Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop Icons Behaving Badly


  • This topic is locked This topic is locked
7 replies to this topic

#1 Angry Scientist

Angry Scientist

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 21 July 2012 - 05:27 PM

I'm having two issues:

1. Desktop icons wont stay where I drag them

My desktop icon positions reset to the left every time I reboot. Turning on my computer one day, I noticed this, and have been unable to figure out why. I have a story that might offer some insight. Before this my antivirus Sophos Endpoint Security and Control identified the services.exe file in system32 was infected, so I deleted it on it's advice. But it looked important. My computer bluescreened on start-up the next day, but it repaired itself, creating a new copy of services.exe. Sophos continued to call it infected, but I kept it quarantined. I did some web-surfing about similar issues, and heard that it might be a symptom of an infection with a 64-bit version of the Zeroaccess rootkit. I installed HitmanPro on advice, and used it to remove the infection. It "cleaned" services.exe instead of deleting it. I don't get any more warnings from Sophos, but now I'm having these problems.

I think my desktop icons began to act up after the bluescreen, but I can't remember for sure.

2. Music folders wont save my preferences

I like to keep my music albums on my desktop. Each one is a folder containing mp3 files and one image file for the album art. A newly created folder will display two overlapping copies of the album art on it's icon because I tag all contained mp3's with their album art. I change the icon to display only one album art image by going into folder properties, "Choose a file to show on this folder icon." Also under the customize tab, I set them as music folders. Finally I change the folders to list files in order of increasing track number, and tweak column widths so I can read the full titles of everything.

Since my desktop has been acting up, my preferences for column width and sorting are defaulted to normal and alphabetic A-to-Z every time I close the folders. My preferences don't save at all. The album art is also displaying weirdly. Sometimes folders display the two-overlapping images, sometimes one, and I'm only able to change them from one to two-overlapping, not the other way around.

Ideas?

Edited by Orange Blossom, 21 July 2012 - 09:13 PM.
Moved to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,264 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:10:47 AM

Posted 21 July 2012 - 07:51 PM

Please download MiniToolBox , save it to your desktop and run it.

Checkmark the following checkboxes:
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and paste the content into your next post.

Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 .

Louis

#3 Angry Scientist

Angry Scientist
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 21 July 2012 - 08:42 PM

Cheers,

I should also add that I tried to system restore 4 or 5 times when I first noticed the problems. All of them failed. They came up with some error once the computer restarted.

http://speccy.piriform.com/results/4J2xoj767onC7Bwllgd35ra

MiniToolBox by Farbar Version: 15-07-2012
Ran by Peter (administrator) on 21-07-2012 at 21:36:01
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/21/2012 06:50:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (07/21/2012 06:48:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/20/2012 11:52:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (07/20/2012 11:50:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/19/2012 05:43:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version: 11.3.300.265, time stamp: 0x4febd5ac
Faulting module name: NPSWF32_11_3_300_265.dll, version: 11.3.300.265, time stamp: 0x4febd798
Exception code: 0xc0000005
Fault offset: 0x004923d1
Faulting process id: 0x6bc
Faulting application start time: 0xFlashPlayerPlugin_11_3_300_265.exe0
Faulting application path: FlashPlayerPlugin_11_3_300_265.exe1
Faulting module path: FlashPlayerPlugin_11_3_300_265.exe2
Report Id: FlashPlayerPlugin_11_3_300_265.exe3

Error: (07/18/2012 10:58:44 PM) (Source: Sophos Message Router) (User: NT AUTHORITY)NT AUTHORITY
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (07/18/2012 10:18:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (07/18/2012 10:15:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/16/2012 10:07:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (07/16/2012 10:05:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (07/21/2012 09:24:42 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/21/2012 09:24:42 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/21/2012 04:43:21 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/21/2012 04:43:21 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/21/2012 04:43:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (07/21/2012 04:42:43 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/21/2012 04:42:35 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/21/2012 04:42:34 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/21/2012 04:32:56 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/21/2012 04:32:56 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (07/21/2012 06:50:47 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (07/21/2012 06:48:23 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/20/2012 11:52:21 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (07/20/2012 11:50:17 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/19/2012 05:43:12 AM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_3_300_265.exe11.3.300.2654febd5acNPSWF32_11_3_300_265.dll11.3.300.2654febd798c0000005004923d16bc01cd652ae5f14343C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll273b22d6-d186-11e1-bb9a-c80aa9d82301

Error: (07/18/2012 10:58:44 PM) (Source: Sophos Message Router)(User: NT AUTHORITY)NT AUTHORITY
Description:

Error: (07/18/2012 10:18:15 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (07/18/2012 10:15:36 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/16/2012 10:07:44 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (07/16/2012 10:05:27 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Download Manager (Version: 1.6.2.87)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player (Version: 11.5.1.601)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AIM 7
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco NAC Agent (Version: 4.8.3.1)
Cisco PEAP Module (Version: 1.1.6)
CyberLink DVD Suite (Version: 7.0.2216)
CyberLink MediaShow (Version: 4.1.3419)
CyberLink PowerDVD 9 (Version: 9.0.1.5122)
CyberLink YouCam (Version: 3.0.2201)
Debugging Tools for Windows (x64) (Version: 6.12.2.633)
Download Updater (AOL LLC)
EasyBits GO
ESU for Microsoft Windows 7 (Version: 1.0.0)
FFmpeg v0.6.2 for Audacity
Free RAR Extract Frog (Version: 3.20)
Google Talk Plugin (Version: 3.2.4.8431)
Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)
HitmanPro 3.6 (Version: 3.6.0.160)
HP Advisor (Version: 3.3.9512.3162)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Quick Launch (Version: 1.0.18)
HP Setup (Version: 1.2.3560.3170)
HP Smart Web Printing (Version: 131.1.35898)
HP Software Framework (Version: 4.0.108.1)
HP Support Assistant (Version: 6.0.5.4)
HP Update (Version: 5.001.000.014)
HP User Guides 0183 (Version: 1.01.0001)
HP Wireless Assistant (Version: 3.50.12.1)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Processor Graphics (Version: 8.15.10.2361)
Intel® Matrix Storage Manager
Java 2 Runtime Environment, SE v1.4.2 (Version: 1.4.2)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8089.726)
LabelPrint (Version: 2.5.2215)
LightScribe System Software (Version: 1.18.16.1)
Logger Pro 3.8.2 (Version: 5.0)
LoggerPro3 (Version: 5.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Live Search Toolbar (Version: 3.0.566.0)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mp3tag v2.51 (Version: v2.51)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.43.11502)
OpenOffice.org 3.3 (Version: 3.3.9567)
Power2Go (Version: 6.0.3415)
PowerDirector (Version: 7.0.3420)
QuickTime (Version: 7.72.80.56)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 7.46.610.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6206)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30105)
REALTEK Wireless LAN Software (Version: 1.00.10.0104)
Recovery Manager (Version: 5.5.2214)
RtkDashClientInstaller (Version: 1.0.9)
RtVOsd (Version: 1.0.6)
RuneScape Launcher 1.2 (Version: 1.2.0)
SecureW2 Enterprise Client 3.1.4 MSI Installer (Version: 3.1.4.0)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.8 (Version: 5.8.158)
Sophos Anti-Virus (Version: 10.0.6)
Sophos AutoUpdate (Version: 2.7.1)
Sophos Remote Management System (Version: 3.4.0)
Speccy (Version: 1.17)
SpywareBlaster 4.6 (Version: 4.6.0)
Symyx Draw 4.0.100 (Version: 4.0.100)
Synaptics Pointing Device Driver (Version: 15.3.27.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VitalSource Bookshelf (Version: 5.05.0047)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 3893.86 MB
Available physical RAM: 1770.84 MB
Total Pagefile: 7785.91 MB
Available Pagefile: 5417.88 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.27 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:283.83 GB) (Free:230.53 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.96 GB) (Free:2.31 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

========================= Users: ========================================

User accounts for \\PETER-PC

Administrator Guest Peter
SophosSAUPETER-PC0


**** End of log ****

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:47 PM

Posted 05 August 2012 - 06:11 PM

Hi

We apologise for the delay in responding.

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

:step2:

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 Angry Scientist

Angry Scientist
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 06 August 2012 - 05:44 PM

Hi Chocoholic,

The details of the problems have not changed since I first posted. Desktop icons are forced to the left side of the screen upon reboot, and desktop folders don't remember what I tell them.

18:18:22.0807 4292 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:18:23.0238 4292 ============================================================
18:18:23.0238 4292 Current date / time: 2012/08/06 18:18:23.0238
18:18:23.0238 4292 SystemInfo:
18:18:23.0238 4292
18:18:23.0239 4292 OS Version: 6.1.7601 ServicePack: 1.0
18:18:23.0239 4292 Product type: Workstation
18:18:23.0239 4292 ComputerName: PETER-PC
18:18:23.0239 4292 UserName: Peter
18:18:23.0239 4292 Windows directory: C:\Windows
18:18:23.0239 4292 System windows directory: C:\Windows
18:18:23.0239 4292 Running under WOW64
18:18:23.0239 4292 Processor architecture: Intel x64
18:18:23.0239 4292 Number of processors: 4
18:18:23.0239 4292 Page size: 0x1000
18:18:23.0239 4292 Boot type: Normal boot
18:18:23.0239 4292 ============================================================
18:18:25.0788 4292 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:18:25.0793 4292 ============================================================
18:18:25.0793 4292 \Device\Harddisk0\DR0:
18:18:25.0793 4292 MBR partitions:
18:18:25.0793 4292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:18:25.0793 4292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x237AB800
18:18:25.0793 4292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2380F800, BlocksNum 0x1BEB000
18:18:25.0793 4292 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
18:18:25.0793 4292 ============================================================
18:18:25.0811 4292 C: <-> \Device\Harddisk0\DR0\Partition1
18:18:25.0862 4292 D: <-> \Device\Harddisk0\DR0\Partition2
18:18:25.0882 4292 E: <-> \Device\Harddisk0\DR0\Partition3
18:18:25.0882 4292 ============================================================
18:18:25.0882 4292 Initialize success
18:18:25.0882 4292 ============================================================
18:19:18.0363 3012 ============================================================
18:19:18.0363 3012 Scan started
18:19:18.0363 3012 Mode: Manual; SigCheck; TDLFS;
18:19:18.0363 3012 ============================================================
18:19:20.0114 3012 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:19:20.0559 3012 1394ohci - ok
18:19:20.0630 3012 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:19:20.0679 3012 ACPI - ok
18:19:20.0721 3012 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:19:20.0853 3012 AcpiPmi - ok
18:19:20.0990 3012 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:19:21.0055 3012 AdobeARMservice - ok
18:19:21.0123 3012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:19:21.0168 3012 adp94xx - ok
18:19:21.0230 3012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:19:21.0282 3012 adpahci - ok
18:19:21.0335 3012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:19:21.0386 3012 adpu320 - ok
18:19:21.0411 3012 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:19:21.0566 3012 AeLookupSvc - ok
18:19:21.0646 3012 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:19:21.0684 3012 AERTFilters - ok
18:19:21.0756 3012 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:19:21.0848 3012 AFD - ok
18:19:21.0946 3012 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
18:19:22.0062 3012 AgereSoftModem - ok
18:19:22.0108 3012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:19:22.0160 3012 agp440 - ok
18:19:22.0200 3012 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:19:22.0285 3012 ALG - ok
18:19:22.0328 3012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:19:22.0361 3012 aliide - ok
18:19:22.0367 3012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:19:22.0400 3012 amdide - ok
18:19:22.0426 3012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:19:22.0519 3012 AmdK8 - ok
18:19:22.0535 3012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:19:22.0602 3012 AmdPPM - ok
18:19:22.0655 3012 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:19:22.0689 3012 amdsata - ok
18:19:22.0724 3012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:19:22.0767 3012 amdsbs - ok
18:19:22.0779 3012 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:19:22.0806 3012 amdxata - ok
18:19:22.0857 3012 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:19:23.0037 3012 AppID - ok
18:19:23.0059 3012 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:19:23.0137 3012 AppIDSvc - ok
18:19:23.0198 3012 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:19:23.0261 3012 Appinfo - ok
18:19:23.0311 3012 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:19:23.0350 3012 arc - ok
18:19:23.0384 3012 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:19:23.0417 3012 arcsas - ok
18:19:23.0448 3012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:19:23.0522 3012 AsyncMac - ok
18:19:23.0568 3012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:19:23.0593 3012 atapi - ok
18:19:23.0683 3012 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:19:23.0797 3012 AudioEndpointBuilder - ok
18:19:23.0804 3012 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:19:23.0852 3012 AudioSrv - ok
18:19:23.0909 3012 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:19:24.0021 3012 AxInstSV - ok
18:19:24.0090 3012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:19:24.0171 3012 b06bdrv - ok
18:19:24.0207 3012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:19:24.0283 3012 b57nd60a - ok
18:19:24.0323 3012 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:19:24.0383 3012 BDESVC - ok
18:19:24.0417 3012 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:19:24.0476 3012 Beep - ok
18:19:24.0572 3012 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:19:24.0730 3012 BITS - ok
18:19:24.0745 3012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:19:24.0783 3012 blbdrive - ok
18:19:24.0831 3012 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:19:24.0877 3012 bowser - ok
18:19:24.0895 3012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:19:25.0044 3012 BrFiltLo - ok
18:19:25.0057 3012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:19:25.0088 3012 BrFiltUp - ok
18:19:25.0132 3012 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:19:25.0266 3012 Browser - ok
18:19:25.0308 3012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:19:25.0363 3012 Brserid - ok
18:19:25.0392 3012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:19:25.0440 3012 BrSerWdm - ok
18:19:25.0453 3012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:19:25.0490 3012 BrUsbMdm - ok
18:19:25.0508 3012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:19:25.0543 3012 BrUsbSer - ok
18:19:25.0571 3012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:19:25.0626 3012 BTHMODEM - ok
18:19:25.0669 3012 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:19:25.0740 3012 bthserv - ok
18:19:25.0783 3012 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:19:25.0856 3012 cdfs - ok
18:19:25.0919 3012 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:19:25.0979 3012 cdrom - ok
18:19:26.0031 3012 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:19:26.0112 3012 CertPropSvc - ok
18:19:26.0146 3012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:19:26.0189 3012 circlass - ok
18:19:26.0234 3012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:19:26.0274 3012 CLFS - ok
18:19:26.0338 3012 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:19:26.0407 3012 clr_optimization_v2.0.50727_32 - ok
18:19:26.0464 3012 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:19:26.0515 3012 clr_optimization_v2.0.50727_64 - ok
18:19:26.0593 3012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:19:26.0718 3012 clr_optimization_v4.0.30319_32 - ok
18:19:26.0744 3012 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:19:26.0767 3012 clr_optimization_v4.0.30319_64 - ok
18:19:26.0810 3012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:19:26.0855 3012 CmBatt - ok
18:19:26.0883 3012 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:19:26.0911 3012 cmdide - ok
18:19:26.0978 3012 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:19:27.0035 3012 CNG - ok
18:19:27.0053 3012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:19:27.0078 3012 Compbatt - ok
18:19:27.0112 3012 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:19:27.0168 3012 CompositeBus - ok
18:19:27.0182 3012 COMSysApp - ok
18:19:27.0206 3012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:19:27.0231 3012 crcdisk - ok
18:19:27.0284 3012 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:19:27.0357 3012 CryptSvc - ok
18:19:27.0429 3012 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:19:27.0495 3012 DcomLaunch - ok
18:19:27.0540 3012 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:19:27.0635 3012 defragsvc - ok
18:19:27.0688 3012 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:19:27.0781 3012 DfsC - ok
18:19:27.0855 3012 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:19:27.0956 3012 Dhcp - ok
18:19:27.0986 3012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:19:28.0040 3012 discache - ok
18:19:28.0090 3012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:19:28.0115 3012 Disk - ok
18:19:28.0153 3012 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:19:28.0205 3012 Dnscache - ok
18:19:28.0249 3012 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:19:28.0325 3012 dot3svc - ok
18:19:28.0365 3012 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:19:28.0434 3012 DPS - ok
18:19:28.0471 3012 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:19:28.0510 3012 drmkaud - ok
18:19:28.0612 3012 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:19:28.0676 3012 DXGKrnl - ok
18:19:28.0713 3012 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:19:28.0780 3012 EapHost - ok
18:19:28.0989 3012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:19:29.0093 3012 ebdrv - ok
18:19:29.0215 3012 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:19:29.0278 3012 EFS - ok
18:19:29.0372 3012 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:19:29.0454 3012 ehRecvr - ok
18:19:29.0476 3012 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:19:29.0539 3012 ehSched - ok
18:19:29.0627 3012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:19:29.0681 3012 elxstor - ok
18:19:29.0720 3012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:19:29.0756 3012 ErrDev - ok
18:19:29.0826 3012 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:19:29.0892 3012 EventSystem - ok
18:19:29.0937 3012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:19:30.0027 3012 exfat - ok
18:19:30.0056 3012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:19:30.0113 3012 fastfat - ok
18:19:30.0183 3012 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:19:30.0266 3012 Fax - ok
18:19:30.0286 3012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:19:30.0330 3012 fdc - ok
18:19:30.0377 3012 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:19:30.0434 3012 fdPHost - ok
18:19:30.0452 3012 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:19:30.0523 3012 FDResPub - ok
18:19:30.0551 3012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:19:30.0575 3012 FileInfo - ok
18:19:30.0584 3012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:19:30.0651 3012 Filetrace - ok
18:19:30.0673 3012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:19:30.0696 3012 flpydisk - ok
18:19:30.0747 3012 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:19:30.0783 3012 FltMgr - ok
18:19:30.0883 3012 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:19:30.0944 3012 FontCache - ok
18:19:31.0014 3012 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:19:31.0075 3012 FontCache3.0.0.0 - ok
18:19:31.0110 3012 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:19:31.0135 3012 FsDepends - ok
18:19:31.0165 3012 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:19:31.0187 3012 Fs_Rec - ok
18:19:31.0246 3012 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:19:31.0302 3012 fvevol - ok
18:19:31.0331 3012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:19:31.0358 3012 gagp30kx - ok
18:19:31.0439 3012 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:19:31.0548 3012 gpsvc - ok
18:19:31.0580 3012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:19:31.0647 3012 hcw85cir - ok
18:19:31.0716 3012 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:19:31.0777 3012 HdAudAddService - ok
18:19:31.0812 3012 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:19:31.0862 3012 HDAudBus - ok
18:19:31.0912 3012 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:19:47.0001 3012 HECIx64 - ok
18:19:47.0035 3012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:19:47.0080 3012 HidBatt - ok
18:19:47.0104 3012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:19:47.0149 3012 HidBth - ok
18:19:47.0173 3012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:19:47.0204 3012 HidIr - ok
18:19:47.0233 3012 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:19:47.0300 3012 hidserv - ok
18:19:47.0347 3012 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:19:47.0396 3012 HidUsb - ok
18:19:47.0442 3012 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:19:47.0569 3012 hkmsvc - ok
18:19:47.0606 3012 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:19:47.0711 3012 HomeGroupListener - ok
18:19:47.0754 3012 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:19:47.0804 3012 HomeGroupProvider - ok
18:19:47.0935 3012 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:19:47.0974 3012 HP Support Assistant Service - ok
18:19:48.0037 3012 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:19:48.0099 3012 HPDrvMntSvc.exe - ok
18:19:48.0162 3012 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:19:48.0213 3012 hpqwmiex - ok
18:19:48.0305 3012 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:19:48.0350 3012 HpSAMD - ok
18:19:48.0443 3012 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:19:48.0484 3012 HPWMISVC ( UnsignedFile.Multi.Generic ) - warning
18:19:48.0484 3012 HPWMISVC - detected UnsignedFile.Multi.Generic (1)
18:19:48.0576 3012 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:19:48.0672 3012 HTTP - ok
18:19:48.0708 3012 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:19:48.0735 3012 hwpolicy - ok
18:19:48.0785 3012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:19:48.0827 3012 i8042prt - ok
18:19:48.0892 3012 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
18:19:53.0765 3012 iaStor - ok
18:19:53.0841 3012 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:19:53.0896 3012 iaStorV - ok
18:19:54.0038 3012 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:19:54.0175 3012 idsvc - ok
18:19:54.0990 3012 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:19:55.0455 3012 igfx - ok
18:19:55.0585 3012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:19:55.0628 3012 iirsp - ok
18:19:55.0720 3012 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:19:55.0865 3012 IKEEXT - ok
18:19:55.0900 3012 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
18:19:55.0951 3012 Impcd - ok
18:19:56.0144 3012 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
18:19:56.0231 3012 IntcAzAudAddService - ok
18:19:56.0388 3012 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:19:56.0468 3012 IntcDAud - ok
18:19:56.0500 3012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:19:56.0547 3012 intelide - ok
18:19:56.0585 3012 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:19:56.0621 3012 intelppm - ok
18:19:56.0669 3012 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:19:56.0776 3012 IPBusEnum - ok
18:19:56.0812 3012 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:19:56.0891 3012 IpFilterDriver - ok
18:19:56.0932 3012 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:19:56.0979 3012 IPMIDRV - ok
18:19:57.0014 3012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:19:57.0093 3012 IPNAT - ok
18:19:57.0110 3012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:19:57.0220 3012 IRENUM - ok
18:19:57.0262 3012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:19:57.0297 3012 isapnp - ok
18:19:57.0329 3012 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:19:57.0365 3012 iScsiPrt - ok
18:19:57.0394 3012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:19:57.0418 3012 kbdclass - ok
18:19:57.0463 3012 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:19:57.0499 3012 kbdhid - ok
18:19:57.0547 3012 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:57.0574 3012 KeyIso - ok
18:19:57.0612 3012 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:19:57.0640 3012 KSecDD - ok
18:19:57.0678 3012 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:19:57.0710 3012 KSecPkg - ok
18:19:57.0745 3012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:19:57.0827 3012 ksthunk - ok
18:19:57.0878 3012 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:19:57.0989 3012 KtmRm - ok
18:19:58.0057 3012 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:19:58.0150 3012 LanmanServer - ok
18:19:58.0194 3012 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:19:58.0270 3012 LanmanWorkstation - ok
18:19:58.0371 3012 LightScribeService (07b1888209c54b675ffccbde9f06d2c6) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:19:58.0419 3012 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:19:58.0419 3012 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:19:58.0459 3012 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:19:58.0517 3012 lltdio - ok
18:19:58.0567 3012 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:19:58.0675 3012 lltdsvc - ok
18:19:58.0695 3012 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:19:58.0747 3012 lmhosts - ok
18:19:58.0843 3012 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:19:58.0975 3012 LMS - ok
18:19:59.0013 3012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:19:59.0039 3012 LSI_FC - ok
18:19:59.0055 3012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:19:59.0083 3012 LSI_SAS - ok
18:19:59.0115 3012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:19:59.0143 3012 LSI_SAS2 - ok
18:19:59.0168 3012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:19:59.0196 3012 LSI_SCSI - ok
18:19:59.0233 3012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:19:59.0309 3012 luafv - ok
18:19:59.0352 3012 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:19:59.0401 3012 Mcx2Svc - ok
18:19:59.0433 3012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:19:59.0456 3012 megasas - ok
18:19:59.0488 3012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:19:59.0521 3012 MegaSR - ok
18:19:59.0550 3012 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:19:59.0621 3012 MMCSS - ok
18:19:59.0643 3012 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:19:59.0711 3012 Modem - ok
18:19:59.0743 3012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:19:59.0786 3012 monitor - ok
18:19:59.0823 3012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:19:59.0850 3012 mouclass - ok
18:19:59.0863 3012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:19:59.0902 3012 mouhid - ok
18:19:59.0944 3012 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:19:59.0972 3012 mountmgr - ok
18:20:00.0057 3012 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:20:00.0095 3012 MozillaMaintenance - ok
18:20:00.0129 3012 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:20:00.0160 3012 mpio - ok
18:20:00.0191 3012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:20:00.0247 3012 mpsdrv - ok
18:20:00.0288 3012 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:20:00.0344 3012 MRxDAV - ok
18:20:00.0386 3012 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:20:00.0451 3012 mrxsmb - ok
18:20:00.0509 3012 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:20:00.0552 3012 mrxsmb10 - ok
18:20:00.0575 3012 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:20:00.0600 3012 mrxsmb20 - ok
18:20:00.0627 3012 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:20:00.0653 3012 msahci - ok
18:20:00.0681 3012 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:20:00.0712 3012 msdsm - ok
18:20:00.0744 3012 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:20:00.0815 3012 MSDTC - ok
18:20:00.0861 3012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:20:00.0916 3012 Msfs - ok
18:20:00.0934 3012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:20:01.0000 3012 mshidkmdf - ok
18:20:01.0026 3012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:20:01.0049 3012 msisadrv - ok
18:20:01.0090 3012 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:20:01.0190 3012 MSiSCSI - ok
18:20:01.0193 3012 msiserver - ok
18:20:01.0217 3012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:20:01.0290 3012 MSKSSRV - ok
18:20:01.0307 3012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:20:01.0376 3012 MSPCLOCK - ok
18:20:01.0386 3012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:20:01.0451 3012 MSPQM - ok
18:20:01.0494 3012 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:20:01.0531 3012 MsRPC - ok
18:20:01.0565 3012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:20:01.0589 3012 mssmbios - ok
18:20:01.0618 3012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:20:01.0679 3012 MSTEE - ok
18:20:01.0700 3012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:20:01.0741 3012 MTConfig - ok
18:20:01.0761 3012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:20:01.0784 3012 Mup - ok
18:20:01.0985 3012 NACAgent (2e8cfc3de823c4154577230ebaf20417) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
18:20:02.0389 3012 NACAgent - ok
18:20:02.0448 3012 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:20:02.0543 3012 napagent - ok
18:20:02.0624 3012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:20:02.0696 3012 NativeWifiP - ok
18:20:02.0775 3012 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:20:02.0828 3012 NDIS - ok
18:20:02.0848 3012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:20:02.0901 3012 NdisCap - ok
18:20:02.0923 3012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:20:02.0978 3012 NdisTapi - ok
18:20:03.0017 3012 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:20:03.0082 3012 Ndisuio - ok
18:20:03.0124 3012 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:20:03.0224 3012 NdisWan - ok
18:20:03.0267 3012 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:20:03.0336 3012 NDProxy - ok
18:20:03.0372 3012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:20:03.0445 3012 NetBIOS - ok
18:20:03.0488 3012 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:20:03.0556 3012 NetBT - ok
18:20:03.0594 3012 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:20:03.0620 3012 Netlogon - ok
18:20:03.0671 3012 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:20:03.0750 3012 Netman - ok
18:20:03.0794 3012 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:20:03.0875 3012 netprofm - ok
18:20:03.0950 3012 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:20:04.0056 3012 NetTcpPortSharing - ok
18:20:04.0438 3012 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:20:04.0573 3012 netw5v64 - ok
18:20:04.0682 3012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:20:04.0722 3012 nfrd960 - ok
18:20:04.0789 3012 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:20:04.0885 3012 NlaSvc - ok
18:20:04.0907 3012 Normandy - ok
18:20:04.0979 3012 nosGetPlusHelper (eb900c136e660a8deb657be134c3bcd9) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
18:20:05.0080 3012 nosGetPlusHelper - ok
18:20:05.0107 3012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:20:05.0163 3012 Npfs - ok
18:20:05.0186 3012 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:20:05.0252 3012 nsi - ok
18:20:05.0269 3012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:20:05.0320 3012 nsiproxy - ok
18:20:05.0460 3012 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:20:05.0536 3012 Ntfs - ok
18:20:05.0655 3012 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:20:05.0751 3012 Null - ok
18:20:05.0814 3012 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:20:05.0858 3012 nvraid - ok
18:20:05.0877 3012 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:20:05.0909 3012 nvstor - ok
18:20:05.0938 3012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:20:05.0967 3012 nv_agp - ok
18:20:05.0987 3012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:20:06.0024 3012 ohci1394 - ok
18:20:06.0079 3012 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:20:06.0145 3012 p2pimsvc - ok
18:20:06.0188 3012 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:20:06.0248 3012 p2psvc - ok
18:20:06.0284 3012 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:20:06.0318 3012 Parport - ok
18:20:06.0360 3012 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:20:06.0399 3012 partmgr - ok
18:20:06.0435 3012 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:20:06.0486 3012 PcaSvc - ok
18:20:06.0524 3012 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:20:06.0560 3012 pci - ok
18:20:06.0572 3012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:20:06.0599 3012 pciide - ok
18:20:06.0633 3012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:20:06.0664 3012 pcmcia - ok
18:20:06.0690 3012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:20:06.0714 3012 pcw - ok
18:20:06.0760 3012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:20:06.0842 3012 PEAUTH - ok
18:20:06.0920 3012 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:20:06.0974 3012 PerfHost - ok
18:20:07.0101 3012 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:20:07.0208 3012 pla - ok
18:20:07.0278 3012 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:20:07.0346 3012 PlugPlay - ok
18:20:07.0374 3012 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:20:07.0400 3012 PNRPAutoReg - ok
18:20:07.0436 3012 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:20:07.0467 3012 PNRPsvc - ok
18:20:07.0537 3012 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
18:20:07.0580 3012 Point64 - ok
18:20:07.0645 3012 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:20:07.0747 3012 PolicyAgent - ok
18:20:07.0789 3012 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:20:07.0852 3012 Power - ok
18:20:07.0908 3012 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:20:07.0992 3012 PptpMiniport - ok
18:20:08.0030 3012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:20:08.0084 3012 Processor - ok
18:20:08.0128 3012 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:20:08.0203 3012 ProfSvc - ok
18:20:08.0249 3012 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:20:08.0274 3012 ProtectedStorage - ok
18:20:08.0324 3012 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:20:08.0395 3012 Psched - ok
18:20:08.0533 3012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:20:08.0606 3012 ql2300 - ok
18:20:08.0705 3012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:20:08.0758 3012 ql40xx - ok
18:20:08.0793 3012 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:20:08.0837 3012 QWAVE - ok
18:20:08.0855 3012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:20:08.0904 3012 QWAVEdrv - ok
18:20:08.0919 3012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:20:08.0983 3012 RasAcd - ok
18:20:09.0009 3012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:20:09.0063 3012 RasAgileVpn - ok
18:20:09.0076 3012 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:20:09.0191 3012 RasAuto - ok
18:20:09.0240 3012 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:20:09.0310 3012 Rasl2tp - ok
18:20:09.0381 3012 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:20:09.0458 3012 RasMan - ok
18:20:09.0480 3012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:20:09.0542 3012 RasPppoe - ok
18:20:09.0570 3012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:20:09.0634 3012 RasSstp - ok
18:20:09.0688 3012 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:20:09.0771 3012 rdbss - ok
18:20:09.0806 3012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:20:09.0858 3012 rdpbus - ok
18:20:09.0888 3012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:20:09.0948 3012 RDPCDD - ok
18:20:09.0963 3012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:20:10.0027 3012 RDPENCDD - ok
18:20:10.0046 3012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:20:10.0100 3012 RDPREFMP - ok
18:20:10.0123 3012 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:20:10.0187 3012 RDPWD - ok
18:20:10.0233 3012 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:20:10.0279 3012 rdyboost - ok
18:20:10.0320 3012 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:20:10.0393 3012 RemoteAccess - ok
18:20:10.0426 3012 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:20:10.0488 3012 RemoteRegistry - ok
18:20:10.0594 3012 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:20:10.0654 3012 RichVideo - ok
18:20:10.0666 3012 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:20:10.0748 3012 RpcEptMapper - ok
18:20:10.0777 3012 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:20:10.0811 3012 RpcLocator - ok
18:20:10.0864 3012 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:20:10.0915 3012 RpcSs - ok
18:20:10.0967 3012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:20:11.0044 3012 rspndr - ok
18:20:11.0103 3012 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
18:20:11.0169 3012 RSUSBSTOR - ok
18:20:11.0219 3012 RtDashPt (4027b421edb55be6086f531234b57b0a) C:\Windows\system32\DRIVERS\RtDashPt.sys
18:20:11.0256 3012 RtDashPt - ok
18:20:11.0301 3012 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:20:11.0345 3012 RTL8167 - ok
18:20:11.0469 3012 rtl8192se (ce594045b2969f5fc3f77b824629ac7f) C:\Windows\system32\DRIVERS\rtl8192se.sys
18:20:11.0543 3012 rtl8192se - ok
18:20:11.0650 3012 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
18:20:11.0773 3012 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
18:20:11.0773 3012 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
18:20:11.0883 3012 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:20:11.0905 3012 SamSs - ok
18:20:12.0014 3012 SAVAdminService (ecc98e6458d8250f834c42bb5928b1d2) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
18:20:12.0064 3012 SAVAdminService - ok
18:20:12.0140 3012 SAVOnAccess (2192ae4d310adb821b38595150f5a384) C:\Windows\system32\DRIVERS\savonaccess.sys
18:20:12.0179 3012 SAVOnAccess - ok
18:20:12.0231 3012 SAVService (b8a272d4e91efb366e16bea0fa42d7ee) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
18:20:12.0265 3012 SAVService - ok
18:20:12.0304 3012 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:20:12.0332 3012 sbp2port - ok
18:20:12.0370 3012 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:20:12.0431 3012 SCardSvr - ok
18:20:12.0469 3012 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:20:12.0547 3012 scfilter - ok
18:20:12.0651 3012 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:20:12.0733 3012 Schedule - ok
18:20:12.0777 3012 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:20:12.0831 3012 SCPolicySvc - ok
18:20:12.0881 3012 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:20:12.0955 3012 sdbus - ok
18:20:12.0985 3012 sdcfilter (7d67aeabeb597c602edb5b3ae316e96a) C:\Windows\system32\DRIVERS\sdcfilter.sys
18:20:13.0011 3012 sdcfilter - ok
18:20:13.0032 3012 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:20:13.0087 3012 SDRSVC - ok
18:20:13.0122 3012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:20:13.0194 3012 secdrv - ok
18:20:13.0221 3012 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:20:13.0271 3012 seclogon - ok
18:20:13.0305 3012 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:20:13.0348 3012 SENS - ok
18:20:13.0357 3012 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:20:13.0385 3012 SensrSvc - ok
18:20:13.0396 3012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:20:13.0435 3012 Serenum - ok
18:20:13.0466 3012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:20:13.0490 3012 Serial - ok
18:20:13.0527 3012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:20:13.0565 3012 sermouse - ok
18:20:13.0603 3012 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:20:13.0671 3012 SessionEnv - ok
18:20:13.0699 3012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:20:13.0755 3012 sffdisk - ok
18:20:13.0758 3012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:20:13.0795 3012 sffp_mmc - ok
18:20:13.0798 3012 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:20:13.0837 3012 sffp_sd - ok
18:20:13.0858 3012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:20:13.0895 3012 sfloppy - ok
18:20:13.0958 3012 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:20:14.0063 3012 ShellHWDetection - ok
18:20:14.0095 3012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:20:14.0122 3012 SiSRaid2 - ok
18:20:14.0150 3012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:20:14.0177 3012 SiSRaid4 - ok
18:20:14.0487 3012 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:20:15.0191 3012 Skype C2C Service - ok
18:20:15.0303 3012 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:20:15.0579 3012 SkypeUpdate - ok
18:20:15.0702 3012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:20:15.0792 3012 Smb - ok
18:20:15.0824 3012 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:20:15.0860 3012 SNMPTRAP - ok
18:20:15.0945 3012 Sophos Agent (1dd15cbae4aa7b2f5166d0c2700aef94) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
18:20:15.0993 3012 Sophos Agent ( UnsignedFile.Multi.Generic ) - warning
18:20:15.0994 3012 Sophos Agent - detected UnsignedFile.Multi.Generic (1)
18:20:16.0085 3012 Sophos AutoUpdate Service (6067896db061a2169688980ada2ddc30) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
18:20:16.0130 3012 Sophos AutoUpdate Service - ok
18:20:16.0226 3012 Sophos Message Router (65f816d7534d25623da909911ff7e7d8) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
18:20:16.0283 3012 Sophos Message Router ( UnsignedFile.Multi.Generic ) - warning
18:20:16.0283 3012 Sophos Message Router - detected UnsignedFile.Multi.Generic (1)
18:20:16.0454 3012 Sophos Web Control Service (bd03374253f79ce7a716a870dc85bd84) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
18:20:16.0487 3012 Sophos Web Control Service - ok
18:20:16.0586 3012 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
18:20:16.0623 3012 SophosBootDriver - ok
18:20:16.0653 3012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:20:16.0678 3012 spldr - ok
18:20:16.0750 3012 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:20:16.0835 3012 Spooler - ok
18:20:17.0092 3012 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:20:17.0180 3012 sppsvc - ok
18:20:17.0275 3012 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:20:17.0344 3012 sppuinotify - ok
18:20:17.0424 3012 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:20:17.0487 3012 srv - ok
18:20:17.0543 3012 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:20:17.0583 3012 srv2 - ok
18:20:17.0632 3012 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:20:17.0671 3012 SrvHsfHDA - ok
18:20:17.0776 3012 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:20:17.0848 3012 SrvHsfV92 - ok
18:20:18.0000 3012 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:20:18.0062 3012 SrvHsfWinac - ok
18:20:18.0105 3012 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:20:18.0139 3012 srvnet - ok
18:20:18.0169 3012 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:20:18.0245 3012 SSDPSRV - ok
18:20:18.0265 3012 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:20:18.0318 3012 SstpSvc - ok
18:20:18.0347 3012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:20:18.0375 3012 stexstor - ok
18:20:18.0454 3012 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:20:18.0531 3012 stisvc - ok
18:20:18.0558 3012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:20:18.0581 3012 swenum - ok
18:20:18.0925 3012 swi_service (4f1b0bdb039a0719da55fb490114df0f) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
18:20:19.0322 3012 swi_service - ok
18:20:19.0538 3012 swi_update_64 (f31244e493863ca1edc856e4f24284b5) C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
18:20:19.0639 3012 swi_update_64 - ok
18:20:19.0769 3012 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:20:19.0887 3012 swprv - ok
18:20:19.0987 3012 SynTP (772493a8945495f1a287bf6c4ca25b48) C:\Windows\system32\DRIVERS\SynTP.sys
18:20:20.0038 3012 SynTP - ok
18:20:20.0176 3012 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:20:20.0264 3012 SysMain - ok
18:20:20.0385 3012 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:20:20.0452 3012 TabletInputService - ok
18:20:20.0484 3012 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:20:20.0555 3012 TapiSrv - ok
18:20:20.0595 3012 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:20:20.0647 3012 TBS - ok
18:20:20.0847 3012 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:20:20.0933 3012 Tcpip - ok
18:20:21.0191 3012 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:20:21.0240 3012 TCPIP6 - ok
18:20:21.0301 3012 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:20:21.0375 3012 tcpipreg - ok
18:20:21.0411 3012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:20:21.0461 3012 TDPIPE - ok
18:20:21.0488 3012 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:20:21.0529 3012 TDTCP - ok
18:20:21.0570 3012 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:20:21.0623 3012 tdx - ok
18:20:21.0667 3012 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:20:21.0691 3012 TermDD - ok
18:20:21.0749 3012 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:20:21.0843 3012 TermService - ok
18:20:21.0878 3012 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:20:21.0927 3012 Themes - ok
18:20:21.0950 3012 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:20:21.0994 3012 THREADORDER - ok
18:20:22.0014 3012 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:20:22.0078 3012 TrkWks - ok
18:20:22.0139 3012 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:20:22.0208 3012 TrustedInstaller - ok
18:20:22.0271 3012 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:20:22.0361 3012 tssecsrv - ok
18:20:22.0475 3012 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:20:22.0552 3012 TsUsbFlt - ok
18:20:22.0601 3012 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:20:22.0706 3012 tunnel - ok
18:20:22.0732 3012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:20:22.0757 3012 uagp35 - ok
18:20:22.0804 3012 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:20:22.0882 3012 udfs - ok
18:20:22.0904 3012 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:20:22.0929 3012 UI0Detect - ok
18:20:22.0974 3012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:20:23.0015 3012 uliagpkx - ok
18:20:23.0029 3012 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:20:23.0060 3012 umbus - ok
18:20:23.0080 3012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:20:23.0118 3012 UmPass - ok
18:20:23.0377 3012 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:20:23.0742 3012 UNS - ok
18:20:23.0857 3012 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:20:23.0988 3012 upnphost - ok
18:20:24.0079 3012 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:20:24.0124 3012 usbaudio - ok
18:20:24.0138 3012 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:20:24.0189 3012 usbccgp - ok
18:20:24.0216 3012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:20:24.0255 3012 usbcir - ok
18:20:24.0270 3012 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:20:24.0308 3012 usbehci - ok
18:20:24.0362 3012 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:20:24.0417 3012 usbhub - ok
18:20:24.0452 3012 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:20:24.0482 3012 usbohci - ok
18:20:24.0500 3012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:20:24.0536 3012 usbprint - ok
18:20:24.0548 3012 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
18:20:24.0615 3012 USBSTOR - ok
18:20:24.0631 3012 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:20:24.0666 3012 usbuhci - ok
18:20:24.0726 3012 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:20:24.0775 3012 usbvideo - ok
18:20:24.0802 3012 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:20:24.0866 3012 UxSms - ok
18:20:24.0905 3012 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:20:24.0918 3012 VaultSvc - ok
18:20:24.0945 3012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:20:24.0970 3012 vdrvroot - ok
18:20:25.0030 3012 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:20:25.0133 3012 vds - ok
18:20:25.0156 3012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:20:25.0184 3012 vga - ok
18:20:25.0196 3012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:20:25.0261 3012 VgaSave - ok
18:20:25.0304 3012 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:20:25.0340 3012 vhdmp - ok
18:20:25.0353 3012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:20:25.0380 3012 viaide - ok
18:20:25.0405 3012 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:20:25.0429 3012 volmgr - ok
18:20:25.0486 3012 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:20:25.0536 3012 volmgrx - ok
18:20:25.0561 3012 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:20:25.0596 3012 volsnap - ok
18:20:25.0650 3012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:20:25.0693 3012 vsmraid - ok
18:20:25.0819 3012 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:20:25.0918 3012 VSS - ok
18:20:26.0528 3012 VSTWinDriver6 (e72b7f6ad60ec55b2bbef6c6202cde2a) C:\Windows\system32\drivers\VSTwindrvr6.sys
18:20:26.0624 3012 VSTWinDriver6 - ok
18:20:26.0658 3012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:20:26.0739 3012 vwifibus - ok
18:20:26.0756 3012 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:20:26.0811 3012 vwififlt - ok
18:20:26.0868 3012 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:20:26.0910 3012 vwifimp - ok
18:20:27.0175 3012 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:20:27.0308 3012 W32Time - ok
18:20:27.0344 3012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:20:27.0384 3012 WacomPen - ok
18:20:27.0455 3012 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:20:27.0529 3012 WANARP - ok
18:20:27.0544 3012 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:20:27.0585 3012 Wanarpv6 - ok
18:20:27.0847 3012 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:20:28.0233 3012 WatAdminSvc - ok
18:20:29.0126 3012 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:20:29.0390 3012 wbengine - ok
18:20:30.0005 3012 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:20:30.0061 3012 WbioSrvc - ok
18:20:30.0247 3012 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:20:30.0298 3012 wcncsvc - ok
18:20:30.0332 3012 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:20:30.0386 3012 WcsPlugInService - ok
18:20:30.0478 3012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:20:30.0517 3012 Wd - ok
18:20:30.0717 3012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:20:30.0769 3012 Wdf01000 - ok
18:20:30.0826 3012 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:20:30.0983 3012 WdiServiceHost - ok
18:20:30.0987 3012 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:20:31.0008 3012 WdiSystemHost - ok
18:20:31.0096 3012 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:20:31.0193 3012 WebClient - ok
18:20:31.0328 3012 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:20:31.0468 3012 Wecsvc - ok
18:20:31.0556 3012 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:20:31.0650 3012 wercplsupport - ok
18:20:31.0722 3012 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:20:31.0783 3012 WerSvc - ok
18:20:31.0877 3012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:20:31.0947 3012 WfpLwf - ok
18:20:31.0985 3012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:20:32.0009 3012 WIMMount - ok
18:20:32.0014 3012 WinHttpAutoProxySvc - ok
18:20:32.0082 3012 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:20:32.0171 3012 Winmgmt - ok
18:20:32.0321 3012 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:20:32.0433 3012 WinRM - ok
18:20:32.0612 3012 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:20:32.0684 3012 Wlansvc - ok
18:20:32.0755 3012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:20:32.0808 3012 WmiAcpi - ok
18:20:32.0874 3012 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:20:32.0936 3012 wmiApSrv - ok
18:20:32.0976 3012 WMPNetworkSvc - ok
18:20:33.0007 3012 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:20:33.0051 3012 WPCSvc - ok
18:20:33.0087 3012 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:20:33.0127 3012 WPDBusEnum - ok
18:20:33.0148 3012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:20:33.0217 3012 ws2ifsl - ok
18:20:33.0220 3012 WSearch - ok
18:20:33.0412 3012 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:20:33.0498 3012 wuauserv - ok
18:20:33.0630 3012 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:20:33.0721 3012 WudfPf - ok
18:20:33.0756 3012 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:20:33.0827 3012 WUDFRd - ok
18:20:33.0860 3012 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:20:33.0922 3012 wudfsvc - ok
18:20:33.0961 3012 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:20:34.0032 3012 WwanSvc - ok
18:20:34.0101 3012 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:20:34.0150 3012 yukonw7 - ok
18:20:34.0193 3012 MBR (0x1B8) (9ab8c08c50752edccd6a29f9677e4634) \Device\Harddisk0\DR0
18:20:34.0489 3012 \Device\Harddisk0\DR0 - ok
18:20:34.0494 3012 Boot (0x1200) (9a43d393dbd658a5cfcf9d04ea4ce310) \Device\Harddisk0\DR0\Partition0
18:20:34.0497 3012 \Device\Harddisk0\DR0\Partition0 - ok
18:20:34.0524 3012 Boot (0x1200) (b17e4c061810b98c20c62ae444b56206) \Device\Harddisk0\DR0\Partition1
18:20:34.0527 3012 \Device\Harddisk0\DR0\Partition1 - ok
18:20:34.0562 3012 Boot (0x1200) (fdf20ef3d7c477ac2568994511453106) \Device\Harddisk0\DR0\Partition2
18:20:34.0564 3012 \Device\Harddisk0\DR0\Partition2 - ok
18:20:34.0587 3012 Boot (0x1200) (2e46406aad7766914c7d31808efd8971) \Device\Harddisk0\DR0\Partition3
18:20:34.0588 3012 \Device\Harddisk0\DR0\Partition3 - ok
18:20:34.0589 3012 ============================================================
18:20:34.0589 3012 Scan finished
18:20:34.0589 3012 ============================================================
18:20:34.0608 4164 Detected object count: 5
18:20:34.0609 4164 Actual detected object count: 5
18:21:30.0452 4164 HPWMISVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:30.0452 4164 HPWMISVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:30.0453 4164 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:30.0453 4164 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:30.0455 4164 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:30.0455 4164 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:30.0456 4164 Sophos Agent ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:30.0456 4164 Sophos Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:30.0458 4164 Sophos Message Router ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:30.0458 4164 Sophos Message Router ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:07.0611 3988 Deinitialize success

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Sophos Anti-Virus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java 2 Runtime Environment, SE v1.4.2
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Sophos Sophos Anti-Virus SavService.exe
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Control swc_service.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 06-08-2012
Ran by Peter (administrator) on 06-08-2012 at 18:30:06
Running from "C:\Users\Peter\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar Version: 15-07-2012
Ran by Peter (administrator) on 06-08-2012 at 18:32:50
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8191SE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Peter-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 70-F1-A1-D1-38-B6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : C8-0A-A9-D8-23-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek RTL8191SE 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 70-F1-A1-D1-38-B6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8d64:42d9:715e:a727%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 06, 2012 6:10:23 PM
Lease Expires . . . . . . . . . . : Tuesday, August 07, 2012 6:10:24 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 326168993
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-8A-9B-EE-C8-0A-A9-D8-23-01
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{DCBD2BE4-0AD9-4267-9E1F-9F09C486BB60}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{62B56FEE-556C-43A4-AAFC-C919B011315F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4004:800::1007
74.125.228.8
74.125.228.5
74.125.228.7
74.125.228.2
74.125.228.9
74.125.228.14
74.125.228.4
74.125.228.1
74.125.228.6
74.125.228.0
74.125.228.3


Pinging google.com [74.125.228.5] with 32 bytes of data:
Reply from 74.125.228.5: bytes=32 time=30ms TTL=55
Reply from 74.125.228.5: bytes=32 time=31ms TTL=55

Ping statistics for 74.125.228.5:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 31ms, Average = 30ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=69ms TTL=56
Reply from 209.191.122.70: bytes=32 time=70ms TTL=56

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 69ms, Maximum = 70ms, Average = 69ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...70 f1 a1 d1 38 b6 ......Microsoft Virtual WiFi Miniport Adapter
12...c8 0a a9 d8 23 01 ......Realtek PCIe FE Family Controller
10...70 f1 a1 d1 38 b6 ......Realtek RTL8191SE 802.11b/g/n WiFi Adapter
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 286
192.168.1.4 255.255.255.255 On-link 192.168.1.4 286
192.168.1.255 255.255.255.255 On-link 192.168.1.4 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 286 fe80::/64 On-link
10 286 fe80::8d64:42d9:715e:a727/128
On-link
1 306 ff00::/8 On-link
10 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/06/2012 00:44:53 AM) (Source: Sophos Message Router) (User: NT AUTHORITY)NT AUTHORITY
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (08/05/2012 10:17:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/05/2012 10:15:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (08/04/2012 03:27:00 AM) (Source: Sophos Message Router) (User: NT AUTHORITY)NT AUTHORITY
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (08/04/2012 03:23:59 AM) (Source: Sophos Message Router) (User: NT AUTHORITY)NT AUTHORITY
Description: DNS lookup failure trying to resolve the following addresses: av3.vcu.edu.%%3

Error: (08/04/2012 03:22:24 AM) (Source: Sophos Message Router) (User: NT AUTHORITY)NT AUTHORITY
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (08/04/2012 02:32:10 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/04/2012 02:30:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (08/03/2012 08:55:55 PM) (Source: Sophos Message Router) (User: NT AUTHORITY)NT AUTHORITY
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (08/03/2012 00:35:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/06/2012 06:10:53 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/06/2012 06:10:53 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/06/2012 06:10:23 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/06/2012 06:10:22 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (08/06/2012 06:10:21 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/06/2012 06:12:32 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/06/2012 06:12:32 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/06/2012 00:47:51 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/06/2012 00:47:51 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/05/2012 05:30:54 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (08/06/2012 00:44:53 AM) (Source: Sophos Message Router)(User: NT AUTHORITY)NT AUTHORITY
Description:

Error: (08/05/2012 10:17:36 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (08/05/2012 10:15:23 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/04/2012 03:27:00 AM) (Source: Sophos Message Router)(User: NT AUTHORITY)NT AUTHORITY
Description:

Error: (08/04/2012 03:23:59 AM) (Source: Sophos Message Router)(User: NT AUTHORITY)NT AUTHORITY
Description: av3.vcu.edu

Error: (08/04/2012 03:22:24 AM) (Source: Sophos Message Router)(User: NT AUTHORITY)NT AUTHORITY
Description:

Error: (08/04/2012 02:32:10 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (08/04/2012 02:30:00 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/03/2012 08:55:55 PM) (Source: Sophos Message Router)(User: NT AUTHORITY)NT AUTHORITY
Description:

Error: (08/03/2012 00:35:29 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8


=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Download Manager (Version: 1.6.2.87)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player (Version: 11.5.1.601)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AIM 7
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco NAC Agent (Version: 4.8.3.1)
Cisco PEAP Module (Version: 1.1.6)
CyberLink DVD Suite (Version: 7.0.2216)
CyberLink MediaShow (Version: 4.1.3419)
CyberLink PowerDVD 9 (Version: 9.0.1.5122)
CyberLink YouCam (Version: 3.0.2201)
Debugging Tools for Windows (x64) (Version: 6.12.2.633)
Download Updater (AOL LLC)
EasyBits GO
ESU for Microsoft Windows 7 (Version: 1.0.0)
FFmpeg v0.6.2 for Audacity
Free RAR Extract Frog (Version: 3.20)
Google Talk Plugin (Version: 3.3.3.8675)
Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)
HitmanPro 3.6 (Version: 3.6.0.160)
HP Advisor (Version: 3.3.9512.3162)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Quick Launch (Version: 1.0.18)
HP Setup (Version: 1.2.3560.3170)
HP Smart Web Printing (Version: 131.1.35898)
HP Software Framework (Version: 4.0.108.1)
HP Support Assistant (Version: 6.0.5.4)
HP Update (Version: 5.001.000.014)
HP User Guides 0183 (Version: 1.01.0001)
HP Wireless Assistant (Version: 3.50.12.1)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Processor Graphics (Version: 8.15.10.2361)
Intel® Matrix Storage Manager
Java 2 Runtime Environment, SE v1.4.2 (Version: 1.4.2)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8089.726)
LabelPrint (Version: 2.5.2215)
LightScribe System Software (Version: 1.18.16.1)
Logger Pro 3.8.2 (Version: 5.0)
LoggerPro3 (Version: 5.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Live Search Toolbar (Version: 3.0.566.0)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mp3tag v2.51 (Version: v2.51)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.43.11502)
OpenOffice.org 3.3 (Version: 3.3.9567)
Power2Go (Version: 6.0.3415)
PowerDirector (Version: 7.0.3420)
QuickTime (Version: 7.72.80.56)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 7.46.610.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6206)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30105)
REALTEK Wireless LAN Software (Version: 1.00.10.0104)
Recovery Manager (Version: 5.5.2214)
RtkDashClientInstaller (Version: 1.0.9)
RtVOsd (Version: 1.0.6)
RuneScape Launcher 1.2 (Version: 1.2.0)
SecureW2 Enterprise Client 3.1.4 MSI Installer (Version: 3.1.4.0)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.8 (Version: 5.8.158)
Sophos Anti-Virus (Version: 10.0.6)
Sophos AutoUpdate (Version: 2.7.1)
Sophos Remote Management System (Version: 3.4.0)
Speccy (Version: 1.17)
SpywareBlaster 4.6 (Version: 4.6.0)
Symyx Draw 4.0.100 (Version: 4.0.100)
Synaptics Pointing Device Driver (Version: 15.3.27.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VitalSource Bookshelf (Version: 5.05.0047)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3893.86 MB
Available physical RAM: 2472.3 MB
Total Pagefile: 7785.91 MB
Available Pagefile: 6197.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.51 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:283.83 GB) (Free:228.74 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.96 GB) (Free:2.31 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

========================= Users: ========================================

User accounts for \\PETER-PC

Administrator Guest Peter
SophosSAUPETER-PC0

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

11-07-2012 07:00:15 Windows Update
14-07-2012 05:39:18 Restore Operation
21-07-2012 22:52:24 Scheduled Checkpoint
29-07-2012 06:53:14 Scheduled Checkpoint
06-08-2012 02:19:56 Scheduled Checkpoint

**** End of log ****

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:47 PM

Posted 06 August 2012 - 06:45 PM

Hi

Since there are indications in the logs that the computer has been infected with Zeroaccess:

-----------------

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 Angry Scientist

Angry Scientist
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 09 August 2012 - 01:49 AM

I've made a new topic. Thanks

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,009 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:47 AM

Posted 09 August 2012 - 01:58 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic464478.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users