Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud-C.generic


  • Please log in to reply
17 replies to this topic

#1 clairejv

clairejv

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 18 August 2012 - 02:50 PM

Yesterday, I noticed that clicking on Google search results was leading me to random spammy pages. I ran SpyBot and TeaTimer. SpyBot discovered Smitfraud-C.generic, and TeaTimer was throwing up numerous warnings about processes. I tried to get rid of Smitfraud-C with SpyBot, and SpyBot showed that it was gone ... but then when I ran it again to confirm, it showed up again.

After a bit of googling (on my phone), I found a thread that suggested TDSS Killer if SpyBot failed. Ran that. It never said anything about Smitfraud-C but found some other stuff. It suggested that I rebooot, so I did. Got the BSOD. Manually turned computer off and on, it attempted to start up, got the BSOD again. Restarted in safe mode, ran TDSS Killer again, restarted normally, no BSOD. Ran SpyBot again -- Smitfraud-C is still there.

The thread I read earlier suggested ComboFix at this point, but there are some strongly worded suggestions to NOT use ComboFix until actually discussing this with an expert. So here I am. :) Not sure what logs would be useful, but just let me know. Thanks in advance!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:04 AM

Posted 19 August 2012 - 03:42 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 clairejv

clairejv
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 21 August 2012 - 08:39 PM

Thanks, I'll get crackin'.

#4 clairejv

clairejv
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 21 August 2012 - 09:17 PM

Results of screen317's Security Check version 0.99.46
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 06-08-2012
Ran by Claire (administrator) on 21-08-2012 at 19:05:38
Running from "C:\Users\Claire\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-18 15:52] - [2011-12-27 20:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 18:22] - [2012-03-30 04:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 10:23] - [2012-04-23 22:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox by Farbar Version: 23-07-2012
Ran by Claire (administrator) on 21-08-2012 at 19:06:27
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Rosewill RNX-N180PCe Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection 2 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : THEBLUETYPHOON
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-08-54-9C-9D-07
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Rosewill RNX-N180PCe Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 00-08-54-9C-9D-07
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d09e:96c4:b0b5:5661%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.70(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, August 18, 2012 12:15:33 PM
Lease Expires . . . . . . . . . . : Wednesday, August 22, 2012 6:37:50 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 385878100
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-59-D3-DB-1C-6F-65-44-D3-70
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 1C-6F-65-44-D3-70
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2BC9492C-E737-49A4-8D01-551A5BF9A4B7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 2001:4860:4007:800::1006
74.125.224.169
74.125.224.174
74.125.224.160
74.125.224.161
74.125.224.162
74.125.224.163
74.125.224.164
74.125.224.165
74.125.224.166
74.125.224.167
74.125.224.168


Pinging google.com [74.125.224.174] with 32 bytes of data:
Reply from 74.125.224.174: bytes=32 time=29ms TTL=52
Reply from 74.125.224.174: bytes=32 time=28ms TTL=52

Ping statistics for 74.125.224.174:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 29ms, Average = 28ms
Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=135ms TTL=41
Reply from 98.139.183.24: bytes=32 time=192ms TTL=41

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 135ms, Maximum = 192ms, Average = 163ms
Server: homeportal
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...00 08 54 9c 9d 07 ......Microsoft Virtual WiFi Miniport Adapter
15...00 08 54 9c 9d 07 ......Rosewill RNX-N180PCe Wireless LAN 802.11n PCI-E NIC
12...1c 6f 65 44 d3 70 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.70 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.70 281
192.168.1.70 255.255.255.255 On-link 192.168.1.70 281
192.168.1.255 255.255.255.255 On-link 192.168.1.70 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.70 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.70 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
15 281 fe80::/64 On-link
15 281 fe80::d09e:96c4:b0b5:5661/128
On-link
1 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/21/2012 06:37:30 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/20/2012 08:06:34 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/19/2012 09:37:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (08/19/2012 09:37:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2012 00:25:47 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/18/2012 02:06:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x10ec836c
Faulting process id: 0x2768
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/17/2012 08:14:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/17/2012 08:03:52 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/17/2012 07:07:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: jscript9.dll, version: 9.0.8112.16447, time stamp: 0x4fc9cfc6
Exception code: 0xc0000005
Fault offset: 0x000adc5d
Faulting process id: 0x2e18
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/16/2012 08:03:54 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


System errors:
=============
Error: (08/21/2012 06:37:51 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/21/2012 06:37:51 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/21/2012 06:37:29 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/21/2012 06:37:29 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/21/2012 06:00:23 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/21/2012 06:00:23 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/21/2012 06:00:03 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/20/2012 09:35:00 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/20/2012 09:35:00 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/20/2012 09:34:40 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


Microsoft Office Sessions:
=========================
Error: (08/21/2012 06:37:30 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/20/2012 08:06:34 AM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/19/2012 09:37:45 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (08/19/2012 09:37:40 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (08/18/2012 00:25:47 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/18/2012 02:06:31 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000000510ec836c276801cd7c819abc0d6a\\.\globalroot\systemroot\svchost.exeunknownffff1ea6-e913-11e1-8523-1c6f6544d370

Error: (08/17/2012 08:14:52 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (08/17/2012 08:03:52 AM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/17/2012 07:07:00 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5jscript9.dll9.0.8112.164474fc9cfc6c0000005000adc5d2e1801cd7b7142b29d08\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\jscript9.dllcf97b0ed-e874-11e1-8523-1c6f6544d370

Error: (08/16/2012 08:03:54 AM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.


=========================== Installed Programs ============================

2Wire Wireless Client
2WIREUSBWLANInstaller (Version: 1.00.7327)
50 FREE MP3s +1 Free Audiobook! (Version: 1.0.0.1)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.1.2) (Version: 10.1.2)
AIM 7
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70405.2224)
And Yet It Moves
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
AT&T Yahoo! High Speed Internet Home Networking Installer
ATI Catalyst Registration (Version: 3.00.0000)
ATT-RC Self Support Tool
Audacity 1.3.14 (Unicode)
Bing Bar (Version: 7.0.822.0)
BIT.TRIP RUNNER
Bonjour (Version: 2.0.5.0)
Browser Configuration Utility (Version: 1.1.18.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0405.2205.37728)
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728)
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728)
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728)
Cave Story+
ccc-utility64 (Version: 2012.0405.2205.37728)
CCC Help Chinese Standard (Version: 2012.0405.2204.37728)
CCC Help Chinese Traditional (Version: 2012.0405.2204.37728)
CCC Help Czech (Version: 2012.0405.2204.37728)
CCC Help Danish (Version: 2012.0405.2204.37728)
CCC Help Dutch (Version: 2012.0405.2204.37728)
CCC Help English (Version: 2012.0405.2204.37728)
CCC Help Finnish (Version: 2012.0405.2204.37728)
CCC Help French (Version: 2012.0405.2204.37728)
CCC Help German (Version: 2012.0405.2204.37728)
CCC Help Greek (Version: 2012.0405.2204.37728)
CCC Help Hungarian (Version: 2012.0405.2204.37728)
CCC Help Italian (Version: 2012.0405.2204.37728)
CCC Help Japanese (Version: 2012.0405.2204.37728)
CCC Help Korean (Version: 2012.0405.2204.37728)
CCC Help Norwegian (Version: 2012.0405.2204.37728)
CCC Help Polish (Version: 2012.0405.2204.37728)
CCC Help Portuguese (Version: 2012.0405.2204.37728)
CCC Help Russian (Version: 2012.0405.2204.37728)
CCC Help Spanish (Version: 2012.0405.2204.37728)
CCC Help Swedish (Version: 2012.0405.2204.37728)
CCC Help Thai (Version: 2012.0405.2204.37728)
CCC Help Turkish (Version: 2012.0405.2204.37728)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
City of Heroes
Cogs
Crayon Physics Deluxe
Curse Client (Version: 4.0.1.286)
Download Updater (AOL LLC)
Ed's Toolkits for Exalted - Version 6.0 (Version: Version .)
FileZilla Client 3.4.0 (Version: 3.4.0)
GIMP 2.6.11 (Version: 2.6.11)
Google Talk Plugin (Version: 3.4.2.8800)
Gratuitous Space Battles
Hammerfight
Inkscape 0.48.2 (Version: 0.48.2)
Intel® Management Engine Components (Version: 6.0.0.1179)
iTunes (Version: 10.2.2.12)
Jamestown
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8117.416)
League of Legends (Version: 1.3)
Magicka
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 14.0.1468.721)
Mumble 1.2.3 (Version: 1.2.3)
NCsoft Launcher (Version: 1.5.25.1)
NightSky
Nitro PDF Reader (Version: 1.4.0.11)
Notepad++ (Version: 5.9)
ON_OFF Charge B10.0427.1 (Version: 1.00.0001)
OpenAL
OpenOffice.org 3.3 (Version: 3.3.9567)
Pando Media Booster (Version: 2.3.6.0)
Plants vs. Zombies: Game of the Year
Portal
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
QuickTime (Version: 7.69.80.9)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.17.304.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6077)
RIFT (Version: 0.1.10)
RIFT (Version: 1.0.0)
ROSEWILL Wireless LAN Driver and Utility (Version: 1.00.0148)
Shank
Sid Meier's Alpha Centauri
Sid Meier's Civilization V
SimCity 4 Deluxe
Skype™ 5.5 (Version: 5.5.124)
Spotify (Version: 0.5.2)
Spotify (Version: 0.8.3.222.g317ab79d)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
Super Meat Boy
Super Meat Boy Editor
System Protocol One
Team Fortress 2
The Lord of the Rings FREE Trial (Version: 1.00.0000)
The Secret World (Version: 1.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VVVVVV
Winamp (Version: 5.623 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Yahoo! Messenger

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 3959.49 MB
Available physical RAM: 2594.01 MB
Total Pagefile: 7917.13 MB
Available Pagefile: 5277.58 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.88 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:242.77 GB) NTFS
2 Drive d: (HITACHI) (Fixed) (Total:232.88 GB) (Free:196.61 GB) NTFS

========================= Users: ========================================

User accounts for \\THEBLUETYPHOON

Administrator Claire Guest


**** End of log ****

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.13

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Claire :: THEBLUETYPHOON [administrator]

8/21/2012 7:08:29 PM
mbam-log-2012-08-21 (19-08-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212529
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#5 clairejv

clairejv
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 21 August 2012 - 09:34 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 19:21:04
-----------------------------
19:21:04.178 OS Version: Windows x64 6.1.7600
19:21:04.178 Number of processors: 4 586 0x2502
19:21:04.178 ComputerName: THEBLUETYPHOON UserName: Claire
19:21:22.704 Initialize success
19:22:55.728 AVAST engine defs: 12082100
19:23:00.548 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
19:23:00.548 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3EA Size: 476940MB BusType: 3
19:23:00.564 Disk 0 MBR read successfully
19:23:00.564 Disk 0 MBR scan
19:23:00.611 Disk 0 Windows 7 default MBR code
19:23:00.626 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:23:00.642 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
19:23:00.673 Disk 0 scanning C:\Windows\system32\drivers
19:23:10.860 Service scanning
19:23:42.434 Modules scanning
19:23:42.434 Disk 0 trace - called modules:
19:23:42.481 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:23:42.481 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045c1060]
19:23:42.497 3 CLASSPNP.SYS[fffff8800189443f] -> nt!IofCallDriver -> [0xfffffa8004371520]
19:23:42.497 5 ACPI.sys[fffff88000f89781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8004372680]
19:23:44.104 AVAST engine scan C:\Windows
19:23:46.584 AVAST engine scan C:\Windows\system32
19:27:31.941 AVAST engine scan C:\Windows\system32\drivers
19:27:58.882 AVAST engine scan C:\Users\Claire
19:32:28.170 Disk 0 MBR has been saved successfully to "C:\Users\Claire\Desktop\MBR.dat"
19:32:28.170 The log file has been saved successfully to "C:\Users\Claire\Desktop\aswMBR.txt"

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:04 AM

Posted 21 August 2012 - 09:38 PM

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 clairejv

clairejv
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 21 August 2012 - 09:44 PM

Rkill 2.3.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2012 07:41:32 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Users\Claire\AppData\Local\Apps\2.0\23ZM7BR4.KH6\GTNC5JK3.RBV\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\CurseClient.exe (PID: 1660) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Claire\Desktop\rkill\rkill-08-21-2012-07-41-37.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Firewall Disabled

[HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = dword:00000000

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

* AppMgmt [Missing Service]
* BFE [Missing Service]
* BITS [Missing Service]
* CscService [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/21/2012 07:41:46 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:04 AM

Posted 21 August 2012 - 09:46 PM

No signs of ZeroAccess which is good.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 clairejv

clairejv
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 21 August 2012 - 09:49 PM

19:46:40.0115 3828 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
19:46:40.0661 3828 ============================================================
19:46:40.0661 3828 Current date / time: 2012/08/21 19:46:40.0661
19:46:40.0661 3828 SystemInfo:
19:46:40.0661 3828
19:46:40.0661 3828 OS Version: 6.1.7600 ServicePack: 0.0
19:46:40.0661 3828 Product type: Workstation
19:46:40.0661 3828 ComputerName: THEBLUETYPHOON
19:46:40.0661 3828 UserName: Claire
19:46:40.0661 3828 Windows directory: C:\Windows
19:46:40.0661 3828 System windows directory: C:\Windows
19:46:40.0661 3828 Running under WOW64
19:46:40.0661 3828 Processor architecture: Intel x64
19:46:40.0661 3828 Number of processors: 4
19:46:40.0661 3828 Page size: 0x1000
19:46:40.0661 3828 Boot type: Normal boot
19:46:40.0661 3828 ============================================================
19:46:41.0753 3828 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
19:46:41.0753 3828 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:46:43.0422 3828 ============================================================
19:46:43.0422 3828 \Device\Harddisk0\DR0:
19:46:43.0422 3828 MBR partitions:
19:46:43.0422 3828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:46:43.0422 3828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
19:46:43.0422 3828 \Device\Harddisk1\DR1:
19:46:43.0422 3828 MBR partitions:
19:46:43.0422 3828 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
19:46:43.0422 3828 ============================================================
19:46:43.0454 3828 C: <-> \Device\Harddisk0\DR0\Partition2
19:46:43.0485 3828 D: <-> \Device\Harddisk1\DR1\Partition1
19:46:43.0485 3828 ============================================================
19:46:43.0485 3828 Initialize success
19:46:43.0485 3828 ============================================================
19:46:47.0057 3288 ============================================================
19:46:47.0057 3288 Scan started
19:46:47.0057 3288 Mode: Manual;
19:46:47.0057 3288 ============================================================
19:46:48.0243 3288 ================ Scan system memory ========================
19:46:48.0243 3288 System memory - ok
19:46:48.0243 3288 ================ Scan services =============================
19:46:48.0383 3288 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:46:48.0383 3288 1394ohci - ok
19:46:48.0399 3288 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:46:48.0399 3288 ACPI - ok
19:46:48.0461 3288 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:46:48.0461 3288 AcpiPmi - ok
19:46:48.0633 3288 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:46:48.0633 3288 AdobeARMservice - ok
19:46:48.0820 3288 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:46:48.0836 3288 AdobeFlashPlayerUpdateSvc - ok
19:46:48.0976 3288 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:46:48.0992 3288 adp94xx - ok
19:46:49.0007 3288 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:46:49.0023 3288 adpahci - ok
19:46:49.0054 3288 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:46:49.0054 3288 adpu320 - ok
19:46:49.0070 3288 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:46:49.0070 3288 AeLookupSvc - ok
19:46:49.0101 3288 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
19:46:49.0101 3288 AFD - ok
19:46:49.0116 3288 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:46:49.0116 3288 agp440 - ok
19:46:49.0163 3288 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:46:49.0163 3288 ALG - ok
19:46:49.0194 3288 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:46:49.0194 3288 aliide - ok
19:46:49.0241 3288 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:46:49.0241 3288 AMD External Events Utility - ok
19:46:49.0257 3288 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:46:49.0257 3288 amdide - ok
19:46:49.0288 3288 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:46:49.0288 3288 AmdK8 - ok
19:46:49.0460 3288 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:46:49.0616 3288 amdkmdag - ok
19:46:49.0647 3288 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:46:49.0647 3288 amdkmdap - ok
19:46:49.0662 3288 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:46:49.0662 3288 AmdPPM - ok
19:46:49.0709 3288 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:46:49.0709 3288 amdsata - ok
19:46:49.0740 3288 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:46:49.0740 3288 amdsbs - ok
19:46:49.0756 3288 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:46:49.0756 3288 amdxata - ok
19:46:49.0787 3288 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
19:46:49.0787 3288 AppID - ok
19:46:49.0803 3288 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:46:49.0803 3288 AppIDSvc - ok
19:46:49.0818 3288 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
19:46:49.0818 3288 Appinfo - ok
19:46:49.0912 3288 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:46:49.0912 3288 Apple Mobile Device - ok
19:46:49.0943 3288 [ 301AA64F9643BC453D90A66C4C0E7204 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
19:46:49.0943 3288 AppleCharger - ok
19:46:49.0959 3288 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
19:46:49.0959 3288 AppleChargerSrv - ok
19:46:49.0974 3288 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:46:49.0974 3288 arc - ok
19:46:50.0021 3288 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:46:50.0021 3288 arcsas - ok
19:46:50.0052 3288 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:46:50.0052 3288 AsyncMac - ok
19:46:50.0068 3288 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:46:50.0068 3288 atapi - ok
19:46:50.0099 3288 [ 6C342CE58E8F4A847E407833D6536CE3 ] athrusb C:\Windows\system32\DRIVERS\athrxusb.sys
19:46:50.0115 3288 athrusb - ok
19:46:50.0146 3288 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:46:50.0162 3288 AtiHDAudioService - ok
19:46:50.0208 3288 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:46:50.0224 3288 AudioEndpointBuilder - ok
19:46:50.0240 3288 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:46:50.0240 3288 AudioSrv - ok
19:46:50.0286 3288 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:46:50.0286 3288 AxInstSV - ok
19:46:50.0349 3288 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:46:50.0349 3288 b06bdrv - ok
19:46:50.0380 3288 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:46:50.0380 3288 b57nd60a - ok
19:46:50.0442 3288 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:46:50.0442 3288 BBSvc - ok
19:46:50.0505 3288 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:46:50.0505 3288 BBUpdate - ok
19:46:50.0552 3288 [ 382B151DAFFE4A9CE9DA9F564B66761E ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
19:46:50.0552 3288 BCUService - ok
19:46:50.0614 3288 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:46:50.0614 3288 BDESVC - ok
19:46:50.0692 3288 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:46:50.0692 3288 Beep - ok
19:46:50.0708 3288 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:46:50.0708 3288 blbdrive - ok
19:46:50.0817 3288 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:46:50.0817 3288 Bonjour Service - ok
19:46:50.0864 3288 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:46:50.0864 3288 bowser - ok
19:46:50.0879 3288 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:46:50.0879 3288 BrFiltLo - ok
19:46:50.0895 3288 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:46:50.0895 3288 BrFiltUp - ok
19:46:50.0942 3288 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
19:46:50.0942 3288 Browser - ok
19:46:50.0988 3288 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:46:51.0004 3288 Brserid - ok
19:46:51.0004 3288 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:46:51.0004 3288 BrSerWdm - ok
19:46:51.0020 3288 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:46:51.0020 3288 BrUsbMdm - ok
19:46:51.0035 3288 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:46:51.0035 3288 BrUsbSer - ok
19:46:51.0035 3288 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:46:51.0051 3288 BTHMODEM - ok
19:46:51.0082 3288 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:46:51.0082 3288 bthserv - ok
19:46:51.0098 3288 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:46:51.0098 3288 cdfs - ok
19:46:51.0144 3288 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:46:51.0144 3288 cdrom - ok
19:46:51.0191 3288 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
19:46:51.0191 3288 CertPropSvc - ok
19:46:51.0207 3288 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:46:51.0207 3288 circlass - ok
19:46:51.0222 3288 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:46:51.0238 3288 CLFS - ok
19:46:51.0300 3288 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:51.0300 3288 clr_optimization_v2.0.50727_32 - ok
19:46:51.0347 3288 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:46:51.0347 3288 clr_optimization_v2.0.50727_64 - ok
19:46:51.0425 3288 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:51.0456 3288 clr_optimization_v4.0.30319_32 - ok
19:46:51.0488 3288 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:46:51.0503 3288 clr_optimization_v4.0.30319_64 - ok
19:46:51.0550 3288 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:46:51.0550 3288 CmBatt - ok
19:46:51.0566 3288 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:46:51.0566 3288 cmdide - ok
19:46:51.0612 3288 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
19:46:51.0628 3288 CNG - ok
19:46:51.0628 3288 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:46:51.0628 3288 Compbatt - ok
19:46:51.0659 3288 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:46:51.0659 3288 CompositeBus - ok
19:46:51.0675 3288 COMSysApp - ok
19:46:51.0690 3288 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:46:51.0690 3288 crcdisk - ok
19:46:51.0737 3288 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:46:51.0737 3288 CryptSvc - ok
19:46:51.0846 3288 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:46:51.0862 3288 cvhsvc - ok
19:46:51.0924 3288 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:46:51.0924 3288 DcomLaunch - ok
19:46:51.0971 3288 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:46:51.0971 3288 defragsvc - ok
19:46:52.0018 3288 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:46:52.0018 3288 DfsC - ok
19:46:52.0049 3288 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
19:46:52.0049 3288 Dhcp - ok
19:46:52.0080 3288 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:46:52.0080 3288 discache - ok
19:46:52.0096 3288 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:46:52.0096 3288 Disk - ok
19:46:52.0143 3288 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:46:52.0143 3288 Dnscache - ok
19:46:52.0190 3288 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
19:46:52.0190 3288 dot3svc - ok
19:46:52.0221 3288 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
19:46:52.0221 3288 DPS - ok
19:46:52.0252 3288 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:46:52.0252 3288 drmkaud - ok
19:46:52.0299 3288 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:46:52.0314 3288 DXGKrnl - ok
19:46:52.0361 3288 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:46:52.0361 3288 EapHost - ok
19:46:52.0424 3288 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:46:52.0455 3288 ebdrv - ok
19:46:52.0517 3288 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
19:46:52.0517 3288 EFS - ok
19:46:52.0626 3288 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:46:52.0642 3288 ehRecvr - ok
19:46:52.0689 3288 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:46:52.0689 3288 ehSched - ok
19:46:52.0767 3288 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:46:52.0767 3288 elxstor - ok
19:46:52.0782 3288 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:46:52.0782 3288 ErrDev - ok
19:46:52.0845 3288 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:46:52.0845 3288 EventSystem - ok
19:46:52.0876 3288 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:46:52.0876 3288 exfat - ok
19:46:52.0876 3288 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:46:52.0892 3288 fastfat - ok
19:46:52.0923 3288 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
19:46:52.0938 3288 Fax - ok
19:46:52.0954 3288 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:46:52.0954 3288 fdc - ok
19:46:53.0001 3288 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:46:53.0001 3288 fdPHost - ok
19:46:53.0016 3288 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:46:53.0016 3288 FDResPub - ok
19:46:53.0048 3288 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:46:53.0048 3288 FileInfo - ok
19:46:53.0063 3288 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:46:53.0063 3288 Filetrace - ok
19:46:53.0079 3288 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:46:53.0079 3288 flpydisk - ok
19:46:53.0079 3288 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:46:53.0094 3288 FltMgr - ok
19:46:53.0157 3288 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
19:46:53.0172 3288 FontCache - ok
19:46:53.0219 3288 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:46:53.0219 3288 FontCache3.0.0.0 - ok
19:46:53.0250 3288 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:46:53.0250 3288 FsDepends - ok
19:46:53.0297 3288 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:46:53.0297 3288 Fs_Rec - ok
19:46:53.0313 3288 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:46:53.0328 3288 fvevol - ok
19:46:53.0375 3288 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:46:53.0375 3288 gagp30kx - ok
19:46:53.0391 3288 gdrv - ok
19:46:53.0438 3288 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:46:53.0438 3288 GEARAspiWDM - ok
19:46:53.0484 3288 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
19:46:53.0500 3288 gpsvc - ok
19:46:53.0516 3288 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:46:53.0516 3288 hcw85cir - ok
19:46:53.0531 3288 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:46:53.0547 3288 HdAudAddService - ok
19:46:53.0562 3288 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:46:53.0562 3288 HDAudBus - ok
19:46:53.0594 3288 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:46:53.0594 3288 HECIx64 - ok
19:46:53.0640 3288 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:46:53.0640 3288 HidBatt - ok
19:46:53.0656 3288 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:46:53.0656 3288 HidBth - ok
19:46:53.0672 3288 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:46:53.0672 3288 HidIr - ok
19:46:53.0718 3288 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:46:53.0718 3288 hidserv - ok
19:46:53.0750 3288 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:46:53.0750 3288 HidUsb - ok
19:46:53.0796 3288 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:46:53.0796 3288 hkmsvc - ok
19:46:53.0828 3288 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:46:53.0828 3288 HomeGroupListener - ok
19:46:53.0874 3288 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:46:53.0890 3288 HomeGroupProvider - ok
19:46:53.0906 3288 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:46:53.0906 3288 HpSAMD - ok
19:46:53.0968 3288 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:46:53.0984 3288 HTTP - ok
19:46:53.0999 3288 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:46:53.0999 3288 hwpolicy - ok
19:46:54.0030 3288 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:46:54.0030 3288 i8042prt - ok
19:46:54.0077 3288 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:46:54.0077 3288 iaStorV - ok
19:46:54.0140 3288 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:46:54.0155 3288 idsvc - ok
19:46:54.0171 3288 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:46:54.0171 3288 iirsp - ok
19:46:54.0233 3288 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
19:46:54.0249 3288 IKEEXT - ok
19:46:54.0311 3288 [ 163F94EBF8F8A98616A6B804AF08D736 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:46:54.0327 3288 IntcAzAudAddService - ok
19:46:54.0342 3288 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:46:54.0342 3288 intelide - ok
19:46:54.0374 3288 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:46:54.0374 3288 intelppm - ok
19:46:54.0420 3288 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:46:54.0436 3288 IPBusEnum - ok
19:46:54.0514 3288 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:46:54.0514 3288 IpFilterDriver - ok
19:46:54.0545 3288 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:46:54.0545 3288 IPMIDRV - ok
19:46:54.0686 3288 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:46:54.0686 3288 IPNAT - ok
19:46:54.0764 3288 [ A3BDA1A8A016B5E5A525BCF684894EBE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:46:54.0779 3288 iPod Service - ok
19:46:54.0826 3288 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:46:54.0826 3288 IRENUM - ok
19:46:54.0842 3288 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:46:54.0842 3288 isapnp - ok
19:46:54.0857 3288 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:46:54.0857 3288 iScsiPrt - ok
19:46:54.0888 3288 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:46:54.0888 3288 kbdclass - ok
19:46:54.0920 3288 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:46:54.0920 3288 kbdhid - ok
19:46:54.0935 3288 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
19:46:54.0935 3288 KeyIso - ok
19:46:54.0966 3288 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:46:54.0982 3288 KSecDD - ok
19:46:54.0982 3288 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:46:54.0998 3288 KSecPkg - ok
19:46:55.0029 3288 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:46:55.0029 3288 ksthunk - ok
19:46:55.0091 3288 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:46:55.0091 3288 KtmRm - ok
19:46:55.0154 3288 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:46:55.0154 3288 LanmanServer - ok
19:46:55.0200 3288 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:46:55.0216 3288 LanmanWorkstation - ok
19:46:55.0247 3288 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:46:55.0247 3288 lltdio - ok
19:46:55.0294 3288 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:46:55.0294 3288 lltdsvc - ok
19:46:55.0325 3288 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:46:55.0325 3288 lmhosts - ok
19:46:55.0403 3288 [ E38775922D4A4C05B5D96733AB4CE169 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:46:55.0403 3288 LMS - ok
19:46:55.0419 3288 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:46:55.0434 3288 LSI_FC - ok
19:46:55.0450 3288 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:46:55.0450 3288 LSI_SAS - ok
19:46:55.0481 3288 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:46:55.0481 3288 LSI_SAS2 - ok
19:46:55.0497 3288 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:46:55.0497 3288 LSI_SCSI - ok
19:46:55.0512 3288 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:46:55.0512 3288 luafv - ok
19:46:55.0575 3288 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
19:46:55.0575 3288 McciCMService - ok
19:46:55.0684 3288 [ BE3D584D7C021EB7D89166EECB83C341 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
19:46:55.0684 3288 McciCMService64 - ok
19:46:55.0762 3288 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
19:46:55.0762 3288 McComponentHostService - ok
19:46:55.0809 3288 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:46:55.0809 3288 Mcx2Svc - ok
19:46:55.0856 3288 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:46:55.0856 3288 megasas - ok
19:46:55.0871 3288 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:46:55.0871 3288 MegaSR - ok
19:46:55.0918 3288 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:46:55.0934 3288 MMCSS - ok
19:46:55.0934 3288 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:46:55.0934 3288 Modem - ok
19:46:55.0965 3288 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:46:55.0965 3288 monitor - ok
19:46:55.0980 3288 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:46:55.0980 3288 mouclass - ok
19:46:55.0996 3288 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:46:55.0996 3288 mouhid - ok
19:46:56.0012 3288 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:46:56.0012 3288 mountmgr - ok
19:46:56.0074 3288 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:46:56.0074 3288 MozillaMaintenance - ok
19:46:56.0121 3288 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:46:56.0121 3288 mpio - ok
19:46:56.0136 3288 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:46:56.0152 3288 mpsdrv - ok
19:46:56.0168 3288 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:46:56.0168 3288 MRxDAV - ok
19:46:56.0214 3288 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:46:56.0214 3288 mrxsmb - ok
19:46:56.0261 3288 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:46:56.0261 3288 mrxsmb10 - ok
19:46:56.0277 3288 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:46:56.0277 3288 mrxsmb20 - ok
19:46:56.0292 3288 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
19:46:56.0292 3288 msahci - ok
19:46:56.0308 3288 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:46:56.0308 3288 msdsm - ok
19:46:56.0355 3288 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:46:56.0355 3288 MSDTC - ok
19:46:56.0417 3288 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:46:56.0417 3288 Msfs - ok
19:46:56.0433 3288 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:46:56.0433 3288 mshidkmdf - ok
19:46:56.0448 3288 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:46:56.0448 3288 msisadrv - ok
19:46:56.0480 3288 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:46:56.0480 3288 MSiSCSI - ok
19:46:56.0480 3288 msiserver - ok
19:46:56.0495 3288 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:46:56.0495 3288 MSKSSRV - ok
19:46:56.0511 3288 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:46:56.0511 3288 MSPCLOCK - ok
19:46:56.0511 3288 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:46:56.0511 3288 MSPQM - ok
19:46:56.0526 3288 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:46:56.0542 3288 MsRPC - ok
19:46:56.0558 3288 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:46:56.0558 3288 mssmbios - ok
19:46:56.0589 3288 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:46:56.0589 3288 MSTEE - ok
19:46:56.0604 3288 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:46:56.0604 3288 MTConfig - ok
19:46:56.0651 3288 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:46:56.0651 3288 Mup - ok
19:46:56.0698 3288 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
19:46:56.0698 3288 napagent - ok
19:46:56.0745 3288 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:46:56.0745 3288 NativeWifiP - ok
19:46:56.0776 3288 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:46:56.0792 3288 NDIS - ok
19:46:56.0823 3288 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:46:56.0823 3288 NdisCap - ok
19:46:56.0854 3288 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:46:56.0854 3288 NdisTapi - ok
19:46:56.0885 3288 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:46:56.0885 3288 Ndisuio - ok
19:46:56.0901 3288 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:46:56.0901 3288 NdisWan - ok
19:46:56.0916 3288 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:46:56.0916 3288 NDProxy - ok
19:46:56.0932 3288 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:46:56.0932 3288 NetBIOS - ok
19:46:56.0948 3288 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:46:56.0948 3288 NetBT - ok
19:46:56.0963 3288 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
19:46:56.0963 3288 Netlogon - ok
19:46:57.0010 3288 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:46:57.0010 3288 Netman - ok
19:46:57.0041 3288 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:46:57.0041 3288 netprofm - ok
19:46:57.0057 3288 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:46:57.0057 3288 NetTcpPortSharing - ok
19:46:57.0088 3288 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:46:57.0088 3288 nfrd960 - ok
19:46:57.0182 3288 [ 61EDEE7F29249640A3CF8D7A23E917CC ] NitroReaderDriverReadSpool C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
19:46:57.0182 3288 NitroReaderDriverReadSpool - ok
19:46:57.0228 3288 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:46:57.0244 3288 NlaSvc - ok
19:46:57.0275 3288 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:46:57.0275 3288 Npfs - ok
19:46:57.0322 3288 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:46:57.0322 3288 nsi - ok
19:46:57.0338 3288 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:46:57.0338 3288 nsiproxy - ok
19:46:57.0416 3288 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:46:57.0431 3288 Ntfs - ok
19:46:57.0431 3288 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:46:57.0431 3288 Null - ok
19:46:57.0462 3288 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
19:46:57.0462 3288 NVENETFD - ok
19:46:57.0634 3288 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:46:57.0790 3288 nvlddmkm - ok
19:46:57.0837 3288 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:46:57.0852 3288 nvraid - ok
19:46:57.0868 3288 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:46:57.0868 3288 nvstor - ok
19:46:57.0899 3288 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:46:57.0899 3288 nv_agp - ok
19:46:57.0899 3288 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:46:57.0915 3288 ohci1394 - ok
19:46:57.0977 3288 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:46:57.0977 3288 ose - ok
19:46:58.0102 3288 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:46:58.0149 3288 osppsvc - ok
19:46:58.0196 3288 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:46:58.0196 3288 p2pimsvc - ok
19:46:58.0211 3288 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:46:58.0211 3288 p2psvc - ok
19:46:58.0258 3288 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:46:58.0258 3288 Parport - ok
19:46:58.0274 3288 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:46:58.0274 3288 partmgr - ok
19:46:58.0289 3288 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:46:58.0289 3288 PcaSvc - ok
19:46:58.0321 3288 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
19:46:58.0321 3288 pci - ok
19:46:58.0336 3288 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:46:58.0336 3288 pciide - ok
19:46:58.0352 3288 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:46:58.0352 3288 pcmcia - ok
19:46:58.0383 3288 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:46:58.0399 3288 pcw - ok
19:46:58.0414 3288 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:46:58.0414 3288 PEAUTH - ok
19:46:58.0508 3288 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:46:58.0508 3288 PerfHost - ok
19:46:58.0679 3288 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
19:46:58.0695 3288 pla - ok
19:46:58.0742 3288 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:46:58.0742 3288 PlugPlay - ok
19:46:58.0773 3288 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:46:58.0773 3288 PNRPAutoReg - ok
19:46:58.0804 3288 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:46:58.0804 3288 PNRPsvc - ok
19:46:58.0851 3288 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:46:58.0867 3288 PolicyAgent - ok
19:46:58.0913 3288 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:46:58.0913 3288 Power - ok
19:46:58.0991 3288 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:46:58.0991 3288 PptpMiniport - ok
19:46:59.0007 3288 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:46:59.0007 3288 Processor - ok
19:46:59.0069 3288 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
19:46:59.0069 3288 ProfSvc - ok
19:46:59.0116 3288 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:46:59.0116 3288 ProtectedStorage - ok
19:46:59.0163 3288 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:46:59.0163 3288 Psched - ok
19:46:59.0194 3288 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:46:59.0225 3288 ql2300 - ok
19:46:59.0225 3288 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:46:59.0241 3288 ql40xx - ok
19:46:59.0272 3288 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:46:59.0272 3288 QWAVE - ok
19:46:59.0288 3288 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:46:59.0288 3288 QWAVEdrv - ok
19:46:59.0303 3288 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:46:59.0303 3288 RasAcd - ok
19:46:59.0335 3288 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:46:59.0335 3288 RasAgileVpn - ok
19:46:59.0350 3288 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:46:59.0366 3288 RasAuto - ok
19:46:59.0381 3288 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:46:59.0381 3288 Rasl2tp - ok
19:46:59.0444 3288 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
19:46:59.0444 3288 RasMan - ok
19:46:59.0475 3288 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:46:59.0475 3288 RasPppoe - ok
19:46:59.0506 3288 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:46:59.0506 3288 RasSstp - ok
19:46:59.0522 3288 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:46:59.0522 3288 rdbss - ok
19:46:59.0537 3288 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:46:59.0537 3288 rdpbus - ok
19:46:59.0584 3288 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:46:59.0584 3288 RDPCDD - ok
19:46:59.0600 3288 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:46:59.0600 3288 RDPENCDD - ok
19:46:59.0615 3288 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:46:59.0615 3288 RDPREFMP - ok
19:46:59.0662 3288 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:46:59.0662 3288 RDPWD - ok
19:46:59.0678 3288 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:46:59.0678 3288 rdyboost - ok
19:46:59.0771 3288 [ E1A6731867765FBC01B37150AEFC00F3 ] RealtekSE C:\Program Files (x86)\ROSEWILL\PCIE Wireless LAN\RtlService.exe
19:46:59.0771 3288 RealtekSE - ok
19:46:59.0803 3288 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:46:59.0818 3288 RemoteAccess - ok
19:46:59.0849 3288 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:46:59.0865 3288 RemoteRegistry - ok
19:46:59.0881 3288 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:46:59.0881 3288 RpcEptMapper - ok
19:46:59.0927 3288 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:46:59.0927 3288 RpcLocator - ok
19:46:59.0959 3288 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
19:46:59.0959 3288 RpcSs - ok
19:47:00.0005 3288 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:47:00.0005 3288 rspndr - ok
19:47:00.0052 3288 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:47:00.0052 3288 RTL8167 - ok
19:47:00.0115 3288 [ F4ACE474D5B18D1AC618900E753DC412 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
19:47:00.0130 3288 rtl8192se - ok
19:47:00.0146 3288 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
19:47:00.0146 3288 SamSs - ok
19:47:00.0193 3288 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
19:47:00.0193 3288 sbp2port - ok
19:47:00.0286 3288 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:47:00.0317 3288 SBSDWSCService - ok
19:47:00.0333 3288 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:47:00.0349 3288 SCardSvr - ok
19:47:00.0364 3288 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:47:00.0364 3288 scfilter - ok
19:47:00.0411 3288 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
19:47:00.0427 3288 Schedule - ok
19:47:00.0473 3288 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:47:00.0473 3288 SCPolicySvc - ok
19:47:00.0505 3288 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:47:00.0505 3288 SDRSVC - ok
19:47:00.0551 3288 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:47:00.0551 3288 secdrv - ok
19:47:00.0567 3288 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
19:47:00.0567 3288 seclogon - ok
19:47:00.0614 3288 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:47:00.0614 3288 SENS - ok
19:47:00.0629 3288 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:47:00.0629 3288 SensrSvc - ok
19:47:00.0676 3288 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:47:00.0676 3288 Serenum - ok
19:47:00.0692 3288 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:47:00.0692 3288 Serial - ok
19:47:00.0707 3288 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:47:00.0707 3288 sermouse - ok
19:47:00.0739 3288 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
19:47:00.0754 3288 SessionEnv - ok
19:47:00.0785 3288 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:47:00.0785 3288 sffdisk - ok
19:47:00.0801 3288 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:47:00.0801 3288 sffp_mmc - ok
19:47:00.0801 3288 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:47:00.0801 3288 sffp_sd - ok
19:47:00.0817 3288 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:47:00.0817 3288 sfloppy - ok
19:47:00.0863 3288 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:47:00.0863 3288 Sftfs - ok
19:47:00.0926 3288 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:47:00.0926 3288 sftlist - ok
19:47:00.0957 3288 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:47:00.0957 3288 Sftplay - ok
19:47:00.0973 3288 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:47:00.0988 3288 Sftredir - ok
19:47:00.0988 3288 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:47:00.0988 3288 Sftvol - ok
19:47:01.0004 3288 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:47:01.0019 3288 sftvsa - ok
19:47:01.0066 3288 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:47:01.0066 3288 ShellHWDetection - ok
19:47:01.0129 3288 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:47:01.0129 3288 SiSRaid2 - ok
19:47:01.0144 3288 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:47:01.0144 3288 SiSRaid4 - ok
19:47:01.0160 3288 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:47:01.0160 3288 Smb - ok
19:47:01.0222 3288 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:47:01.0222 3288 SNMPTRAP - ok
19:47:01.0253 3288 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:47:01.0269 3288 spldr - ok
19:47:01.0316 3288 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
19:47:01.0316 3288 Spooler - ok
19:47:01.0409 3288 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
19:47:01.0441 3288 sppsvc - ok
19:47:01.0472 3288 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:47:01.0472 3288 sppuinotify - ok
19:47:01.0519 3288 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:47:01.0534 3288 srv - ok
19:47:01.0550 3288 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:47:01.0550 3288 srv2 - ok
19:47:01.0565 3288 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:47:01.0565 3288 srvnet - ok
19:47:01.0612 3288 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:47:01.0628 3288 SSDPSRV - ok
19:47:01.0643 3288 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:47:01.0643 3288 SstpSvc - ok
19:47:01.0706 3288 Steam Client Service - ok
19:47:01.0721 3288 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:47:01.0721 3288 stexstor - ok
19:47:01.0768 3288 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
19:47:01.0784 3288 stisvc - ok
19:47:01.0815 3288 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:47:01.0815 3288 swenum - ok
19:47:01.0862 3288 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:47:01.0877 3288 swprv - ok
19:47:01.0909 3288 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
19:47:01.0924 3288 SysMain - ok
19:47:01.0940 3288 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:47:01.0955 3288 TabletInputService - ok
19:47:01.0971 3288 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
19:47:01.0971 3288 TapiSrv - ok
19:47:02.0018 3288 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:47:02.0018 3288 TBS - ok
19:47:02.0096 3288 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:47:02.0111 3288 Tcpip - ok
19:47:02.0143 3288 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:47:02.0158 3288 TCPIP6 - ok
19:47:02.0205 3288 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:47:02.0205 3288 tcpipreg - ok
19:47:02.0221 3288 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:47:02.0221 3288 TDPIPE - ok
19:47:02.0267 3288 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:47:02.0267 3288 TDTCP - ok
19:47:02.0283 3288 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:47:02.0283 3288 tdx - ok
19:47:02.0314 3288 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:47:02.0314 3288 TermDD - ok
19:47:02.0361 3288 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
19:47:02.0377 3288 TermService - ok
19:47:02.0392 3288 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:47:02.0392 3288 Themes - ok
19:47:02.0439 3288 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:47:02.0439 3288 THREADORDER - ok
19:47:02.0455 3288 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:47:02.0470 3288 TrkWks - ok
19:47:02.0533 3288 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:47:02.0533 3288 TrustedInstaller - ok
19:47:02.0548 3288 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:47:02.0548 3288 tssecsrv - ok
19:47:02.0626 3288 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:47:02.0626 3288 tunnel - ok
19:47:02.0673 3288 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:47:02.0673 3288 uagp35 - ok
19:47:02.0704 3288 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:47:02.0704 3288 udfs - ok
19:47:02.0751 3288 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:47:02.0751 3288 UI0Detect - ok
19:47:02.0782 3288 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
19:47:02.0782 3288 uliagpkx - ok
19:47:02.0813 3288 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:47:02.0813 3288 umbus - ok
19:47:02.0829 3288 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:47:02.0829 3288 UmPass - ok
19:47:02.0907 3288 [ 02C298382359653BEC4C737C2AB7F9C5 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:47:02.0938 3288 UNS - ok
19:47:02.0985 3288 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:47:03.0001 3288 upnphost - ok
19:47:03.0047 3288 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:47:03.0063 3288 USBAAPL64 - ok
19:47:03.0079 3288 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:47:03.0094 3288 usbaudio - ok
19:47:03.0141 3288 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:47:03.0141 3288 usbccgp - ok
19:47:03.0188 3288 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
19:47:03.0188 3288 usbcir - ok
19:47:03.0203 3288 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:47:03.0219 3288 usbehci - ok
19:47:03.0235 3288 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:47:03.0235 3288 usbhub - ok
19:47:03.0235 3288 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:47:03.0250 3288 usbohci - ok
19:47:03.0250 3288 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:47:03.0250 3288 usbprint - ok
19:47:03.0297 3288 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:47:03.0297 3288 USBSTOR - ok
19:47:03.0344 3288 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:47:03.0344 3288 usbuhci - ok
19:47:03.0406 3288 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:47:03.0406 3288 usbvideo - ok
19:47:03.0437 3288 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:47:03.0437 3288 UxSms - ok
19:47:03.0453 3288 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
19:47:03.0453 3288 VaultSvc - ok
19:47:03.0484 3288 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
19:47:03.0484 3288 vdrvroot - ok
19:47:03.0531 3288 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
19:47:03.0547 3288 vds - ok
19:47:03.0547 3288 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:47:03.0547 3288 vga - ok
19:47:03.0593 3288 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:47:03.0593 3288 VgaSave - ok
19:47:03.0609 3288 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
19:47:03.0625 3288 vhdmp - ok
19:47:03.0640 3288 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
19:47:03.0640 3288 viaide - ok
19:47:03.0656 3288 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
19:47:03.0656 3288 volmgr - ok
19:47:03.0687 3288 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:47:03.0687 3288 volmgrx - ok
19:47:03.0703 3288 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
19:47:03.0703 3288 volsnap - ok
19:47:03.0734 3288 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:47:03.0734 3288 vsmraid - ok
19:47:03.0796 3288 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
19:47:03.0827 3288 VSS - ok
19:47:03.0874 3288 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:47:03.0874 3288 vwifibus - ok
19:47:03.0937 3288 [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:47:03.0937 3288 VWiFiFlt - ok
19:47:03.0952 3288 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:47:03.0952 3288 vwifimp - ok
19:47:03.0999 3288 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:47:03.0999 3288 W32Time - ok
19:47:04.0030 3288 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:47:04.0030 3288 WacomPen - ok
19:47:04.0046 3288 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:47:04.0046 3288 WANARP - ok
19:47:04.0046 3288 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:47:04.0061 3288 Wanarpv6 - ok
19:47:04.0124 3288 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:47:04.0155 3288 WatAdminSvc - ok
19:47:04.0171 3288 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
19:47:04.0186 3288 wbengine - ok
19:47:04.0217 3288 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:47:04.0217 3288 WbioSrvc - ok
19:47:04.0249 3288 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:47:04.0249 3288 wcncsvc - ok
19:47:04.0295 3288 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:47:04.0295 3288 WcsPlugInService - ok
19:47:04.0342 3288 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:47:04.0342 3288 Wd - ok
19:47:04.0358 3288 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:47:04.0373 3288 Wdf01000 - ok
19:47:04.0420 3288 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:47:04.0420 3288 WdiServiceHost - ok
19:47:04.0436 3288 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:47:04.0436 3288 WdiSystemHost - ok
19:47:04.0483 3288 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
19:47:04.0483 3288 WebClient - ok
19:47:04.0514 3288 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:47:04.0514 3288 Wecsvc - ok
19:47:04.0545 3288 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:47:04.0561 3288 wercplsupport - ok
19:47:04.0623 3288 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:47:04.0623 3288 WerSvc - ok
19:47:04.0670 3288 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:47:04.0685 3288 WfpLwf - ok
19:47:04.0701 3288 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:47:04.0701 3288 WIMMount - ok
19:47:04.0701 3288 WinHttpAutoProxySvc - ok
19:47:04.0748 3288 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:47:04.0748 3288 Winmgmt - ok
19:47:04.0826 3288 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
19:47:04.0857 3288 WinRM - ok
19:47:04.0919 3288 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:47:04.0919 3288 Wlansvc - ok
19:47:04.0935 3288 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:47:04.0935 3288 WmiAcpi - ok
19:47:04.0966 3288 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:47:04.0966 3288 wmiApSrv - ok
19:47:04.0997 3288 WMPNetworkSvc - ok
19:47:05.0029 3288 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:47:05.0029 3288 WPCSvc - ok
19:47:05.0060 3288 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:47:05.0060 3288 WPDBusEnum - ok
19:47:05.0107 3288 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:47:05.0107 3288 ws2ifsl - ok
19:47:05.0122 3288 WSearch - ok
19:47:05.0138 3288 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:47:05.0138 3288 WudfPf - ok
19:47:05.0169 3288 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:47:05.0169 3288 WUDFRd - ok
19:47:05.0216 3288 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:47:05.0216 3288 wudfsvc - ok
19:47:05.0247 3288 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:47:05.0247 3288 WwanSvc - ok
19:47:05.0278 3288 ================ Scan global ===============================
19:47:05.0325 3288 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:47:05.0356 3288 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
19:47:05.0372 3288 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
19:47:05.0419 3288 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:47:05.0465 3288 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:47:05.0465 3288 [Global] - ok
19:47:05.0465 3288 ================ Scan MBR ==================================
19:47:05.0481 3288 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:47:05.0715 3288 \Device\Harddisk0\DR0 - ok
19:47:05.0746 3288 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:47:05.0746 3288 \Device\Harddisk1\DR1 - ok
19:47:05.0746 3288 ================ Scan VBR ==================================
19:47:05.0762 3288 [ 70A21A66F4862071AE8B81426B1E6E45 ] \Device\Harddisk0\DR0\Partition1
19:47:05.0762 3288 \Device\Harddisk0\DR0\Partition1 - ok
19:47:05.0777 3288 [ B5E656103370633675E56AAB522BFEEA ] \Device\Harddisk0\DR0\Partition2
19:47:05.0777 3288 \Device\Harddisk0\DR0\Partition2 - ok
19:47:05.0777 3288 [ D802076984A014B601023172A49E6327 ] \Device\Harddisk1\DR1\Partition1
19:47:05.0777 3288 \Device\Harddisk1\DR1\Partition1 - ok
19:47:05.0777 3288 ============================================================
19:47:05.0777 3288 Scan finished
19:47:05.0777 3288 ============================================================
19:47:05.0793 1364 Detected object count: 0
19:47:05.0793 1364 Actual detected object count: 0

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:04 AM

Posted 21 August 2012 - 09:51 PM

Please re-run MBAM one more time.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 clairejv

clairejv
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 21 August 2012 - 09:59 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.13

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Claire :: THEBLUETYPHOON [administrator]

8/21/2012 7:52:50 PM
mbam-log-2012-08-21 (19-52-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212313
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:04 AM

Posted 21 August 2012 - 10:11 PM

That looks good :)

Now we have number of registry keys missing.

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Posted Image


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Posted Image

Click on box next to the Restart System when Finished. Then click on Start.

Post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 clairejv

clairejv
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 22 August 2012 - 08:51 AM

Farbar Service Scanner Version: 06-08-2012
Ran by Claire (administrator) on 22-08-2012 at 06:47:51
Running from "C:\Users\Claire\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-18 15:52] - [2011-12-27 20:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 18:22] - [2012-03-30 04:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 10:23] - [2012-04-23 22:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:04 AM

Posted 22 August 2012 - 11:35 AM

We still have couple of registry missing.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/


Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on windefend.reg file and confirm the prompt.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 clairejv

clairejv
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 22 August 2012 - 09:30 PM

Farbar Service Scanner Version: 06-08-2012
Ran by Claire (administrator) on 22-08-2012 at 19:27:54
Running from "C:\Users\Claire\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-18 15:52] - [2011-12-27 20:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 18:22] - [2012-03-30 04:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 17:09] - [2009-07-13 18:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 16:36] - [2009-07-13 18:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 10:23] - [2012-04-23 22:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users