Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan horse patched_c.lzi


  • Please log in to reply
28 replies to this topic

#1 JimJam99

JimJam99

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 02 August 2012 - 11:16 AM

Hello, first time posting and first time with what I believe to be a major infection. My AVG free 2012 is telling me that I have been infected with "Trojan horse patched_c.lzi" and that the object is white-listed (critical/system file that should not be removed) From what I've been reading on line, the problem is not gone and my pc is at great risk. Please advise how to proceed as I do not wish to have my pc damaged further.

Thank you so much in advance for any assistance you may have.

Jason.

BC AdBot (Login to Remove)

 


#2 JimJam99

JimJam99
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 02 August 2012 - 11:22 AM

from timt to time I get an AVG Residen Shield Alert popup that a threat has been detected!

File Name: c:\windows\system32\services.exe

Threat name: Trojan horse Patched_c.LZI
Detected on open.

it only gives me the option to ignore the threat.

Thanks!

Jason.

#3 kevin.holmes

kevin.holmes

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Holbrook, NY
  • Local time:07:36 AM

Posted 02 August 2012 - 11:29 AM

Run Malwarebytes in Safe Mode and attempt to remove the infection.

#4 JimJam99

JimJam99
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 02 August 2012 - 01:06 PM

Thanks for the thought. I have tried that with no success.

Jason.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:36 AM

Posted 02 August 2012 - 01:13 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#6 JimJam99

JimJam99
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 02 August 2012 - 01:38 PM

Here is the log from TDSSkiller:

15:32:28.0433 6372 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:32:28.0763 6372 ============================================================
15:32:28.0763 6372 Current date / time: 2012/08/02 15:32:28.0763
15:32:28.0763 6372 SystemInfo:
15:32:28.0763 6372
15:32:28.0763 6372 OS Version: 6.0.6002 ServicePack: 2.0
15:32:28.0763 6372 Product type: Workstation
15:32:28.0763 6372 ComputerName: JASONMOFFITT-PC
15:32:28.0763 6372 UserName: Jason Moffitt
15:32:28.0763 6372 Windows directory: C:\Windows
15:32:28.0763 6372 System windows directory: C:\Windows
15:32:28.0763 6372 Running under WOW64
15:32:28.0763 6372 Processor architecture: Intel x64
15:32:28.0763 6372 Number of processors: 2
15:32:28.0763 6372 Page size: 0x1000
15:32:28.0763 6372 Boot type: Normal boot
15:32:28.0763 6372 ============================================================
15:32:29.0112 6372 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:32:29.0119 6372 ============================================================
15:32:29.0119 6372 \Device\Harddisk0\DR0:
15:32:29.0119 6372 MBR partitions:
15:32:29.0119 6372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
15:32:29.0119 6372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
15:32:29.0119 6372 ============================================================
15:32:29.0151 6372 C: <-> \Device\Harddisk0\DR0\Partition1
15:32:29.0174 6372 D: <-> \Device\Harddisk0\DR0\Partition0
15:32:29.0175 6372 ============================================================
15:32:29.0175 6372 Initialize success
15:32:29.0175 6372 ============================================================
15:32:50.0686 6812 ============================================================
15:32:50.0686 6812 Scan started
15:32:50.0686 6812 Mode: Manual; TDLFS;
15:32:50.0686 6812 ============================================================
15:32:51.0135 6812 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:32:51.0137 6812 ACPI - ok
15:32:51.0229 6812 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:32:51.0231 6812 Adobe LM Service - ok
15:32:51.0293 6812 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:32:51.0294 6812 AdobeARMservice - ok
15:32:51.0432 6812 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:32:51.0435 6812 AdobeFlashPlayerUpdateSvc - ok
15:32:51.0528 6812 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:32:51.0531 6812 adp94xx - ok
15:32:51.0580 6812 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:32:51.0582 6812 adpahci - ok
15:32:51.0654 6812 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:32:51.0655 6812 adpu160m - ok
15:32:51.0670 6812 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:32:51.0671 6812 adpu320 - ok
15:32:51.0714 6812 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:32:51.0715 6812 AeLookupSvc - ok
15:32:51.0782 6812 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
15:32:51.0783 6812 AESTFilters - ok
15:32:51.0853 6812 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
15:32:51.0855 6812 AFD - ok
15:32:51.0893 6812 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:32:51.0894 6812 agp440 - ok
15:32:51.0910 6812 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:32:51.0910 6812 aic78xx - ok
15:32:51.0925 6812 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:32:51.0926 6812 ALG - ok
15:32:51.0937 6812 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
15:32:51.0938 6812 aliide - ok
15:32:51.0951 6812 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:32:51.0951 6812 amdide - ok
15:32:51.0967 6812 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:32:51.0968 6812 AmdK8 - ok
15:32:51.0986 6812 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:32:51.0987 6812 Appinfo - ok
15:32:52.0145 6812 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:32:52.0146 6812 Apple Mobile Device - ok
15:32:52.0179 6812 AppMgmt (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll
15:32:52.0180 6812 AppMgmt - ok
15:32:52.0198 6812 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:32:52.0199 6812 arc - ok
15:32:52.0223 6812 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:32:52.0224 6812 arcsas - ok
15:32:52.0330 6812 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:32:52.0331 6812 aspnet_state - ok
15:32:52.0346 6812 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:32:52.0347 6812 AsyncMac - ok
15:32:52.0364 6812 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
15:32:52.0365 6812 atapi - ok
15:32:52.0421 6812 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:32:52.0424 6812 AudioEndpointBuilder - ok
15:32:52.0430 6812 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:32:52.0433 6812 AudioSrv - ok
15:32:52.0786 6812 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
15:32:52.0894 6812 AVGIDSAgent - ok
15:32:53.0067 6812 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:32:53.0068 6812 AVGIDSDriver - ok
15:32:53.0115 6812 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:32:53.0116 6812 AVGIDSFilter - ok
15:32:53.0182 6812 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
15:32:53.0182 6812 AVGIDSHA - ok
15:32:53.0231 6812 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
15:32:53.0233 6812 Avgldx64 - ok
15:32:53.0268 6812 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:32:53.0268 6812 Avgmfx64 - ok
15:32:53.0309 6812 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:32:53.0310 6812 Avgrkx64 - ok
15:32:53.0339 6812 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
15:32:53.0340 6812 Avgtdia - ok
15:32:53.0370 6812 avgtp (e1b8ec60c85a266cb604cd46921606b4) C:\Windows\system32\drivers\avgtpx64.sys
15:32:53.0371 6812 avgtp - ok
15:32:53.0472 6812 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:32:53.0473 6812 avgwd - ok
15:32:53.0515 6812 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
15:32:53.0516 6812 BCM42RLY - ok
15:32:53.0646 6812 BCM43XX (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:32:53.0654 6812 BCM43XX - ok
15:32:53.0747 6812 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:32:53.0748 6812 BcmSqlStartupSvc - ok
15:32:53.0884 6812 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:32:53.0885 6812 blbdrive - ok
15:32:53.0956 6812 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:32:53.0959 6812 Bonjour Service - ok
15:32:54.0033 6812 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:32:54.0034 6812 bowser - ok
15:32:54.0056 6812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:32:54.0057 6812 BrFiltLo - ok
15:32:54.0070 6812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:32:54.0071 6812 BrFiltUp - ok
15:32:54.0117 6812 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:32:54.0118 6812 Browser - ok
15:32:54.0160 6812 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:32:54.0160 6812 Brserid - ok
15:32:54.0176 6812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:32:54.0176 6812 BrSerWdm - ok
15:32:54.0187 6812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:32:54.0187 6812 BrUsbMdm - ok
15:32:54.0196 6812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:32:54.0196 6812 BrUsbSer - ok
15:32:54.0245 6812 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
15:32:54.0245 6812 BthEnum - ok
15:32:54.0305 6812 BTHMODEM (72f70a38bb15252eb7c4da7ba3bd4ed1) C:\Windows\system32\DRIVERS\bthmodem.sys
15:32:54.0306 6812 BTHMODEM - ok
15:32:54.0333 6812 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
15:32:54.0334 6812 BthPan - ok
15:32:54.0417 6812 BthPort (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
15:32:54.0420 6812 BthPort - ok
15:32:54.0495 6812 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
15:32:54.0496 6812 BthServ - ok
15:32:54.0522 6812 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
15:32:54.0523 6812 BTHUSB - ok
15:32:54.0583 6812 btwaudio (319c67f7d157eaac519dcc5f29e929d0) C:\Windows\system32\drivers\btwaudio.sys
15:32:54.0584 6812 btwaudio - ok
15:32:54.0609 6812 btwavdt (0b79273c8c2846d28aab936e7a2dbaad) C:\Windows\system32\drivers\btwavdt.sys
15:32:54.0610 6812 btwavdt - ok
15:32:54.0751 6812 btwdins (6c32a638ee80fd832418ce78e516ffa1) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:32:54.0755 6812 btwdins - ok
15:32:54.0774 6812 btwl2cap (fda1b5124e07003c3d0d279e5050485e) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:32:54.0775 6812 btwl2cap - ok
15:32:54.0787 6812 btwrchid (47216d8b5f4042e6d0736bfa2e57b5df) C:\Windows\system32\DRIVERS\btwrchid.sys
15:32:54.0788 6812 btwrchid - ok
15:32:54.0794 6812 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:32:54.0795 6812 cdfs - ok
15:32:54.0831 6812 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:32:54.0832 6812 cdrom - ok
15:32:54.0880 6812 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:32:54.0880 6812 CertPropSvc - ok
15:32:54.0893 6812 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
15:32:54.0894 6812 circlass - ok
15:32:54.0958 6812 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:32:54.0972 6812 CLFS - ok
15:32:55.0120 6812 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:32:55.0122 6812 clr_optimization_v2.0.50727_32 - ok
15:32:55.0322 6812 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:32:55.0324 6812 clr_optimization_v2.0.50727_64 - ok
15:32:55.0517 6812 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:32:55.0518 6812 clr_optimization_v4.0.30319_32 - ok
15:32:55.0681 6812 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:32:55.0682 6812 clr_optimization_v4.0.30319_64 - ok
15:32:55.0720 6812 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
15:32:55.0720 6812 CmBatt - ok
15:32:55.0745 6812 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:32:55.0745 6812 cmdide - ok
15:32:55.0764 6812 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
15:32:55.0765 6812 Compbatt - ok
15:32:55.0767 6812 COMSysApp - ok
15:32:55.0772 6812 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:32:55.0772 6812 crcdisk - ok
15:32:55.0926 6812 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
15:32:55.0928 6812 Creative ALchemy AL6 Licensing Service - ok
15:32:55.0962 6812 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:32:55.0963 6812 Creative Audio Engine Licensing Service - ok
15:32:56.0020 6812 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
15:32:56.0022 6812 CryptSvc - ok
15:32:56.0166 6812 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
15:32:56.0169 6812 CSC - ok
15:32:56.0359 6812 CscService (1b5f256d31836ed2ba60b3a6c800200c) C:\Windows\System32\cscsvc.dll
15:32:56.0362 6812 CscService - ok
15:32:56.0429 6812 CTAudSvcService (24b0b8d3cbb46ed5f16551974ae8d222) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:32:56.0430 6812 CTAudSvcService - ok
15:32:56.0525 6812 CtClsFlt (fc1f55ba03832fbb0daf965f746c47bb) C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:32:56.0526 6812 CtClsFlt - ok
15:32:56.0657 6812 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:32:56.0661 6812 DcomLaunch - ok
15:32:56.0698 6812 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:32:56.0699 6812 DfsC - ok
15:32:56.0923 6812 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
15:32:56.0981 6812 DFSR - ok
15:32:57.0150 6812 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
15:32:57.0152 6812 Dhcp - ok
15:32:57.0187 6812 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:32:57.0187 6812 disk - ok
15:32:57.0275 6812 DLPWD (5a1226687006aabf1d90dcaa959f1459) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
15:32:57.0276 6812 DLPWD - ok
15:32:57.0305 6812 DLSDB (a411ab2e7cd15cc7ad9d8e19a6add7a7) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
15:32:57.0307 6812 DLSDB - ok
15:32:57.0365 6812 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
15:32:57.0366 6812 Dnscache - ok
15:32:57.0406 6812 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
15:32:57.0407 6812 DockLoginService - ok
15:32:57.0489 6812 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
15:32:57.0491 6812 dot3svc - ok
15:32:57.0531 6812 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:32:57.0532 6812 DPS - ok
15:32:57.0567 6812 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:32:57.0568 6812 drmkaud - ok
15:32:57.0660 6812 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:32:57.0664 6812 DXGKrnl - ok
15:32:57.0731 6812 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
15:32:57.0732 6812 e1express - ok
15:32:57.0785 6812 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:32:57.0786 6812 E1G60 - ok
15:32:57.0802 6812 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:32:57.0803 6812 EapHost - ok
15:32:57.0835 6812 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:32:57.0836 6812 Ecache - ok
15:32:57.0891 6812 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:32:57.0893 6812 ehRecvr - ok
15:32:57.0979 6812 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:32:57.0980 6812 ehSched - ok
15:32:57.0987 6812 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:32:57.0988 6812 ehstart - ok
15:32:58.0021 6812 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:32:58.0024 6812 elxstor - ok
15:32:58.0087 6812 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
15:32:58.0089 6812 EMDMgmt - ok
15:32:58.0136 6812 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
15:32:58.0137 6812 ErrDev - ok
15:32:58.0219 6812 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
15:32:58.0221 6812 EventSystem - ok
15:32:58.0288 6812 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:32:58.0289 6812 exfat - ok
15:32:58.0323 6812 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
15:32:58.0324 6812 FACAP - ok
15:32:58.0503 6812 FAService (2b85d60e470acf871e4ef0db02e26861) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
15:32:58.0515 6812 FAService - ok
15:32:58.0693 6812 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:32:58.0694 6812 fastfat - ok
15:32:58.0743 6812 Fax (989a776a2ff32a148fcf15c44058b129) C:\Windows\system32\fxssvc.exe
15:32:58.0755 6812 Fax - ok
15:32:58.0768 6812 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:32:58.0769 6812 fdc - ok
15:32:58.0788 6812 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:32:58.0789 6812 fdPHost - ok
15:32:58.0797 6812 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:32:58.0798 6812 FDResPub - ok
15:32:58.0812 6812 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:32:58.0813 6812 FileInfo - ok
15:32:58.0839 6812 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:32:58.0840 6812 Filetrace - ok
15:32:58.0853 6812 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:32:58.0854 6812 flpydisk - ok
15:32:58.0907 6812 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:32:58.0909 6812 FltMgr - ok
15:32:59.0006 6812 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
15:32:59.0031 6812 FontCache - ok
15:32:59.0123 6812 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:32:59.0124 6812 FontCache3.0.0.0 - ok
15:32:59.0171 6812 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
15:32:59.0172 6812 Fs_Rec - ok
15:32:59.0203 6812 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
15:32:59.0204 6812 fvevol - ok
15:32:59.0227 6812 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:32:59.0228 6812 gagp30kx - ok
15:32:59.0273 6812 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:32:59.0274 6812 GEARAspiWDM - ok
15:32:59.0357 6812 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
15:32:59.0361 6812 gpsvc - ok
15:32:59.0441 6812 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:32:59.0442 6812 gupdate - ok
15:32:59.0455 6812 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:32:59.0456 6812 gupdatem - ok
15:32:59.0553 6812 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:32:59.0558 6812 HDAudBus - ok
15:32:59.0578 6812 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:32:59.0579 6812 HidBth - ok
15:32:59.0607 6812 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
15:32:59.0608 6812 HidIr - ok
15:32:59.0654 6812 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
15:32:59.0655 6812 hidserv - ok
15:32:59.0677 6812 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:32:59.0678 6812 HidUsb - ok
15:32:59.0728 6812 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:32:59.0744 6812 hkmsvc - ok
15:32:59.0771 6812 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:32:59.0772 6812 HpCISSs - ok
15:32:59.0847 6812 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:32:59.0850 6812 HTTP - ok
15:32:59.0883 6812 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:32:59.0884 6812 i2omp - ok
15:32:59.0923 6812 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:32:59.0924 6812 i8042prt - ok
15:32:59.0950 6812 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:32:59.0951 6812 iaStorV - ok
15:33:00.0081 6812 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:33:00.0098 6812 idsvc - ok
15:33:00.0123 6812 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:33:00.0123 6812 iirsp - ok
15:33:00.0184 6812 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
15:33:00.0229 6812 IKEEXT - ok
15:33:00.0255 6812 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:33:00.0255 6812 intelide - ok
15:33:00.0276 6812 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:33:00.0276 6812 intelppm - ok
15:33:00.0307 6812 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:33:00.0308 6812 IPBusEnum - ok
15:33:00.0377 6812 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:33:00.0378 6812 IpFilterDriver - ok
15:33:00.0381 6812 IpInIp - ok
15:33:00.0407 6812 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:33:00.0408 6812 IPMIDRV - ok
15:33:00.0448 6812 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:33:00.0449 6812 IPNAT - ok
15:33:00.0630 6812 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
15:33:00.0635 6812 iPod Service - ok
15:33:00.0649 6812 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:33:00.0651 6812 IRENUM - ok
15:33:00.0676 6812 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:33:00.0677 6812 isapnp - ok
15:33:00.0711 6812 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:33:00.0713 6812 iScsiPrt - ok
15:33:00.0742 6812 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:33:00.0742 6812 iteatapi - ok
15:33:00.0773 6812 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
15:33:00.0773 6812 itecir - ok
15:33:00.0806 6812 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:33:00.0807 6812 iteraid - ok
15:33:00.0817 6812 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:33:00.0817 6812 kbdclass - ok
15:33:00.0839 6812 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
15:33:00.0839 6812 kbdhid - ok
15:33:00.0892 6812 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:33:00.0893 6812 KeyIso - ok
15:33:00.0934 6812 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
15:33:00.0937 6812 KSecDD - ok
15:33:01.0007 6812 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:33:01.0007 6812 ksthunk - ok
15:33:01.0050 6812 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:33:01.0063 6812 KtmRm - ok
15:33:01.0127 6812 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
15:33:01.0129 6812 LanmanServer - ok
15:33:01.0159 6812 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
15:33:01.0161 6812 LanmanWorkstation - ok
15:33:01.0173 6812 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:33:01.0174 6812 lltdio - ok
15:33:01.0215 6812 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:33:01.0223 6812 lltdsvc - ok
15:33:01.0232 6812 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:33:01.0233 6812 lmhosts - ok
15:33:01.0255 6812 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:33:01.0256 6812 LSI_FC - ok
15:33:01.0270 6812 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:33:01.0271 6812 LSI_SAS - ok
15:33:01.0297 6812 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:33:01.0298 6812 LSI_SCSI - ok
15:33:01.0319 6812 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:33:01.0320 6812 luafv - ok
15:33:01.0336 6812 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
15:33:01.0339 6812 Mcx2Svc - ok
15:33:01.0352 6812 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:33:01.0353 6812 megasas - ok
15:33:01.0397 6812 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:33:01.0399 6812 MegaSR - ok
15:33:01.0432 6812 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:33:01.0433 6812 MMCSS - ok
15:33:01.0447 6812 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:33:01.0448 6812 Modem - ok
15:33:01.0463 6812 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:33:01.0464 6812 monitor - ok
15:33:01.0475 6812 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:33:01.0476 6812 mouclass - ok
15:33:01.0502 6812 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:33:01.0502 6812 mouhid - ok
15:33:01.0509 6812 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:33:01.0510 6812 MountMgr - ok
15:33:01.0533 6812 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:33:01.0535 6812 mpio - ok
15:33:01.0553 6812 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:33:01.0554 6812 mpsdrv - ok
15:33:01.0570 6812 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:33:01.0570 6812 Mraid35x - ok
15:33:01.0622 6812 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:33:01.0623 6812 MRxDAV - ok
15:33:01.0677 6812 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:33:01.0678 6812 mrxsmb - ok
15:33:01.0738 6812 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:33:01.0739 6812 mrxsmb10 - ok
15:33:01.0810 6812 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:33:01.0811 6812 mrxsmb20 - ok
15:33:01.0837 6812 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
15:33:01.0838 6812 msahci - ok
15:33:01.0854 6812 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:33:01.0855 6812 msdsm - ok
15:33:01.0882 6812 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:33:01.0884 6812 MSDTC - ok
15:33:01.0928 6812 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:33:01.0928 6812 Msfs - ok
15:33:01.0949 6812 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:33:01.0950 6812 msisadrv - ok
15:33:01.0976 6812 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:33:01.0987 6812 MSiSCSI - ok
15:33:01.0990 6812 msiserver - ok
15:33:02.0000 6812 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:33:02.0000 6812 MSKSSRV - ok
15:33:02.0013 6812 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:33:02.0013 6812 MSPCLOCK - ok
15:33:02.0020 6812 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:33:02.0021 6812 MSPQM - ok
15:33:02.0060 6812 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:33:02.0062 6812 MsRPC - ok
15:33:02.0093 6812 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:33:02.0093 6812 mssmbios - ok
15:33:02.0179 6812 MSSQL$MSSMLBIZ - ok
15:33:02.0261 6812 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:33:02.0263 6812 MSSQLServerADHelper - ok
15:33:02.0281 6812 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:33:02.0281 6812 MSTEE - ok
15:33:02.0286 6812 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:33:02.0287 6812 Mup - ok
15:33:02.0318 6812 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
15:33:02.0331 6812 napagent - ok
15:33:02.0397 6812 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:33:02.0398 6812 NativeWifiP - ok
15:33:02.0518 6812 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:33:02.0522 6812 NDIS - ok
15:33:02.0534 6812 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:33:02.0534 6812 NdisTapi - ok
15:33:02.0543 6812 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:33:02.0543 6812 Ndisuio - ok
15:33:02.0563 6812 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:33:02.0565 6812 NdisWan - ok
15:33:02.0604 6812 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:33:02.0605 6812 NDProxy - ok
15:33:02.0616 6812 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:33:02.0616 6812 NetBIOS - ok
15:33:02.0670 6812 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:33:02.0671 6812 netbt - ok
15:33:02.0723 6812 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:33:02.0724 6812 Netlogon - ok
15:33:02.0764 6812 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:33:02.0767 6812 Netman - ok
15:33:02.0884 6812 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:33:02.0886 6812 NetMsmqActivator - ok
15:33:02.0889 6812 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:33:02.0890 6812 NetPipeActivator - ok
15:33:02.0919 6812 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:33:02.0933 6812 netprofm - ok
15:33:02.0936 6812 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:33:02.0937 6812 NetTcpActivator - ok
15:33:02.0940 6812 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:33:02.0942 6812 NetTcpPortSharing - ok
15:33:02.0959 6812 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:33:02.0959 6812 nfrd960 - ok
15:33:02.0982 6812 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:33:02.0984 6812 NlaSvc - ok
15:33:03.0030 6812 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:33:03.0031 6812 Npfs - ok
15:33:03.0056 6812 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:33:03.0057 6812 nsi - ok
15:33:03.0064 6812 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:33:03.0065 6812 nsiproxy - ok
15:33:03.0201 6812 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:33:03.0209 6812 Ntfs - ok
15:33:03.0264 6812 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:33:03.0265 6812 Null - ok
15:33:03.0361 6812 NVENETFD (1abc4c478a48b3e294727ca515a94b69) C:\Windows\system32\DRIVERS\nvmfdx64.sys
15:33:03.0370 6812 NVENETFD - ok
15:33:03.0499 6812 NVHDA (faf83423716ced049f9335900a64e963) C:\Windows\system32\drivers\nvhda64v.sys
15:33:03.0500 6812 NVHDA - ok
15:33:04.0049 6812 nvlddmkm (f675eeb5d5b4fed6d5a5e1cbf28d6274) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:33:04.0200 6812 nvlddmkm - ok
15:33:04.0312 6812 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:33:04.0314 6812 nvraid - ok
15:33:04.0340 6812 nvsmu (a3ac469ad99ac3fd63afccfc29a90fa9) C:\Windows\system32\DRIVERS\nvsmu.sys
15:33:04.0340 6812 nvsmu - ok
15:33:04.0357 6812 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:33:04.0359 6812 nvstor - ok
15:33:04.0397 6812 nvstor64 (581286807b5832503fd700a3217b589f) C:\Windows\system32\DRIVERS\nvstor64.sys
15:33:04.0398 6812 nvstor64 - ok
15:33:04.0494 6812 nvsvc (c080d4a32c8edf5b96b0ab8796df5022) C:\Windows\system32\nvvsvc.exe
15:33:04.0496 6812 nvsvc - ok
15:33:04.0535 6812 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:33:04.0536 6812 nv_agp - ok
15:33:04.0540 6812 NwlnkFlt - ok
15:33:04.0546 6812 NwlnkFwd - ok
15:33:04.0602 6812 OA001Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys
15:33:04.0614 6812 OA001Ufd - ok
15:33:04.0638 6812 OA001Vid (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys
15:33:04.0642 6812 OA001Vid - ok
15:33:04.0767 6812 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:33:04.0780 6812 odserv - ok
15:33:04.0826 6812 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:33:04.0827 6812 ohci1394 - ok
15:33:04.0867 6812 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:33:04.0878 6812 ose - ok
15:33:04.0995 6812 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:33:04.0999 6812 p2pimsvc - ok
15:33:05.0006 6812 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:33:05.0011 6812 p2psvc - ok
15:33:05.0036 6812 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:33:05.0038 6812 Parport - ok
15:33:05.0060 6812 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
15:33:05.0061 6812 partmgr - ok
15:33:05.0085 6812 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:33:05.0086 6812 PcaSvc - ok
15:33:05.0102 6812 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:33:05.0104 6812 pci - ok
15:33:05.0116 6812 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
15:33:05.0116 6812 pciide - ok
15:33:05.0136 6812 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:33:05.0146 6812 pcmcia - ok
15:33:05.0222 6812 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:33:05.0236 6812 PEAUTH - ok
15:33:05.0301 6812 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:33:05.0302 6812 PerfHost - ok
15:33:05.0383 6812 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:33:05.0426 6812 pla - ok
15:33:05.0499 6812 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
15:33:05.0501 6812 PlugPlay - ok
15:33:05.0593 6812 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:33:05.0598 6812 PNRPAutoReg - ok
15:33:05.0605 6812 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:33:05.0610 6812 PNRPsvc - ok
15:33:05.0678 6812 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
15:33:05.0687 6812 PolicyAgent - ok
15:33:05.0761 6812 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:33:05.0763 6812 PptpMiniport - ok
15:33:05.0779 6812 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:33:05.0780 6812 Processor - ok
15:33:05.0834 6812 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
15:33:05.0835 6812 ProfSvc - ok
15:33:05.0885 6812 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:33:05.0886 6812 ProtectedStorage - ok
15:33:05.0932 6812 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:33:05.0933 6812 PSched - ok
15:33:05.0960 6812 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
15:33:05.0962 6812 PxHlpa64 - ok
15:33:06.0054 6812 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:33:06.0085 6812 ql2300 - ok
15:33:06.0107 6812 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:33:06.0109 6812 ql40xx - ok
15:33:06.0151 6812 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:33:06.0153 6812 QWAVE - ok
15:33:06.0164 6812 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:33:06.0164 6812 QWAVEdrv - ok
15:33:06.0310 6812 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
15:33:06.0323 6812 R300 - ok
15:33:06.0414 6812 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:33:06.0415 6812 RasAcd - ok
15:33:06.0434 6812 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:33:06.0435 6812 RasAuto - ok
15:33:06.0494 6812 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:33:06.0496 6812 Rasl2tp - ok
15:33:06.0523 6812 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
15:33:06.0525 6812 RasMan - ok
15:33:06.0578 6812 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:33:06.0579 6812 RasPppoe - ok
15:33:06.0609 6812 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:33:06.0610 6812 RasSstp - ok
15:33:06.0645 6812 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:33:06.0688 6812 rdbss - ok
15:33:06.0710 6812 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:33:06.0711 6812 RDPCDD - ok
15:33:06.0762 6812 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
15:33:06.0775 6812 rdpdr - ok
15:33:06.0779 6812 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:33:06.0780 6812 RDPENCDD - ok
15:33:06.0826 6812 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
15:33:06.0836 6812 RDPWD - ok
15:33:06.0865 6812 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:33:06.0866 6812 RemoteAccess - ok
15:33:06.0929 6812 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
15:33:06.0931 6812 RemoteRegistry - ok
15:33:06.0987 6812 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
15:33:06.0989 6812 RFCOMM - ok
15:33:07.0023 6812 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:33:07.0024 6812 rimmptsk - ok
15:33:07.0046 6812 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
15:33:07.0048 6812 rimsptsk - ok
15:33:07.0058 6812 RimUsb - ok
15:33:07.0087 6812 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
15:33:07.0089 6812 RimVSerPort - ok
15:33:07.0100 6812 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:33:07.0102 6812 rismxdp - ok
15:33:07.0109 6812 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
15:33:07.0110 6812 ROOTMODEM - ok
15:33:07.0137 6812 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:33:07.0138 6812 RpcLocator - ok
15:33:07.0215 6812 rpcnet (6684437f3628ef237c354f77d33426d1) C:\Windows\SysWOW64\rpcnet.exe
15:33:07.0216 6812 rpcnet - ok
15:33:07.0299 6812 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:33:07.0303 6812 RpcSs - ok
15:33:07.0361 6812 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:33:07.0362 6812 rspndr - ok
15:33:07.0416 6812 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:33:07.0417 6812 SamSs - ok
15:33:07.0435 6812 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
15:33:07.0437 6812 sbp2port - ok
15:33:07.0484 6812 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
15:33:07.0486 6812 SCardSvr - ok
15:33:07.0596 6812 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
15:33:07.0601 6812 Schedule - ok
15:33:07.0644 6812 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:33:07.0644 6812 SCPolicySvc - ok
15:33:07.0674 6812 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
15:33:07.0676 6812 sdbus - ok
15:33:07.0703 6812 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:33:07.0704 6812 SDRSVC - ok
15:33:07.0713 6812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:33:07.0714 6812 secdrv - ok
15:33:07.0727 6812 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:33:07.0728 6812 seclogon - ok
15:33:07.0741 6812 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
15:33:07.0742 6812 SENS - ok
15:33:07.0773 6812 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:33:07.0773 6812 Serenum - ok
15:33:07.0793 6812 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:33:07.0795 6812 Serial - ok
15:33:07.0813 6812 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:33:07.0814 6812 sermouse - ok
15:33:07.0832 6812 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:33:07.0833 6812 SessionEnv - ok
15:33:07.0860 6812 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
15:33:07.0861 6812 sffdisk - ok
15:33:07.0877 6812 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:33:07.0878 6812 sffp_mmc - ok
15:33:07.0888 6812 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:33:07.0889 6812 sffp_sd - ok
15:33:07.0898 6812 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:33:07.0899 6812 sfloppy - ok
15:33:07.0944 6812 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
15:33:07.0946 6812 ShellHWDetection - ok
15:33:08.0001 6812 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:33:08.0002 6812 SiSRaid2 - ok
15:33:08.0017 6812 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:33:08.0019 6812 SiSRaid4 - ok
15:33:08.0071 6812 SkyhawkeUSBLan (22a249676b45987b7ada1fd91cb9c9c0) C:\Windows\system32\DRIVERS\btblan.sys
15:33:08.0072 6812 SkyhawkeUSBLan - ok
15:33:08.0270 6812 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
15:33:08.0285 6812 slsvc - ok
15:33:08.0410 6812 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
15:33:08.0411 6812 SLUINotify - ok
15:33:08.0508 6812 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:33:08.0509 6812 Smb - ok
15:33:08.0532 6812 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:33:08.0533 6812 SNMPTRAP - ok
15:33:08.0609 6812 Sound Blaster X-Fi MB Licensing Service (9b24dca429f819db314f30ee4c6c80fd) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
15:33:08.0610 6812 Sound Blaster X-Fi MB Licensing Service - ok
15:33:08.0634 6812 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:33:08.0634 6812 spldr - ok
15:33:08.0700 6812 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
15:33:08.0703 6812 Spooler - ok
15:33:08.0790 6812 sprtsvc_smartagent - ok
15:33:08.0918 6812 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:33:08.0919 6812 SQLBrowser - ok
15:33:08.0985 6812 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:33:08.0986 6812 SQLWriter - ok
15:33:09.0052 6812 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:33:09.0073 6812 srv - ok
15:33:09.0152 6812 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:33:09.0163 6812 srv2 - ok
15:33:09.0254 6812 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:33:09.0256 6812 srvnet - ok
15:33:09.0314 6812 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:33:09.0316 6812 SSDPSRV - ok
15:33:09.0383 6812 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:33:09.0384 6812 SstpSvc - ok
15:33:09.0493 6812 STacSV (c5df63ae2693c9b6b01b4a2e6c1c64ac) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
15:33:09.0495 6812 STacSV - ok
15:33:09.0608 6812 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
15:33:09.0614 6812 STHDA - ok
15:33:09.0696 6812 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
15:33:09.0700 6812 stisvc - ok
15:33:09.0765 6812 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:33:09.0767 6812 stllssvr - ok
15:33:09.0818 6812 SupportSoft RemoteAssist (78b58486a5cb4f418d06ea2d6e961db0) C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe
15:33:09.0822 6812 SupportSoft RemoteAssist - ok
15:33:09.0865 6812 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:33:09.0865 6812 swenum - ok
15:33:09.0940 6812 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
15:33:09.0943 6812 swprv - ok
15:33:09.0959 6812 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:33:09.0960 6812 Symc8xx - ok
15:33:09.0973 6812 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:33:09.0974 6812 Sym_hi - ok
15:33:09.0989 6812 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:33:09.0990 6812 Sym_u3 - ok
15:33:10.0045 6812 SynTP (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
15:33:10.0052 6812 SynTP - ok
15:33:10.0140 6812 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
15:33:10.0146 6812 SysMain - ok
15:33:10.0175 6812 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:33:10.0177 6812 TabletInputService - ok
15:33:10.0267 6812 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
15:33:10.0270 6812 TapiSrv - ok
15:33:10.0285 6812 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:33:10.0287 6812 TBS - ok
15:33:10.0385 6812 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
15:33:10.0392 6812 Tcpip - ok
15:33:10.0574 6812 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
15:33:10.0581 6812 Tcpip6 - ok
15:33:10.0659 6812 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:33:10.0660 6812 tcpipreg - ok
15:33:10.0695 6812 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:33:10.0696 6812 TDPIPE - ok
15:33:10.0711 6812 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:33:10.0712 6812 TDTCP - ok
15:33:10.0757 6812 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:33:10.0758 6812 tdx - ok
15:33:10.0784 6812 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:33:10.0785 6812 TermDD - ok
15:33:10.0860 6812 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
15:33:10.0863 6812 TermService - ok
15:33:10.0979 6812 tgsrvc_smartagent - ok
15:33:11.0014 6812 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
15:33:11.0016 6812 Themes - ok
15:33:11.0050 6812 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:33:11.0051 6812 THREADORDER - ok
15:33:11.0070 6812 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:33:11.0072 6812 TrkWks - ok
15:33:11.0142 6812 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
15:33:11.0143 6812 TrustedInstaller - ok
15:33:11.0163 6812 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:33:11.0164 6812 tssecsrv - ok
15:33:11.0179 6812 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:33:11.0180 6812 tunmp - ok
15:33:11.0224 6812 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:33:11.0225 6812 tunnel - ok
15:33:11.0243 6812 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:33:11.0244 6812 uagp35 - ok
15:33:11.0295 6812 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:33:11.0302 6812 udfs - ok
15:33:11.0326 6812 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:33:11.0328 6812 UI0Detect - ok
15:33:11.0373 6812 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:33:11.0389 6812 uliagpkx - ok
15:33:11.0419 6812 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:33:11.0443 6812 uliahci - ok
15:33:11.0489 6812 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:33:11.0500 6812 UlSata - ok
15:33:11.0519 6812 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:33:11.0529 6812 ulsata2 - ok
15:33:11.0559 6812 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:33:11.0560 6812 umbus - ok
15:33:11.0627 6812 UmRdpService (dc5e34f189b827199b9cc8481c648269) C:\Windows\System32\umrdp.dll
15:33:11.0629 6812 UmRdpService - ok
15:33:11.0676 6812 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:33:11.0679 6812 upnphost - ok
15:33:11.0706 6812 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:33:11.0707 6812 USBAAPL64 - ok
15:33:11.0737 6812 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:33:11.0739 6812 usbccgp - ok
15:33:11.0760 6812 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:33:11.0762 6812 usbcir - ok
15:33:11.0773 6812 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:33:11.0774 6812 usbehci - ok
15:33:11.0801 6812 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:33:11.0809 6812 usbhub - ok
15:33:11.0836 6812 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
15:33:11.0837 6812 usbohci - ok
15:33:11.0853 6812 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:33:11.0854 6812 usbprint - ok
15:33:11.0876 6812 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:33:11.0877 6812 USBSTOR - ok
15:33:11.0892 6812 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:33:11.0893 6812 usbuhci - ok
15:33:11.0942 6812 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
15:33:11.0944 6812 usbvideo - ok
15:33:11.0990 6812 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
15:33:11.0992 6812 UxSms - ok
15:33:12.0059 6812 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
15:33:12.0062 6812 vds - ok
15:33:12.0074 6812 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:33:12.0075 6812 vga - ok
15:33:12.0081 6812 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:33:12.0081 6812 VgaSave - ok
15:33:12.0090 6812 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:33:12.0092 6812 viaide - ok
15:33:12.0114 6812 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:33:12.0115 6812 volmgr - ok
15:33:12.0180 6812 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:33:12.0193 6812 volmgrx - ok
15:33:12.0225 6812 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:33:12.0232 6812 volsnap - ok
15:33:12.0253 6812 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:33:12.0264 6812 vsmraid - ok
15:33:12.0376 6812 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
15:33:12.0469 6812 VSS - ok
15:33:12.0623 6812 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
15:33:12.0627 6812 vToolbarUpdater12.1.5 - ok
15:33:12.0768 6812 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
15:33:12.0770 6812 W32Time - ok
15:33:12.0813 6812 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:33:12.0814 6812 WacomPen - ok
15:33:12.0864 6812 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:33:12.0866 6812 Wanarp - ok
15:33:12.0869 6812 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:33:12.0869 6812 Wanarpv6 - ok
15:33:12.0973 6812 wbengine (48eee289df9e4989128b2283f3eeacc6) C:\Windows\system32\wbengine.exe
15:33:12.0998 6812 wbengine - ok
15:33:13.0032 6812 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
15:33:13.0036 6812 wcncsvc - ok
15:33:13.0111 6812 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:33:13.0112 6812 WcsPlugInService - ok
15:33:13.0126 6812 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:33:13.0127 6812 Wd - ok
15:33:13.0194 6812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:33:13.0207 6812 Wdf01000 - ok
15:33:13.0226 6812 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:33:13.0228 6812 WdiServiceHost - ok
15:33:13.0231 6812 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:33:13.0232 6812 WdiSystemHost - ok
15:33:13.0257 6812 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
15:33:13.0260 6812 WebClient - ok
15:33:13.0325 6812 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:33:13.0327 6812 Wecsvc - ok
15:33:13.0373 6812 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:33:13.0375 6812 wercplsupport - ok
15:33:13.0386 6812 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
15:33:13.0388 6812 WerSvc - ok
15:33:13.0394 6812 WinHttpAutoProxySvc - ok
15:33:13.0509 6812 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
15:33:13.0511 6812 Winmgmt - ok
15:33:13.0681 6812 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:33:13.0713 6812 WinRM - ok
15:33:13.0847 6812 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
15:33:13.0852 6812 Wlansvc - ok
15:33:14.0079 6812 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:33:14.0091 6812 wlidsvc - ok
15:33:14.0129 6812 wltrysvc - ok
15:33:14.0172 6812 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:33:14.0173 6812 WmiAcpi - ok
15:33:14.0281 6812 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
15:33:14.0282 6812 wmiApSrv - ok
15:33:14.0328 6812 WMPNetworkSvc - ok
15:33:14.0392 6812 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:33:14.0394 6812 WPCSvc - ok
15:33:14.0477 6812 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
15:33:14.0478 6812 WPDBusEnum - ok
15:33:14.0510 6812 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:33:14.0511 6812 WpdUsb - ok
15:33:14.0661 6812 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:33:14.0667 6812 WPFFontCache_v0400 - ok
15:33:14.0690 6812 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:33:14.0691 6812 ws2ifsl - ok
15:33:14.0695 6812 WSearch - ok
15:33:14.0733 6812 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:33:14.0735 6812 WUDFRd - ok
15:33:14.0750 6812 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:33:14.0751 6812 wudfsvc - ok
15:33:14.0784 6812 MBR (0x1B8) (239841e1ae8e4843c0676f3681a7d6be) \Device\Harddisk0\DR0
15:33:15.0041 6812 \Device\Harddisk0\DR0 - ok
15:33:15.0069 6812 Boot (0x1200) (05cb4033b49bcf56ad1536a4edcdda4f) \Device\Harddisk0\DR0\Partition0
15:33:15.0071 6812 \Device\Harddisk0\DR0\Partition0 - ok
15:33:15.0073 6812 Boot (0x1200) (eb537d108cc1b4512101284f1cb29100) \Device\Harddisk0\DR0\Partition1
15:33:15.0074 6812 \Device\Harddisk0\DR0\Partition1 - ok
15:33:15.0075 6812 ============================================================
15:33:15.0075 6812 Scan finished
15:33:15.0075 6812 ============================================================
15:33:15.0081 6300 Detected object count: 0
15:33:15.0081 6300 Actual detected object count: 0

#7 JimJam99

JimJam99
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 02 August 2012 - 02:02 PM

Here is the log from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-02 15:37:40
-----------------------------
15:37:40.748 OS Version: Windows x64 6.0.6002 Service Pack 2
15:37:40.748 Number of processors: 2 586 0x170A
15:37:40.749 ComputerName: JASONMOFFITT-PC UserName: Jason Moffitt
15:37:41.630 Initialize success
15:39:54.232 AVAST engine defs: 12080200
15:39:58.872 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
15:39:58.874 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
15:39:58.888 Disk 0 MBR read successfully
15:39:58.890 Disk 0 MBR scan
15:39:58.932 Disk 0 Windows VISTA default MBR code
15:39:58.934 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:39:58.957 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325
15:39:58.974 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290205 MB offset 30800325
15:39:58.991 Disk 0 scanning C:\Windows\system32\drivers
15:40:13.959 Service scanning
15:40:38.532 Modules scanning
15:40:38.538 Disk 0 trace - called modules:
15:40:38.552 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
15:40:38.883 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800539f430]
15:40:38.886 3 CLASSPNP.SYS[fffffa6000dc8c33] -> nt!IofCallDriver -> [0xfffffa8005183e40]
15:40:38.890 5 acpi.sys[fffffa60008c9fde] -> nt!IofCallDriver -> \Device\0000006a[0xfffffa800517e060]
15:40:40.260 AVAST engine scan C:\Windows
15:40:43.196 AVAST engine scan C:\Windows\system32
15:44:14.894 AVAST engine scan C:\Windows\system32\drivers
15:44:37.675 AVAST engine scan C:\Users\Jason Moffitt
15:55:23.887 AVAST engine scan C:\ProgramData
15:56:46.849 Scan finished successfully
15:57:55.352 Disk 0 MBR has been saved successfully to "C:\Users\Jason Moffitt\Documents\MBR.dat"
15:57:55.355 The log file has been saved successfully to "C:\Users\Jason Moffitt\Documents\aswMBR.txt"

#8 JimJam99

JimJam99
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 02 August 2012 - 03:12 PM

Here is the text from ESET:

C:\ProgramData\0C1CFB133F38F55CD36CDBB42F3B6FDA\0C1CFB133F38F55CD36CDBB42F3B6FDA.exe a variant of Win32/Kryptik.AJIL trojan cleaned by deleting - quarantined
C:\Windows\Installer\{7e14a0cd-0738-722b-5746-7310cebee572}\U\80000000.@ Win64/Sirefef.AL trojan cleaned by deleting - quarantined

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:36 AM

Posted 02 August 2012 - 03:46 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{7e14a0cd-0738-722b-5746-7310cebee572}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#10 JimJam99

JimJam99
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 03 August 2012 - 06:11 AM

Here is the log from systemlook:

SystemLook 30.07.11 by jpshortstuff
Log created at 08:06 on 03/08/2012 by Jason Moffitt
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 384512 bytes [14:41 18/03/2010] [07:10 11/04/2009] BC81150939BD52DBC7A08C245F1FB229
C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [14:41 18/03/2010] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:48 21/01/2008] [02:48 21/01/2008] DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [14:41 18/03/2010] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:49 21/01/2008] [02:49 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [14:41 18/03/2010] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

========== folderfind ==========

Searching for "{7e14a0cd-0738-722b-5746-7310cebee572}"
C:\Users\Jason Moffitt\AppData\Local\{7e14a0cd-0738-722b-5746-7310cebee572} d--hs-- [14:05 11/01/2012]
C:\Windows\Installer\{7e14a0cd-0738-722b-5746-7310cebee572} d--hs-- [14:05 11/01/2012]

-= EOF =-

#11 JimJam99

JimJam99
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 03 August 2012 - 08:11 AM

Got my clean scan in MBAM. Here is the log from minitoolbox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jason Moffitt (administrator) on 03-08-2012 at 10:05:57
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

199.194.19.2 smartAgent.ds.adp.com

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Connected)
Dell Wireless 1510 Wireless-N WLAN Mini-Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JasonMoffitt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : phub.net.cable.rogers.com
Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-Card
Physical Address. . . . . . . . . : 00-26-5E-26-92-99
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physical Address. . . . . . . . . : 00-22-19-FA-42-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f845:397a:b9aa:d23f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 199.194.19.128(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : August-03-12 9:04:02 AM
Lease Expires . . . . . . . . . . : August-17-12 9:04:02 AM
Default Gateway . . . . . . . . . : 199.194.19.62
DHCP Server . . . . . . . . . . . : 199.194.19.61
DHCPv6 IAID . . . . . . . . . . . : 251666969
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-FB-83-5D-00-22-19-FA-42-2A
DNS Servers . . . . . . . . . . . : 142.166.145.137
142.177.2.130
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.phub.net.cable.rogers.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0567CBA8-4741-4B4F-AD9A-6299FD704A8A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-nb.aliant.net
Address: 142.166.145.137

Name: google.com
Addresses: 2607:f8b0:4006:801::1005
173.194.43.34
173.194.43.35
173.194.43.36
173.194.43.37
173.194.43.38
173.194.43.39
173.194.43.40
173.194.43.41
173.194.43.46
173.194.43.32
173.194.43.33



Pinging google.com [173.194.43.4] with 32 bytes of data:

Reply from 173.194.43.4: bytes=32 time=33ms TTL=54

Reply from 173.194.43.4: bytes=32 time=34ms TTL=54



Ping statistics for 173.194.43.4:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 34ms, Average = 33ms

Server: dns-nb.aliant.net
Address: 142.166.145.137

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=79ms TTL=52

Reply from 209.191.122.70: bytes=32 time=239ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 79ms, Maximum = 239ms, Average = 159ms

Server: dns-nb.aliant.net
Address: 142.166.145.137

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 26 5e 26 92 99 ...... Dell Wireless 1510 Wireless-N WLAN Mini-Card
11 ...00 22 19 fa 42 2a ...... NVIDIA nForce 10/100/1000 Mbps Ethernet
1 ........................... Software Loopback Interface 1
16 ...00 00 00 00 00 00 00 e0 isatap.phub.net.cable.rogers.com
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
23 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
21 ...00 00 00 00 00 00 00 e0 isatap.{0567CBA8-4741-4B4F-AD9A-6299FD704A8A}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 199.194.19.62 199.194.19.128 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
199.194.19.0 255.255.255.0 On-link 199.194.19.128 276
199.194.19.128 255.255.255.255 On-link 199.194.19.128 276
199.194.19.255 255.255.255.255 On-link 199.194.19.128 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 199.194.19.128 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 199.194.19.128 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::f845:397a:b9aa:d23f/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [44032] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/03/2012 09:04:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2012 08:03:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2012 05:11:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2012 04:24:08 PM) (Source: Application Error) (User: )
Description: Faulting application dlpsp.exe, version 1.101.902.3, time stamp 0x49f1477f, faulting module DLH08DZ.DLL, version 1.7.906.3, time stamp 0x4a25fd20, exception code 0xc0000409, fault offset 0x0000000000007506,
process id 0xe04, application start time 0xdlpsp.exe0.

Error: (08/02/2012 04:00:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/02/2012 04:00:26 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/02/2012 04:00:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/02/2012 03:23:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2012 02:39:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2012 11:24:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/03/2012 09:04:21 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (08/03/2012 09:04:21 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (08/03/2012 09:04:21 AM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (08/03/2012 08:03:15 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (08/03/2012 08:03:15 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (08/03/2012 08:03:15 AM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (08/02/2012 05:11:53 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (08/02/2012 05:11:53 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (08/02/2012 05:11:53 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (08/02/2012 03:50:02 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.


Microsoft Office Sessions:
=========================
Error: (09/16/2011 09:32:53 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 225 seconds with 0 seconds of active time. This session ended with a crash.

Error: (10/29/2009 10:04:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 946 seconds with 60 seconds of active time. This session ended with a crash.

Error: (10/20/2009 09:29:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 480 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Apple Mobile Device Support (Version: 5.2.0.6)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Bonjour (Version: 3.0.0.10)
Dell Dock (Version: 1.0.0)
Dell Driver Download Manager (Version: 1.0.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 12.0.1.0)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
FastAccess (Version: 2.4.97.1)
iCloud (Version: 1.1.0.40)
Integrated Webcam Driver (1.06.03.0309) (Version: 1.06.03.0309)
iTunes (Version: 10.6.3.25)
Java™ 6 Update 13 (64-bit) (Version: 6.0.130)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
NVIDIA Drivers (Version: 1.3)
Quickset (Version: 9.2.13)
WIDCOMM Bluetooth Software 6.1.0.4402 (Version: 6.1.0.4402)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Sound Schemes

========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 3837.43 MB
Available physical RAM: 1314.63 MB
Total Pagefile: 7870.39 MB
Available Pagefile: 4726.21 MB
Total Virtual: 4095.88 MB
Available Virtual: 3997.16 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:155.6 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.21 GB) NTFS

========================= Users: ========================================

User accounts for \\JASONMOFFITT-PC

Administrator Guest Jason Moffitt


**** End of log ****

#12 JimJam99

JimJam99
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 03 August 2012 - 08:13 AM

Here is the FSS log:

Farbar Service Scanner Version: 26-07-2012
Ran by Jason Moffitt (administrator) on 03-08-2012 at 10:09:17
Running from "C:\Users\Jason Moffitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP6FHA65"
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2010-03-18 11:41] - [2009-04-11 04:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 17:21] - [2012-01-03 11:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 14:20] - [2012-03-30 09:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-15 09:04] - [2011-03-02 13:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2010-03-18 11:41] - [2009-04-11 04:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2010-03-18 11:40] - [2009-04-11 04:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2010-03-18 11:42] - [2009-04-11 04:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2010-03-18 11:40] - [2009-04-11 04:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2010-03-18 11:41] - [2009-04-11 04:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2010-03-18 11:42] - [2009-04-11 04:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2010-03-18 11:42] - [2009-04-11 04:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-07-11 16:37] - [2012-07-11 16:37] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-03-18 11:42] - [2009-04-11 04:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#13 JimJam99

JimJam99
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 03 August 2012 - 08:30 AM

Here is the last log:

# AdwCleaner v1.800 - Logfile created 08/03/2012 at 10:10:51
# Updated 01/08/2012 by Xplode
# Operating system : Windows ™ Vista Ultimate Service Pack 2 (64 bits)
# User : Jason Moffitt - JASONMOFFITT-PC
# Running from : C:\Users\Jason Moffitt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F88U8RRL\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Jason Moffitt\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Users\Administrator.JasonMoffitt-PC\AppData\Local\AVG Secure Search
Deleted on reboot : C:\Users\Jason Moffitt\AppData\LocalLow\AVG Secure Search
Deleted on reboot : C:\Users\Jason Moffitt\AppData\LocalLow\boost_interprocess
Deleted on reboot : C:\Users\Administrator.JasonMoffitt-PC\AppData\LocalLow\AVG Secure Search
Deleted on reboot : C:\ProgramData\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Description
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [5112 octets] - [03/08/2012 10:10:51]

########## EOF - C:\AdwCleaner[S1].txt - [5240 octets] ##########

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:36 AM

Posted 03 August 2012 - 08:44 AM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:services.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER


Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Jason Moffitt\AppData\Local\{7e14a0cd-0738-722b-5746-7310cebee572}
C:\Windows\Installer\{7e14a0cd-0738-722b-5746-7310cebee572}

delete the folders

Post the new system look log

Download

MpsSvc
BFE
wscsvc
defender
wuauserv
BITS
Sharedaccess

Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#15 JimJam99

JimJam99
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 05 August 2012 - 11:36 AM

It's a long weekend here in Canada. I'll be back on my infected pc on Tuesday. Thanks for all your help so far.

Jason.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users