Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

random audio clips/ name not avaliable volume mixer


  • Please log in to reply
21 replies to this topic

#1 darrin683

darrin683

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 19 July 2012 - 09:18 PM

This started either this week or the last week. Every so often random audio clips, which sound like movie clips will play in my headphones..When i look in my volume mixer things show up as "name not available". I scanned with MBAM, and it found a rootkit and some trojan~ When i quarantine and delete them.. the rootkit just pops up again. This is really starting to annoy me and any help would be greatly appreciated.

I do not use any toolbars for my broswers, i have done some P2P downloading for anime and such... I have a brother and sister who go on my pc when im not here aswell, so im not sure if they have done anything.

My only AV is MBAM.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:18 AM

Posted 19 July 2012 - 09:42 PM

Please post the MBAM log


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 darrin683

darrin683
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 19 July 2012 - 09:47 PM

Edit: just re-read your post, sorry i udnerstand now.

Edited by darrin683, 19 July 2012 - 09:48 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:18 AM

Posted 19 July 2012 - 09:48 PM

Skip it :thumbup2:

Edited by narenxp, 19 July 2012 - 09:48 PM.


#5 darrin683

darrin683
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 19 July 2012 - 10:36 PM

19:45:11.0064 3320 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
19:45:11.0557 3320 ============================================================
19:45:11.0558 3320 Current date / time: 2012/07/19 19:45:11.0557
19:45:11.0558 3320 SystemInfo:
19:45:11.0558 3320
19:45:11.0558 3320 OS Version: 6.1.7601 ServicePack: 1.0
19:45:11.0558 3320 Product type: Workstation
19:45:11.0558 3320 ComputerName: DARRINWATSON-PC
19:45:11.0558 3320 UserName: darrin watson
19:45:11.0558 3320 Windows directory: C:\Windows
19:45:11.0558 3320 System windows directory: C:\Windows
19:45:11.0558 3320 Running under WOW64
19:45:11.0558 3320 Processor architecture: Intel x64
19:45:11.0558 3320 Number of processors: 4
19:45:11.0558 3320 Page size: 0x1000
19:45:11.0558 3320 Boot type: Normal boot
19:45:11.0558 3320 ============================================================
19:45:12.0409 3320 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:45:12.0413 3320 Drive \Device\Harddisk1\DR1 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:45:12.0654 3320 ============================================================
19:45:12.0654 3320 \Device\Harddisk0\DR0:
19:45:12.0655 3320 MBR partitions:
19:45:12.0655 3320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:45:12.0655 3320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
19:45:12.0655 3320 \Device\Harddisk1\DR1:
19:45:12.0655 3320 MBR partitions:
19:45:12.0655 3320 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48449EE
19:45:12.0655 3320 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x4844A2D, BlocksNum 0x23CA12
19:45:12.0655 3320 ============================================================
19:45:12.0712 3320 C: <-> \Device\Harddisk0\DR0\Partition1
19:45:12.0803 3320 E: <-> \Device\Harddisk1\DR1\Partition1
19:45:12.0852 3320 F: <-> \Device\Harddisk1\DR1\Partition0
19:45:12.0852 3320 ============================================================
19:45:12.0852 3320 Initialize success
19:45:12.0852 3320 ============================================================
19:45:48.0123 3508 ============================================================
19:45:48.0123 3508 Scan started
19:45:48.0123 3508 Mode: Manual; TDLFS;
19:45:48.0123 3508 ============================================================
19:45:48.0561 3508 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:45:48.0564 3508 1394ohci - ok
19:45:48.0592 3508 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:45:48.0597 3508 ACPI - ok
19:45:48.0602 3508 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:45:48.0602 3508 AcpiPmi - ok
19:45:48.0690 3508 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:45:48.0693 3508 AdobeFlashPlayerUpdateSvc - ok
19:45:48.0725 3508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:45:48.0732 3508 adp94xx - ok
19:45:48.0770 3508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:45:48.0775 3508 adpahci - ok
19:45:48.0793 3508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:45:48.0796 3508 adpu320 - ok
19:45:48.0826 3508 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:45:48.0828 3508 AeLookupSvc - ok
19:45:48.0881 3508 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:45:48.0888 3508 AFD - ok
19:45:48.0904 3508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:45:48.0906 3508 agp440 - ok
19:45:48.0917 3508 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:45:48.0918 3508 ALG - ok
19:45:48.0932 3508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:45:48.0933 3508 aliide - ok
19:45:48.0942 3508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:45:48.0943 3508 amdide - ok
19:45:48.0952 3508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:45:48.0953 3508 AmdK8 - ok
19:45:48.0959 3508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:45:48.0961 3508 AmdPPM - ok
19:45:48.0988 3508 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:45:48.0990 3508 amdsata - ok
19:45:49.0005 3508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:45:49.0009 3508 amdsbs - ok
19:45:49.0019 3508 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:45:49.0019 3508 amdxata - ok
19:45:49.0038 3508 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:45:49.0039 3508 AppID - ok
19:45:49.0056 3508 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:45:49.0058 3508 AppIDSvc - ok
19:45:49.0063 3508 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:45:49.0064 3508 Appinfo - ok
19:45:49.0078 3508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:45:49.0079 3508 arc - ok
19:45:49.0092 3508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:45:49.0094 3508 arcsas - ok
19:45:49.0110 3508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:45:49.0111 3508 AsyncMac - ok
19:45:49.0121 3508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:45:49.0122 3508 atapi - ok
19:45:49.0150 3508 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:45:49.0157 3508 AudioEndpointBuilder - ok
19:45:49.0164 3508 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:45:49.0168 3508 AudioSrv - ok
19:45:49.0201 3508 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:45:49.0202 3508 AxInstSV - ok
19:45:49.0232 3508 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:45:49.0239 3508 b06bdrv - ok
19:45:49.0269 3508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:45:49.0273 3508 b57nd60a - ok
19:45:49.0356 3508 BBSvc (ceabb1e93186e7056ea46cbad8f8fd85) C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BBSvc.exe
19:45:49.0359 3508 BBSvc - ok
19:45:49.0390 3508 BBUpdate (c0d34db1235b6a5c3df5a5c212d67f73) C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.exe
19:45:49.0392 3508 BBUpdate - ok
19:45:49.0428 3508 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:45:49.0430 3508 BDESVC - ok
19:45:49.0452 3508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:45:49.0453 3508 Beep - ok
19:45:49.0465 3508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:45:49.0466 3508 blbdrive - ok
19:45:49.0508 3508 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:45:49.0509 3508 bowser - ok
19:45:49.0531 3508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:45:49.0532 3508 BrFiltLo - ok
19:45:49.0537 3508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:45:49.0538 3508 BrFiltUp - ok
19:45:49.0552 3508 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:45:49.0554 3508 Browser - ok
19:45:49.0575 3508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:45:49.0580 3508 Brserid - ok
19:45:49.0586 3508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:45:49.0588 3508 BrSerWdm - ok
19:45:49.0592 3508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:45:49.0593 3508 BrUsbMdm - ok
19:45:49.0598 3508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:45:49.0599 3508 BrUsbSer - ok
19:45:49.0615 3508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:45:49.0616 3508 BTHMODEM - ok
19:45:49.0629 3508 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:45:49.0630 3508 bthserv - ok
19:45:49.0651 3508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:45:49.0652 3508 cdfs - ok
19:45:49.0676 3508 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:45:49.0678 3508 cdrom - ok
19:45:49.0696 3508 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:45:49.0697 3508 CertPropSvc - ok
19:45:49.0702 3508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:45:49.0703 3508 circlass - ok
19:45:49.0721 3508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:45:49.0724 3508 CLFS - ok
19:45:49.0772 3508 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:45:49.0775 3508 clr_optimization_v2.0.50727_32 - ok
19:45:49.0818 3508 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:45:49.0822 3508 clr_optimization_v2.0.50727_64 - ok
19:45:49.0870 3508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:45:49.0872 3508 clr_optimization_v4.0.30319_32 - ok
19:45:49.0897 3508 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:45:49.0899 3508 clr_optimization_v4.0.30319_64 - ok
19:45:49.0920 3508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:45:49.0921 3508 CmBatt - ok
19:45:49.0929 3508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:45:49.0930 3508 cmdide - ok
19:45:49.0971 3508 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:45:49.0977 3508 CNG - ok
19:45:49.0991 3508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:45:49.0992 3508 Compbatt - ok
19:45:50.0022 3508 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:45:50.0023 3508 CompositeBus - ok
19:45:50.0034 3508 COMSysApp - ok
19:45:50.0055 3508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:45:50.0056 3508 crcdisk - ok
19:45:50.0101 3508 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:45:50.0104 3508 CryptSvc - ok
19:45:50.0148 3508 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:45:50.0157 3508 DcomLaunch - ok
19:45:50.0183 3508 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:45:50.0188 3508 defragsvc - ok
19:45:50.0203 3508 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:45:50.0205 3508 DfsC - ok
19:45:50.0229 3508 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:45:50.0234 3508 Dhcp - ok
19:45:50.0251 3508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:45:50.0253 3508 discache - ok
19:45:50.0273 3508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:45:50.0275 3508 Disk - ok
19:45:50.0311 3508 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:45:50.0314 3508 Dnscache - ok
19:45:50.0333 3508 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:45:50.0338 3508 dot3svc - ok
19:45:50.0352 3508 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:45:50.0355 3508 DPS - ok
19:45:50.0378 3508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:45:50.0379 3508 drmkaud - ok
19:45:50.0425 3508 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:45:50.0434 3508 DXGKrnl - ok
19:45:50.0449 3508 EagleX64 - ok
19:45:50.0469 3508 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:45:50.0471 3508 EapHost - ok
19:45:50.0570 3508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:45:50.0627 3508 ebdrv - ok
19:45:50.0712 3508 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:45:50.0713 3508 EFS - ok
19:45:50.0755 3508 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:45:50.0761 3508 ehRecvr - ok
19:45:50.0781 3508 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:45:50.0783 3508 ehSched - ok
19:45:50.0830 3508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:45:50.0838 3508 elxstor - ok
19:45:50.0856 3508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:45:50.0857 3508 ErrDev - ok
19:45:50.0882 3508 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:45:50.0887 3508 EventSystem - ok
19:45:50.0906 3508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:45:50.0909 3508 exfat - ok
19:45:50.0917 3508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:45:50.0920 3508 fastfat - ok
19:45:50.0948 3508 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:45:50.0955 3508 Fax - ok
19:45:50.0960 3508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:45:50.0961 3508 fdc - ok
19:45:50.0979 3508 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:45:50.0980 3508 fdPHost - ok
19:45:50.0993 3508 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:45:50.0994 3508 FDResPub - ok
19:45:51.0014 3508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:45:51.0015 3508 FileInfo - ok
19:45:51.0028 3508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:45:51.0029 3508 Filetrace - ok
19:45:51.0033 3508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:45:51.0033 3508 flpydisk - ok
19:45:51.0050 3508 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:45:51.0053 3508 FltMgr - ok
19:45:51.0109 3508 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:45:51.0129 3508 FontCache - ok
19:45:51.0191 3508 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:45:51.0192 3508 FontCache3.0.0.0 - ok
19:45:51.0222 3508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:45:51.0224 3508 FsDepends - ok
19:45:51.0246 3508 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:45:51.0247 3508 Fs_Rec - ok
19:45:51.0279 3508 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:45:51.0283 3508 fvevol - ok
19:45:51.0301 3508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:45:51.0303 3508 gagp30kx - ok
19:45:51.0352 3508 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:45:51.0364 3508 gpsvc - ok
19:45:51.0379 3508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:45:51.0381 3508 hcw85cir - ok
19:45:51.0425 3508 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:45:51.0430 3508 HdAudAddService - ok
19:45:51.0451 3508 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:45:51.0453 3508 HDAudBus - ok
19:45:51.0489 3508 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:45:51.0490 3508 HECIx64 - ok
19:45:51.0496 3508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:45:51.0497 3508 HidBatt - ok
19:45:51.0505 3508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:45:51.0507 3508 HidBth - ok
19:45:51.0528 3508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:45:51.0529 3508 HidIr - ok
19:45:51.0548 3508 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:45:51.0549 3508 hidserv - ok
19:45:51.0566 3508 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:45:51.0567 3508 HidUsb - ok
19:45:51.0588 3508 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:45:51.0590 3508 hkmsvc - ok
19:45:51.0604 3508 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:45:51.0608 3508 HomeGroupListener - ok
19:45:51.0635 3508 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:45:51.0638 3508 HomeGroupProvider - ok
19:45:51.0660 3508 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:45:51.0662 3508 HpSAMD - ok
19:45:51.0696 3508 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:45:51.0706 3508 HTTP - ok
19:45:51.0715 3508 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:45:51.0715 3508 hwpolicy - ok
19:45:51.0752 3508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:45:51.0754 3508 i8042prt - ok
19:45:51.0790 3508 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:45:51.0795 3508 iaStorV - ok
19:45:51.0863 3508 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:45:51.0874 3508 idsvc - ok
19:45:51.0896 3508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:45:51.0897 3508 iirsp - ok
19:45:51.0952 3508 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:45:51.0964 3508 IKEEXT - ok
19:45:51.0981 3508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:45:51.0982 3508 intelide - ok
19:45:52.0000 3508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:45:52.0001 3508 intelppm - ok
19:45:52.0021 3508 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:45:52.0023 3508 IPBusEnum - ok
19:45:52.0040 3508 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:45:52.0042 3508 IpFilterDriver - ok
19:45:52.0048 3508 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:45:52.0049 3508 IPMIDRV - ok
19:45:52.0056 3508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:45:52.0057 3508 IPNAT - ok
19:45:52.0075 3508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:45:52.0076 3508 IRENUM - ok
19:45:52.0085 3508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:45:52.0086 3508 isapnp - ok
19:45:52.0103 3508 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:45:52.0107 3508 iScsiPrt - ok
19:45:52.0116 3508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:45:52.0117 3508 kbdclass - ok
19:45:52.0136 3508 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:45:52.0137 3508 kbdhid - ok
19:45:52.0161 3508 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:45:52.0162 3508 KeyIso - ok
19:45:52.0190 3508 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:45:52.0191 3508 KSecDD - ok
19:45:52.0206 3508 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:45:52.0208 3508 KSecPkg - ok
19:45:52.0219 3508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:45:52.0220 3508 ksthunk - ok
19:45:52.0266 3508 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:45:52.0272 3508 KtmRm - ok
19:45:52.0303 3508 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:45:52.0308 3508 LanmanServer - ok
19:45:52.0333 3508 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:45:52.0337 3508 LanmanWorkstation - ok
19:45:52.0365 3508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:45:52.0367 3508 lltdio - ok
19:45:52.0389 3508 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:45:52.0394 3508 lltdsvc - ok
19:45:52.0409 3508 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:45:52.0410 3508 lmhosts - ok
19:45:52.0433 3508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:45:52.0434 3508 LSI_FC - ok
19:45:52.0451 3508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:45:52.0453 3508 LSI_SAS - ok
19:45:52.0461 3508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:45:52.0462 3508 LSI_SAS2 - ok
19:45:52.0477 3508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:45:52.0480 3508 LSI_SCSI - ok
19:45:52.0495 3508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:45:52.0497 3508 luafv - ok
19:45:52.0524 3508 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:45:52.0525 3508 MBAMProtector - ok
19:45:52.0571 3508 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:45:52.0579 3508 MBAMService - ok
19:45:52.0610 3508 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:45:52.0613 3508 Mcx2Svc - ok
19:45:52.0629 3508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:45:52.0630 3508 megasas - ok
19:45:52.0651 3508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:45:52.0655 3508 MegaSR - ok
19:45:52.0678 3508 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:45:52.0680 3508 MMCSS - ok
19:45:52.0692 3508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:45:52.0693 3508 Modem - ok
19:45:52.0707 3508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:45:52.0707 3508 monitor - ok
19:45:52.0731 3508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:45:52.0731 3508 mouclass - ok
19:45:52.0764 3508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:45:52.0765 3508 mouhid - ok
19:45:52.0782 3508 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:45:52.0783 3508 mountmgr - ok
19:45:52.0860 3508 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:45:52.0861 3508 MozillaMaintenance - ok
19:45:52.0875 3508 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:45:52.0877 3508 mpio - ok
19:45:52.0898 3508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:45:52.0900 3508 mpsdrv - ok
19:45:52.0919 3508 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:45:52.0922 3508 MRxDAV - ok
19:45:52.0949 3508 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:45:52.0952 3508 mrxsmb - ok
19:45:52.0971 3508 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:45:52.0975 3508 mrxsmb10 - ok
19:45:52.0986 3508 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:45:52.0988 3508 mrxsmb20 - ok
19:45:53.0005 3508 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:45:53.0006 3508 msahci - ok
19:45:53.0024 3508 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:45:53.0027 3508 msdsm - ok
19:45:53.0050 3508 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:45:53.0054 3508 MSDTC - ok
19:45:53.0076 3508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:45:53.0077 3508 Msfs - ok
19:45:53.0093 3508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:45:53.0094 3508 mshidkmdf - ok
19:45:53.0102 3508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:45:53.0102 3508 msisadrv - ok
19:45:53.0126 3508 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:45:53.0129 3508 MSiSCSI - ok
19:45:53.0132 3508 msiserver - ok
19:45:53.0145 3508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:45:53.0147 3508 MSKSSRV - ok
19:45:53.0150 3508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:45:53.0151 3508 MSPCLOCK - ok
19:45:53.0154 3508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:45:53.0155 3508 MSPQM - ok
19:45:53.0182 3508 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:45:53.0186 3508 MsRPC - ok
19:45:53.0202 3508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:45:53.0203 3508 mssmbios - ok
19:45:53.0206 3508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:45:53.0206 3508 MSTEE - ok
19:45:53.0210 3508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:45:53.0211 3508 MTConfig - ok
19:45:53.0227 3508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:45:53.0227 3508 Mup - ok
19:45:53.0263 3508 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:45:53.0269 3508 napagent - ok
19:45:53.0290 3508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:45:53.0293 3508 NativeWifiP - ok
19:45:53.0338 3508 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:45:53.0349 3508 NDIS - ok
19:45:53.0364 3508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:45:53.0365 3508 NdisCap - ok
19:45:53.0380 3508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:45:53.0381 3508 NdisTapi - ok
19:45:53.0391 3508 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:45:53.0392 3508 Ndisuio - ok
19:45:53.0412 3508 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:45:53.0414 3508 NdisWan - ok
19:45:53.0423 3508 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:45:53.0424 3508 NDProxy - ok
19:45:53.0438 3508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:45:53.0440 3508 NetBIOS - ok
19:45:53.0459 3508 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:45:53.0462 3508 NetBT - ok
19:45:53.0485 3508 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:45:53.0486 3508 Netlogon - ok
19:45:53.0510 3508 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:45:53.0515 3508 Netman - ok
19:45:53.0536 3508 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:45:53.0542 3508 netprofm - ok
19:45:53.0583 3508 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:45:53.0585 3508 NetTcpPortSharing - ok
19:45:53.0627 3508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:45:53.0629 3508 nfrd960 - ok
19:45:53.0666 3508 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:45:53.0671 3508 NlaSvc - ok
19:45:53.0688 3508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:45:53.0689 3508 Npfs - ok
19:45:53.0701 3508 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:45:53.0703 3508 nsi - ok
19:45:53.0717 3508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:45:53.0718 3508 nsiproxy - ok
19:45:53.0791 3508 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:45:53.0828 3508 Ntfs - ok
19:45:53.0909 3508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:45:53.0910 3508 Null - ok
19:45:54.0248 3508 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:45:54.0297 3508 nvlddmkm - ok
19:45:54.0387 3508 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:45:54.0389 3508 nvraid - ok
19:45:54.0403 3508 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:45:54.0406 3508 nvstor - ok
19:45:54.0450 3508 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
19:45:54.0463 3508 nvsvc - ok
19:45:54.0561 3508 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:45:54.0577 3508 nvUpdatusService - ok
19:45:54.0675 3508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:45:54.0677 3508 nv_agp - ok
19:45:54.0682 3508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:45:54.0684 3508 ohci1394 - ok
19:45:54.0707 3508 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:45:54.0711 3508 p2pimsvc - ok
19:45:54.0732 3508 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:45:54.0737 3508 p2psvc - ok
19:45:54.0758 3508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:45:54.0759 3508 Parport - ok
19:45:54.0781 3508 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:45:54.0782 3508 partmgr - ok
19:45:54.0794 3508 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:45:54.0796 3508 PcaSvc - ok
19:45:54.0812 3508 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:45:54.0814 3508 pci - ok
19:45:54.0819 3508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:45:54.0819 3508 pciide - ok
19:45:54.0833 3508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:45:54.0836 3508 pcmcia - ok
19:45:54.0845 3508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:45:54.0845 3508 pcw - ok
19:45:54.0867 3508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:45:54.0873 3508 PEAUTH - ok
19:45:54.0923 3508 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:45:54.0925 3508 PerfHost - ok
19:45:54.0977 3508 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:45:55.0004 3508 pla - ok
19:45:55.0045 3508 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:45:55.0049 3508 PlugPlay - ok
19:45:55.0060 3508 PnkBstrA - ok
19:45:55.0074 3508 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:45:55.0075 3508 PNRPAutoReg - ok
19:45:55.0091 3508 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:45:55.0093 3508 PNRPsvc - ok
19:45:55.0123 3508 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:45:55.0128 3508 PolicyAgent - ok
19:45:55.0162 3508 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:45:55.0164 3508 Power - ok
19:45:55.0214 3508 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:45:55.0216 3508 PptpMiniport - ok
19:45:55.0230 3508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:45:55.0231 3508 Processor - ok
19:45:55.0252 3508 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:45:55.0255 3508 ProfSvc - ok
19:45:55.0274 3508 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:45:55.0275 3508 ProtectedStorage - ok
19:45:55.0287 3508 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:45:55.0289 3508 Psched - ok
19:45:55.0345 3508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:45:55.0375 3508 ql2300 - ok
19:45:55.0449 3508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:45:55.0451 3508 ql40xx - ok
19:45:55.0487 3508 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:45:55.0492 3508 QWAVE - ok
19:45:55.0509 3508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:45:55.0511 3508 QWAVEdrv - ok
19:45:55.0521 3508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:45:55.0522 3508 RasAcd - ok
19:45:55.0558 3508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:45:55.0560 3508 RasAgileVpn - ok
19:45:55.0579 3508 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:45:55.0582 3508 RasAuto - ok
19:45:55.0604 3508 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:45:55.0606 3508 Rasl2tp - ok
19:45:55.0625 3508 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:45:55.0631 3508 RasMan - ok
19:45:55.0649 3508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:45:55.0651 3508 RasPppoe - ok
19:45:55.0672 3508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:45:55.0674 3508 RasSstp - ok
19:45:55.0690 3508 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:45:55.0695 3508 rdbss - ok
19:45:55.0710 3508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:45:55.0711 3508 rdpbus - ok
19:45:55.0733 3508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:45:55.0734 3508 RDPCDD - ok
19:45:55.0749 3508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:45:55.0750 3508 RDPENCDD - ok
19:45:55.0762 3508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:45:55.0762 3508 RDPREFMP - ok
19:45:55.0791 3508 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:45:55.0794 3508 RDPWD - ok
19:45:55.0812 3508 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:45:55.0814 3508 rdyboost - ok
19:45:55.0847 3508 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:45:55.0850 3508 RemoteAccess - ok
19:45:55.0865 3508 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:45:55.0868 3508 RemoteRegistry - ok
19:45:55.0880 3508 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:45:55.0882 3508 RpcEptMapper - ok
19:45:55.0889 3508 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:45:55.0890 3508 RpcLocator - ok
19:45:55.0916 3508 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:45:55.0921 3508 RpcSs - ok
19:45:55.0945 3508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:45:55.0947 3508 rspndr - ok
19:45:55.0982 3508 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:45:55.0984 3508 RTL8167 - ok
19:45:56.0007 3508 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:45:56.0008 3508 SamSs - ok
19:45:56.0026 3508 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:45:56.0028 3508 sbp2port - ok
19:45:56.0052 3508 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:45:56.0055 3508 SCardSvr - ok
19:45:56.0069 3508 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:45:56.0070 3508 scfilter - ok
19:45:56.0103 3508 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:45:56.0124 3508 Schedule - ok
19:45:56.0148 3508 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:45:56.0149 3508 SCPolicySvc - ok
19:45:56.0164 3508 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:45:56.0167 3508 SDRSVC - ok
19:45:56.0205 3508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:45:56.0206 3508 secdrv - ok
19:45:56.0218 3508 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:45:56.0220 3508 seclogon - ok
19:45:56.0233 3508 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:45:56.0235 3508 SENS - ok
19:45:56.0243 3508 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:45:56.0245 3508 SensrSvc - ok
19:45:56.0268 3508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:45:56.0269 3508 Serenum - ok
19:45:56.0293 3508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:45:56.0294 3508 Serial - ok
19:45:56.0315 3508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:45:56.0316 3508 sermouse - ok
19:45:56.0333 3508 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:45:56.0336 3508 SessionEnv - ok
19:45:56.0339 3508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:45:56.0340 3508 sffdisk - ok
19:45:56.0344 3508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:45:56.0344 3508 sffp_mmc - ok
19:45:56.0348 3508 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:45:56.0349 3508 sffp_sd - ok
19:45:56.0353 3508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:45:56.0353 3508 sfloppy - ok
19:45:56.0402 3508 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:45:56.0406 3508 ShellHWDetection - ok
19:45:56.0419 3508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:45:56.0420 3508 SiSRaid2 - ok
19:45:56.0432 3508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:45:56.0433 3508 SiSRaid4 - ok
19:45:56.0585 3508 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:45:56.0603 3508 Skype C2C Service - ok
19:45:56.0628 3508 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:45:56.0629 3508 SkypeUpdate - ok
19:45:56.0715 3508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:45:56.0716 3508 Smb - ok
19:45:56.0748 3508 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:45:56.0750 3508 SNMPTRAP - ok
19:45:56.0756 3508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:45:56.0757 3508 spldr - ok
19:45:56.0784 3508 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:45:56.0791 3508 Spooler - ok
19:45:56.0913 3508 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:45:56.0963 3508 sppsvc - ok
19:45:57.0032 3508 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:45:57.0035 3508 sppuinotify - ok
19:45:57.0081 3508 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:45:57.0087 3508 srv - ok
19:45:57.0107 3508 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:45:57.0112 3508 srv2 - ok
19:45:57.0127 3508 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:45:57.0130 3508 srvnet - ok
19:45:57.0164 3508 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:45:57.0168 3508 SSDPSRV - ok
19:45:57.0181 3508 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:45:57.0184 3508 SstpSvc - ok
19:45:57.0222 3508 Steam Client Service - ok
19:45:57.0292 3508 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:45:57.0298 3508 Stereo Service - ok
19:45:57.0314 3508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:45:57.0316 3508 stexstor - ok
19:45:57.0350 3508 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:45:57.0360 3508 stisvc - ok
19:45:57.0397 3508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:45:57.0398 3508 swenum - ok
19:45:57.0438 3508 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:45:57.0447 3508 swprv - ok
19:45:57.0529 3508 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:45:57.0563 3508 SysMain - ok
19:45:57.0626 3508 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:45:57.0629 3508 TabletInputService - ok
19:45:57.0649 3508 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:45:57.0655 3508 TapiSrv - ok
19:45:57.0671 3508 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:45:57.0675 3508 TBS - ok
19:45:57.0757 3508 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:45:57.0785 3508 Tcpip - ok
19:45:57.0889 3508 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:45:57.0903 3508 TCPIP6 - ok
19:45:57.0980 3508 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:45:57.0982 3508 tcpipreg - ok
19:45:57.0994 3508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:45:57.0995 3508 TDPIPE - ok
19:45:58.0040 3508 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:45:58.0041 3508 TDTCP - ok
19:45:58.0062 3508 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:45:58.0064 3508 tdx - ok
19:45:58.0086 3508 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
19:45:58.0087 3508 TermDD - ok
19:45:58.0121 3508 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:45:58.0132 3508 TermService - ok
19:45:58.0145 3508 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:45:58.0148 3508 Themes - ok
19:45:58.0163 3508 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:45:58.0165 3508 THREADORDER - ok
19:45:58.0183 3508 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:45:58.0187 3508 TrkWks - ok
19:45:58.0236 3508 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:45:58.0239 3508 TrustedInstaller - ok
19:45:58.0259 3508 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:58.0260 3508 tssecsrv - ok
19:45:58.0291 3508 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:45:58.0293 3508 TsUsbFlt - ok
19:45:58.0307 3508 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:45:58.0308 3508 TsUsbGD - ok
19:45:58.0329 3508 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:45:58.0332 3508 tunnel - ok
19:45:58.0338 3508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:45:58.0340 3508 uagp35 - ok
19:45:58.0366 3508 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:45:58.0372 3508 udfs - ok
19:45:58.0400 3508 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:45:58.0403 3508 UI0Detect - ok
19:45:58.0417 3508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:45:58.0419 3508 uliagpkx - ok
19:45:58.0433 3508 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:45:58.0434 3508 umbus - ok
19:45:58.0442 3508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:45:58.0443 3508 UmPass - ok
19:45:58.0464 3508 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:45:58.0471 3508 upnphost - ok
19:45:58.0537 3508 uqk (786526848586325c94de1b64dd4d82ff) C:\koramgame\STOnline\avital\wyqku64.sys
19:45:58.0538 3508 uqk - ok
19:45:58.0562 3508 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:45:58.0564 3508 usbaudio - ok
19:45:58.0593 3508 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:58.0595 3508 usbccgp - ok
19:45:58.0616 3508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:45:58.0618 3508 usbcir - ok
19:45:58.0634 3508 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:45:58.0635 3508 usbehci - ok
19:45:58.0661 3508 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:45:58.0667 3508 usbhub - ok
19:45:58.0677 3508 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:45:58.0679 3508 usbohci - ok
19:45:58.0696 3508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:45:58.0697 3508 usbprint - ok
19:45:58.0719 3508 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:58.0721 3508 USBSTOR - ok
19:45:58.0732 3508 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:45:58.0733 3508 usbuhci - ok
19:45:58.0753 3508 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:45:58.0754 3508 UxSms - ok
19:45:58.0779 3508 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:45:58.0779 3508 VaultSvc - ok
19:45:58.0800 3508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:45:58.0801 3508 vdrvroot - ok
19:45:58.0819 3508 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:45:58.0824 3508 vds - ok
19:45:58.0827 3508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:58.0828 3508 vga - ok
19:45:58.0831 3508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:45:58.0832 3508 VgaSave - ok
19:45:58.0856 3508 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:45:58.0859 3508 vhdmp - ok
19:45:58.0869 3508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:45:58.0870 3508 viaide - ok
19:45:58.0893 3508 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:45:58.0893 3508 volmgr - ok
19:45:58.0910 3508 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:45:58.0913 3508 volmgrx - ok
19:45:58.0933 3508 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:45:58.0935 3508 volsnap - ok
19:45:58.0964 3508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:45:58.0966 3508 vsmraid - ok
19:45:59.0034 3508 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:45:59.0072 3508 VSS - ok
19:45:59.0297 3508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:45:59.0299 3508 vwifibus - ok
19:45:59.0324 3508 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:45:59.0331 3508 W32Time - ok
19:45:59.0345 3508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:45:59.0346 3508 WacomPen - ok
19:45:59.0375 3508 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:59.0378 3508 WANARP - ok
19:45:59.0382 3508 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:59.0383 3508 Wanarpv6 - ok
19:45:59.0447 3508 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:45:59.0469 3508 WatAdminSvc - ok
19:45:59.0523 3508 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:45:59.0554 3508 wbengine - ok
19:45:59.0620 3508 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:45:59.0624 3508 WbioSrvc - ok
19:45:59.0646 3508 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:45:59.0652 3508 wcncsvc - ok
19:45:59.0660 3508 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:45:59.0663 3508 WcsPlugInService - ok
19:45:59.0685 3508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:45:59.0687 3508 Wd - ok
19:45:59.0718 3508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:45:59.0726 3508 Wdf01000 - ok
19:45:59.0744 3508 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:45:59.0747 3508 WdiServiceHost - ok
19:45:59.0751 3508 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:45:59.0753 3508 WdiSystemHost - ok
19:45:59.0766 3508 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:45:59.0771 3508 WebClient - ok
19:45:59.0791 3508 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:45:59.0794 3508 Wecsvc - ok
19:45:59.0807 3508 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:45:59.0809 3508 wercplsupport - ok
19:45:59.0825 3508 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:45:59.0827 3508 WerSvc - ok
19:45:59.0870 3508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:45:59.0871 3508 WfpLwf - ok
19:45:59.0886 3508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:45:59.0887 3508 WIMMount - ok
19:45:59.0893 3508 WinHttpAutoProxySvc - ok
19:45:59.0937 3508 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:45:59.0940 3508 Winmgmt - ok
19:45:59.0997 3508 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:46:00.0032 3508 WinRM - ok
19:46:00.0137 3508 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:46:00.0149 3508 Wlansvc - ok
19:46:00.0259 3508 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:46:00.0271 3508 wlidsvc - ok
19:46:00.0336 3508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:46:00.0337 3508 WmiAcpi - ok
19:46:00.0374 3508 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:46:00.0376 3508 wmiApSrv - ok
19:46:00.0400 3508 WMPNetworkSvc - ok
19:46:00.0422 3508 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:46:00.0424 3508 WPCSvc - ok
19:46:00.0442 3508 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:46:00.0445 3508 WPDBusEnum - ok
19:46:00.0460 3508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:46:00.0461 3508 ws2ifsl - ok
19:46:00.0464 3508 WSearch - ok
19:46:00.0482 3508 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:46:00.0484 3508 WudfPf - ok
19:46:00.0498 3508 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:46:00.0500 3508 wudfsvc - ok
19:46:00.0513 3508 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:46:00.0517 3508 WwanSvc - ok
19:46:00.0583 3508 X6va005 - ok
19:46:00.0601 3508 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:46:00.0743 3508 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:46:00.0743 3508 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:46:00.0990 3508 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:46:01.0288 3508 \Device\Harddisk1\DR1 - ok
19:46:01.0316 3508 Boot (0x1200) (db938ffde7d0396ff2765d1739794c59) \Device\Harddisk0\DR0\Partition0
19:46:01.0318 3508 \Device\Harddisk0\DR0\Partition0 - ok
19:46:01.0328 3508 Boot (0x1200) (cef381b535f6c04c0bc54ef83263f509) \Device\Harddisk0\DR0\Partition1
19:46:01.0330 3508 \Device\Harddisk0\DR0\Partition1 - ok
19:46:01.0335 3508 Boot (0x1200) (7d9682fcdead23c537f1644c5757dd7a) \Device\Harddisk1\DR1\Partition0
19:46:01.0339 3508 \Device\Harddisk1\DR1\Partition0 - ok
19:46:01.0355 3508 Boot (0x1200) (02f9e92ef004e68f8d22e5754d592d12) \Device\Harddisk1\DR1\Partition1
19:46:01.0359 3508 \Device\Harddisk1\DR1\Partition1 - ok
19:46:01.0360 3508 ============================================================
19:46:01.0360 3508 Scan finished
19:46:01.0360 3508 ============================================================
19:46:01.0372 2520 Detected object count: 1
19:46:01.0372 2520 Actual detected object count: 1
19:47:50.0799 2520 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:47:50.0799 2520 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:48:06.0128 3440 Deinitialize success







~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-19 19:49:46
-----------------------------
19:49:46.198 OS Version: Windows x64 6.1.7601 Service Pack 1
19:49:46.201 Number of processors: 4 586 0x1E05
19:49:46.203 ComputerName: DARRINWATSON-PC UserName: darrin watson
19:49:51.559 Initialize success
19:50:40.061 AVAST engine defs: 12071902
19:50:57.329 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:50:57.333 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
19:50:57.353 Disk 0 MBR read successfully
19:50:57.358 Disk 0 MBR scan
19:50:57.365 Disk 0 Windows 7 default MBR code
19:50:57.376 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:50:57.388 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
19:50:57.410 Disk 0 scanning C:\Windows\system32\drivers
19:51:04.129 Service scanning
19:51:16.310 Modules scanning
19:51:16.331 Disk 0 trace - called modules:
19:51:16.350 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:51:16.356 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d9b060]
19:51:16.363 3 CLASSPNP.SYS[fffff880019b943f] -> nt!IofCallDriver -> [0xfffffa8007a93520]
19:51:16.369 5 ACPI.sys[fffff88000f447a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a94060]
19:51:27.011 AVAST engine scan C:\Windows
19:51:39.374 AVAST engine scan C:\Windows\system32
19:53:18.891 AVAST engine scan C:\Windows\system32\drivers
19:53:26.183 AVAST engine scan C:\Users\darrin watson
19:59:21.584 AVAST engine scan C:\ProgramData
19:59:36.994 Scan finished successfully
19:59:49.562 Disk 0 MBR has been saved successfully to "C:\Users\darrin watson\Desktop\MBR.dat"
19:59:49.566 The log file has been saved successfully to "C:\Users\darrin watson\Desktop\aswMBR.txt"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`~~

C:\Users\darrin watson\AppData\Local\Temp\ICReinstall\cnet2_setupscreenhunterfree_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\darrin watson\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe probably a variant of Win32/Adware.ECOHET application cleaned by deleting - quarantined
C:\Users\darrin watson\Downloads\cnet2_setupscreenhunterfree_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Windows\Installer\{d3ce39da-3f1b-26fa-6ad0-30be140a5b3e}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:18 AM

Posted 19 July 2012 - 10:44 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{d3ce39da-3f1b-26fa-6ad0-30be140a5b3e}

Click on LOOK,post the generated log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Create a restore point before trying this

Download

adware cleaner

Launch it click on Delete

post the generated log

#7 darrin683

darrin683
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 19 July 2012 - 11:07 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 20:50 on 19/07/2012 by darrin watson
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{d3ce39da-3f1b-26fa-6ad0-30be140a5b3e}"
C:\Users\darrin watson\AppData\Local\{d3ce39da-3f1b-26fa-6ad0-30be140a5b3e} d--hs-- [15:43 02/05/2012]
C:\Windows\Installer\{d3ce39da-3f1b-26fa-6ad0-30be140a5b3e} d--hs-- [15:43 02/05/2012]

-= EOF =-





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




MiniToolBox by Farbar Version: 15-07-2012
Ran by darrin watson (administrator) on 19-07-2012 at 20:53:10
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : darrinwatson-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 40-61-86-8E-72-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9c7f:e022:873d:ed50%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.60(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : July-19-12 6:44:35 PM
Lease Expires . . . . . . . . . . : July-19-12 9:44:35 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 239100294
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-32-34-37-40-61-86-8E-72-B3
DNS Servers . . . . . . . . . . . : 64.59.144.18
64.59.150.134
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{2A5DBCE9-3574-49FE-80D2-983DE58D3225}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: pd1nsc3.st.vc.shawcable.net
Address: 64.59.144.18

Name: google.com
Addresses: 2607:f8b0:400a:801::1007
173.194.33.41
173.194.33.32
173.194.33.34
173.194.33.38
173.194.33.35
173.194.33.36
173.194.33.39
173.194.33.37
173.194.33.33
173.194.33.46
173.194.33.40


Pinging google.com [173.194.33.41] with 32 bytes of data:
Reply from 173.194.33.41: bytes=32 time=14ms TTL=57
Reply from 173.194.33.41: bytes=32 time=14ms TTL=57

Ping statistics for 173.194.33.41:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 14ms, Average = 14ms
Server: pd1nsc3.st.vc.shawcable.net
Address: 64.59.144.18

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=204ms TTL=49
Reply from 98.139.183.24: bytes=32 time=120ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 120ms, Maximum = 204ms, Average = 162ms
Server: pd1nsc3.st.vc.shawcable.net
Address: 64.59.144.18

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...40 61 86 8e 72 b3 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.60 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.60 266
192.168.0.60 255.255.255.255 On-link 192.168.0.60 266
192.168.0.255 255.255.255.255 On-link 192.168.0.60 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.60 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.60 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::9c7f:e022:873d:ed50/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/19/2012 08:00:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2012 08:00:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2012 06:46:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2012 06:40:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2012 00:39:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: NFS11.exe, version: 1.0.5.0, time stamp: 0x4dc1385a
Faulting module name: nvd3dum.dll, version: 8.17.12.9610, time stamp: 0x4f4e5190
Exception code: 0xc0000005
Fault offset: 0x003b369a
Faulting process id: 0x4678
Faulting application start time: 0xNFS11.exe0
Faulting application path: NFS11.exe1
Faulting module path: NFS11.exe2
Report Id: NFS11.exe3

Error: (07/18/2012 10:12:59 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x0000000000054f4a
Faulting process id: 0x5e3c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (07/19/2012 08:46:16 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2012 08:18:45 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2012 07:44:57 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2012 07:14:49 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2012 06:44:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2012 06:44:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/19/2012 06:44:36 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/19/2012 06:44:36 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/19/2012 06:44:36 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/19/2012 06:44:36 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (07/19/2012 08:00:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\darrin watson\Downloads\esetsmartinstaller_enu.exe

Error: (07/19/2012 08:00:26 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\darrin watson\Downloads\esetsmartinstaller_enu.exe

Error: (07/19/2012 06:46:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2012 06:40:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2012 00:39:23 PM) (Source: Application Error)(User: )
Description: NFS11.exe1.0.5.04dc1385anvd3dum.dll8.17.12.96104f4e5190c0000005003b369a467801cd6585274ca0a0c:\program files (x86)\steam\steamapps\common\need for speed hot pursuit\NFS11.exeC:\Windows\system32\nvd3dum.dll70861ce6-d1d9-11e1-83c2-4061868e72b3

Error: (07/18/2012 10:12:59 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.177254ec4aa8ec00000050000000000054f4a5e3c01cd65087e49f207C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dlld275d598-d0fb-11e1-83c2-4061868e72b3


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
µTorrent (Version: 3.1.3)
Bing Bar (Version: 7.1.382.0)
Blacklight Retribution (Version: 1.00.9500)
Combined Community Codec Pack 2011-11-11 (Version: 2011.11.11.0)
D3DX10 (Version: 15.4.2368.0902)
Diablo III (Version: 1.0.3.10485)
ESET Online Scanner v3
Fallout: New Vegas
From Dust
HOARD
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
La Tale
Mal Updater 2.80
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MapleStory
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Mumble 1.2.3 (Version: 1.2.3)
Need for Speed: Hot Pursuit
Nexon Game Manager
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA 3D Vision Driver 296.10 (Version: 296.10)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9610)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
OGPlanet Game Launcher (Version: 1.0.0)
OpenAL
Pando Media Booster (Version: 2.6.0.7)
Path of Exile (Version: 0.9.9.16773)
PunkBuster Services (Version: 0.992)
SecondLifeViewer (remove only)
Skype Click to Call (Version: 6.0.10297)
Skype™ 5.9 (Version: 5.9.115)
Steam (Version: 1.0.0.0)
STOnline (Version: 1.0000)
System Requirements Lab CYRI (Version: 4.5.1.0)
Team Fortress 2
TERA (Version: 1.38)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.20 beta 1 (64-bit) (Version: 4.20.1)
Wisdom-soft ScreenHunter 6.0 Free
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8151.12 MB
Available physical RAM: 5981.35 MB
Total Pagefile: 16300.43 MB
Available Pagefile: 14169.95 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.63 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:172.03 GB) NTFS
3 Drive e: (backup) (Fixed) (Total:1.12 GB) (Free:1 GB) NTFS
4 Drive f: () (Fixed) (Total:36.13 GB) (Free:0.87 GB) NTFS

========================= Users: ========================================

User accounts for \\DARRINWATSON-PC

Administrator darrin watson Guest
UpdatusUser


**** End of log ****



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Farbar Service Scanner Version: 19-07-2012
Ran by darrin watson (administrator) on 19-07-2012 at 20:57:20
Running from "C:\Users\darrin watson\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



# AdwCleaner v1.703 - Logfile created 07/19/2012 at 21:00:34
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : darrin watson - DARRINWATSON-PC
# Running from : C:\Users\darrin watson\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\darrin watson\AppData\Local\Conduit
Folder Deleted : C:\Users\darrin watson\AppData\LocalLow\Conduit
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Conduit

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\darrin watson\AppData\Roaming\Mozilla\Firefox\Profiles\t49khvpb.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [293 octets] - [19/07/2012 20:59:53]
AdwCleaner[S2].txt - [1265 octets] - [19/07/2012 21:00:34]

########## EOF - C:\AdwCleaner[S2].txt - [1393 octets] ##########

Let me know if i missed one.. Think thats all 4.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:18 AM

Posted 19 July 2012 - 11:19 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Post the new system look log

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\darrin watson\AppData\Local\{d3ce39da-3f1b-26fa-6ad0-30be140a5b3e}
C:\Windows\Installer\{d3ce39da-3f1b-26fa-6ad0-30be140a5b3e}

delete the folders

Download

MpsSvc
BFE
wscsvc
defender
Shared access
BITS
Wuauserv


Launch them ,click YES when you get UAC prompt

restart the PC and post the new FSS log


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#9 darrin683

darrin683
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 19 July 2012 - 11:27 PM

Post the new system look log

Can you help me with this? do i just open system look and re-enter the lines from the previous post? Or what am i suppose to do here. Sorry~

#10 darrin683

darrin683
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 19 July 2012 - 11:29 PM

Also you said use this

filename:sevices.bat
Save as type:All types

i don't mean to judge you or ask questions, but i do "sevices" and not "services" right?

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:18 AM

Posted 19 July 2012 - 11:31 PM

Can you help me with this? do i just open system look and re-enter the lines from the previous post? Or what am i suppose to do here. Sorry~


yes :thumbup2:

i don't mean to judge you or ask questions, but i do "sevices" and not "services" right?


Sorry for typo.Yes it is services.You can type whichever name you like :lol: Make sure to save it as .BAT extension

#12 darrin683

darrin683
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 19 July 2012 - 11:40 PM

i can't delete
C:\Windows\Installer\{d3ce39da-3f1b-26fa-6ad0-30be140a5b3e}
Says its running in another program


i went inside the folder deleted everything except a file called @
It says its running in services.exe

Edited by darrin683, 19 July 2012 - 11:41 PM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:18 AM

Posted 19 July 2012 - 11:46 PM

Restart the PC and delete it

#14 darrin683

darrin683
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 19 July 2012 - 11:47 PM

i managed to deleted it by ending the services.exe process~ but this made my pc restart after 1minute. I checked and both folders are gone. Im going to continue with your steps now.

#15 darrin683

darrin683
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 AM

Posted 20 July 2012 - 12:05 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 21:35 on 19/07/2012 by darrin watson
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{d3ce39da-3f1b-26fa-6ad0-30be140a5b3e}"
C:\Users\darrin watson\AppData\Local\{d3ce39da-3f1b-26fa-6ad0-30be140a5b3e} d--hs-- [15:43 02/05/2012]
C:\Windows\Installer\{d3ce39da-3f1b-26fa-6ad0-30be140a5b3e} d--hs-- [15:43 02/05/2012]

-= EOF =-




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Farbar Service Scanner Version: 19-07-2012
Ran by darrin watson (administrator) on 19-07-2012 at 21:53:29
Running from "C:\Users\darrin watson\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users