Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64/Sirefef


  • Please log in to reply
10 replies to this topic

#1 Daiquiri

Daiquiri

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 19 July 2012 - 09:58 PM

Microsoft windows essential found a virus win64/sirefef and many of its variants, but is unable to remove it properly.
Every time I try to remove the virus/Trojan, the computer says "Windows has encountered a critical problem and will restart in one minute." I then need to do a system restore to stop the message from appearing when I restart the computer.

Any help is appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:53 PM

Posted 19 July 2012 - 11:24 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 20 July 2012 - 09:52 AM

TDSSKiller LOG

02:13:01.0357 3776 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
02:13:01.0863 3776 ============================================================
02:13:01.0863 3776 Current date / time: 2012/07/20 02:13:01.0863
02:13:01.0863 3776 SystemInfo:
02:13:01.0863 3776
02:13:01.0863 3776 OS Version: 6.1.7601 ServicePack: 1.0
02:13:01.0863 3776 Product type: Workstation
02:13:01.0863 3776 ComputerName: INFINITY-HP
02:13:01.0863 3776 UserName: GMC
02:13:01.0863 3776 Windows directory: C:\Windows
02:13:01.0863 3776 System windows directory: C:\Windows
02:13:01.0863 3776 Running under WOW64
02:13:01.0863 3776 Processor architecture: Intel x64
02:13:01.0863 3776 Number of processors: 2
02:13:01.0863 3776 Page size: 0x1000
02:13:01.0863 3776 Boot type: Normal boot
02:13:01.0863 3776 ============================================================
02:13:02.0674 3776 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:13:02.0689 3776 ============================================================
02:13:02.0689 3776 \Device\Harddisk0\DR0:
02:13:02.0689 3776 MBR partitions:
02:13:02.0689 3776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
02:13:02.0689 3776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x22EBA000
02:13:02.0689 3776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x22F1E000, BlocksNum 0x1D20800
02:13:02.0689 3776 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x24C3E800, BlocksNum 0x7EFAB0
02:13:02.0689 3776 ============================================================
02:13:02.0752 3776 C: <-> \Device\Harddisk0\DR0\Partition1
02:13:02.0799 3776 D: <-> \Device\Harddisk0\DR0\Partition2
02:13:02.0814 3776 E: <-> \Device\Harddisk0\DR0\Partition3
02:13:02.0814 3776 ============================================================
02:13:02.0814 3776 Initialize success
02:13:02.0814 3776 ============================================================
02:13:12.0108 3196 ============================================================
02:13:12.0108 3196 Scan started
02:13:12.0108 3196 Mode: Manual; TDLFS;
02:13:12.0108 3196 ============================================================
02:13:14.0312 3196 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:13:14.0320 3196 1394ohci - ok
02:13:14.0421 3196 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:13:14.0427 3196 ACPI - ok
02:13:14.0477 3196 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:13:14.0480 3196 AcpiPmi - ok
02:13:14.0603 3196 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
02:13:14.0612 3196 adp94xx - ok
02:13:14.0758 3196 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
02:13:14.0769 3196 adpahci - ok
02:13:14.0837 3196 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
02:13:14.0843 3196 adpu320 - ok
02:13:14.0889 3196 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:13:14.0891 3196 AeLookupSvc - ok
02:13:15.0012 3196 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
02:13:15.0014 3196 AERTFilters - ok
02:13:15.0142 3196 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:13:15.0161 3196 AFD - ok
02:13:15.0238 3196 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:13:15.0243 3196 agp440 - ok
02:13:15.0307 3196 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:13:15.0319 3196 ALG - ok
02:13:15.0389 3196 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:13:15.0392 3196 aliide - ok
02:13:15.0470 3196 AMD External Events Utility (814e7787e2a80f0c9b4c528f628153d1) C:\Windows\system32\atiesrxx.exe
02:13:15.0475 3196 AMD External Events Utility - ok
02:13:15.0528 3196 AMD FUEL Service - ok
02:13:15.0599 3196 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:13:15.0603 3196 amdide - ok
02:13:15.0623 3196 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
02:13:15.0625 3196 amdiox64 - ok
02:13:15.0707 3196 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
02:13:15.0709 3196 AmdK8 - ok
02:13:16.0520 3196 amdkmdag (8e1f914e0c802e4e28affc30bbfe8439) C:\Windows\system32\DRIVERS\atikmdag.sys
02:13:16.0779 3196 amdkmdag - ok
02:13:17.0091 3196 amdkmdap (2a3fca5a0bf17202c2debbb898672769) C:\Windows\system32\DRIVERS\atikmpag.sys
02:13:17.0096 3196 amdkmdap - ok
02:13:17.0159 3196 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:13:17.0160 3196 AmdPPM - ok
02:13:17.0225 3196 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:13:17.0236 3196 amdsata - ok
02:13:17.0323 3196 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
02:13:17.0327 3196 amdsbs - ok
02:13:17.0359 3196 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:13:17.0360 3196 amdxata - ok
02:13:17.0406 3196 amd_sata (f9d46b6b322708bd5afcc8767ebdc901) C:\Windows\system32\DRIVERS\amd_sata.sys
02:13:17.0408 3196 amd_sata - ok
02:13:17.0478 3196 amd_xata (329cc9c7e20deebcd4cd10816193ef14) C:\Windows\system32\DRIVERS\amd_xata.sys
02:13:17.0480 3196 amd_xata - ok
02:13:17.0565 3196 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:13:17.0569 3196 AppID - ok
02:13:17.0599 3196 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:13:17.0609 3196 AppIDSvc - ok
02:13:17.0714 3196 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:13:17.0716 3196 Appinfo - ok
02:13:17.0805 3196 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
02:13:17.0809 3196 arc - ok
02:13:17.0856 3196 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
02:13:17.0856 3196 arcsas - ok
02:13:18.0038 3196 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:13:18.0093 3196 aspnet_state - ok
02:13:18.0160 3196 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:13:18.0163 3196 AsyncMac - ok
02:13:18.0212 3196 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:13:18.0213 3196 atapi - ok
02:13:18.0381 3196 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:13:18.0409 3196 AudioEndpointBuilder - ok
02:13:18.0426 3196 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:13:18.0434 3196 AudioSrv - ok
02:13:18.0516 3196 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:13:18.0527 3196 AxInstSV - ok
02:13:18.0642 3196 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
02:13:18.0650 3196 b06bdrv - ok
02:13:18.0791 3196 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:13:18.0796 3196 b57nd60a - ok
02:13:19.0028 3196 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
02:13:19.0071 3196 BCM43XX - ok
02:13:19.0119 3196 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:13:19.0123 3196 BDESVC - ok
02:13:19.0223 3196 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:13:19.0225 3196 Beep - ok
02:13:19.0378 3196 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
02:13:19.0395 3196 BITS - ok
02:13:19.0510 3196 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
02:13:19.0512 3196 blbdrive - ok
02:13:19.0738 3196 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:13:19.0743 3196 bowser - ok
02:13:19.0849 3196 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
02:13:19.0851 3196 BrFiltLo - ok
02:13:19.0873 3196 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
02:13:19.0889 3196 BrFiltUp - ok
02:13:20.0100 3196 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:13:20.0114 3196 Browser - ok
02:13:20.0366 3196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:13:20.0414 3196 Brserid - ok
02:13:20.0605 3196 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:13:20.0618 3196 BrSerWdm - ok
02:13:20.0710 3196 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:13:20.0712 3196 BrUsbMdm - ok
02:13:20.0842 3196 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:13:20.0858 3196 BrUsbSer - ok
02:13:21.0179 3196 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
02:13:21.0229 3196 BTHMODEM - ok
02:13:21.0416 3196 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:13:21.0431 3196 bthserv - ok
02:13:21.0503 3196 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:13:21.0507 3196 cdfs - ok
02:13:21.0609 3196 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
02:13:21.0612 3196 cdrom - ok
02:13:21.0692 3196 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:13:21.0698 3196 CertPropSvc - ok
02:13:21.0763 3196 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
02:13:21.0765 3196 circlass - ok
02:13:21.0890 3196 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:13:21.0912 3196 CLFS - ok
02:13:21.0998 3196 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:13:22.0004 3196 clr_optimization_v2.0.50727_32 - ok
02:13:22.0075 3196 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:13:22.0081 3196 clr_optimization_v2.0.50727_64 - ok
02:13:22.0190 3196 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:13:22.0249 3196 clr_optimization_v4.0.30319_32 - ok
02:13:22.0381 3196 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:13:22.0419 3196 clr_optimization_v4.0.30319_64 - ok
02:13:22.0462 3196 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
02:13:22.0463 3196 clwvd - ok
02:13:22.0523 3196 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
02:13:22.0524 3196 CmBatt - ok
02:13:22.0551 3196 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:13:22.0555 3196 cmdide - ok
02:13:22.0723 3196 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
02:13:22.0786 3196 CNG - ok
02:13:22.0846 3196 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
02:13:22.0848 3196 Compbatt - ok
02:13:22.0913 3196 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:13:22.0915 3196 CompositeBus - ok
02:13:22.0937 3196 COMSysApp - ok
02:13:22.0976 3196 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
02:13:22.0979 3196 crcdisk - ok
02:13:23.0058 3196 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
02:13:23.0063 3196 CryptSvc - ok
02:13:23.0203 3196 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
02:13:23.0205 3196 dc3d - ok
02:13:23.0568 3196 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:13:23.0594 3196 DcomLaunch - ok
02:13:23.0814 3196 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:13:23.0828 3196 defragsvc - ok
02:13:24.0044 3196 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:13:24.0059 3196 DfsC - ok
02:13:24.0287 3196 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:13:24.0297 3196 Dhcp - ok
02:13:24.0377 3196 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:13:24.0382 3196 discache - ok
02:13:24.0540 3196 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
02:13:24.0542 3196 Disk - ok
02:13:24.0861 3196 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:13:24.0885 3196 Dnscache - ok
02:13:24.0951 3196 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:13:24.0983 3196 dot3svc - ok
02:13:25.0124 3196 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:13:25.0124 3196 DPS - ok
02:13:25.0217 3196 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:13:25.0217 3196 drmkaud - ok
02:13:25.0432 3196 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:13:25.0444 3196 DXGKrnl - ok
02:13:25.0488 3196 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:13:25.0498 3196 EapHost - ok
02:13:26.0348 3196 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
02:13:26.0433 3196 ebdrv - ok
02:13:26.0646 3196 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:13:26.0649 3196 EFS - ok
02:13:26.0832 3196 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:13:26.0844 3196 ehRecvr - ok
02:13:26.0882 3196 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:13:26.0885 3196 ehSched - ok
02:13:27.0052 3196 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
02:13:27.0072 3196 elxstor - ok
02:13:27.0105 3196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:13:27.0108 3196 ErrDev - ok
02:13:27.0228 3196 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:13:27.0235 3196 EventSystem - ok
02:13:27.0302 3196 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:13:27.0306 3196 exfat - ok
02:13:27.0346 3196 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:13:27.0350 3196 fastfat - ok
02:13:27.0486 3196 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:13:27.0509 3196 Fax - ok
02:13:27.0569 3196 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
02:13:27.0572 3196 fdc - ok
02:13:27.0592 3196 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:13:27.0594 3196 fdPHost - ok
02:13:27.0609 3196 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:13:27.0609 3196 FDResPub - ok
02:13:27.0687 3196 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:13:27.0687 3196 FileInfo - ok
02:13:27.0718 3196 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:13:27.0718 3196 Filetrace - ok
02:13:27.0796 3196 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
02:13:27.0796 3196 flpydisk - ok
02:13:27.0859 3196 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:13:27.0874 3196 FltMgr - ok
02:13:28.0058 3196 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:13:28.0099 3196 FontCache - ok
02:13:28.0167 3196 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:13:28.0171 3196 FontCache3.0.0.0 - ok
02:13:28.0240 3196 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:13:28.0244 3196 FsDepends - ok
02:13:28.0285 3196 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
02:13:28.0287 3196 Fs_Rec - ok
02:13:28.0374 3196 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:13:28.0378 3196 fvevol - ok
02:13:28.0447 3196 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
02:13:28.0450 3196 gagp30kx - ok
02:13:28.0585 3196 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
02:13:28.0598 3196 GamesAppService - ok
02:13:28.0725 3196 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:13:28.0765 3196 gpsvc - ok
02:13:28.0850 3196 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:13:28.0853 3196 hcw85cir - ok
02:13:28.0959 3196 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:13:28.0968 3196 HdAudAddService - ok
02:13:29.0042 3196 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:13:29.0044 3196 HDAudBus - ok
02:13:29.0067 3196 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
02:13:29.0069 3196 HidBatt - ok
02:13:29.0104 3196 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
02:13:29.0116 3196 HidBth - ok
02:13:29.0165 3196 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
02:13:29.0167 3196 HidIr - ok
02:13:29.0209 3196 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
02:13:29.0211 3196 hidserv - ok
02:13:29.0262 3196 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:13:29.0263 3196 HidUsb - ok
02:13:29.0293 3196 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:13:29.0298 3196 hkmsvc - ok
02:13:29.0346 3196 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:13:29.0352 3196 HomeGroupListener - ok
02:13:29.0453 3196 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:13:29.0461 3196 HomeGroupProvider - ok
02:13:29.0647 3196 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
02:13:29.0649 3196 HP Support Assistant Service - ok
02:13:29.0851 3196 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
02:13:29.0857 3196 HPClientSvc - ok
02:13:29.0972 3196 hpqwmiex (5ec22cec65aa3c2c38327472fd5a27d2) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
02:13:29.0981 3196 hpqwmiex - ok
02:13:30.0303 3196 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:13:30.0307 3196 HpSAMD - ok
02:13:30.0398 3196 HPWMISVC (171000873eb522e5ea3dd4c4e0b689b2) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
02:13:30.0399 3196 HPWMISVC - ok
02:13:30.0620 3196 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:13:30.0646 3196 HTTP - ok
02:13:30.0662 3196 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:13:30.0663 3196 hwpolicy - ok
02:13:30.0727 3196 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
02:13:30.0730 3196 i8042prt - ok
02:13:30.0847 3196 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:13:30.0855 3196 iaStorV - ok
02:13:31.0213 3196 IconMan_R (e4693409d06785477a49fb34afae1b92) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
02:13:31.0286 3196 IconMan_R - ok
02:13:31.0522 3196 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:13:31.0540 3196 idsvc - ok
02:13:31.0753 3196 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
02:13:31.0776 3196 iirsp - ok
02:13:32.0378 3196 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:13:32.0420 3196 IKEEXT - ok
02:13:32.0803 3196 IntcAzAudAddService (336c3a6bf14d5a9af35af07c6b6b29cd) C:\Windows\system32\drivers\RTKVHD64.sys
02:13:32.0828 3196 IntcAzAudAddService - ok
02:13:33.0019 3196 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:13:33.0023 3196 intelide - ok
02:13:33.0098 3196 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
02:13:33.0098 3196 intelppm - ok
02:13:33.0174 3196 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:13:33.0178 3196 IPBusEnum - ok
02:13:33.0216 3196 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:13:33.0221 3196 IpFilterDriver - ok
02:13:33.0295 3196 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:13:33.0311 3196 IPMIDRV - ok
02:13:33.0385 3196 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:13:33.0394 3196 IPNAT - ok
02:13:33.0438 3196 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:13:33.0440 3196 IRENUM - ok
02:13:33.0513 3196 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:13:33.0515 3196 isapnp - ok
02:13:33.0575 3196 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:13:33.0582 3196 iScsiPrt - ok
02:13:33.0639 3196 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:13:33.0641 3196 kbdclass - ok
02:13:33.0657 3196 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
02:13:33.0660 3196 kbdhid - ok
02:13:33.0735 3196 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:13:33.0737 3196 KeyIso - ok
02:13:33.0809 3196 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
02:13:33.0812 3196 KSecDD - ok
02:13:33.0897 3196 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
02:13:33.0901 3196 KSecPkg - ok
02:13:33.0954 3196 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:13:33.0956 3196 ksthunk - ok
02:13:34.0065 3196 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:13:34.0077 3196 KtmRm - ok
02:13:34.0185 3196 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
02:13:34.0196 3196 LanmanServer - ok
02:13:34.0270 3196 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:13:34.0270 3196 LanmanWorkstation - ok
02:13:34.0348 3196 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:13:34.0348 3196 lltdio - ok
02:13:34.0457 3196 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:13:34.0480 3196 lltdsvc - ok
02:13:34.0535 3196 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:13:34.0538 3196 lmhosts - ok
02:13:34.0612 3196 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
02:13:34.0623 3196 LSI_FC - ok
02:13:34.0663 3196 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
02:13:34.0667 3196 LSI_SAS - ok
02:13:34.0691 3196 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
02:13:34.0700 3196 LSI_SAS2 - ok
02:13:34.0738 3196 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
02:13:34.0748 3196 LSI_SCSI - ok
02:13:34.0808 3196 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:13:34.0811 3196 luafv - ok
02:13:34.0880 3196 lxec_device - ok
02:13:34.0951 3196 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
02:13:34.0952 3196 MBAMProtector - ok
02:13:35.0124 3196 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:13:35.0136 3196 MBAMService - ok
02:13:35.0214 3196 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:13:35.0220 3196 Mcx2Svc - ok
02:13:35.0348 3196 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
02:13:35.0355 3196 MDM - ok
02:13:35.0384 3196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
02:13:35.0386 3196 megasas - ok
02:13:35.0512 3196 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
02:13:35.0519 3196 MegaSR - ok
02:13:35.0576 3196 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:13:35.0580 3196 MMCSS - ok
02:13:35.0647 3196 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:13:35.0660 3196 Modem - ok
02:13:35.0744 3196 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:13:35.0746 3196 monitor - ok
02:13:35.0879 3196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:13:35.0880 3196 mouclass - ok
02:13:35.0953 3196 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:13:35.0956 3196 mouhid - ok
02:13:35.0996 3196 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:13:35.0999 3196 mountmgr - ok
02:13:36.0153 3196 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:13:36.0170 3196 MozillaMaintenance - ok
02:13:36.0258 3196 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:13:36.0286 3196 mpio - ok
02:13:36.0379 3196 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:13:36.0384 3196 mpsdrv - ok
02:13:36.0428 3196 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:13:36.0446 3196 MRxDAV - ok
02:13:36.0529 3196 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:13:36.0534 3196 mrxsmb - ok
02:13:36.0646 3196 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:13:36.0668 3196 mrxsmb10 - ok
02:13:36.0779 3196 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:13:36.0796 3196 mrxsmb20 - ok
02:13:36.0836 3196 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:13:36.0837 3196 msahci - ok
02:13:36.0912 3196 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:13:36.0916 3196 msdsm - ok
02:13:36.0975 3196 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:13:36.0982 3196 MSDTC - ok
02:13:37.0090 3196 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:13:37.0093 3196 Msfs - ok
02:13:37.0151 3196 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:13:37.0153 3196 mshidkmdf - ok
02:13:37.0176 3196 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:13:37.0177 3196 msisadrv - ok
02:13:37.0278 3196 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:13:37.0285 3196 MSiSCSI - ok
02:13:37.0297 3196 msiserver - ok
02:13:37.0388 3196 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:13:37.0392 3196 MSKSSRV - ok
02:13:37.0415 3196 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:13:37.0418 3196 MSPCLOCK - ok
02:13:37.0457 3196 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:13:37.0460 3196 MSPQM - ok
02:13:37.0543 3196 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:13:37.0550 3196 MsRPC - ok
02:13:37.0640 3196 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:13:37.0641 3196 mssmbios - ok
02:13:37.0664 3196 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:13:37.0666 3196 MSTEE - ok
02:13:38.0665 3196 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
02:13:38.0954 3196 msvsmon90 - ok
02:13:39.0142 3196 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
02:13:39.0157 3196 MTConfig - ok
02:13:39.0235 3196 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:13:39.0235 3196 Mup - ok
02:13:39.0412 3196 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:13:39.0428 3196 napagent - ok
02:13:39.0552 3196 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:13:39.0560 3196 NativeWifiP - ok
02:13:39.0808 3196 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
02:13:39.0824 3196 NDIS - ok
02:13:39.0903 3196 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:13:39.0905 3196 NdisCap - ok
02:13:39.0927 3196 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:13:39.0929 3196 NdisTapi - ok
02:13:39.0946 3196 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:13:39.0948 3196 Ndisuio - ok
02:13:39.0985 3196 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:13:40.0021 3196 NdisWan - ok
02:13:40.0044 3196 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:13:40.0047 3196 NDProxy - ok
02:13:40.0095 3196 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:13:40.0097 3196 NetBIOS - ok
02:13:40.0146 3196 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:13:40.0166 3196 NetBT - ok
02:13:40.0201 3196 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:13:40.0203 3196 Netlogon - ok
02:13:40.0285 3196 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:13:40.0290 3196 Netman - ok
02:13:40.0462 3196 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:13:40.0477 3196 NetMsmqActivator - ok
02:13:40.0477 3196 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:13:40.0477 3196 NetPipeActivator - ok
02:13:40.0587 3196 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:13:40.0602 3196 netprofm - ok
02:13:40.0618 3196 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:13:40.0618 3196 NetTcpActivator - ok
02:13:40.0633 3196 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:13:40.0633 3196 NetTcpPortSharing - ok
02:13:40.0758 3196 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
02:13:40.0774 3196 nfrd960 - ok
02:13:40.0883 3196 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:13:40.0937 3196 NlaSvc - ok
02:13:40.0997 3196 nlsX86cc - ok
02:13:41.0041 3196 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:13:41.0042 3196 Npfs - ok
02:13:41.0064 3196 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:13:41.0067 3196 nsi - ok
02:13:41.0081 3196 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:13:41.0083 3196 nsiproxy - ok
02:13:41.0302 3196 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:13:41.0355 3196 Ntfs - ok
02:13:41.0546 3196 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:13:41.0548 3196 Null - ok
02:13:41.0609 3196 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
02:13:41.0616 3196 NVENETFD - ok
02:13:41.0685 3196 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:13:41.0689 3196 nvraid - ok
02:13:41.0808 3196 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:13:41.0812 3196 nvstor - ok
02:13:41.0885 3196 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:13:41.0885 3196 nv_agp - ok
02:13:41.0916 3196 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:13:41.0916 3196 ohci1394 - ok
02:13:42.0025 3196 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:13:42.0025 3196 ose64 - ok
02:13:42.0504 3196 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:13:42.0648 3196 osppsvc - ok
02:13:42.0914 3196 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:13:42.0925 3196 p2pimsvc - ok
02:13:43.0004 3196 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:13:43.0015 3196 p2psvc - ok
02:13:43.0074 3196 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
02:13:43.0084 3196 Parport - ok
02:13:43.0128 3196 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
02:13:43.0128 3196 partmgr - ok
02:13:43.0175 3196 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:13:43.0175 3196 PcaSvc - ok
02:13:43.0253 3196 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:13:43.0253 3196 pci - ok
02:13:43.0284 3196 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:13:43.0284 3196 pciide - ok
02:13:43.0365 3196 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
02:13:43.0370 3196 pcmcia - ok
02:13:43.0400 3196 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:13:43.0402 3196 pcw - ok
02:13:43.0485 3196 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:13:43.0496 3196 PEAUTH - ok
02:13:43.0635 3196 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:13:43.0640 3196 PerfHost - ok
02:13:43.0955 3196 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:13:43.0999 3196 pla - ok
02:13:44.0109 3196 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:13:44.0118 3196 PlugPlay - ok
02:13:44.0139 3196 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:13:44.0143 3196 PNRPAutoReg - ok
02:13:44.0198 3196 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:13:44.0203 3196 PNRPsvc - ok
02:13:44.0338 3196 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
02:13:44.0338 3196 Point64 - ok
02:13:44.0448 3196 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:13:44.0463 3196 PolicyAgent - ok
02:13:44.0550 3196 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:13:44.0556 3196 Power - ok
02:13:44.0605 3196 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:13:44.0608 3196 PptpMiniport - ok
02:13:44.0637 3196 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
02:13:44.0639 3196 Processor - ok
02:13:44.0715 3196 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
02:13:44.0748 3196 ProfSvc - ok
02:13:44.0833 3196 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:13:44.0837 3196 ProtectedStorage - ok
02:13:44.0905 3196 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:13:44.0909 3196 Psched - ok
02:13:45.0141 3196 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
02:13:45.0182 3196 ql2300 - ok
02:13:45.0395 3196 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
02:13:45.0403 3196 ql40xx - ok
02:13:45.0474 3196 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:13:45.0486 3196 QWAVE - ok
02:13:45.0497 3196 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:13:45.0497 3196 QWAVEdrv - ok
02:13:45.0528 3196 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:13:45.0528 3196 RasAcd - ok
02:13:45.0577 3196 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:13:45.0579 3196 RasAgileVpn - ok
02:13:45.0604 3196 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:13:45.0616 3196 RasAuto - ok
02:13:45.0673 3196 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:13:45.0681 3196 Rasl2tp - ok
02:13:45.0734 3196 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:13:45.0743 3196 RasMan - ok
02:13:45.0773 3196 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:13:45.0776 3196 RasPppoe - ok
02:13:45.0807 3196 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:13:45.0810 3196 RasSstp - ok
02:13:45.0856 3196 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:13:45.0862 3196 rdbss - ok
02:13:45.0888 3196 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
02:13:45.0891 3196 rdpbus - ok
02:13:45.0941 3196 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:13:45.0943 3196 RDPCDD - ok
02:13:45.0963 3196 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:13:45.0964 3196 RDPENCDD - ok
02:13:46.0017 3196 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:13:46.0019 3196 RDPREFMP - ok
02:13:46.0084 3196 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
02:13:46.0089 3196 RDPWD - ok
02:13:46.0165 3196 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:13:46.0169 3196 rdyboost - ok
02:13:46.0334 3196 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:13:46.0339 3196 RemoteAccess - ok
02:13:46.0393 3196 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:13:46.0399 3196 RemoteRegistry - ok
02:13:46.0511 3196 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
02:13:46.0518 3196 RoxioNow Service - ok
02:13:46.0554 3196 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:13:46.0558 3196 RpcEptMapper - ok
02:13:46.0581 3196 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:13:46.0584 3196 RpcLocator - ok
02:13:46.0665 3196 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:13:46.0673 3196 RpcSs - ok
02:13:46.0841 3196 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
02:13:46.0845 3196 RSPCIESTOR - ok
02:13:46.0892 3196 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:13:46.0895 3196 rspndr - ok
02:13:47.0025 3196 RTL8167 (3372196f61af48503656ef6aa3e92d1b) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:13:47.0031 3196 RTL8167 - ok
02:13:47.0233 3196 RTL8192Ce (507b708a731ded6b992e3f664a93288b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
02:13:47.0246 3196 RTL8192Ce - ok
02:13:47.0289 3196 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:13:47.0292 3196 SamSs - ok
02:13:47.0343 3196 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:13:47.0346 3196 sbp2port - ok
02:13:47.0408 3196 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:13:47.0415 3196 SCardSvr - ok
02:13:47.0472 3196 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:13:47.0477 3196 scfilter - ok
02:13:47.0630 3196 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:13:47.0666 3196 Schedule - ok
02:13:47.0714 3196 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:13:47.0717 3196 SCPolicySvc - ok
02:13:47.0819 3196 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
02:13:47.0823 3196 sdbus - ok
02:13:47.0870 3196 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:13:47.0885 3196 SDRSVC - ok
02:13:47.0932 3196 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:13:47.0932 3196 secdrv - ok
02:13:47.0948 3196 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:13:47.0963 3196 seclogon - ok
02:13:47.0988 3196 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
02:13:47.0995 3196 SENS - ok
02:13:48.0063 3196 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:13:48.0068 3196 SensrSvc - ok
02:13:48.0120 3196 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
02:13:48.0123 3196 Serenum - ok
02:13:48.0155 3196 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
02:13:48.0167 3196 Serial - ok
02:13:48.0236 3196 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
02:13:48.0240 3196 sermouse - ok
02:13:48.0315 3196 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:13:48.0324 3196 SessionEnv - ok
02:13:48.0350 3196 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:13:48.0352 3196 sffdisk - ok
02:13:48.0372 3196 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:13:48.0374 3196 sffp_mmc - ok
02:13:48.0410 3196 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:13:48.0412 3196 sffp_sd - ok
02:13:48.0474 3196 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
02:13:48.0476 3196 sfloppy - ok
02:13:48.0552 3196 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:13:48.0562 3196 ShellHWDetection - ok
02:13:48.0626 3196 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
02:13:48.0629 3196 SiSRaid2 - ok
02:13:48.0671 3196 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
02:13:48.0675 3196 SiSRaid4 - ok
02:13:48.0738 3196 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:13:48.0741 3196 Smb - ok
02:13:48.0843 3196 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:13:48.0847 3196 SNMPTRAP - ok
02:13:48.0879 3196 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:13:48.0880 3196 spldr - ok
02:13:48.0956 3196 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:13:48.0959 3196 Spooler - ok
02:13:49.0386 3196 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:13:49.0488 3196 sppsvc - ok
02:13:49.0682 3196 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:13:49.0688 3196 sppuinotify - ok
02:13:49.0798 3196 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:13:49.0808 3196 srv - ok
02:13:49.0884 3196 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:13:49.0893 3196 srv2 - ok
02:13:50.0017 3196 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
02:13:50.0035 3196 SrvHsfHDA - ok
02:13:50.0221 3196 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
02:13:50.0268 3196 SrvHsfV92 - ok
02:13:50.0565 3196 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
02:13:50.0589 3196 SrvHsfWinac - ok
02:13:50.0641 3196 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:13:50.0645 3196 srvnet - ok
02:13:50.0707 3196 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:13:50.0713 3196 SSDPSRV - ok
02:13:50.0745 3196 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:13:50.0750 3196 SstpSvc - ok
02:13:50.0819 3196 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
02:13:50.0821 3196 stexstor - ok
02:13:50.0963 3196 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:13:50.0983 3196 stisvc - ok
02:13:51.0020 3196 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:13:51.0022 3196 swenum - ok
02:13:51.0099 3196 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:13:51.0122 3196 swprv - ok
02:13:51.0342 3196 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
02:13:51.0359 3196 SynTP - ok
02:13:51.0864 3196 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:13:51.0908 3196 SysMain - ok
02:13:52.0100 3196 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:13:52.0109 3196 TabletInputService - ok
02:13:52.0163 3196 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:13:52.0172 3196 TapiSrv - ok
02:13:52.0206 3196 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:13:52.0211 3196 TBS - ok
02:13:52.0523 3196 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
02:13:52.0580 3196 Tcpip - ok
02:13:53.0046 3196 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
02:13:53.0069 3196 TCPIP6 - ok
02:13:53.0182 3196 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:13:53.0184 3196 tcpipreg - ok
02:13:53.0210 3196 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:13:53.0213 3196 TDPIPE - ok
02:13:53.0256 3196 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:13:53.0259 3196 TDTCP - ok
02:13:53.0292 3196 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:13:53.0296 3196 tdx - ok
02:13:53.0364 3196 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:13:53.0365 3196 TermDD - ok
02:13:53.0469 3196 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:13:53.0491 3196 TermService - ok
02:13:53.0521 3196 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:13:53.0526 3196 Themes - ok
02:13:53.0572 3196 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:13:53.0576 3196 THREADORDER - ok
02:13:53.0607 3196 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:13:53.0613 3196 TrkWks - ok
02:13:53.0704 3196 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:13:53.0707 3196 TrustedInstaller - ok
02:13:53.0767 3196 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:13:53.0770 3196 tssecsrv - ok
02:13:53.0802 3196 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:13:53.0805 3196 TsUsbFlt - ok
02:13:53.0848 3196 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
02:13:53.0851 3196 TsUsbGD - ok
02:13:53.0915 3196 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:13:53.0918 3196 tunnel - ok
02:13:53.0953 3196 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
02:13:53.0956 3196 uagp35 - ok
02:13:54.0009 3196 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:13:54.0015 3196 udfs - ok
02:13:54.0063 3196 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:13:54.0069 3196 UI0Detect - ok
02:13:54.0134 3196 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:13:54.0137 3196 uliagpkx - ok
02:13:54.0210 3196 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
02:13:54.0213 3196 umbus - ok
02:13:54.0279 3196 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
02:13:54.0281 3196 UmPass - ok
02:13:54.0349 3196 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:13:54.0369 3196 upnphost - ok
02:13:54.0395 3196 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:13:54.0397 3196 usbccgp - ok
02:13:54.0443 3196 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:13:54.0448 3196 usbcir - ok
02:13:54.0476 3196 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
02:13:54.0479 3196 usbehci - ok
02:13:54.0531 3196 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys
02:13:54.0533 3196 usbfilter - ok
02:13:54.0597 3196 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
02:13:54.0604 3196 usbhub - ok
02:13:54.0625 3196 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
02:13:54.0627 3196 usbohci - ok
02:13:54.0687 3196 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:13:54.0689 3196 usbprint - ok
02:13:54.0731 3196 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
02:13:54.0735 3196 usbscan - ok
02:13:54.0766 3196 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:13:54.0769 3196 USBSTOR - ok
02:13:54.0837 3196 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:13:54.0840 3196 usbuhci - ok
02:13:54.0900 3196 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
02:13:54.0916 3196 usbvideo - ok
02:13:54.0947 3196 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:13:54.0947 3196 UxSms - ok
02:13:54.0978 3196 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:13:54.0978 3196 VaultSvc - ok
02:13:55.0025 3196 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:13:55.0025 3196 vdrvroot - ok
02:13:55.0103 3196 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:13:55.0119 3196 vds - ok
02:13:55.0165 3196 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:13:55.0165 3196 vga - ok
02:13:55.0197 3196 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:13:55.0197 3196 VgaSave - ok
02:13:55.0272 3196 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:13:55.0286 3196 vhdmp - ok
02:13:55.0312 3196 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:13:55.0315 3196 viaide - ok
02:13:55.0353 3196 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:13:55.0355 3196 volmgr - ok
02:13:55.0428 3196 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:13:55.0435 3196 volmgrx - ok
02:13:55.0501 3196 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:13:55.0507 3196 volsnap - ok
02:13:55.0603 3196 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
02:13:55.0618 3196 vsmraid - ok
02:13:55.0850 3196 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:13:55.0898 3196 VSS - ok
02:13:56.0094 3196 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:13:56.0096 3196 vwifibus - ok
02:13:56.0124 3196 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:13:56.0126 3196 vwififlt - ok
02:13:56.0174 3196 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
02:13:56.0176 3196 vwifimp - ok
02:13:56.0264 3196 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:13:56.0287 3196 W32Time - ok
02:13:56.0314 3196 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
02:13:56.0316 3196 WacomPen - ok
02:13:56.0401 3196 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:13:56.0404 3196 WANARP - ok
02:13:56.0411 3196 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:13:56.0413 3196 Wanarpv6 - ok
02:13:56.0578 3196 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:13:56.0613 3196 WatAdminSvc - ok
02:13:56.0831 3196 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:13:56.0876 3196 wbengine - ok
02:13:57.0088 3196 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:13:57.0096 3196 WbioSrvc - ok
02:13:57.0161 3196 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:13:57.0171 3196 wcncsvc - ok
02:13:57.0196 3196 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:13:57.0200 3196 WcsPlugInService - ok
02:13:57.0250 3196 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
02:13:57.0253 3196 Wd - ok
02:13:57.0369 3196 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:13:57.0384 3196 Wdf01000 - ok
02:13:57.0416 3196 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:13:57.0431 3196 WdiServiceHost - ok
02:13:57.0431 3196 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:13:57.0431 3196 WdiSystemHost - ok
02:13:57.0491 3196 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:13:57.0498 3196 WebClient - ok
02:13:57.0540 3196 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:13:57.0560 3196 Wecsvc - ok
02:13:57.0590 3196 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:13:57.0596 3196 wercplsupport - ok
02:13:57.0657 3196 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:13:57.0663 3196 WerSvc - ok
02:13:57.0734 3196 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:13:57.0736 3196 WfpLwf - ok
02:13:57.0784 3196 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:13:57.0787 3196 WIMMount - ok
02:13:57.0807 3196 WinHttpAutoProxySvc - ok
02:13:57.0915 3196 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:13:57.0920 3196 Winmgmt - ok
02:13:58.0167 3196 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:13:58.0239 3196 WinRM - ok
02:13:58.0557 3196 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:13:58.0588 3196 Wlansvc - ok
02:13:58.0736 3196 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:13:58.0742 3196 wlcrasvc - ok
02:13:59.0140 3196 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:13:59.0202 3196 wlidsvc - ok
02:13:59.0426 3196 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:13:59.0427 3196 WmiAcpi - ok
02:13:59.0533 3196 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:13:59.0538 3196 wmiApSrv - ok
02:13:59.0586 3196 WMPNetworkSvc - ok
02:13:59.0621 3196 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:13:59.0626 3196 WPCSvc - ok
02:13:59.0662 3196 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:13:59.0667 3196 WPDBusEnum - ok
02:13:59.0699 3196 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:13:59.0699 3196 ws2ifsl - ok
02:13:59.0761 3196 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
02:13:59.0761 3196 WSDPrintDevice - ok
02:13:59.0777 3196 WSearch - ok
02:14:00.0062 3196 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
02:14:00.0137 3196 wuauserv - ok
02:14:00.0349 3196 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:14:00.0353 3196 WudfPf - ok
02:14:00.0443 3196 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:14:00.0460 3196 WUDFRd - ok
02:14:00.0505 3196 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:14:00.0510 3196 wudfsvc - ok
02:14:00.0561 3196 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
02:14:00.0571 3196 WwanSvc - ok
02:14:00.0639 3196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:14:01.0196 3196 \Device\Harddisk0\DR0 - ok
02:14:01.0204 3196 Boot (0x1200) (9c352881702f71dd525a266e91970d31) \Device\Harddisk0\DR0\Partition0
02:14:01.0208 3196 \Device\Harddisk0\DR0\Partition0 - ok
02:14:01.0242 3196 Boot (0x1200) (097ab041a87bb9a44479a5cc626d3d12) \Device\Harddisk0\DR0\Partition1
02:14:01.0245 3196 \Device\Harddisk0\DR0\Partition1 - ok
02:14:01.0278 3196 Boot (0x1200) (69b0e10430a5d09a0a30cacbae4d1c72) \Device\Harddisk0\DR0\Partition2
02:14:01.0281 3196 \Device\Harddisk0\DR0\Partition2 - ok
02:14:01.0306 3196 Boot (0x1200) (a5d32098943a8ce1b4887f1d9a11afe0) \Device\Harddisk0\DR0\Partition3
02:14:01.0308 3196 \Device\Harddisk0\DR0\Partition3 - ok
02:14:01.0311 3196 ============================================================
02:14:01.0311 3196 Scan finished
02:14:01.0311 3196 ============================================================
02:14:01.0344 3452 Detected object count: 0
02:14:01.0345 3452 Actual detected object count: 0
02:14:45.0074 4020 Deinitialize success

aswMBR LOG

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-20 02:37:20
-----------------------------
02:37:20.904 OS Version: Windows x64 6.1.7601 Service Pack 1
02:37:20.904 Number of processors: 2 586 0x100
02:37:20.906 ComputerName: INFINITY-HP UserName: GMC
02:37:22.944 Initialize success
02:48:29.815 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
02:48:29.825 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 11
02:48:29.840 Disk 0 MBR read successfully
02:48:29.845 Disk 0 MBR scan
02:48:29.850 Disk 0 Windows 7 default MBR code
02:48:29.855 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
02:48:29.865 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 286068 MB offset 409600
02:48:29.900 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14913 MB offset 586276864
02:48:29.920 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 616818688
02:48:29.985 Disk 0 scanning C:\Windows\system32\drivers
02:48:37.715 Service scanning
02:49:36.954 Modules scanning
02:49:36.969 Disk 0 trace - called modules:
02:49:37.029 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
02:49:37.387 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003120790]
02:49:37.406 3 CLASSPNP.SYS[fffff8800198843f] -> nt!IofCallDriver -> [0xfffffa800300b040]
02:49:37.419 5 amd_xata.sys[fffff88001100a1d] -> nt!IofCallDriver -> [0xfffffa8002ffa860]
02:49:37.430 7 ACPI.sys[fffff88000efb7a1] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8002ff79c0]
02:49:37.441 Scan finished successfully
02:50:01.343 Disk 0 MBR has been saved successfully to "C:\Users\GMC\Desktop\MBR.dat"
02:50:01.355 The log file has been saved successfully to "C:\Users\GMC\Desktop\aswMBR.txt"


ESET LOG

C:\Users\Kanayo\AppData\Local\Temp\ICReinstall\cnet2_video2gif_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Kanayo\Downloads\cbaffregistrybooster.exe Win32/RegistryBooster application deleted - quarantined
C:\Users\Kanayo\Downloads\cnet2_video2gif_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Kanayo\Downloads\gimp-setup.exe Win32/DownloadAdmin.A.Gen application cleaned by deleting - quarantined
C:\Users\Kanayo\Downloads\WinRAR.exe multiple threats cleaned by deleting - quarantined
C:\Windows\Installer\{a539af42-94fd-7423-2944-99522a429af2}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{a539af42-94fd-7423-2944-99522a429af2}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{a539af42-94fd-7423-2944-99522a429af2}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{a539af42-94fd-7423-2944-99522a429af2}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined
Operating memory multiple threats

EDIT
I just checked the Windows\Installer folder and the Sirefef trojans are still there. :angry:

Edited by Daiquiri, 20 July 2012 - 10:31 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:53 PM

Posted 20 July 2012 - 10:27 AM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{a539af42-94fd-7423-2944-99522a429af2}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Create a restore point before trying this

Download

adware cleaner

Launch it click on Delete

post the generated log

#5 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 20 July 2012 - 01:44 PM

NOTE
MBAM found and removed the windows/installer file but everytime I restarted the computer and reran MBAM, the virus was still there.
I have restarted the computer at least 3 times after running MBAM and the trojan is found, quarantined, removed but appaprently returns...

SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 10:53 on 20/07/2012 by GMC
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{a539af42-94fd-7423-2944-99522a429af2}"
C:\Users\GMC\AppData\Local\{a539af42-94fd-7423-2944-99522a429af2} d--hs-- [03:35 11/01/2012]
C:\Windows\Installer\{a539af42-94fd-7423-2944-99522a429af2} d--hs-- [03:35 11/01/2012]

-= EOF =-


Minitoolbox


MiniToolBox by Farbar Version: 15-07-2012
Ran by GMC (administrator) on 20-07-2012 at 13:35:45
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188CE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Infinity-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 68-A3-C4-F8-55-99
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 3C-D9-2B-2E-01-9E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8188CE 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 68-A3-C4-F8-55-99
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2602:306:3147:b549:bc88:3109:cc3e:6984(Preferred)
Temporary IPv6 Address. . . . . . : 2602:306:3147:b549:8086:2516:575:3a92(Preferred)
Link-local IPv6 Address . . . . . : fe80::bc88:3109:cc3e:6984%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.201(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, July 20, 2012 1:33:14 PM
Lease Expires . . . . . . . . . . : Saturday, July 21, 2012 1:33:19 PM
Default Gateway . . . . . . . . . : fe80::7644:1ff:fe08:ba5%11
192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 241738692
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D8-7D-25-68-A3-C4-F8-55-99
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{29A29CFF-48E5-4B6D-99DC-46C5BB144648}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{AE917169-427A-4856-96C9-161F73F5AB47}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DF7E84BF-DCB5-4820-9D7B-49633EECBF1A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [2607:f8b0:4007:801::100e] with 32 bytes of data:
Reply from 2607:f8b0:4007:801::100e: time=97ms
Reply from 2607:f8b0:4007:801::100e: time=96ms

Ping statistics for 2607:f8b0:4007:801::100e:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 96ms, Maximum = 97ms, Average = 96ms

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=126ms TTL=51
Reply from 72.30.38.140: bytes=32 time=99ms TTL=51

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 99ms, Maximum = 126ms, Average = 112ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...68 a3 c4 f8 55 99 ......Microsoft Virtual WiFi Miniport Adapter
12...3c d9 2b 2e 01 9e ......Realtek PCIe FE Family Controller
11...68 a3 c4 f8 55 99 ......Realtek RTL8188CE 802.11b/g/n WiFi Adapter
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.201 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.201 281
192.168.1.201 255.255.255.255 On-link 192.168.1.201 281
192.168.1.255 255.255.255.255 On-link 192.168.1.201 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.201 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.201 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 281 ::/0 fe80::7644:1ff:fe08:ba5
1 306 ::1/128 On-link
11 33 2602:306:3147:b549::/64 On-link
11 281 2602:306:3147:b549:8086:2516:575:3a92/128
On-link
11 281 2602:306:3147:b549:bc88:3109:cc3e:6984/128
On-link
11 281 fe80::/64 On-link
11 281 fe80::bc88:3109:cc3e:6984/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/20/2012 01:33:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2012 01:14:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2012 00:57:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2012 07:09:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/20/2012 06:08:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x729dc9f1
Faulting process id: 0x410
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/20/2012 06:07:14 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x729dc9f1
Faulting process id: 0x120
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/20/2012 02:52:48 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/20/2012 02:52:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/20/2012 02:31:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/20/2012 02:19:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (07/20/2012 01:34:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/20/2012 01:33:54 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/20/2012 01:33:54 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/20/2012 01:33:14 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/20/2012 01:33:14 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/20/2012 01:33:14 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/20/2012 01:33:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/20/2012 01:32:10 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/20/2012 01:14:53 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/20/2012 01:14:53 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (07/20/2012 01:33:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2012 01:14:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2012 00:57:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2012 07:09:00 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/20/2012 06:08:18 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005729dc9f141001cd6667f72409a0C:\Windows\SysWOW64\svchost.exeunknown356da9c6-d25b-11e1-aba0-3cd92b2e019e

Error: (07/20/2012 06:07:14 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005729dc9f112001cd6667d03842f8C:\Windows\SysWOW64\svchost.exeunknown0f224427-d25b-11e1-aba0-3cd92b2e019e

Error: (07/20/2012 02:52:48 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\GMC\Downloads\esetsmartinstaller_enu.exe

Error: (07/20/2012 02:52:36 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\GMC\Downloads\esetsmartinstaller_enu.exe

Error: (07/20/2012 02:31:28 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\GMC\Downloads\esetsmartinstaller_enu.exe

Error: (07/20/2012 02:19:20 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\GMC\Downloads\esetsmartinstaller_enu.exe


=========================== Installed Programs ============================

Acoustica Effects Pack (Version: 3.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.4.980)
Adobe Extension Manager CS5.5 (Version: 5.5)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
AMD APP SDK Runtime (Version: 2.4.650.9)
AMD Fuel (Version: 2011.0616.2209.37946)
AMD Media Foundation Decoders (Version: 1.0.60616.2211)
AMD VISION Engine Control Center (Version: 2011.0616.2209.37946)
ATI Catalyst Install Manager (Version: 3.0.829.0)
AVI Player
Bejeweled 3 (Version: 2.2.0.97)
BitTorrent (Version: 7.5.0)
BitTorrentBar Toolbar (Version: 6.8.5.1)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.97)
Blender (Version: 2.63-release)
Blio (Version: 2.2.6699)
Bounce Symphony (Version: 2.2.0.97)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0616.2209.37946)
Catalyst Control Center InstallProxy (Version: 2011.0616.2209.37946)
Catalyst Control Center Localization All (Version: 2011.0616.2209.37946)
ccc-utility64 (Version: 2011.0616.2209.37946)
CCC Help Chinese Standard (Version: 2011.0616.2208.37946)
CCC Help Chinese Traditional (Version: 2011.0616.2208.37946)
CCC Help Czech (Version: 2011.0616.2208.37946)
CCC Help Danish (Version: 2011.0616.2208.37946)
CCC Help Dutch (Version: 2011.0616.2208.37946)
CCC Help English (Version: 2011.0616.2208.37946)
CCC Help Finnish (Version: 2011.0616.2208.37946)
CCC Help French (Version: 2011.0616.2208.37946)
CCC Help German (Version: 2011.0616.2208.37946)
CCC Help Greek (Version: 2011.0616.2208.37946)
CCC Help Hungarian (Version: 2011.0616.2208.37946)
CCC Help Italian (Version: 2011.0616.2208.37946)
CCC Help Japanese (Version: 2011.0616.2208.37946)
CCC Help Korean (Version: 2011.0616.2208.37946)
CCC Help Norwegian (Version: 2011.0616.2208.37946)
CCC Help Polish (Version: 2011.0616.2208.37946)
CCC Help Portuguese (Version: 2011.0616.2208.37946)
CCC Help Russian (Version: 2011.0616.2208.37946)
CCC Help Spanish (Version: 2011.0616.2208.37946)
CCC Help Swedish (Version: 2011.0616.2208.37946)
CCC Help Thai (Version: 2011.0616.2208.37946)
CCC Help Turkish (Version: 2011.0616.2208.37946)
Cheat Engine 6.1
Chronicles of Albian (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cradle of Rome 2 (Version: 2.2.0.95)
CyberLink YouCam (Version: 3.5.1.4119)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dev-C++ 5 beta 9 release (4.9.9.2)
DirectX 8.1 SDK (Version: 8.10.1670)
ESET Online Scanner v3
ESU for Microsoft Windows 7 SP1 (Version: 2.1.1)
Evernote v. 4.2.3 (Version: 4.2.3.22)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.97)
FlashDevelop 4.0.1 (Version: 4.0.1-RTM)
GameMaker 8.1
GIMP 2.6.10 (Version: 2.6.10)
Google Chrome (Version: 20.0.1132.57)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
Hero Fighter
Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.2.5)
HP Launch Box (Version: 1.0.11)
HP MovieStore (Version: 1.0.057)
HP MovieStore (Version: 2.0)
HP On Screen Display (Version: 1.2.2)
HP Power Manager (Version: 1.2.3)
HP Quick Launch (Version: 2.4.4)
HP QuickWeb (Version: 3.1.0.9742)
HP Setup (Version: 8.7.4751.3798)
HP Setup Manager (Version: 1.1.13476.3753)
HP Software Framework (Version: 4.1.7.1)
HP Support Assistant (Version: 6.0.5.4)
IDA Pro Free v5.0
IrfanView (remove only) (Version: 4.32)
ISScript (Version: 3.00.185)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Jewel Quest: The Sleepless Star - Collector's Edition (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Little Fighter 2 version 2.0a
Mah Jong Medley (Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft DirectX 8.1 SDK (Version: 8.10.1670)
Microsoft DirectX 9.0 SDK Update (August 2005) (Version: 9.08.299)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft Visual Basic 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C++ 11 x64 Additional Runtime - 11.0.50214 (Version: 11.0.50214)
Microsoft Visual C++ 11 x64 Debug Runtime - 11.0.50214 (Version: 11.0.50214)
Microsoft Visual C++ 11 x64 Minimum Runtime - 11.0.50214 (Version: 11.0.50214)
Microsoft Visual C++ 11 x86 Additional Runtime - 11.0.50214 (Version: 11.0.50214)
Microsoft Visual C++ 11 x86 Debug Runtime - 11.0.50214 (Version: 11.0.50214)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool (Version: 11.0.50214)
Microsoft Visual Studio 11 Professional Beta (Version: 11.0.50214)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (Version: 1)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
Microsoft Word 2010 (Version: 14.0.6029.1000)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery of Mortlake Mansion (Version: 2.2.0.97)
Namco All-Stars: PAC-MAN (Version: 2.2.0.95)
NetBeans IDE 7.0.1 (Version: 7.0.1)
NTFS Undelete 3.0.3.521
particleIllusion 3.0.4 demo
Penguins! (Version: 2.2.0.95)
PingPlotter Standard 3.40.2s (Version: 3.40.2.5)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.95)
Project64 1.6 (Version: 1.6)
Realtek Ethernet Controller Driver (Version: 7.42.304.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6287)
Realtek PCIE Card Reader (Version: 6.1.7600.77)
REALTEK Wireless LAN Driver (Version: 1.00.11.0323)
Recovery Manager (Version: 2.0.0)
RoxioNow Player (Version: 1.9.5.103)
Runes of Magic (Version: 4.0.8.2506)
Skype™ 5.5 (Version: 5.5.124)
Slingo Supreme (Version: 2.2.0.97)
swMSM (Version: 12.0.0.1)
Synaptics TouchPad Driver (Version: 15.3.11.0)
trakAxPC (Version: 3.01.1)
Unity (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands (Version: 2.2.0.97)
Video to GIF Converter 5.20
Virtual Villagers 5 - New Believers (Version: 2.2.0.97)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VLC media player 1.1.11 (Version: 1.1.11)
WildTangent Games App (HP Games) (Version: 4.0.5.36)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
World of Warcraft (Version: 4.3.0.15050)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 2666.91 MB
Available physical RAM: 1466.05 MB
Total Pagefile: 5332 MB
Available Pagefile: 3965.42 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.52 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:279.36 GB) (Free:158.87 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:14.56 GB) (Free:1.62 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

========================= Users: ========================================

User accounts for \\INFINITY-HP

Administrator GMC Guest
Kanayo


**** End of log ****

FSS


Farbar Service Scanner Version: 19-07-2012
Ran by GMC (administrator) on 20-07-2012 at 13:39:32
Running from "C:\Users\GMC\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 20 July 2012 - 01:49 PM

AdwCleaner

# AdwCleaner v1.703 - Logfile created 07/20/2012 at 13:45:00
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : GMC - INFINITY-HP
# Running from : C:\Users\GMC\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Kanayo\AppData\Local\Conduit
Folder Deleted : C:\Users\Kanayo\AppData\LocalLow\Conduit
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\Conduit
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Users\Kanayo\AppData\Roaming\Mozilla\Firefox\Profiles\l0yoexk8.default\prefs.js

Deleted : user_pref("extensions.efwbjkbewre83sfr3.scode", "(function(){var bdomains={\"search.babylon.com\":1,[...]

Profile name : default
File : C:\Users\GMC\AppData\Roaming\Mozilla\Firefox\Profiles\v6m8jrit.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Kanayo\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT279039[...]
Deleted : "path": "C:\\Users\\Kanayo\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

File : C:\Users\GMC\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]
Deleted : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]
Deleted : "path": "plugins/ConduitChromeApiPlugin.dll",
Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT279039[...]

*************************

AdwCleaner[S1].txt - [2767 octets] - [20/07/2012 13:45:00]

########## EOF - C:\AdwCleaner[S1].txt - [2895 octets] ##########

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:53 PM

Posted 20 July 2012 - 02:08 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Post the new system look log

Click ok,now go to

C:\Users\GMC\AppData\Local\{a539af42-94fd-7423-2944-99522a429af2}
C:\Windows\Installer\{a539af42-94fd-7423-2944-99522a429af2}

delete the folders

reate a restore point before trying this

Download

MpsSvc
BFE
wscsvc
defender
Sharedaccess


Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

Edited by narenxp, 20 July 2012 - 02:09 PM.


#8 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 20 July 2012 - 03:06 PM

My computer seems like its doing better now!
Note
I had to boot the computer in safe mode to remove the windows/installer folder because the computer said that @.dll was being used by a service or something.

NEW SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 14:33 on 20/07/2012 by GMC
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{a539af42-94fd-7423-2944-99522a429af2}"
No folders found.

-= EOF =-

NEW FSS LOG
Farbar Service Scanner Version: 19-07-2012
Ran by GMC (administrator) on 20-07-2012 at 15:04:16
Running from "C:\Users\GMC\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:53 PM

Posted 20 July 2012 - 03:14 PM

Delete this file

C:\windows\system32\services.exe.old

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#10 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 20 July 2012 - 04:50 PM

Thank you for all of your help! :thumbsup:

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:53 PM

Posted 20 July 2012 - 04:57 PM

You're most welcome :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users