUService - ok
19:58:17.0234 3036 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:58:17.0246 3036 stisvc - ok
19:58:17.0297 3036 SUService (b384a999c5326ba7bc940347a26fc0b9) C:\Program Files\Lenovo\System Update\SUService.exe
19:58:17.0298 3036 SUService - ok
19:58:17.0374 3036 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:58:17.0375 3036 swenum - ok
19:58:17.0450 3036 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:58:17.0457 3036 swprv - ok
19:58:17.0499 3036 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:58:17.0500 3036 Symc8xx - ok
19:58:17.0525 3036 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:58:17.0526 3036 Sym_hi - ok
19:58:17.0544 3036 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:58:17.0546 3036 Sym_u3 - ok
19:58:17.0631 3036 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:58:17.0642 3036 SysMain - ok
19:58:17.0700 3036 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:58:17.0704 3036 TabletInputService - ok
19:58:17.0761 3036 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:58:17.0767 3036 TapiSrv - ok
19:58:17.0815 3036 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:58:17.0818 3036 TBS - ok
19:58:17.0981 3036 tcphoc (0cd55b06c9ee7b73098671929f7c5fe9) C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.4.2104_1\Program\tcphoc.sys
19:58:17.0982 3036 tcphoc - ok
19:58:18.0099 3036 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:58:18.0105 3036 Tcpip - ok
19:58:18.0114 3036 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:58:18.0120 3036 Tcpip6 - ok
19:58:18.0191 3036 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:58:18.0192 3036 tcpipreg - ok
19:58:18.0244 3036 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:58:18.0245 3036 TDPIPE - ok
19:58:18.0269 3036 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:58:18.0270 3036 TDTCP - ok
19:58:18.0321 3036 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:58:18.0322 3036 tdx - ok
19:58:18.0384 3036 TeamViewer4 (6e2f2ecc80e2ab1c56a6b363ae74a735) C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
19:58:18.0387 3036 TeamViewer4 - ok
19:58:18.0449 3036 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:58:18.0450 3036 TermDD - ok
19:58:18.0530 3036 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:58:18.0539 3036 TermService - ok
19:58:18.0600 3036 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:58:18.0603 3036 Themes - ok
19:58:18.0692 3036 ThinkVantage Registry Monitor Service (9626746a9b120d2ed537dd8d76278405) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
19:58:18.0702 3036 ThinkVantage Registry Monitor Service - ok
19:58:18.0753 3036 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:58:18.0755 3036 THREADORDER - ok
19:58:18.0819 3036 TlntSvr (5e1bc006cb4a26507d4512795cf08373) C:\Windows\System32\tlntsvr.exe
19:58:18.0822 3036 TlntSvr - ok
19:58:18.0881 3036 TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
19:58:18.0882 3036 TPDIGIMN - ok
19:58:18.0911 3036 TPHDEXLGSVC (51b679f627a43a25ef9444ad23bbff9a) C:\Windows\system32\TPHDEXLG.exe
19:58:18.0913 3036 TPHDEXLGSVC - ok
19:58:18.0986 3036 TPHKSVC (576b670378253341b2041cb042bb753c) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
19:58:18.0987 3036 TPHKSVC - ok
19:58:19.0037 3036 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
19:58:19.0039 3036 TPM - ok
19:58:19.0084 3036 TPPWRIF (1bd5719ef160e0ab739cd0ff3ba5e298) C:\Windows\system32\drivers\Tppwr32v.sys
19:58:19.0085 3036 TPPWRIF - ok
19:58:19.0133 3036 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:58:19.0136 3036 TrkWks - ok
19:58:19.0208 3036 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:58:19.0209 3036 TrustedInstaller - ok
19:58:19.0254 3036 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:58:19.0255 3036 tssecsrv - ok
19:58:19.0281 3036 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:58:19.0282 3036 tunmp - ok
19:58:19.0329 3036 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:58:19.0330 3036 tunnel - ok
19:58:19.0458 3036 TVT Scheduler (e9ea448f1174be4052416b62263ea4ee) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
19:58:19.0478 3036 TVT Scheduler - ok
19:58:19.0510 3036 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:58:19.0511 3036 uagp35 - ok
19:58:19.0577 3036 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:58:19.0581 3036 udfs - ok
19:58:19.0624 3036 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:58:19.0627 3036 UI0Detect - ok
19:58:19.0652 3036 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:58:19.0654 3036 uliagpkx - ok
19:58:19.0694 3036 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:58:19.0698 3036 uliahci - ok
19:58:19.0744 3036 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:58:19.0746 3036 UlSata - ok
19:58:19.0773 3036 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:58:19.0776 3036 ulsata2 - ok
19:58:19.0829 3036 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:58:19.0830 3036 umbus - ok
19:58:19.0888 3036 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
19:58:19.0893 3036 UmRdpService - ok
19:58:20.0116 3036 UNS (a056ec8654cc5e767be552c4e38c08ac) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
19:58:20.0149 3036 UNS - ok
19:58:20.0309 3036 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:58:20.0315 3036 upnphost - ok
19:58:20.0372 3036 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
19:58:20.0374 3036 USBAAPL - ok
19:58:20.0411 3036 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:58:20.0413 3036 usbaudio - ok
19:58:20.0465 3036 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:58:20.0467 3036 usbccgp - ok
19:58:20.0516 3036 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:58:20.0518 3036 usbcir - ok
19:58:20.0575 3036 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:58:20.0577 3036 usbehci - ok
19:58:20.0639 3036 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:58:20.0642 3036 usbhub - ok
19:58:20.0660 3036 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:58:20.0661 3036 usbohci - ok
19:58:20.0679 3036 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:58:20.0680 3036 usbprint - ok
19:58:20.0719 3036 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:58:20.0720 3036 usbscan - ok
19:58:20.0748 3036 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:58:20.0749 3036 USBSTOR - ok
19:58:20.0803 3036 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:58:20.0805 3036 usbuhci - ok
19:58:20.0859 3036 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:58:20.0862 3036 usbvideo - ok
19:58:20.0903 3036 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
19:58:20.0904 3036 usb_rndisx - ok
19:58:20.0953 3036 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:58:20.0955 3036 UxSms - ok
19:58:21.0033 3036 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:58:21.0042 3036 vds - ok
19:58:21.0072 3036 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:58:21.0073 3036 vga - ok
19:58:21.0119 3036 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:58:21.0121 3036 VgaSave - ok
19:58:21.0148 3036 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:58:21.0150 3036 viaagp - ok
19:58:21.0169 3036 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:58:21.0170 3036 ViaC7 - ok
19:58:21.0185 3036 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:58:21.0187 3036 viaide - ok
19:58:21.0226 3036 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:58:21.0227 3036 volmgr - ok
19:58:21.0297 3036 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:58:21.0301 3036 volmgrx - ok
19:58:21.0368 3036 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:58:21.0372 3036 volsnap - ok
19:58:21.0409 3036 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:58:21.0412 3036 vsmraid - ok
19:58:21.0536 3036 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:58:21.0544 3036 VSS - ok
19:58:21.0633 3036 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:58:21.0640 3036 W32Time - ok
19:58:21.0707 3036 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:58:21.0708 3036 WacomPen - ok
19:58:21.0755 3036 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:21.0757 3036 Wanarp - ok
19:58:21.0760 3036 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:58:21.0761 3036 Wanarpv6 - ok
19:58:21.0862 3036 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
19:58:21.0879 3036 wbengine - ok
19:58:22.0012 3036 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
19:58:22.0018 3036 WcesComm - ok
19:58:22.0155 3036 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:58:22.0165 3036 wcncsvc - ok
19:58:22.0191 3036 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:58:22.0194 3036 WcsPlugInService - ok
19:58:22.0248 3036 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:58:22.0250 3036 Wd - ok
19:58:22.0326 3036 Wdf01000 (77d80469dd64dfddf3f2b881c68dcbe1) C:\Windows\system32\drivers\Wdf01000.sys
19:58:22.0333 3036 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 77d80469dd64dfddf3f2b881c68dcbe1, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
19:58:22.0335 3036 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
19:58:22.0335 3036 Wdf01000 - detected Virus.Win32.Rloader.a (0)
19:58:22.0395 3036 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:58:22.0398 3036 WdiServiceHost - ok
19:58:22.0401 3036 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:58:22.0404 3036 WdiSystemHost - ok
19:58:22.0476 3036 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:58:22.0481 3036 WebClient - ok
19:58:22.0536 3036 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
19:58:22.0540 3036 Wecsvc - ok
19:58:22.0593 3036 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:58:22.0596 3036 wercplsupport - ok
19:58:22.0645 3036 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:58:22.0649 3036 WerSvc - ok
19:58:22.0729 3036 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:58:22.0741 3036 winachsf - ok
19:58:22.0747 3036 WinHttpAutoProxySvc - ok
19:58:22.0829 3036 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:58:22.0830 3036 Winmgmt - ok
19:58:22.0929 3036 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
19:58:22.0943 3036 WinRM - ok
19:58:23.0060 3036 winusb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\winusb.sys
19:58:23.0062 3036 winusb - ok
19:58:23.0139 3036 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:58:23.0149 3036 Wlansvc - ok
19:58:23.0373 3036 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:58:23.0398 3036 wlidsvc - ok
19:58:23.0569 3036 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:58:23.0570 3036 WmiAcpi - ok
19:58:23.0651 3036 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:58:23.0653 3036 wmiApSrv - ok
19:58:23.0792 3036 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:58:23.0807 3036 WMPNetworkSvc - ok
19:58:23.0864 3036 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
19:58:23.0868 3036 WPDBusEnum - ok
19:58:23.0977 3036 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
19:58:23.0979 3036 WpdUsb - ok
19:58:24.0019 3036 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:58:24.0020 3036 ws2ifsl - ok
19:58:24.0025 3036 WSearch - ok
19:58:24.0080 3036 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:58:24.0082 3036 WUDFRd - ok
19:58:24.0129 3036 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:58:24.0132 3036 wudfsvc - ok
19:58:24.0167 3036 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
19:58:24.0168 3036 XAudio - ok
19:58:24.0218 3036 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
19:58:24.0225 3036 XAudioService - ok
19:58:24.0399 3036 XLDoctor Services (8948a24540203c38ecdd00ffe07b08bc) C:\Program Files\Thunder Network\Thunder\Program\DctSer.exe
19:58:24.0400 3036 XLDoctor Services - ok
19:58:24.0539 3036 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
19:58:24.0541 3036 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
19:58:24.0580 3036 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:58:24.0902 3036 \Device\Harddisk0\DR0 - ok
19:58:24.0906 3036 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR1
19:58:25.0339 3036 \Device\Harddisk1\DR1 - ok
19:58:25.0343 3036 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
19:58:25.0791 3036 \Device\Harddisk2\DR2 - ok
19:58:30.0781 3036 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
19:58:30.0921 3036 \Device\Harddisk3\DR3 - ok
19:58:30.0924 3036 Boot (0x1200) (c26c7145b4b630b61eb93b853933aa87) \Device\Harddisk0\DR0\Partition0
19:58:30.0926 3036 \Device\Harddisk0\DR0\Partition0 - ok
19:58:30.0930 3036 Boot (0x1200) (0e57ed47a944f6e845f18c6427756771) \Device\Harddisk1\DR1\Partition0
19:58:30.0931 3036 \Device\Harddisk1\DR1\Partition0 - ok
19:58:30.0935 3036 Boot (0x1200) (de0f5cebebde1ec05b1893cf69f69ffd) \Device\Harddisk2\DR2\Partition0
19:58:30.0939 3036 \Device\Harddisk2\DR2\Partition0 - ok
19:58:30.0942 3036 Boot (0x1200) (bc8f50932d9c05942c2bd9922fecb6c6) \Device\Harddisk3\DR3\Partition0
19:58:30.0945 3036 \Device\Harddisk3\DR3\Partition0 - ok
19:58:30.0945 3036 ============================================================
19:58:30.0945 3036 Scan finished
19:58:30.0945 3036 ============================================================
19:58:30.0955 1892 Detected object count: 2
19:58:30.0955 1892 Actual detected object count: 2
19:59:13.0970 1892 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:59:13.0970 1892 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:59:14.0157 1892 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
19:59:18.0773 1892 Backup copy not found, trying to cure infected file..
19:59:18.0776 1892 Cure success, using it..
19:59:18.0830 1892 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
19:59:18.0830 1892 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure

#6 spunky2008

spunky2008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 19 July 2012 - 10:22 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-19 20:01:41
-----------------------------
20:01:41.408 OS Version: Windows 6.0.6002 Service Pack 2
20:01:41.408 Number of processors: 2 586 0x1706
20:01:41.409 ComputerName: LU-PC UserName: lu
20:01:42.174 Initialize success
20:02:34.212 AVAST engine defs: 12071902
20:02:36.339 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:02:36.341 Disk 0 Vendor: HITACHI_ FB1Z Size: 76319MB BusType: 3
20:02:36.413 Disk 0 MBR read successfully
20:02:36.415 Disk 0 MBR scan
20:02:36.430 Disk 0 Windows VISTA default MBR code
20:02:36.440 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 2048
20:02:36.445 Disk 0 scanning sectors +156299264
20:02:36.518 Disk 0 scanning C:\Windows\system32\drivers
20:02:53.399 Service scanning
20:03:24.366 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:03:33.038 Service Wdf01000 C:\Windows\system32\drivers\tskBFA0.tmp **LOCKED** 32
20:03:36.875 Modules scanning
20:04:10.927 Disk 0 trace - called modules:
20:04:11.285 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys >>UNKNOWN [0x88038f91]<<
20:04:11.290 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8717cac8]
20:04:11.296 3 CLASSPNP.SYS[8a9cf8b3] -> nt!IofCallDriver -> [0x86bda268]
20:04:11.301 5 acpi.sys[837b86bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x857d1028]
20:04:12.340 AVAST engine scan C:\Windows
20:04:20.089 AVAST engine scan C:\Windows\system32
20:09:35.297 AVAST engine scan C:\Windows\system32\drivers
20:10:12.651 AVAST engine scan C:\Users\lu
20:18:27.045 File: C:\Users\lu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5ad67229-1f71cee1 **INFECTED** Win32:Downloader-PNU [Trj]
20:21:58.416 Disk 0 MBR has been saved successfully to "C:\Users\lu\Downloads\MBR.dat"
20:21:58.422 The log file has been saved successfully to "C:\Users\lu\Downloads\aswMBR.txt"

#7 spunky2008

spunky2008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 19 July 2012 - 11:47 PM

ESET online scanner...

C:\TDSSKiller_Quarantine\19.07.2012_19.57.16\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan deleted - quarantined
C:\Users\lu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5ad67229-1f71cee1 Win32/TrojanDownloader.Vespula.AY trojan cleaned by deleting - quarantined
C:\Users\lu\Downloads\eg30auto\eg30auto\copy2tmp\zergrush Android/Exploit.Lotoor.AR trojan cleaned by deleting - quarantined
C:\Windows\FixCamera.exe a variant of Win32/KillProc.A application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O59UDM7D\action[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O59UDM7D\action[2].htm HTML/ScrInject.B.Gen virus deleted - quarantined
H:\Temp\VideoToMp3Setup.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
H:\Temp\CoreCodec.CoreAVC.Professional.Edition.v2.0.0.0.Incl.Keygen-HERiTAGE\KeyGen\KeyGen.exe probably a variant of Win32/Agent.IWQEPAO trojan cleaned by deleting - quarantined
H:\tp_backup\Downloads\MsgPlusLive-450.exe a variant of Win32/Adware.CiDHelp application cleaned by deleting - quarantined

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:11 AM

Posted 19 July 2012 - 11:49 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Create a restore point before trying this

Download

adware cleaner

Launch it click on Delete

post the generated log

#9 spunky2008

spunky2008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 20 July 2012 - 12:19 AM

Hi, Narenxp,

Thank you so much for the help.
Actually after install and run the 3 software you mentioned in the previous post and then reboot, I can now connect to www.google.com and ping it without any problem.
It seems to me so far only windows defender stops working, when I double-click on it, an error window pops up with this
"Windows Defender
Application failed to initialize: 0x80070006. The handle is invalid.
"

Will the 3 software you post here solve this issue?

Thanks again!

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:11 AM

Posted 20 July 2012 - 12:22 AM

Post the logs :thumbup2:

Lets check one by one

Edited by narenxp, 20 July 2012 - 12:26 AM.


#11 spunky2008

spunky2008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 20 July 2012 - 01:13 PM

MiniToolBox by Farbar Version: 15-07-2012
Ran by lu (administrator) on 20-07-2012 at 11:01:12
Microsoft? Windows Vista? Business Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 2 (Disconnected)
Intel® 82567LM Gigabit Network Connection = Local Area Connection (Connected)
11b/g Wireless LAN Mini PCI Express Adapter III = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
add address name="Local Area Connection 2" address=0.0.0.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : lu-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : san.rr.com

Ethernet adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physical Address. . . . . . . . . : 00-FF-98-FC-18-88
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 11b/g Wireless LAN Mini PCI Express Adapter III
Physical Address. . . . . . . . . : 00-23-4D-DB-1B-2F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : san.rr.com
Description . . . . . . . . . . . : Intel® 82567LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1C-25-97-82-43
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f093:ea14:9cb6:1dc8%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, July 20, 2012 1:26:13 AM
Lease Expires . . . . . . . . . . : Saturday, July 21, 2012 1:26:12 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 167779365
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-AD-B7-DD-00-1C-25-97-82-43
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C793BACF-A457-419F-AFA0-C37C356B5578}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C793BACF-A457-419F-AFA0-C37C356B5578}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{EA828C73-791F-482A-947C-D848804DD398}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{9EC279A0-C8FB-4B18-9382-5547FD881FD5}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C793BACF-A457-419F-AFA0-C37C356B5578}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C793BACF-A457-419F-AFA0-C37C356B5578}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 27:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.san.rr.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2001:4860:4007:801::1006
74.125.224.226
74.125.224.227
74.125.224.228
74.125.224.229
74.125.224.230
74.125.224.231
74.125.224.232
74.125.224.233
74.125.224.238
74.125.224.224
74.125.224.225



Pinging google.com [74.125.224.197] with 32 bytes of data:

Reply from 74.125.224.197: bytes=32 time=33ms TTL=54

Reply from 74.125.224.197: bytes=32 time=107ms TTL=54



Ping statistics for 74.125.224.197:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 107ms, Average = 70ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=223ms TTL=50

Reply from 209.191.122.70: bytes=32 time=111ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 111ms, Maximum = 223ms, Average = 167ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
28 ...00 ff 98 fc 18 88 ...... Juniper Network Connect Virtual Adapter
10 ...00 23 4d db 1b 2f ...... 11b/g Wireless LAN Mini PCI Express Adapter III
8 ...00 1c 25 97 82 43 ...... Intel® 82567LM Gigabit Network Connection
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
19 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21 ...00 00 00 00 00 00 00 e0 isatap.{C793BACF-A457-419F-AFA0-C37C356B5578}
29 ...00 00 00 00 00 00 00 e0 isatap.{C793BACF-A457-419F-AFA0-C37C356B5578}
34 ...00 00 00 00 00 00 00 e0 isatap.{EA828C73-791F-482A-947C-D848804DD398}
20 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
37 ...00 00 00 00 00 00 00 e0 isatap.{9EC279A0-C8FB-4B18-9382-5547FD881FD5}
30 ...00 00 00 00 00 00 00 e0 isatap.{C793BACF-A457-419F-AFA0-C37C356B5578}
31 ...00 00 00 00 00 00 00 e0 isatap.{C793BACF-A457-419F-AFA0-C37C356B5578}
38 ...00 00 00 00 00 00 00 e0 isatap.san.rr.com
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.11 276
192.168.1.11 255.255.255.255 On-link 192.168.1.11 276
192.168.1.255 255.255.255.255 On-link 192.168.1.11 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.11 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.11 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
8 276 fe80::/64 On-link
8 276 fe80::f093:ea14:9cb6:1dc8/128
On-link
1 306 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Program Files\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll [746824] (Sinfor)
Catalog5 02 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll [746824] (Sinfor)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll [583064] ()
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Program Files\Sinfor\SSL\ClientComponent\ProxyIE.dll [583064] ()
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/20/2012 10:34:21 AM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (07/20/2012 10:32:20 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/20/2012 10:32:17 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/20/2012 10:32:04 AM) (Source: ESENT) (User: )
Description: WinMail (4944) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (07/20/2012 10:31:03 AM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 6.0.6002.18294, time stamp 0x4c6a9898, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000374, fault offset 0x000b06b7,
process id 0x130c, application start time 0xspoolsv.exe0.

Error: (07/20/2012 10:29:23 AM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 6.0.6002.18294, time stamp 0x4c6a9898, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000374, fault offset 0x000b06b7,
process id 0x1680, application start time 0xspoolsv.exe0.

Error: (07/20/2012 10:29:05 AM) (Source: Application Error) (User: )
Description: Faulting application SRFeature.exe, version 1.0.0.24479, time stamp 0x4fdae6d8, faulting module SRFeature.exe, version 1.0.0.24479, time stamp 0x4fdae6d8, exception code 0xc0000005, fault offset 0x00028150,
process id 0x388, application start time 0xSRFeature.exe0.

Error: (07/20/2012 10:20:32 AM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 6.0.6002.18294, time stamp 0x4c6a9898, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000374, fault offset 0x000b06b7,
process id 0x774, application start time 0xspoolsv.exe0.

Error: (07/20/2012 01:37:09 AM) (Source: Windows Search Service) (User: )
Description: Notifications for the volume f:\ are not active.

Context: Windows Application

Details:
The device is not ready. (0x80070015)

Error: (07/19/2012 08:24:07 PM) (Source: Application Hang) (User: )
Description: The program KMPlayer.exe version 2.9.4.1434 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 12c8
Start Time: 01cd6627109801e9
Termination Time: 4


System errors:
=============
Error: (07/20/2012 10:35:08 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (07/20/2012 10:33:08 AM) (Source: Service Control Manager) (User: )
Description: 30000SplashtopRemoteService

Error: (07/20/2012 10:32:38 AM) (Source: Service Control Manager) (User: )
Description: 30000SplashtopRemoteService

Error: (07/20/2012 10:32:08 AM) (Source: Service Control Manager) (User: )
Description: 30000SplashtopRemoteService

Error: (07/20/2012 10:31:38 AM) (Source: Service Control Manager) (User: )
Description: 30000SplashtopRemoteService

Error: (07/20/2012 10:31:10 AM) (Source: UmrdpService) (User: )
Description: The printer Microsoft XPS Document Writer (redirected 1) could not be deleted.

Error: (07/20/2012 10:31:10 AM) (Source: UmrdpService) (User: )
Description: The printer Adobe PDF (redirected 1/copy 1) could not be deleted.

Error: (07/20/2012 10:31:10 AM) (Source: UmrdpService) (User: )
Description: The printer Adobe PDF (redirected 1/copy 1) could not be deleted.

Error: (07/20/2012 10:31:08 AM) (Source: Service Control Manager) (User: )
Description: 30000SplashtopRemoteService

Error: (07/20/2012 10:31:06 AM) (Source: Service Control Manager) (User: )
Description: Print Spooler3


Microsoft Office Sessions:
=========================
Error: (08/21/2011 02:20:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/06/2009 11:14:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 4.1.1)
Adobe Acrobat 9.4.0 Pro-(aaplayboy精简) (Version: 9.4.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.3.127)
ASUS WebStorage Sync Agent (Version: 1.1.2.97)
ATI Catalyst Install Manager (Version: 3.0.685.0)
ATI Uninstaller (Version: 8.52.4.4-080919a-069896C-Lenovo)
Bing Bar (Version: 7.1.361.0)
Bonjour (Version: 2.0.4.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0919.135.819)
Catalyst Control Center Graphics Full Existing (Version: 2008.0919.135.819)
Catalyst Control Center Graphics Full New (Version: 2008.0919.135.819)
Catalyst Control Center Graphics Light (Version: 2008.0919.135.819)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0919.135.819)
Catalyst Control Center InstallProxy (Version: 2008.0919.135.819)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0919.135.819)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0919.135.819)
Catalyst Control Center Localization Dutch (Version: 2008.0919.135.819)
Catalyst Control Center Localization French (Version: 2008.0919.135.819)
Catalyst Control Center Localization German (Version: 2008.0919.135.819)
Catalyst Control Center Localization Italian (Version: 2008.0919.135.819)
Catalyst Control Center Localization Japanese (Version: 2008.0919.135.819)
Catalyst Control Center Localization Korean (Version: 2008.0919.135.819)
Catalyst Control Center Localization Portuguese (Version: 2008.0919.135.819)
Catalyst Control Center Localization Spanish (Version: 2008.0919.135.819)
Catalyst Control Center Localization Swedish (Version: 2008.0919.135.819)
ccc-core-static (Version: 2008.0919.135.819)
ccc-utility (Version: 2008.0919.135.819)
CCC Help Chinese Standard (Version: 2008.0919.0134.819)
CCC Help Chinese Traditional (Version: 2008.0919.0134.819)
CCC Help Dutch (Version: 2008.0919.0134.819)
CCC Help English (Version: 2008.0919.0134.819)
CCC Help French (Version: 2008.0919.0134.819)
CCC Help German (Version: 2008.0919.0134.819)
CCC Help Italian (Version: 2008.0919.0134.819)
CCC Help Japanese (Version: 2008.0919.0134.819)
CCC Help Korean (Version: 2008.0919.0134.819)
CCC Help Portuguese (Version: 2008.0919.0134.819)
CCC Help Spanish (Version: 2008.0919.0134.819)
CCC Help Swedish (Version: 2008.0919.0134.819)
Cisco Connect (Version: 1.3.11069.2)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
CompanionLink (Version: 5.00.5000)
Conexant HD Audio (Version: 4.56.0.50)
Coupon Printer for Windows (Version: 4.0)
CSMX AVI lossless video codec (Remove Only)
CU VPN Client 5.0.04.0300 (Version: 5.0.4)
CyberLink PowerDVD 10 (Version: 10.0.2429.51)
DNE Update (Version: 3.22.2.17965)
easyMule
ENVISION V-CAM (Version: 5.7.19.101)
ESET Online Scanner v3
Google Talk Plugin (Version: 3.2.4.8431)
Help Center (Version: 2.00h)
Integrated Camera (Version: 5.8.8.012)
Intel® Management Engine Interface
Intel® Network Connections Drivers
Intel? Active Management Technology
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
jTTS 5.0 Desktop (Version: 5.0)
Juniper Networks Network Connect 6.5.0 (Version: 6.5.0.15255)
Juniper Networks Network Connect 7.1.0 (Version: 7.1.0.18193)
Juniper Networks, Inc. Setup Client (Version: 7.1.2.10059)
Junk Mail filter update (Version: 14.0.8089.726)
Lenovo System Interface Driver (Version: 1.01)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Message Center Plus (Version: 2.0.0012.00)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office IME (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Chinese (Simplified)) 2007 (Version: 12.0.4518.1016)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MP3剪切器 2.6
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 8 Lite 8.3.6.0 (Version: 8.3.6.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
On Screen Display (Version: 5.12.00)
OneTouch Version 3.0 (Version: Version 3.0)
PlayMemories Home (Version: 6.3.00.04221)
PowerWord2009 Oxford (Version: 2009.05.25.3.272)
PPS影音 V2.7.0.1236 正式版 (Version: 2.7.0.1236)
PPTV网络电视 V2.6.3.0006 (Version: 2.6.3.0006)
Productivity Center Supplement for ThinkPad (Version: 3.00b)
PX Profile Update (Version: 1.00.1.)
QuickTime (Version: 7.69.80.9)
Registry patch for Windows Vista USB S3 PM Enablement (Version: 1.00)
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista (Version: 1.01)
Registry patch to improve USB device detection on resume from sleep for Windows Vista (Version: 1.01.0000)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2360.0)
Skins (Version: 2008.0919.135.819)
Skype™ 4.0 (Version: 4.0.215)
Splashtop Streamer (Version: 2.0.0.4)
System Update (Version: 3.14.0017)
TeamViewer 4
The KMPlayer (remove only)
ThinkPad EasyEject Utility (Version: 2.36)
ThinkPad FullScreen Magnifier (Version: 2.02)
ThinkPad Modem Adapter (Version: 7.73.00)
ThinkPad Power Management Driver (Version: 1.51)
ThinkPad Power Manager (Version: 2.36)
Thinkpad Wireless LAN Adapters Software (11a/b/g/n) (Version: 7.6.0.96f)
ThinkVantage Access Connections (Version: 5.02)
ThinkVantage Active Protection System (Version: 1.61)
ThinkVantage Productivity Center (Version: 3.00b)
UltraEdit-32 (Version: 11.00b)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
uTorrentControl2 Toolbar (Version: 6.8.9.0)
Vista Codec Package (Version: 6.0.0)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
WinRAR archiver
WinUndelete
Yahoo! Detect
μTorrent (Version: 3.1.3)
千千静听 5.5.2 (Version: 5.5.2)
射手播放器
紫光华宇拼音输入法V6.1
豌豆荚 2 (Version: 2)
迅雷7
迅雷7 (Version: 7.1.0.1962)

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 2519.07 MB
Available physical RAM: 998.25 MB
Total Pagefile: 5259.16 MB
Available Pagefile: 3909.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:6.37 GB) NTFS
3 Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:11.22 GB) NTFS
4 Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:811.82 GB) NTFS
5 Drive h: (My Passport) (Fixed) (Total:465.65 GB) (Free:40.28 GB) FAT32

========================= Users: ========================================

User accounts for \\LU-PC

Administrator Guest lu


**** End of log ****

#12 spunky2008

spunky2008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 20 July 2012 - 01:16 PM

Farbar Service Scanner Version: 19-07-2012
Ran by lu (administrator) on 20-07-2012 at 11:16:18
Running from "C:\Users\lu\Downloads"
Microsoft? Windows Vista? Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 23:38] - [2012-03-30 05:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-11-13 22:12] - [2008-01-19 00:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:11 AM

Posted 20 July 2012 - 01:31 PM

ADWCLEANER log?

Create a restore point before trying this

Download

MpsSvc
BFE
wscsvc
defender
Sharedaccess
wuauserv
BITS

Launch them ,click YES when you get UAC prompt

restart the PC

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#14 spunky2008

spunky2008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 20 July 2012 - 07:17 PM

# AdwCleaner v1.703 - Logfile created 07/20/2012 at 17:16:33
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista ™ Business Service Pack 2 (32 bits)
# User : lu - LU-PC
# Running from : C:\Users\lu\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\lu\AppData\Local\Conduit
Folder Found : C:\Users\lu\AppData\LocalLow\Conduit
Folder Found : C:\Users\lu\AppData\LocalLow\PriceGong
Folder Found : C:\Program Files\Conduit

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1690 octets] - [20/07/2012 17:16:33]

########## EOF - C:\AdwCleaner[R1].txt - [1818 octets] ##########

#15 spunky2008

spunky2008
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 20 July 2012 - 07:51 PM

# AdwCleaner v1.703 - Logfile created 07/20/2012 at 17:18:41
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista ™ Business Service Pack 2 (32 bits)
# User : lu - LU-PC
# Running from : C:\Users\lu\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\lu\AppData\Local\Conduit
Folder Deleted : C:\Users\lu\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\lu\AppData\LocalLow\PriceGong
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1819 octets] - [20/07/2012 17:16:33]
AdwCleaner[S1].txt - [1786 octets] - [20/07/2012 17:18:41]

########## EOF - C:\AdwCleaner[S1].txt - [1914 octets] ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users