Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am Infected and do not know what to do.


  • Please log in to reply
19 replies to this topic

#1 Bird570

Bird570

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 03 August 2012 - 09:59 PM

Hello,

Yesterday Norton began telling me that it was blocking Trojan.zeroaccess.B, Trojan.gen and Trojan.gen.2.

I ran Malwarebytes antivirus and it detected something and removed it. It told me to reboot but the popups kept coming. Norton did not detect anything but only claims to be blocking.

Any help would be appreciated and I apologize if this is not posted in the correct location.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:05 PM

Posted 04 August 2012 - 05:41 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Bird570

Bird570
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 August 2012 - 12:22 PM

Thank you again for your help.

First Log

10:16:24.0210 5752 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
10:16:24.0834 5752 ============================================================
10:16:24.0834 5752 Current date / time: 2012/08/04 10:16:24.0834
10:16:24.0834 5752 SystemInfo:
10:16:24.0834 5752
10:16:24.0834 5752 OS Version: 6.0.6002 ServicePack: 2.0
10:16:24.0834 5752 Product type: Workstation
10:16:24.0834 5752 ComputerName: CYMBELINE-PC
10:16:24.0834 5752 UserName: Cymbeline
10:16:24.0834 5752 Windows directory: C:\Windows
10:16:24.0834 5752 System windows directory: C:\Windows
10:16:24.0834 5752 Running under WOW64
10:16:24.0834 5752 Processor architecture: Intel x64
10:16:24.0834 5752 Number of processors: 2
10:16:24.0834 5752 Page size: 0x1000
10:16:24.0834 5752 Boot type: Normal boot
10:16:24.0834 5752 ============================================================
10:16:25.0661 5752 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:16:25.0676 5752 ============================================================
10:16:25.0676 5752 \Device\Harddisk0\DR0:
10:16:25.0676 5752 MBR partitions:
10:16:25.0676 5752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1527000, BlocksNum 0x23F072B0
10:16:25.0676 5752 ============================================================
10:16:25.0723 5752 C: <-> \Device\Harddisk0\DR0\Partition0
10:16:25.0723 5752 ============================================================
10:16:25.0723 5752 Initialize success
10:16:25.0723 5752 ============================================================
10:16:42.0696 5444 ============================================================
10:16:42.0696 5444 Scan started
10:16:42.0696 5444 Mode: Manual; TDLFS;
10:16:42.0696 5444 ============================================================
10:16:43.0320 5444 a2acc (2d6434e957f7cfa0035c20890f77bbc6) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
10:16:43.0335 5444 a2acc - ok
10:16:43.0741 5444 a2AntiMalware (0d050186cf421131b43d00024bd9b8bb) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
10:16:43.0835 5444 a2AntiMalware - ok
10:16:43.0991 5444 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
10:16:44.0006 5444 A2DDA - ok
10:16:44.0147 5444 ACDaemon (35f57598f0589feb3c3abc1621bf329f) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:16:44.0147 5444 ACDaemon - ok
10:16:44.0427 5444 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:16:44.0427 5444 ACPI - ok
10:16:44.0537 5444 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:16:44.0537 5444 AdobeARMservice - ok
10:16:45.0239 5444 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:16:47.0688 5444 adp94xx - ok
10:16:47.0750 5444 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:16:47.0766 5444 adpahci - ok
10:16:47.0813 5444 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:16:47.0813 5444 adpu160m - ok
10:16:47.0875 5444 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:16:47.0875 5444 adpu320 - ok
10:16:47.0922 5444 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
10:16:47.0922 5444 AeLookupSvc - ok
10:16:48.0031 5444 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
10:16:48.0047 5444 AFD - ok
10:16:48.0390 5444 AffinegyService (b531b033b5f23d5cca5005bc1136d740) C:\Program Files (x86)\TWC\DigiDo\AffinegyService.exe
10:16:48.0437 5444 AffinegyService - ok
10:16:48.0499 5444 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:16:48.0499 5444 agp440 - ok
10:16:48.0561 5444 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:16:48.0608 5444 aic78xx - ok
10:16:48.0639 5444 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
10:16:48.0639 5444 ALG - ok
10:16:48.0702 5444 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
10:16:48.0733 5444 aliide - ok
10:16:48.0749 5444 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:16:48.0749 5444 amdide - ok
10:16:48.0780 5444 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:16:48.0780 5444 AmdK8 - ok
10:16:48.0827 5444 ApfiltrService (2e0d64d672f9e3edd51531fa91f33da5) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:16:48.0827 5444 ApfiltrService - ok
10:16:48.0873 5444 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
10:16:48.0889 5444 Appinfo - ok
10:16:48.0936 5444 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:16:48.0951 5444 arc - ok
10:16:48.0983 5444 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:16:48.0983 5444 arcsas - ok
10:16:49.0029 5444 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
10:16:49.0045 5444 ArcSoftKsUFilter - ok
10:16:49.0061 5444 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:16:49.0061 5444 AsyncMac - ok
10:16:49.0076 5444 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
10:16:49.0076 5444 atapi - ok
10:16:49.0295 5444 athr (390bc9b68e1ef2a299731bc775d43004) C:\Windows\system32\DRIVERS\athrx.sys
10:16:49.0310 5444 athr - ok
10:16:49.0466 5444 Ati External Event Utility (20c8215ad926c2db4e4915ad7d24241e) C:\Windows\system32\Ati2evxx.exe
10:16:49.0482 5444 Ati External Event Utility - ok
10:16:50.0106 5444 atikmdag (a0e8b71a181930338b45f371a25cdec4) C:\Windows\system32\DRIVERS\atikmdag.sys
10:16:50.0340 5444 atikmdag - ok
10:16:50.0527 5444 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:16:50.0527 5444 AudioEndpointBuilder - ok
10:16:50.0543 5444 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:16:50.0543 5444 AudioSrv - ok
10:16:50.0621 5444 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
10:16:50.0636 5444 BFE - ok
10:16:50.0917 5444 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
10:16:50.0933 5444 BHDrvx64 - ok
10:16:51.0073 5444 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:16:51.0104 5444 blbdrive - ok
10:16:51.0229 5444 Bonjour Service (a065f048e9e23e6c026a7bb548d126a7) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
10:16:51.0229 5444 Bonjour Service - ok
10:16:51.0323 5444 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:16:51.0323 5444 bowser - ok
10:16:51.0385 5444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:16:51.0385 5444 BrFiltLo - ok
10:16:51.0447 5444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:16:51.0447 5444 BrFiltUp - ok
10:16:51.0479 5444 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
10:16:51.0479 5444 Browser - ok
10:16:51.0510 5444 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:16:51.0525 5444 Brserid - ok
10:16:51.0557 5444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:16:51.0557 5444 BrSerWdm - ok
10:16:51.0588 5444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:16:51.0588 5444 BrUsbMdm - ok
10:16:51.0603 5444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:16:51.0603 5444 BrUsbSer - ok
10:16:51.0635 5444 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
10:16:51.0635 5444 BthEnum - ok
10:16:51.0650 5444 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:16:51.0681 5444 BTHMODEM - ok
10:16:51.0728 5444 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
10:16:51.0728 5444 BthPan - ok
10:16:51.0806 5444 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
10:16:51.0822 5444 BTHPORT - ok
10:16:51.0869 5444 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
10:16:51.0869 5444 BthServ - ok
10:16:51.0884 5444 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
10:16:51.0900 5444 BTHUSB - ok
10:16:51.0947 5444 btwaudio (1abd26de34d3a5e346e96d721c0d67f8) C:\Windows\system32\drivers\btwaudio.sys
10:16:51.0947 5444 btwaudio - ok
10:16:51.0993 5444 btwavdt (3081d3213a3d2df2f3e7bbd816c17225) C:\Windows\system32\drivers\btwavdt.sys
10:16:52.0009 5444 btwavdt - ok
10:16:52.0181 5444 btwdins (51871801ef4f79f22683abef7bea989b) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:16:52.0196 5444 btwdins - ok
10:16:52.0243 5444 btwl2cap (0037cb116097e8e0ea77f3b13c50ff1e) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:16:52.0243 5444 btwl2cap - ok
10:16:52.0290 5444 btwrchid (6921ad2faf1cb24b2ffc78104721d506) C:\Windows\system32\DRIVERS\btwrchid.sys
10:16:52.0290 5444 btwrchid - ok
10:16:52.0368 5444 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
10:16:52.0383 5444 CAXHWAZL - ok
10:16:52.0555 5444 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
10:16:52.0617 5444 ccHP - ok
10:16:52.0664 5444 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:16:52.0680 5444 cdfs - ok
10:16:52.0727 5444 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:16:52.0727 5444 cdrom - ok
10:16:52.0820 5444 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:16:52.0820 5444 CertPropSvc - ok
10:16:52.0836 5444 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
10:16:52.0867 5444 circlass - ok
10:16:52.0929 5444 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:16:52.0945 5444 CLFS - ok
10:16:53.0039 5444 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:16:53.0070 5444 clr_optimization_v2.0.50727_32 - ok
10:16:53.0132 5444 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:16:53.0163 5444 clr_optimization_v2.0.50727_64 - ok
10:16:53.0273 5444 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:16:53.0288 5444 clr_optimization_v4.0.30319_32 - ok
10:16:53.0351 5444 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:16:53.0351 5444 clr_optimization_v4.0.30319_64 - ok
10:16:53.0429 5444 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
10:16:53.0429 5444 CmBatt - ok
10:16:53.0460 5444 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:16:53.0491 5444 cmdide - ok
10:16:53.0507 5444 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
10:16:53.0507 5444 Compbatt - ok
10:16:53.0522 5444 COMSysApp - ok
10:16:53.0585 5444 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:16:53.0585 5444 crcdisk - ok
10:16:53.0647 5444 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
10:16:53.0663 5444 CryptSvc - ok
10:16:53.0787 5444 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:16:53.0803 5444 DcomLaunch - ok
10:16:53.0834 5444 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:16:53.0834 5444 DfsC - ok
10:16:54.0599 5444 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
10:16:54.0723 5444 DFSR - ok
10:16:54.0879 5444 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
10:16:54.0879 5444 Dhcp - ok
10:16:55.0113 5444 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:16:55.0113 5444 disk - ok
10:16:55.0129 5444 DMICall - ok
10:16:55.0238 5444 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
10:16:55.0238 5444 Dnscache - ok
10:16:55.0316 5444 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
10:16:55.0316 5444 dot3svc - ok
10:16:55.0394 5444 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
10:16:55.0394 5444 Dot4 - ok
10:16:55.0472 5444 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:16:55.0472 5444 Dot4Print - ok
10:16:55.0488 5444 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
10:16:55.0488 5444 dot4usb - ok
10:16:55.0519 5444 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
10:16:55.0519 5444 DPS - ok
10:16:55.0550 5444 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:16:55.0550 5444 drmkaud - ok
10:16:55.0675 5444 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
10:16:55.0706 5444 DXGKrnl - ok
10:16:55.0753 5444 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:16:55.0769 5444 E1G60 - ok
10:16:55.0815 5444 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
10:16:55.0815 5444 EapHost - ok
10:16:55.0909 5444 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:16:55.0909 5444 Ecache - ok
10:16:56.0049 5444 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:16:56.0065 5444 eeCtrl - ok
10:16:56.0159 5444 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
10:16:56.0159 5444 ehRecvr - ok
10:16:56.0205 5444 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
10:16:56.0205 5444 ehSched - ok
10:16:56.0221 5444 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
10:16:56.0221 5444 ehstart - ok
10:16:56.0315 5444 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:16:56.0361 5444 elxstor - ok
10:16:56.0455 5444 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
10:16:56.0455 5444 EMDMgmt - ok
10:16:56.0595 5444 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:16:56.0611 5444 EraserUtilRebootDrv - ok
10:16:56.0642 5444 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:16:56.0673 5444 ErrDev - ok
10:16:56.0767 5444 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
10:16:56.0767 5444 EventSystem - ok
10:16:56.0829 5444 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:16:56.0845 5444 exfat - ok
10:16:56.0876 5444 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:16:56.0907 5444 fastfat - ok
10:16:56.0907 5444 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:16:56.0923 5444 fdc - ok
10:16:56.0954 5444 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
10:16:56.0954 5444 fdPHost - ok
10:16:56.0970 5444 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
10:16:56.0970 5444 FDResPub - ok
10:16:57.0001 5444 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:16:57.0017 5444 FileInfo - ok
10:16:57.0032 5444 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:16:57.0032 5444 Filetrace - ok
10:16:57.0048 5444 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:16:57.0079 5444 flpydisk - ok
10:16:57.0141 5444 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:16:57.0141 5444 FltMgr - ok
10:16:57.0329 5444 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
10:16:57.0344 5444 FontCache - ok
10:16:57.0438 5444 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:16:57.0438 5444 FontCache3.0.0.0 - ok
10:16:57.0516 5444 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
10:16:57.0531 5444 Fs_Rec - ok
10:16:57.0594 5444 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:16:57.0609 5444 gagp30kx - ok
10:16:57.0765 5444 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
10:16:57.0781 5444 gpsvc - ok
10:16:57.0921 5444 gupdate1ca3007e9d2be15 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:16:57.0937 5444 gupdate1ca3007e9d2be15 - ok
10:16:57.0968 5444 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:16:57.0968 5444 gupdatem - ok
10:16:58.0015 5444 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:16:58.0015 5444 gusvc - ok
10:16:58.0093 5444 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
10:16:58.0093 5444 HdAudAddService - ok
10:16:58.0249 5444 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:16:58.0265 5444 HDAudBus - ok
10:16:58.0280 5444 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:16:58.0311 5444 HidBth - ok
10:16:58.0343 5444 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
10:16:58.0343 5444 HidIr - ok
10:16:58.0389 5444 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
10:16:58.0389 5444 hidserv - ok
10:16:58.0436 5444 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
10:16:58.0436 5444 HidUsb - ok
10:16:58.0467 5444 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
10:16:58.0467 5444 hkmsvc - ok
10:16:58.0530 5444 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:16:58.0545 5444 HpCISSs - ok
10:16:58.0655 5444 hpqcxs08 (af81f7ba6a09119006fe041a2f2f3ece) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:16:58.0670 5444 hpqcxs08 - ok
10:16:58.0717 5444 hpqddsvc (7244f63db8ea883b3dc8e730c645d073) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:16:58.0717 5444 hpqddsvc - ok
10:16:58.0826 5444 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:16:58.0826 5444 HSFHWAZL - ok
10:16:59.0123 5444 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
10:16:59.0169 5444 HSF_DPV - ok
10:16:59.0403 5444 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:16:59.0419 5444 HTTP - ok
10:16:59.0450 5444 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:16:59.0497 5444 i2omp - ok
10:16:59.0528 5444 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:16:59.0528 5444 i8042prt - ok
10:16:59.0575 5444 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
10:16:59.0575 5444 iaStor - ok
10:16:59.0622 5444 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:16:59.0622 5444 iaStorV - ok
10:16:59.0809 5444 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:16:59.0825 5444 idsvc - ok
10:17:00.0043 5444 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120803.002\IDSvia64.sys
10:17:00.0043 5444 IDSVia64 - ok
10:17:00.0168 5444 igfx - ok
10:17:00.0230 5444 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:17:00.0246 5444 iirsp - ok
10:17:00.0324 5444 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
10:17:00.0324 5444 IKEEXT - ok
10:17:00.0542 5444 IntcAzAudAddService (18f7691b18d4a93559d2a998ab2142bd) C:\Windows\system32\drivers\RTKVHD64.sys
10:17:00.0573 5444 IntcAzAudAddService - ok
10:17:00.0698 5444 IntcHdmiAddService - ok
10:17:00.0761 5444 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:17:00.0792 5444 intelide - ok
10:17:00.0823 5444 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:17:00.0823 5444 intelppm - ok
10:17:00.0854 5444 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
10:17:00.0854 5444 IPBusEnum - ok
10:17:00.0885 5444 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:17:00.0901 5444 IpFilterDriver - ok
10:17:00.0901 5444 IpInIp - ok
10:17:00.0948 5444 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:17:00.0948 5444 IPMIDRV - ok
10:17:01.0010 5444 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:17:01.0010 5444 IPNAT - ok
10:17:01.0073 5444 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:17:01.0073 5444 IRENUM - ok
10:17:01.0119 5444 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:17:01.0151 5444 isapnp - ok
10:17:01.0260 5444 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:17:01.0260 5444 iScsiPrt - ok
10:17:01.0416 5444 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:17:01.0463 5444 iteatapi - ok
10:17:01.0587 5444 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:17:01.0634 5444 iteraid - ok
10:17:02.0149 5444 IviRegMgr (213822072085b5bbad9af30ab577d817) c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
10:17:02.0165 5444 IviRegMgr - ok
10:17:02.0321 5444 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:17:02.0321 5444 kbdclass - ok
10:17:02.0461 5444 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
10:17:02.0461 5444 kbdhid - ok
10:17:02.0570 5444 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:17:02.0570 5444 KeyIso - ok
10:17:03.0054 5444 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
10:17:03.0054 5444 KSecDD - ok
10:17:03.0101 5444 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:17:03.0101 5444 ksthunk - ok
10:17:03.0163 5444 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
10:17:03.0163 5444 KtmRm - ok
10:17:03.0225 5444 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
10:17:03.0241 5444 LanmanServer - ok
10:17:03.0335 5444 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
10:17:03.0335 5444 LanmanWorkstation - ok
10:17:03.0413 5444 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:17:03.0413 5444 lltdio - ok
10:17:03.0475 5444 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
10:17:03.0475 5444 lltdsvc - ok
10:17:03.0522 5444 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
10:17:03.0537 5444 lmhosts - ok
10:17:03.0569 5444 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:17:03.0584 5444 LSI_FC - ok
10:17:03.0615 5444 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:17:03.0615 5444 LSI_SAS - ok
10:17:03.0678 5444 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:17:03.0678 5444 LSI_SCSI - ok
10:17:03.0709 5444 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:17:03.0709 5444 luafv - ok
10:17:03.0756 5444 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
10:17:03.0803 5444 Mcx2Svc - ok
10:17:03.0865 5444 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:17:03.0865 5444 mdmxsdk - ok
10:17:03.0912 5444 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:17:03.0927 5444 megasas - ok
10:17:03.0974 5444 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:17:03.0990 5444 MegaSR - ok
10:17:04.0037 5444 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:17:04.0037 5444 MMCSS - ok
10:17:04.0052 5444 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:17:04.0052 5444 Modem - ok
10:17:04.0115 5444 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:17:04.0115 5444 monitor - ok
10:17:04.0161 5444 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:17:04.0161 5444 mouclass - ok
10:17:04.0177 5444 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:17:04.0177 5444 mouhid - ok
10:17:04.0224 5444 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:17:04.0224 5444 MountMgr - ok
10:17:04.0271 5444 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:17:04.0302 5444 mpio - ok
10:17:04.0333 5444 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:17:04.0349 5444 mpsdrv - ok
10:17:04.0411 5444 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:17:04.0427 5444 Mraid35x - ok
10:17:04.0520 5444 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:17:04.0520 5444 MRxDAV - ok
10:17:04.0692 5444 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:17:04.0692 5444 mrxsmb - ok
10:17:04.0848 5444 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:17:04.0848 5444 mrxsmb10 - ok
10:17:04.0910 5444 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:17:04.0910 5444 mrxsmb20 - ok
10:17:05.0004 5444 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
10:17:05.0035 5444 msahci - ok
10:17:05.0066 5444 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:17:05.0066 5444 msdsm - ok
10:17:05.0113 5444 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
10:17:05.0129 5444 MSDTC - ok
10:17:05.0175 5444 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:17:05.0191 5444 Msfs - ok
10:17:05.0238 5444 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:17:05.0238 5444 msisadrv - ok
10:17:05.0300 5444 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
10:17:05.0316 5444 MSiSCSI - ok
10:17:05.0331 5444 msiserver - ok
10:17:05.0378 5444 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:17:05.0378 5444 MSKSSRV - ok
10:17:05.0394 5444 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:17:05.0394 5444 MSPCLOCK - ok
10:17:05.0409 5444 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:17:05.0425 5444 MSPQM - ok
10:17:05.0519 5444 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:17:05.0534 5444 MsRPC - ok
10:17:05.0565 5444 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:17:05.0565 5444 mssmbios - ok
10:17:05.0612 5444 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:17:05.0612 5444 MSTEE - ok
10:17:05.0643 5444 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:17:05.0643 5444 Mup - ok
10:17:05.0706 5444 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
10:17:05.0721 5444 napagent - ok
10:17:05.0784 5444 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:17:05.0784 5444 NativeWifiP - ok
10:17:05.0940 5444 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120803.035\ENG64.SYS
10:17:05.0955 5444 NAVENG - ok
10:17:06.0174 5444 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20120803.035\EX64.SYS
10:17:06.0267 5444 NAVEX15 - ok
10:17:06.0517 5444 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:17:06.0533 5444 NDIS - ok
10:17:06.0579 5444 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:17:06.0579 5444 NdisTapi - ok
10:17:06.0626 5444 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:17:06.0626 5444 Ndisuio - ok
10:17:06.0657 5444 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:17:06.0657 5444 NdisWan - ok
10:17:06.0704 5444 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:17:06.0720 5444 NDProxy - ok
10:17:06.0767 5444 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll
10:17:06.0782 5444 Net Driver HPZ12 - ok
10:17:06.0829 5444 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:17:06.0829 5444 NetBIOS - ok
10:17:06.0923 5444 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:17:06.0923 5444 netbt - ok
10:17:06.0985 5444 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:17:06.0985 5444 Netlogon - ok
10:17:07.0047 5444 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
10:17:07.0063 5444 Netman - ok
10:17:07.0110 5444 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
10:17:07.0125 5444 netprofm - ok
10:17:07.0203 5444 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:17:07.0235 5444 NetTcpPortSharing - ok
10:17:07.0687 5444 NETw5v64 (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
10:17:07.0843 5444 NETw5v64 - ok
10:17:08.0639 5444 NETwNv64 (75700ccbcbc93ebe422e6589b70f97f0) C:\Windows\system32\DRIVERS\NETwNv64.sys
10:17:08.0935 5444 NETwNv64 - ok
10:17:09.0075 5444 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:17:09.0107 5444 nfrd960 - ok
10:17:09.0247 5444 NIS (b4187346f54e362daffe647b25a58d50) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
10:17:09.0247 5444 NIS - ok
10:17:09.0294 5444 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
10:17:09.0309 5444 NlaSvc - ok
10:17:09.0341 5444 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:17:09.0356 5444 Npfs - ok
10:17:09.0387 5444 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
10:17:09.0387 5444 nsi - ok
10:17:09.0450 5444 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:17:09.0450 5444 nsiproxy - ok
10:17:09.0621 5444 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:17:09.0668 5444 Ntfs - ok
10:17:09.0793 5444 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
10:17:09.0793 5444 NuidFltr - ok
10:17:09.0824 5444 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:17:09.0840 5444 Null - ok
10:17:09.0887 5444 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:17:09.0933 5444 nvraid - ok
10:17:09.0980 5444 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:17:09.0980 5444 nvstor - ok
10:17:10.0027 5444 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:17:10.0027 5444 nv_agp - ok
10:17:10.0105 5444 NWADI (17bcf5df3c54dcf2af2e164eb84a0169) C:\Windows\system32\DRIVERS\NWADIenum.sys
10:17:10.0121 5444 NWADI - ok
10:17:10.0121 5444 NwlnkFlt - ok
10:17:10.0121 5444 NwlnkFwd - ok
10:17:10.0183 5444 NWUSBCDFIL64 (de3abd010d9734cd4ad4e0ba81f50b63) C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
10:17:10.0183 5444 NWUSBCDFIL64 - ok
10:17:10.0230 5444 NWUSBModem (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbmdm.sys
10:17:10.0230 5444 NWUSBModem - ok
10:17:10.0308 5444 NWUSBPort (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbser.sys
10:17:10.0308 5444 NWUSBPort - ok
10:17:10.0370 5444 NWUSBPort2 (a3fadcf96abf4803e7a946cd48641ac3) C:\Windows\system32\DRIVERS\nwusbser2.sys
10:17:10.0386 5444 NWUSBPort2 - ok
10:17:10.0526 5444 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:17:10.0526 5444 odserv - ok
10:17:10.0573 5444 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
10:17:10.0573 5444 ohci1394 - ok
10:17:10.0620 5444 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:17:10.0620 5444 ose - ok
10:17:10.0713 5444 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:17:10.0729 5444 p2pimsvc - ok
10:17:10.0745 5444 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:17:10.0760 5444 p2psvc - ok
10:17:10.0838 5444 PACSPTISVR (5d43d0ba9e0c2f8782077f660dfe916f) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
10:17:10.0854 5444 PACSPTISVR - ok
10:17:10.0901 5444 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:17:10.0901 5444 Parport - ok
10:17:10.0963 5444 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
10:17:10.0963 5444 partmgr - ok
10:17:10.0994 5444 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
10:17:10.0994 5444 PcaSvc - ok
10:17:11.0057 5444 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:17:11.0057 5444 pci - ok
10:17:11.0119 5444 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
10:17:11.0135 5444 pciide - ok
10:17:11.0213 5444 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:17:11.0244 5444 pcmcia - ok
10:17:11.0337 5444 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:17:11.0353 5444 PEAUTH - ok
10:17:11.0431 5444 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
10:17:11.0431 5444 PerfHost - ok
10:17:11.0556 5444 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
10:17:11.0587 5444 pla - ok
10:17:11.0665 5444 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
10:17:11.0665 5444 PlugPlay - ok
10:17:11.0712 5444 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll
10:17:11.0712 5444 Pml Driver HPZ12 - ok
10:17:11.0805 5444 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:17:11.0821 5444 PNRPAutoReg - ok
10:17:11.0837 5444 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:17:11.0837 5444 PNRPsvc - ok
10:17:11.0915 5444 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
10:17:11.0930 5444 PolicyAgent - ok
10:17:12.0008 5444 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:17:12.0008 5444 PptpMiniport - ok
10:17:12.0039 5444 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:17:12.0071 5444 Processor - ok
10:17:12.0117 5444 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
10:17:12.0117 5444 ProfSvc - ok
10:17:12.0164 5444 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:17:12.0164 5444 ProtectedStorage - ok
10:17:12.0195 5444 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:17:12.0195 5444 PSched - ok
10:17:12.0227 5444 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
10:17:12.0227 5444 PxHlpa64 - ok
10:17:12.0305 5444 QBCFMonitorService (17996ca5c59259ae02ca95bd11d7beec) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
10:17:12.0320 5444 QBCFMonitorService - ok
10:17:12.0367 5444 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
10:17:12.0367 5444 QBFCService - ok
10:17:12.0492 5444 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:17:12.0539 5444 ql2300 - ok
10:17:12.0585 5444 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:17:12.0585 5444 ql40xx - ok
10:17:12.0632 5444 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
10:17:12.0632 5444 QWAVE - ok
10:17:12.0663 5444 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:17:12.0663 5444 QWAVEdrv - ok
10:17:12.0679 5444 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:17:12.0679 5444 RasAcd - ok
10:17:12.0695 5444 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
10:17:12.0695 5444 RasAuto - ok
10:17:12.0773 5444 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:17:12.0788 5444 Rasl2tp - ok
10:17:12.0835 5444 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
10:17:12.0851 5444 RasMan - ok
10:17:12.0913 5444 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:17:12.0913 5444 RasPppoe - ok
10:17:12.0991 5444 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:17:12.0991 5444 RasSstp - ok
10:17:13.0069 5444 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:17:13.0069 5444 rdbss - ok
10:17:13.0116 5444 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:17:13.0116 5444 RDPCDD - ok
10:17:13.0194 5444 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:17:13.0225 5444 rdpdr - ok
10:17:13.0225 5444 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:17:13.0241 5444 RDPENCDD - ok
10:17:13.0303 5444 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
10:17:13.0319 5444 RDPWD - ok
10:17:13.0365 5444 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
10:17:13.0412 5444 regi - ok
10:17:13.0568 5444 RegSrvc (d5809d9d48b7e7f57fe79cf22e18e94e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:17:13.0599 5444 RegSrvc - ok
10:17:13.0631 5444 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
10:17:13.0662 5444 RemoteAccess - ok
10:17:13.0724 5444 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
10:17:13.0724 5444 RemoteRegistry - ok
10:17:13.0771 5444 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
10:17:13.0771 5444 RFCOMM - ok
10:17:13.0802 5444 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
10:17:13.0818 5444 rimsptsk - ok
10:17:13.0818 5444 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
10:17:13.0818 5444 risdptsk - ok
10:17:13.0865 5444 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
10:17:13.0865 5444 RpcLocator - ok
10:17:13.0958 5444 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:17:13.0958 5444 RpcSs - ok
10:17:13.0974 5444 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:17:13.0989 5444 rspndr - ok
10:17:14.0021 5444 RTHDMIAzAudService (67c7695d3b18682addf8419eda4bbfb8) C:\Windows\system32\drivers\RtHDMIVX.sys
10:17:14.0021 5444 RTHDMIAzAudService - ok
10:17:14.0083 5444 RtkAudioService (bdd34a4a3725e3d527beda3c5fb67603) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
10:17:14.0099 5444 RtkAudioService - ok
10:17:14.0161 5444 SampleCollector (9a5fb8de6567bc86fccde2f0336857a3) C:\Program Files\Sony\VAIO Care\collsvc.exe
10:17:14.0177 5444 SampleCollector - ok
10:17:14.0208 5444 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:17:14.0208 5444 SamSs - ok
10:17:14.0255 5444 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:17:14.0286 5444 sbp2port - ok
10:17:14.0348 5444 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
10:17:14.0348 5444 SCardSvr - ok
10:17:14.0457 5444 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
10:17:14.0457 5444 Schedule - ok
10:17:14.0504 5444 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:17:14.0520 5444 SCPolicySvc - ok
10:17:14.0551 5444 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
10:17:14.0582 5444 sdbus - ok
10:17:14.0629 5444 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
10:17:14.0629 5444 SDRSVC - ok
10:17:14.0645 5444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:17:14.0660 5444 secdrv - ok
10:17:14.0676 5444 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
10:17:14.0676 5444 seclogon - ok
10:17:14.0691 5444 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
10:17:14.0691 5444 SENS - ok
10:17:14.0723 5444 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:17:14.0723 5444 Serenum - ok
10:17:14.0738 5444 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:17:14.0738 5444 Serial - ok
10:17:14.0754 5444 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:17:14.0785 5444 sermouse - ok
10:17:14.0832 5444 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
10:17:14.0832 5444 SessionEnv - ok
10:17:14.0863 5444 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
10:17:14.0863 5444 SFEP - ok
10:17:14.0879 5444 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:17:14.0879 5444 sffdisk - ok
10:17:14.0894 5444 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:17:14.0894 5444 sffp_mmc - ok
10:17:14.0957 5444 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:17:14.0957 5444 sffp_sd - ok
10:17:15.0003 5444 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:17:15.0019 5444 sfloppy - ok
10:17:15.0128 5444 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
10:17:15.0144 5444 ShellHWDetection - ok
10:17:15.0191 5444 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:17:15.0191 5444 SiSRaid2 - ok
10:17:15.0222 5444 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:17:15.0253 5444 SiSRaid4 - ok
10:17:15.0471 5444 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
10:17:15.0518 5444 slsvc - ok
10:17:15.0643 5444 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
10:17:15.0643 5444 SLUINotify - ok
10:17:15.0705 5444 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:17:15.0705 5444 Smb - ok
10:17:15.0799 5444 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
10:17:15.0815 5444 SMSIVZAM5X64 - ok
10:17:15.0861 5444 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
10:17:15.0861 5444 SNMPTRAP - ok
10:17:15.0939 5444 SOHCImp (7b24efa2a60ba7388fecda63ab24560a) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
10:17:15.0971 5444 SOHCImp - ok
10:17:16.0002 5444 SOHDBSvr (140fcf5ffae4efba9740a9fd8b49e0bf) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
10:17:16.0049 5444 SOHDBSvr - ok
10:17:16.0111 5444 SOHDms (d8c244121a06b581b097d9617d94cff1) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
10:17:16.0127 5444 SOHDms - ok
10:17:16.0173 5444 SOHDs (2db561887ea122b946bbe2821473edd8) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
10:17:16.0189 5444 SOHDs - ok
10:17:16.0205 5444 SOHPlMgr (ab9ee246a1eb2c3c7c6cb16e0b9462f7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
10:17:16.0251 5444 SOHPlMgr - ok
10:17:16.0283 5444 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:17:16.0298 5444 spldr - ok
10:17:16.0345 5444 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
10:17:16.0345 5444 Spooler - ok
10:17:16.0454 5444 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
10:17:16.0517 5444 SRTSP - ok
10:17:16.0548 5444 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
10:17:16.0579 5444 SRTSPX - ok
10:17:16.0673 5444 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:17:16.0673 5444 srv - ok
10:17:16.0735 5444 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:17:16.0735 5444 srv2 - ok
10:17:16.0797 5444 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:17:16.0797 5444 srvnet - ok
10:17:16.0844 5444 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
10:17:16.0844 5444 SSDPSRV - ok
10:17:16.0875 5444 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
10:17:16.0875 5444 SstpSvc - ok
10:17:16.0953 5444 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
10:17:16.0969 5444 stisvc - ok
10:17:17.0000 5444 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:17:17.0000 5444 swenum - ok
10:17:17.0078 5444 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
10:17:17.0094 5444 swprv - ok
10:17:17.0109 5444 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:17:17.0141 5444 Symc8xx - ok
10:17:17.0250 5444 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
10:17:17.0297 5444 SymDS - ok
10:17:17.0359 5444 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
10:17:17.0390 5444 SymEFA - ok
10:17:17.0437 5444 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:17:17.0437 5444 SymEvent - ok
10:17:17.0484 5444 SymIM (f7f3deb5fdd6cea69a8d1544f7becaf1) C:\Windows\system32\DRIVERS\SymIMv.sys
10:17:17.0484 5444 SymIM - ok
10:17:17.0531 5444 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
10:17:17.0562 5444 SymIRON - ok
10:17:17.0624 5444 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
10:17:17.0671 5444 SYMTDIv - ok
10:17:17.0702 5444 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:17:17.0702 5444 Sym_hi - ok
10:17:17.0733 5444 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:17:17.0733 5444 Sym_u3 - ok
10:17:17.0858 5444 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
10:17:17.0889 5444 SysMain - ok
10:17:17.0921 5444 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
10:17:17.0936 5444 TabletInputService - ok
10:17:18.0014 5444 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
10:17:18.0014 5444 TapiSrv - ok
10:17:18.0045 5444 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
10:17:18.0045 5444 TBS - ok
10:17:18.0186 5444 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
10:17:18.0217 5444 Tcpip - ok
10:17:18.0233 5444 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
10:17:18.0248 5444 Tcpip6 - ok
10:17:18.0279 5444 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
10:17:18.0279 5444 tcpipreg - ok
10:17:18.0311 5444 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:17:18.0311 5444 TDPIPE - ok
10:17:18.0326 5444 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:17:18.0326 5444 TDTCP - ok
10:17:18.0373 5444 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
10:17:18.0373 5444 tdx - ok
10:17:18.0420 5444 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
10:17:18.0420 5444 TermDD - ok
10:17:18.0482 5444 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
10:17:18.0498 5444 TermService - ok
10:17:18.0560 5444 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
10:17:18.0560 5444 Themes - ok
10:17:18.0591 5444 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:17:18.0591 5444 THREADORDER - ok
10:17:18.0623 5444 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
10:17:18.0623 5444 TrkWks - ok
10:17:18.0685 5444 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
10:17:18.0685 5444 TrustedInstaller - ok
10:17:18.0716 5444 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:17:18.0716 5444 tssecsrv - ok
10:17:18.0732 5444 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:17:18.0732 5444 tunmp - ok
10:17:18.0779 5444 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
10:17:18.0779 5444 tunnel - ok
10:17:18.0810 5444 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:17:18.0810 5444 uagp35 - ok
10:17:18.0903 5444 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
10:17:18.0903 5444 uCamMonitor - ok
10:17:18.0981 5444 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
10:17:19.0013 5444 udfs - ok
10:17:19.0059 5444 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
10:17:19.0075 5444 UI0Detect - ok
10:17:19.0106 5444 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:17:19.0106 5444 uliagpkx - ok
10:17:19.0137 5444 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:17:19.0184 5444 uliahci - ok
10:17:19.0231 5444 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:17:19.0247 5444 UlSata - ok
10:17:19.0293 5444 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:17:19.0309 5444 ulsata2 - ok
10:17:19.0325 5444 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:17:19.0325 5444 umbus - ok
10:17:19.0387 5444 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
10:17:19.0387 5444 upnphost - ok
10:17:19.0434 5444 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:17:19.0434 5444 usbccgp - ok
10:17:19.0481 5444 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:17:19.0512 5444 usbcir - ok
10:17:19.0559 5444 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
10:17:19.0559 5444 usbehci - ok
10:17:19.0605 5444 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
10:17:19.0605 5444 usbhub - ok
10:17:19.0621 5444 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
10:17:19.0652 5444 usbohci - ok
10:17:19.0699 5444 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:17:19.0699 5444 usbprint - ok
10:17:19.0715 5444 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
10:17:19.0730 5444 usbscan - ok
10:17:19.0761 5444 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:17:19.0777 5444 USBSTOR - ok
10:17:19.0793 5444 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:17:19.0793 5444 usbuhci - ok
10:17:19.0824 5444 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
10:17:19.0839 5444 usbvideo - ok
10:17:19.0871 5444 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
10:17:19.0886 5444 UxSms - ok
10:17:19.0995 5444 VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
10:17:19.0995 5444 VAIO Entertainment TV Device Arbitration Service - ok
10:17:20.0058 5444 VAIO Event Service (73328c784ecfe7072bd102f370076b50) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
10:17:20.0089 5444 VAIO Event Service - ok
10:17:20.0167 5444 VAIO Power Management (b63f63960e7254d9d9ed28474b40eb31) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
10:17:20.0183 5444 VAIO Power Management - ok
10:17:20.0573 5444 VCFw (0ed1d51dcec67f96cc313d02a1741cf3) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
10:17:20.0619 5444 VCFw - ok
10:17:20.0744 5444 VcmIAlzMgr (7295a2b5795e7b8aa128e5df5a29b656) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
10:17:20.0807 5444 VcmIAlzMgr - ok
10:17:20.0869 5444 VcmXmlIfHelper (76df898710495c5b1476719410d8b895) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
10:17:20.0885 5444 VcmXmlIfHelper - ok
10:17:20.0947 5444 Vcsw - ok
10:17:21.0103 5444 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
10:17:21.0103 5444 vds - ok
10:17:21.0150 5444 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:17:21.0150 5444 vga - ok
10:17:21.0165 5444 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:17:21.0165 5444 VgaSave - ok
10:17:21.0197 5444 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:17:21.0228 5444 viaide - ok
10:17:21.0275 5444 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:17:21.0275 5444 volmgr - ok
10:17:21.0353 5444 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:17:21.0353 5444 volmgrx - ok
10:17:21.0415 5444 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:17:21.0415 5444 volsnap - ok
10:17:21.0477 5444 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:17:21.0509 5444 vsmraid - ok
10:17:21.0649 5444 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
10:17:21.0680 5444 VSS - ok
10:17:21.0836 5444 VUAgent (0260e5f1790f90e8d7ec0588227aa42c) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
10:17:21.0867 5444 VUAgent - ok
10:17:21.0961 5444 VzCdbSvc (79eb419f4a694b4514249e0d3db16ecf) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
10:17:21.0977 5444 VzCdbSvc - ok
10:17:22.0133 5444 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
10:17:22.0133 5444 W32Time - ok
10:17:22.0179 5444 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:17:22.0211 5444 WacomPen - ok
10:17:22.0273 5444 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:17:22.0273 5444 Wanarp - ok
10:17:22.0273 5444 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:17:22.0273 5444 Wanarpv6 - ok
10:17:22.0351 5444 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
10:17:22.0367 5444 wcncsvc - ok
10:17:22.0382 5444 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
10:17:22.0398 5444 WcsPlugInService - ok
10:17:22.0413 5444 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:17:22.0413 5444 Wd - ok
10:17:22.0523 5444 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:17:22.0538 5444 Wdf01000 - ok
10:17:22.0569 5444 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:17:22.0569 5444 WdiServiceHost - ok
10:17:22.0569 5444 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:17:22.0585 5444 WdiSystemHost - ok
10:17:22.0647 5444 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
10:17:22.0647 5444 WebClient - ok
10:17:22.0694 5444 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
10:17:22.0694 5444 Wecsvc - ok
10:17:22.0725 5444 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
10:17:22.0725 5444 wercplsupport - ok
10:17:22.0757 5444 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
10:17:22.0772 5444 WerSvc - ok
10:17:22.0835 5444 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
10:17:22.0835 5444 WimFltr - ok
10:17:22.0913 5444 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:17:22.0928 5444 winachsf - ok
10:17:22.0944 5444 WinHttpAutoProxySvc - ok
10:17:23.0037 5444 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
10:17:23.0053 5444 Winmgmt - ok
10:17:23.0240 5444 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
10:17:23.0287 5444 WinRM - ok
10:17:23.0459 5444 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
10:17:23.0474 5444 Wlansvc - ok
10:17:23.0521 5444 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
10:17:23.0552 5444 WmiAcpi - ok
10:17:23.0646 5444 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
10:17:23.0661 5444 wmiApSrv - ok
10:17:23.0677 5444 WMPNetworkSvc - ok
10:17:23.0724 5444 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
10:17:23.0739 5444 WPCSvc - ok
10:17:23.0786 5444 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
10:17:23.0786 5444 WPDBusEnum - ok
10:17:23.0833 5444 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
10:17:23.0833 5444 WpdUsb - ok
10:17:24.0067 5444 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:17:24.0083 5444 WPFFontCache_v0400 - ok
10:17:24.0114 5444 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:17:24.0145 5444 ws2ifsl - ok
10:17:24.0145 5444 WSearch - ok
10:17:24.0192 5444 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:17:24.0192 5444 WUDFRd - ok
10:17:24.0223 5444 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
10:17:24.0223 5444 wudfsvc - ok
10:17:24.0301 5444 X5XSEx (2b7e07aa8770695ec4e153288843f894) C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys
10:17:24.0317 5444 X5XSEx - ok
10:17:24.0332 5444 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
10:17:24.0332 5444 XAudio - ok
10:17:24.0363 5444 XAudioService (3e775f0bd28ddeff53d78578b97a3cff) C:\Windows\system32\DRIVERS\xaudio64.exe
10:17:24.0379 5444 XAudioService - ok
10:17:24.0473 5444 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:17:24.0473 5444 YahooAUService - ok
10:17:24.0519 5444 yksvc (d433f6726a727b0528f6e39f423fe1fd) C:\Windows\System32\ykx64mpcoinst.dll
10:17:24.0519 5444 yksvc - ok
10:17:24.0566 5444 yukonx64 (4d7bd04b794478aba95ea1e03be39c47) C:\Windows\system32\DRIVERS\yk60x64.sys
10:17:24.0582 5444 yukonx64 - ok
10:17:24.0597 5444 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:17:25.0206 5444 \Device\Harddisk0\DR0 - ok
10:17:25.0206 5444 Boot (0x1200) (35bca371a86b5d995fed349abbff8cc0) \Device\Harddisk0\DR0\Partition0
10:17:25.0206 5444 \Device\Harddisk0\DR0\Partition0 - ok
10:17:25.0206 5444 ============================================================
10:17:25.0206 5444 Scan finished
10:17:25.0206 5444 ============================================================
10:17:25.0221 6088 Detected object count: 0
10:17:25.0221 6088 Actual detected object count: 0
10:18:30.0474 1256 Deinitialize success

#4 Bird570

Bird570
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 04 August 2012 - 11:31 PM

2nd Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-04 10:19:10
-----------------------------
10:19:10.220 OS Version: Windows x64 6.0.6002 Service Pack 2
10:19:10.220 Number of processors: 2 586 0x170A
10:19:10.220 ComputerName: CYMBELINE-PC UserName: Cymbeline
10:19:12.060 Initialize success
10:19:43.499 AVAST engine defs: 12080400
10:19:50.612 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:19:50.612 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
10:19:50.612 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
10:19:50.628 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
10:19:50.628 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006d
10:19:50.628 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
10:19:50.690 Disk 0 MBR read successfully
10:19:50.690 Disk 0 MBR scan
10:19:50.706 Disk 0 Windows VISTA default MBR code
10:19:50.737 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10829 MB offset 2048
10:19:50.799 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294414 MB offset 22179840
10:19:50.893 Disk 0 scanning C:\Windows\system32\drivers
10:20:16.820 Service scanning
10:21:06.444 Modules scanning
10:21:06.444 Disk 0 trace - called modules:
10:21:06.475 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll
10:21:06.475 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068d0790]
10:21:06.491 3 CLASSPNP.SYS[fffffa60011d3c33] -> nt!IofCallDriver -> [0xfffffa8004b85820]
10:21:06.491 5 acpi.sys[fffffa60008fafde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b92050]
10:21:08.690 AVAST engine scan C:\Windows
10:21:14.369 AVAST engine scan C:\Windows\system32
10:29:22.134 AVAST engine scan C:\Windows\system32\drivers
10:29:54.566 AVAST engine scan C:\Users\Cymbeline
10:49:19.902 AVAST engine scan C:\ProgramData
11:04:29.694 Scan finished successfully
21:29:35.719 Disk 0 MBR has been saved successfully to "C:\Users\Cymbeline\Desktop\MBR.dat"
21:29:35.735 The log file has been saved successfully to "C:\Users\Cymbeline\Desktop\aswMBR.txt"

#5 Bird570

Bird570
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 05 August 2012 - 10:45 AM

Third Request

C:\Windows\Installer\{036f7a7d-45d7-c9d6-977b-fff0a645cc04}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

Edited by Bird570, 05 August 2012 - 10:46 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:05 PM

Posted 05 August 2012 - 10:53 AM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{036f7a7d-45d7-c9d6-977b-fff0a645cc04}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 Bird570

Bird570
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 06 August 2012 - 07:55 PM

Systemlook log

SystemLook 30.07.11 by jpshortstuff
Log created at 17:53 on 06/08/2012 by Cymbeline
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 384512 bytes [01:59 03/12/2009] [07:10 11/04/2009] BC81150939BD52DBC7A08C245F1FB229
C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [01:59 03/12/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [01:59 03/12/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [01:59 03/12/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

========== folderfind ==========

Searching for "{036f7a7d-45d7-c9d6-977b-fff0a645cc04}"
C:\Users\Cymbeline\AppData\Local\{036f7a7d-45d7-c9d6-977b-fff0a645cc04} d--hs-- [19:42 11/01/2012]
C:\Windows\Installer\{036f7a7d-45d7-c9d6-977b-fff0a645cc04} d--hs-- [19:42 11/01/2012]

-= EOF =-

#8 Bird570

Bird570
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 06 August 2012 - 11:14 PM

mini Toolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Cymbeline (administrator) on 06-08-2012 at 21:12:16
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Cymbeline-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-22-FB-C2-40-68
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e427:68f3:c55d:4125%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 06, 2012 9:04:38 PM
Lease Expires . . . . . . . . . . : Monday, August 06, 2012 10:04:38 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 201335547
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-37-35-E8-00-1D-BA-F6-94-EE
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1D-BA-F6-94-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C1121A84-3E64-4076-93C4-3FECC133764B}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{9AC39952-1795-48AA-83D5-99C5C45DDBAB}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{9AC39952-1795-48AA-83D5-99C5C45DDBAB}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{9AC39952-1795-48AA-83D5-99C5C45DDBAB}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.239.1] with 32 bytes of data:

Reply from 74.125.239.1: bytes=32 time=104ms TTL=55

Reply from 74.125.239.1: bytes=32 time=18ms TTL=55



Ping statistics for 74.125.239.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 104ms, Average = 61ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=65ms TTL=52

Reply from 209.191.122.70: bytes=32 time=67ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 65ms, Maximum = 67ms, Average = 66ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=9ms TTL=128

Reply from 127.0.0.1: bytes=32 time=3ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 3ms, Maximum = 9ms, Average = 6ms

===========================================================================
Interface List
11 ...00 22 fb c2 40 68 ...... Intel® WiFi Link 5100 AGN
10 ...00 1d ba f6 94 ee ...... Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.{C1121A84-3E64-4076-93C4-3FECC133764B}
13 ...00 00 00 00 00 00 00 e0 isatap.{9AC39952-1795-48AA-83D5-99C5C45DDBAB}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{9AC39952-1795-48AA-83D5-99C5C45DDBAB}
16 ...00 00 00 00 00 00 00 e0 isatap.{9AC39952-1795-48AA-83D5-99C5C45DDBAB}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 281
192.168.0.2 255.255.255.255 On-link 192.168.0.2 281
192.168.0.255 255.255.255.255 On-link 192.168.0.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::e427:68f3:c55d:4125/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [44032] (Microsoft Corporation)
x64-Catalog5 06 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 07 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/06/2012 09:13:10 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x14d0, application start time 0xnslookup.exe0.

Error: (08/06/2012 09:12:59 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x10e4, application start time 0xnslookup.exe0.

Error: (08/06/2012 09:12:38 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x1414, application start time 0xnslookup.exe0.

Error: (08/06/2012 09:05:10 PM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (08/06/2012 09:05:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2012 09:01:54 PM) (Source: Bonjour Service) (User: )
Description: 404: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/06/2012 08:52:00 PM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (08/06/2012 08:51:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/06/2012 08:48:48 PM) (Source: Bonjour Service) (User: )
Description: 400: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (08/06/2012 08:37:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/06/2012 09:05:08 PM) (Source: Service Control Manager) (User: )
Description: DMICall

Error: (08/06/2012 09:05:04 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (08/06/2012 09:03:22 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/06/2012 08:56:17 PM) (Source: Service Control Manager) (User: )
Description: Windows Font Cache Service

Error: (08/06/2012 08:51:59 PM) (Source: Service Control Manager) (User: )
Description: DMICall

Error: (08/06/2012 08:51:55 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (08/06/2012 08:50:13 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (08/06/2012 08:37:13 PM) (Source: Service Control Manager) (User: )
Description: Windows Font Cache Service

Error: (08/06/2012 08:36:22 PM) (Source: Service Control Manager) (User: )
Description: Windows Presentation Foundation Font Cache 3.0.0.0%%1053

Error: (08/06/2012 08:36:22 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Presentation Foundation Font Cache 3.0.0.0


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 1.0.0)
Alps Pointing-device for VAIO
ATI Catalyst Install Manager (Version: 3.0.710.0)
Bonjour (Version: 2.0.0.34)
ccc-utility64 (Version: 2009.0210.2216.39965)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Officejet Pro All-In-One Series (Version: 1.0)
HP Solution Center 8.0 (Version: 8.0)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software (Version: 13.05.0000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Move Media Player
Regi (Version: 1.00.0000)
VD64Inst (Version: 1.00.0000)
WIDCOMM Bluetooth Software (Version: 6.2.0.8000)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 4062.12 MB
Available physical RAM: 2141.31 MB
Total Pagefile: 8299.5 MB
Available Pagefile: 5931.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3989.4 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:287.51 GB) (Free:177.59 GB) NTFS
4 Drive f: (Disc) (CDROM) (Total:4.3 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\CYMBELINE-PC

Administrator Cymbeline Guest


**** End of log ****

#9 Bird570

Bird570
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 06 August 2012 - 11:17 PM

FSS Log

Farbar Service Scanner Version: 06-08-2012
Ran by Cymbeline (administrator) on 06-08-2012 at 21:15:06
Running from "C:\Users\Cymbeline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHTJSXJS"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-12-02 18:58] - [2009-04-11 00:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 06:22] - [2012-01-03 07:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 18:35] - [2012-03-30 05:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 18:36] - [2011-03-02 09:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-12-02 18:59] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-12-02 18:58] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-12-02 18:59] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-12-02 18:58] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-12-02 18:59] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-12-02 18:59] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-12-02 18:59] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-12 21:48] - [2012-04-23 09:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-12-02 18:59] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#10 Bird570

Bird570
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 06 August 2012 - 11:38 PM

adware cleaner

# AdwCleaner v1.800 - Logfile created 08/06/2012 at 21:29:18
# Updated 01/08/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Cymbeline - CYMBELINE-PC
# Running from : C:\Users\Cymbeline\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
[x64] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.60

File : C:\Users\Cymbeline\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1229 octets] - [06/08/2012 21:29:18]

########## EOF - C:\AdwCleaner[S1].txt - [1357 octets] ##########

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:05 PM

Posted 06 August 2012 - 11:42 PM

Still need the malwarebytes log

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:services.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Restart the PC

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files

Click ok,now go to

C:\Users\Cymbeline\AppData\Local\{036f7a7d-45d7-c9d6-977b-fff0a645cc04}
C:\Windows\Installer\{036f7a7d-45d7-c9d6-977b-fff0a645cc04}

delete the folders

Download

Mpssvc
wscsvc
BITS
wuauserv
windefend

Launch all these keys,click YES

Restart the PC

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the new FSS log

Edited by narenxp, 07 August 2012 - 01:37 AM.


#12 Bird570

Bird570
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 August 2012 - 12:20 AM

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.06.13

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Cymbeline :: CYMBELINE-PC [administrator]

Protection: Enabled

8/6/2012 8:55:06 PM
mbam-log-2012-08-06 (20-55-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199536
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{036f7a7d-45d7-c9d6-977b-fff0a645cc04}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

#13 Bird570

Bird570
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 August 2012 - 12:48 AM

I am getting a 404 error trying to download the window_repair.exe file.

Actually it is the windows repair tool link.

Edited by Bird570, 07 August 2012 - 12:50 AM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:05 PM

Posted 07 August 2012 - 01:38 AM

Working link has been updated

#15 Bird570

Bird570
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 07 August 2012 - 10:04 PM

Farbar Service Scanner Version: 06-08-2012
Ran by Cymbeline (administrator) on 07-08-2012 at 20:01:58
Running from "C:\Users\Cymbeline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQBNAFXV"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-12-02 18:58] - [2009-04-11 00:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 06:22] - [2012-01-03 07:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 18:35] - [2012-03-30 05:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-12 18:36] - [2011-03-02 09:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-12-02 18:59] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-12-02 18:58] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-12-02 18:59] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-12-02 18:58] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-12-02 18:59] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-12-02 18:59] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-12-02 18:59] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-12 21:48] - [2012-04-23 09:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-12-02 18:59] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users