1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I believe I have the bot too...

Discussion in 'Virus & Other Malware Removal' started by kandy123, Jan 18, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. kandy123

    kandy123 Thread Starter

    Joined:
    Aug 16, 2007
    Messages:
    83
    Good evening. I have an HP pavilion dv5 laptop. It has been having problems the last few days. When it starts on a reboot it gets stuck on the initial HP logo screen before the windows screen. This happens after running scans with Maleware Antispyware and startup repair or when restarting manually. After a while of it sticking I can push the power button and it will then restart fine. I have tried running Maleware in safe mode and have the same problem. Today I recieved an email from Comcast about having a BOT. I tried all the steps they gave but the reboot problem still exists. All the scans show anywhere from 2-7 infections. I have ran the Hijack, DDS, but did not do the Gmer because I was not sure what I was running. Other than the start up issues, everything seems to running fine once I get on. I do have memory error messages at times while on the internet. (line errors). Also, forgot, when running the last startup repair, the comcast guard and features were removed. I am not sure how that happened but that is when I decided I needed to get some help before I crash or worse. Thanks much in advance.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:55:10 PM, on 1/18/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A}: NameServer = 0.0.0.0
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 9139 bytes



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/11/2011 7:40:52 PM
    System Uptime: 1/18/2012 8:45:31 PM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1435
    Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | CPU | 911/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 433 GiB total, 375.771 GiB free.
    D: is FIXED (NTFS) - 32 GiB total, 1.48 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2DD3B7CA&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&2DD3B7CA&0&01
    Service: vwifimp
    .
    ==== System Restore Points ===================
    .
    RP206: 1/17/2012 7:34:23 PM - Windows Update
    RP207: 1/17/2012 11:19:25 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Adobe Shockwave Player 11.6
    Agatha Christie - Peril at End House
    Alcor Micro USB Card Reader
    Apple Application Support
    Apple Software Update
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Chuzzle Deluxe
    CyberLink DVD Suite
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    DVD Menu Pack for HP MediaSmart Video
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Facebook Video Calling 1.0.0.8953
    Farm Frenzy
    FATE
    FaxRedist
    Fences Pro
    Final Drive Nitro
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.1.0
    HiJackThis
    Hoyle Board Games 5
    Hoyle Card Games 5
    HP CloudDrive
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP MediaSmart/TouchSmart Netflix
    HP MovieStore
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP QuickWeb Installer
    HP Setup
    HP Setup Manager
    HP Software Framework
    HP Support Assistant
    Hulu Desktop
    IDT Audio
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 26
    Jewel Quest Solitaire 2
    LabelPrint
    Lexmark Toolbar
    LG United Mobile Driver
    LightScribe System Software
    Magical Jelly Bean KeyFinder
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Movie Theme Pack for HP MediaSmart Video
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyHeritage Family Tree Builder
    Mystery P.I. - The London Caper
    Penguins!
    PhotoNow!
    PictureMover
    Plants vs. Zombies
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PowerTeacher Gradebook
    QuickTime
    Realtek Ethernet Controller Driver
    Recovery Manager
    RoxioNow Player
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Times Reader
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2008 x64 Redistributables
    Wheel of Fortune 2
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    YouTube Downloader 3.4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/18/2012 8:46:45 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    1/18/2012 8:46:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/18/2012 8:46:17 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    1/18/2012 8:46:17 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    1/18/2012 8:46:13 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    1/18/2012 8:39:54 PM, Error: Service Control Manager [7034] - The DeviceVM Meta Data Export Service service terminated unexpectedly. It has done this 1 time(s).
    1/18/2012 8:35:53 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/18/2012 8:30:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/18/2012 8:29:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/18/2012 8:29:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    1/18/2012 8:09:58 AM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    1/18/2012 5:24:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/18/2012 4:25:55 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2012 4:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/18/2012 4:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/18/2012 4:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/18/2012 4:25:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/18/2012 4:25:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/18/2012 4:25:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/18/2012 4:25:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800033c2a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011812-38703-01.
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 CbFs DfsC discache DVMIO eeCtrl IDSVia64 MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/18/2012 4:24:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/18/2012 4:06:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/18/2012 10:58:53 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 9:33:46 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 8:46:03 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 8:33:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 8:26:52 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 8:24:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007045b Error description: A system shutdown is in progress. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    1/17/2012 8:24:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 8:13:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 8:13:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
    1/17/2012 8:13:02 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/17/2012 8:13:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
    1/17/2012 7:15:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 7:05:15 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 5:30:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2585542).
    1/17/2012 5:25:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 5:20:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 5:07:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 4:45:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 11:31:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 11:26:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/17/2012 11:25:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    1/17/2012 11:25:55 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/17/2012 11:14:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 10:35:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 10:31:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/17/2012 1:22:21 PM, Error: Service Control Manager [7034] - The lxcr_device service terminated unexpectedly. It has done this 1 time(s).
    1/17/2012 1:07:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/16/2012 7:30:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/16/2012 7:19:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/16/2012 12:54:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/16/2012 12:03:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/16/2012 11:36:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/15/2012 9:13:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/15/2012 8:02:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/15/2012 4:19:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/15/2012 4:09:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/15/2012 11:59:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/15/2012 10:43:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/14/2012 7:31:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/14/2012 7:03:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/14/2012 6:52:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/14/2012 6:27:37 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/14/2012 6:02:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/14/2012 3:33:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/14/2012 2:58:54 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/14/2012 2:38:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/14/2012 12:17:45 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/14/2012 12:05:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/13/2012 9:32:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/13/2012 9:01:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/13/2012 7:08:52 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/13/2012 12:49:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/13/2012 12:37:32 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/13/2012 10:45:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/13/2012 10:10:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/13/2012 1:24:59 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/12/2012 8:24:59 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/12/2012 7:59:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/12/2012 7:15:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/12/2012 6:15:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/12/2012 4:31:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/12/2012 3:03:23 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
    1/12/2012 2:50:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/11/2012 9:16:21 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/11/2012 3:43:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/11/2012 11:47:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    1/11/2012 11:32:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    1/11/2012 1:57:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    .
    ==== End Of File ===========================









    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Kandy at 20:50:30 on 2012-01-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2350 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxcrcoms.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\fxssvc.exe
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Windows\system32\wbem\unsecapp.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mStart Page = hxxp://search.myheritage.com
    uInternet Settings,ProxyOverride = *.local
    BHO: AutorunsDisabled - No File
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: pearsoncmg.com
    Trusted Zone: pearsoned.com
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5DFFB854-6036-4926-A6BE-C4C734D85557} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5DFFB854-6036-4926-A6BE-C4C734D85557}\C414552514D20534D275962756C6563737 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A} : NameServer = 0.0.0.0
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: AutorunsDisabled - No File
    BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    IE-X64: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 CbFs;CbFs;\??\C:\Windows\system32\drivers\cbfs64.sys --> C:\Windows\system32\drivers\cbfs64.sys [?]
    R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-9 89600]
    R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-9-29 338208]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-8-5 681528]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-9 13336]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-9 2533400]
    R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
    S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
    S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
    S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
    S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\lgandadb.sys --> C:\Windows\system32\Drivers\lgandadb.sys [?]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
    S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    .
    =============== Created Last 30 ================
    .
    2012-01-19 01:30:17 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18CD9ADD-7EAB-41A5-923C-FC6B0ACDB934}\mpengine.dll
    2012-01-18 18:52:39 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2012-01-18 18:37:57 -------- d-----w- C:\N360_BACKUP
    2012-01-18 18:33:22 -------- d-----w- C:\Users\Kandy\AppData\Roaming\Tific
    2012-01-18 18:33:19 -------- d-----w- C:\Users\Kandy\AppData\Local\Symantec
    2012-01-18 18:31:20 -------- d-----w- C:\Program Files\Symantec
    2012-01-18 18:30:14 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
    2012-01-18 18:29:55 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2012-01-18 16:40:37 -------- d-----w- C:\ProgramData\Norton
    2012-01-18 13:10:52 -------- d-----w- C:\Users\Kandy\AppData\Local\ID Vault
    2012-01-18 13:10:52 -------- d-----w- C:\ProgramData\IsolatedStorage
    2012-01-18 13:09:47 -------- d-----w- C:\Users\Kandy\AppData\Roaming\ID Vault
    2012-01-18 13:09:06 -------- d-----w- C:\ProgramData\GID
    2012-01-18 13:09:04 -------- d-----w- C:\Program Files (x86)\SFT
    2012-01-18 13:08:40 -------- d-----w- C:\Program Files (x86)\comcasttb
    2012-01-18 13:08:27 -------- d-----w- C:\Program Files (x86)\CA
    2012-01-18 13:07:51 -------- d-----w- C:\Program Files (x86)\xfin_portal
    2012-01-18 13:07:34 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
    2012-01-18 13:05:29 -------- d-----w- C:\ProgramData\White Sky, Inc
    2012-01-18 03:34:55 20480 ----a-w- C:\Windows\svchost.exe
    2012-01-17 22:31:06 314880 ----a-w- C:\Windows\SysWow64\webio.dll
    2012-01-17 22:31:06 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-01-17 22:31:05 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-01-17 22:31:05 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-01-17 22:30:56 395776 ----a-w- C:\Windows\System32\webio.dll
    2012-01-17 22:30:55 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-01-17 22:30:54 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-01-17 22:30:54 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-01-17 22:30:54 31232 ----a-w- C:\Windows\System32\lsass.exe
    2012-01-17 22:30:54 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2012-01-17 22:30:54 28160 ----a-w- C:\Windows\System32\secur32.dll
    2012-01-17 22:30:54 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-01-17 22:30:54 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2012-01-17 22:30:54 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2012-01-12 22:14:24 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-01-12 22:14:24 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-01-12 22:14:24 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-01-12 22:13:13 -------- d-----w- C:\Program Files\iPod
    2012-01-12 22:13:12 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2012-01-12 22:13:11 -------- d-----w- C:\Program Files\iTunes
    2012-01-12 22:13:11 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-01-12 22:11:13 -------- d-----w- C:\Program Files\Bonjour
    2012-01-12 22:11:13 -------- d-----w- C:\Program Files (x86)\Bonjour
    2012-01-11 14:22:28 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-01-11 14:22:28 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-01-11 14:22:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-01-11 14:22:26 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-01-11 14:22:24 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-01-11 14:22:23 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-01-11 14:22:23 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-01-11 14:22:23 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-01-07 00:18:58 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll
    2012-01-07 00:06:46 -------- d-----w- C:\Windows\SysWow64\directx
    2012-01-05 21:02:14 -------- d-----w- C:\Users\Kandy\Davids music
    .
    ==================== Find3M ====================
    .
    2011-12-26 08:41:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-06-03 20:25:52 625984 ----a-w- C:\Program Files (x86)\Common Files\ZugoInstaller.exe
    2010-07-08 14:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
    .
    ============= FINISH: 20:52:36.57 ===============
     
  2. kandy123

    kandy123 Thread Starter

    Joined:
    Aug 16, 2007
    Messages:
    83
    While I am waiting I thought I would update with new issues. I run scans almost all day to see if it will fix. Today I thought I would try system restore. All my restore points have been erased including the backup to 'out of the box'. Also, my firewall is disabled and when I try to turn it back on it says I am not able. Lastly for today, Microsoft Security Center has a problem and will not open. Thanks much.

    Kandy
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Download RogueKiller to your desktop

    • Quit all running programs
    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • When prompted, type 1 and validate by tapping Enter
    • The RKreport.txt shall be generated next to the executable.
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    Please post the contents of the RKreport.txt in your next Reply.

    Kevin
     
  4. kandy123

    kandy123 Thread Starter

    Joined:
    Aug 16, 2007
    Messages:
    83
    Thanks Kevin for helping me out. I know you guys are so busy and successful.

    Here is the Roguekill (If I did it correctly.)

    RogueKiller V6.2.4 [01/12/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Kandy [Admin rights]
    Mode: Scan -- Date : 01/19/2012 18:39:38

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 4 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A} : NameServer (0.0.0.0) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A} : NameServer (0.0.0.0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    ::1 localhost
    188.119.151.113 www.google-analytics.com.
    188.119.151.113 ad-emea.doubleclick.net.
    188.119.151.113 www.statcounter.com.
    69.72.252.254 www.google-analytics.com.
    69.72.252.254 ad-emea.doubleclick.net.
    69.72.252.254 www.statcounter.com.


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 747bc3ebb45011c3a76199e28d617295
    [BSP] 8b2e311d429bae2828f189a9e2172a71 : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 208 Mo
    1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 465408 Mo
    2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 909410304 | Size: 34380 Mo
    3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 976560128 | Size: 108 Mo
    User != LL1 ... KO!
    --- LL1 ---
    [MBR] 648629dd17fd7d761d71a782ad0210ce
    [BSP] 1ad9b938c8027b17d0a8efd91e65b090 : PiHar MBR Code!
    Partition table:
    0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 208 Mo
    1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 465408 Mo
    2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 909410304 | Size: 34380 Mo
    3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 976560128 | Size: 108 Mo
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 648629dd17fd7d761d71a782ad0210ce
    [BSP] 1ad9b938c8027b17d0a8efd91e65b090 : PiHar MBR Code!
    Partition table:
    0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 208 Mo
    1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 465408 Mo
    2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 909410304 | Size: 34380 Mo
    3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 976560128 | Size: 108 Mo

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
     
  6. kandy123

    kandy123 Thread Starter

    Joined:
    Aug 16, 2007
    Messages:
    83
    Ok. I did this and this time on the automatic reboot, the system came up on its own. Here is the log.

    18:53:43.0425 6440 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
    18:53:43.0695 6440 ============================================================
    18:53:43.0695 6440 Current date / time: 2012/01/19 18:53:43.0695
    18:53:43.0695 6440 SystemInfo:
    18:53:43.0695 6440
    18:53:43.0695 6440 OS Version: 6.1.7601 ServicePack: 1.0
    18:53:43.0695 6440 Product type: Workstation
    18:53:43.0695 6440 ComputerName: HP
    18:53:43.0695 6440 UserName: Kandy
    18:53:43.0695 6440 Windows directory: C:\Windows
    18:53:43.0695 6440 System windows directory: C:\Windows
    18:53:43.0695 6440 Running under WOW64
    18:53:43.0695 6440 Processor architecture: Intel x64
    18:53:43.0695 6440 Number of processors: 4
    18:53:43.0695 6440 Page size: 0x1000
    18:53:43.0695 6440 Boot type: Normal boot
    18:53:43.0695 6440 ============================================================
    18:53:44.0537 6440 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:53:44.0627 6440 Initialize success
    18:54:43.0101 5564 ============================================================
    18:54:43.0101 5564 Scan started
    18:54:43.0101 5564 Mode: Manual; SigCheck; TDLFS;
    18:54:43.0101 5564 ============================================================
    18:54:43.0482 5564 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    18:54:43.0622 5564 1394ohci - ok
    18:54:43.0682 5564 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
    18:54:43.0752 5564 Accelerometer - ok
    18:54:43.0852 5564 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    18:54:43.0912 5564 ACPI - ok
    18:54:43.0952 5564 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    18:54:44.0052 5564 AcpiPmi - ok
    18:54:44.0182 5564 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:54:44.0242 5564 adp94xx - ok
    18:54:44.0352 5564 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    18:54:44.0402 5564 adpahci - ok
    18:54:44.0442 5564 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    18:54:44.0482 5564 adpu320 - ok
    18:54:44.0652 5564 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    18:54:44.0752 5564 AFD - ok
    18:54:44.0912 5564 AgereSoftModem (d7cf6568aa20a5b5cdbfecd097b615db) C:\Windows\system32\DRIVERS\agrsm64.sys
    18:54:45.0022 5564 AgereSoftModem - ok
    18:54:45.0132 5564 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    18:54:45.0162 5564 agp440 - ok
    18:54:45.0232 5564 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    18:54:45.0262 5564 aliide - ok
    18:54:45.0343 5564 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    18:54:45.0383 5564 amdide - ok
    18:54:45.0443 5564 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    18:54:45.0513 5564 AmdK8 - ok
    18:54:45.0633 5564 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:54:45.0683 5564 AmdPPM - ok
    18:54:45.0813 5564 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    18:54:45.0843 5564 amdsata - ok
    18:54:45.0893 5564 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:54:45.0933 5564 amdsbs - ok
    18:54:46.0033 5564 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    18:54:46.0063 5564 amdxata - ok
    18:54:46.0143 5564 AmUStor (2ebbb690068ee790c77ee4ae41ed777c) C:\Windows\system32\drivers\AmUStor.SYS
    18:54:46.0213 5564 AmUStor - ok
    18:54:46.0333 5564 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
    18:54:46.0393 5564 Andbus - ok
    18:54:46.0513 5564 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
    18:54:46.0553 5564 AndDiag - ok
    18:54:46.0603 5564 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
    18:54:46.0653 5564 AndGps - ok
    18:54:46.0743 5564 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
    18:54:46.0793 5564 ANDModem - ok
    18:54:46.0843 5564 androidusb (9c1751b2e733471ae07561028b7d2a9b) C:\Windows\system32\Drivers\lgandadb.sys
    18:54:46.0903 5564 androidusb - ok
    18:54:47.0033 5564 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    18:54:47.0213 5564 AppID - ok
    18:54:47.0363 5564 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    18:54:47.0393 5564 arc - ok
    18:54:47.0443 5564 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    18:54:47.0503 5564 arcsas - ok
    18:54:47.0623 5564 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:54:47.0723 5564 AsyncMac - ok
    18:54:47.0773 5564 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    18:54:47.0803 5564 atapi - ok
    18:54:47.0973 5564 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    18:54:48.0053 5564 b06bdrv - ok
    18:54:48.0163 5564 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:54:48.0233 5564 b57nd60a - ok
    18:54:48.0353 5564 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:54:48.0473 5564 Beep - ok
    18:54:48.0583 5564 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:54:48.0643 5564 blbdrive - ok
    18:54:48.0763 5564 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    18:54:48.0843 5564 bowser - ok
    18:54:48.0953 5564 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:54:49.0063 5564 BrFiltLo - ok
    18:54:49.0163 5564 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:54:49.0203 5564 BrFiltUp - ok
    18:54:49.0263 5564 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:54:49.0353 5564 Brserid - ok
    18:54:49.0463 5564 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:54:49.0523 5564 BrSerWdm - ok
    18:54:49.0553 5564 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:54:49.0613 5564 BrUsbMdm - ok
    18:54:49.0733 5564 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:54:49.0773 5564 BrUsbSer - ok
    18:54:49.0803 5564 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:54:49.0863 5564 BTHMODEM - ok
    18:54:50.0023 5564 CbFs (5fe05bb71c1d0878163334f5c8d99016) C:\Windows\system32\drivers\cbfs64.sys
    18:54:50.0103 5564 CbFs - ok
    18:54:50.0123 5564 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:54:50.0253 5564 cdfs - ok
    18:54:50.0353 5564 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    18:54:50.0414 5564 cdrom - ok
    18:54:50.0554 5564 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    18:54:50.0624 5564 circlass - ok
    18:54:50.0674 5564 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:54:50.0724 5564 CLFS - ok
    18:54:50.0884 5564 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
    18:54:50.0954 5564 clwvd - ok
    18:54:51.0074 5564 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:54:51.0114 5564 CmBatt - ok
    18:54:51.0164 5564 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    18:54:51.0194 5564 cmdide - ok
    18:54:51.0304 5564 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    18:54:51.0414 5564 CNG - ok
    18:54:51.0524 5564 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    18:54:51.0564 5564 Compbatt - ok
    18:54:51.0614 5564 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    18:54:51.0674 5564 CompositeBus - ok
    18:54:51.0794 5564 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:54:51.0824 5564 crcdisk - ok
    18:54:51.0914 5564 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    18:54:52.0024 5564 DfsC - ok
    18:54:52.0134 5564 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:54:52.0254 5564 discache - ok
    18:54:52.0374 5564 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    18:54:52.0414 5564 Disk - ok
    18:54:52.0484 5564 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:54:52.0534 5564 drmkaud - ok
    18:54:52.0634 5564 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
    18:54:52.0664 5564 DVMIO - ok
    18:54:52.0744 5564 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    18:54:52.0834 5564 DXGKrnl - ok
    18:54:53.0014 5564 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    18:54:53.0174 5564 ebdrv - ok
    18:54:53.0325 5564 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    18:54:53.0385 5564 elxstor - ok
    18:54:53.0485 5564 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    18:54:53.0545 5564 ErrDev - ok
    18:54:53.0695 5564 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:54:53.0835 5564 exfat - ok
    18:54:53.0865 5564 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:54:53.0995 5564 fastfat - ok
    18:54:54.0105 5564 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    18:54:54.0165 5564 fdc - ok
    18:54:54.0285 5564 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:54:54.0325 5564 FileInfo - ok
    18:54:54.0355 5564 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:54:54.0525 5564 Filetrace - ok
    18:54:54.0635 5564 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:54:54.0705 5564 flpydisk - ok
    18:54:54.0755 5564 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    18:54:54.0855 5564 FltMgr - ok
    18:54:54.0965 5564 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:54:55.0005 5564 FsDepends - ok
    18:54:55.0035 5564 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    18:54:55.0065 5564 Fs_Rec - ok
    18:54:55.0115 5564 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:54:55.0165 5564 fvevol - ok
    18:54:55.0275 5564 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:54:55.0315 5564 gagp30kx - ok
    18:54:55.0355 5564 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:54:55.0386 5564 GEARAspiWDM - ok
    18:54:55.0506 5564 GIDv2 (9ba22aee7f531ef9ce085cc2e1112bc4) C:\Windows\system32\drivers\GIDv2.sys
    18:54:55.0556 5564 GIDv2 - ok
    18:54:55.0596 5564 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:54:55.0676 5564 hcw85cir - ok
    18:54:55.0796 5564 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    18:54:55.0886 5564 HdAudAddService - ok
    18:54:55.0916 5564 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    18:54:55.0986 5564 HDAudBus - ok
    18:54:56.0096 5564 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    18:54:56.0126 5564 HECIx64 - ok
    18:54:56.0156 5564 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:54:56.0216 5564 HidBatt - ok
    18:54:56.0336 5564 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    18:54:56.0396 5564 HidBth - ok
    18:54:56.0436 5564 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    18:54:56.0506 5564 HidIr - ok
    18:54:56.0636 5564 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    18:54:56.0686 5564 HidUsb - ok
    18:54:56.0896 5564 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
    18:54:56.0926 5564 hpdskflt - ok
    18:54:56.0986 5564 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    18:54:57.0026 5564 HpSAMD - ok
    18:54:57.0206 5564 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    18:54:57.0356 5564 HTTP - ok
    18:54:57.0456 5564 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    18:54:57.0486 5564 hwpolicy - ok
    18:54:57.0536 5564 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    18:54:57.0576 5564 i8042prt - ok
    18:54:57.0686 5564 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\Windows\system32\DRIVERS\iaStor.sys
    18:54:57.0756 5564 iaStor - ok
    18:54:57.0876 5564 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    18:54:57.0936 5564 iaStorV - ok
    18:54:58.0256 5564 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
    18:54:58.0786 5564 igfx - ok
    18:54:58.0886 5564 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    18:54:58.0916 5564 iirsp - ok
    18:54:58.0986 5564 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    18:54:59.0046 5564 Impcd - ok
    18:54:59.0176 5564 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
    18:54:59.0246 5564 IntcDAud - ok
    18:54:59.0286 5564 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    18:54:59.0326 5564 intelide - ok
    18:54:59.0436 5564 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    18:54:59.0486 5564 intelppm - ok
    18:54:59.0556 5564 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:54:59.0676 5564 IpFilterDriver - ok
    18:54:59.0776 5564 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    18:54:59.0836 5564 IPMIDRV - ok
    18:54:59.0896 5564 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:55:00.0016 5564 IPNAT - ok
    18:55:00.0186 5564 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:55:00.0246 5564 IRENUM - ok
    18:55:00.0286 5564 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    18:55:00.0326 5564 isapnp - ok
    18:55:00.0436 5564 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    18:55:00.0496 5564 iScsiPrt - ok
    18:55:00.0696 5564 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    18:55:00.0726 5564 kbdclass - ok
    18:55:00.0776 5564 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    18:55:00.0816 5564 kbdhid - ok
    18:55:00.0856 5564 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    18:55:00.0906 5564 KSecDD - ok
    18:55:00.0996 5564 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    18:55:01.0046 5564 KSecPkg - ok
    18:55:01.0106 5564 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:55:01.0226 5564 ksthunk - ok
    18:55:01.0407 5564 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:55:01.0517 5564 lltdio - ok
    18:55:01.0677 5564 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:55:01.0707 5564 LSI_FC - ok
    18:55:01.0747 5564 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:55:01.0777 5564 LSI_SAS - ok
    18:55:01.0817 5564 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:55:01.0847 5564 LSI_SAS2 - ok
    18:55:01.0967 5564 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:55:01.0997 5564 LSI_SCSI - ok
    18:55:02.0027 5564 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:55:02.0157 5564 luafv - ok
    18:55:02.0297 5564 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    18:55:02.0327 5564 megasas - ok
    18:55:02.0357 5564 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:55:02.0407 5564 MegaSR - ok
    18:55:02.0557 5564 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:55:02.0687 5564 Modem - ok
    18:55:02.0787 5564 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:55:02.0857 5564 monitor - ok
    18:55:02.0957 5564 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    18:55:02.0997 5564 mouclass - ok
    18:55:03.0047 5564 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:55:03.0097 5564 mouhid - ok
    18:55:03.0217 5564 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    18:55:03.0257 5564 mountmgr - ok
    18:55:03.0297 5564 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    18:55:03.0347 5564 MpFilter - ok
    18:55:03.0387 5564 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    18:55:03.0427 5564 mpio - ok
    18:55:03.0557 5564 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    18:55:03.0587 5564 MpNWMon - ok
    18:55:03.0617 5564 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:55:03.0747 5564 mpsdrv - ok
    18:55:03.0857 5564 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    18:55:03.0937 5564 MRxDAV - ok
    18:55:03.0977 5564 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:55:04.0047 5564 mrxsmb - ok
    18:55:04.0147 5564 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:55:04.0197 5564 mrxsmb10 - ok
    18:55:04.0237 5564 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:55:04.0277 5564 mrxsmb20 - ok
    18:55:04.0327 5564 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    18:55:04.0358 5564 msahci - ok
    18:55:04.0458 5564 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    18:55:04.0498 5564 msdsm - ok
    18:55:04.0558 5564 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:55:04.0658 5564 Msfs - ok
    18:55:04.0778 5564 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:55:04.0888 5564 mshidkmdf - ok
    18:55:04.0928 5564 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    18:55:04.0968 5564 msisadrv - ok
    18:55:05.0078 5564 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:55:05.0198 5564 MSKSSRV - ok
    18:55:05.0228 5564 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:55:05.0338 5564 MSPCLOCK - ok
    18:55:05.0449 5564 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:55:05.0549 5564 MSPQM - ok
    18:55:05.0619 5564 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    18:55:05.0679 5564 MsRPC - ok
    18:55:05.0789 5564 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    18:55:05.0829 5564 mssmbios - ok
    18:55:05.0869 5564 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:55:05.0989 5564 MSTEE - ok
    18:55:06.0089 5564 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:55:06.0139 5564 MTConfig - ok
    18:55:06.0169 5564 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:55:06.0199 5564 Mup - ok
    18:55:06.0249 5564 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:55:06.0349 5564 NativeWifiP - ok
    18:55:06.0479 5564 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    18:55:06.0569 5564 NDIS - ok
    18:55:06.0699 5564 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:55:06.0799 5564 NdisCap - ok
    18:55:06.0839 5564 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:55:06.0949 5564 NdisTapi - ok
    18:55:06.0989 5564 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:55:07.0089 5564 Ndisuio - ok
    18:55:07.0189 5564 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:55:07.0309 5564 NdisWan - ok
    18:55:07.0369 5564 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    18:55:07.0479 5564 NDProxy - ok
    18:55:07.0579 5564 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:55:07.0689 5564 NetBIOS - ok
    18:55:07.0729 5564 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    18:55:07.0869 5564 NetBT - ok
    18:55:08.0189 5564 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
    18:55:08.0559 5564 NETw5s64 - ok
    18:55:08.0809 5564 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    18:55:09.0089 5564 netw5v64 - ok
    18:55:09.0409 5564 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
    18:55:09.0869 5564 NETwNs64 - ok
    18:55:09.0979 5564 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:55:10.0009 5564 nfrd960 - ok
    18:55:10.0079 5564 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    18:55:10.0109 5564 NisDrv - ok
    18:55:10.0219 5564 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:55:10.0349 5564 Npfs - ok
    18:55:10.0379 5564 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:55:10.0469 5564 nsiproxy - ok
    18:55:10.0549 5564 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    18:55:10.0659 5564 Ntfs - ok
    18:55:10.0749 5564 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:55:10.0869 5564 Null - ok
    18:55:10.0919 5564 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    18:55:10.0959 5564 nvraid - ok
    18:55:11.0069 5564 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    18:55:11.0129 5564 nvstor - ok
    18:55:11.0179 5564 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    18:55:11.0229 5564 nv_agp - ok
    18:55:11.0359 5564 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    18:55:11.0439 5564 ohci1394 - ok
    18:55:11.0569 5564 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    18:55:11.0619 5564 Parport - ok
    18:55:11.0669 5564 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    18:55:11.0719 5564 partmgr - ok
    18:55:11.0769 5564 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    18:55:11.0819 5564 pci - ok
    18:55:11.0909 5564 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    18:55:11.0939 5564 pciide - ok
    18:55:11.0989 5564 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:55:12.0039 5564 pcmcia - ok
    18:55:12.0069 5564 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:55:12.0099 5564 pcw - ok
    18:55:12.0209 5564 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:55:12.0349 5564 PEAUTH - ok
    18:55:12.0619 5564 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    18:55:12.0749 5564 PptpMiniport - ok
    18:55:12.0779 5564 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    18:55:12.0839 5564 Processor - ok
    18:55:12.0969 5564 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    18:55:13.0099 5564 Psched - ok
    18:55:13.0189 5564 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    18:55:13.0279 5564 ql2300 - ok
    18:55:13.0369 5564 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:55:13.0399 5564 ql40xx - ok
    18:55:13.0439 5564 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:55:13.0500 5564 QWAVEdrv - ok
    18:55:13.0530 5564 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:55:13.0630 5564 RasAcd - ok
    18:55:13.0770 5564 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:55:13.0870 5564 RasAgileVpn - ok
    18:55:13.0930 5564 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:55:14.0020 5564 Rasl2tp - ok
    18:55:14.0120 5564 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:55:14.0230 5564 RasPppoe - ok
    18:55:14.0270 5564 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:55:14.0400 5564 RasSstp - ok
    18:55:14.0510 5564 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    18:55:14.0650 5564 rdbss - ok
    18:55:14.0690 5564 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:55:14.0750 5564 rdpbus - ok
    18:55:14.0860 5564 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:55:14.0970 5564 RDPCDD - ok
    18:55:15.0010 5564 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:55:15.0120 5564 RDPENCDD - ok
    18:55:15.0220 5564 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:55:15.0320 5564 RDPREFMP - ok
    18:55:15.0380 5564 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    18:55:15.0491 5564 RDPWD - ok
    18:55:15.0551 5564 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    18:55:15.0601 5564 rdyboost - ok
    18:55:15.0731 5564 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:55:15.0861 5564 rspndr - ok
    18:55:15.0901 5564 RTL8167 (6074829c74c5c72ab65ad2cee9c1bb47) C:\Windows\system32\DRIVERS\Rt64win7.sys
    18:55:15.0951 5564 RTL8167 - ok
    18:55:16.0051 5564 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    18:55:16.0081 5564 SASDIFSV - ok
    18:55:16.0101 5564 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    18:55:16.0131 5564 SASKUTIL - ok
    18:55:16.0231 5564 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    18:55:16.0271 5564 sbp2port - ok
    18:55:16.0311 5564 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    18:55:16.0421 5564 scfilter - ok
    18:55:16.0551 5564 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    18:55:16.0631 5564 sdbus - ok
    18:55:16.0681 5564 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:55:16.0791 5564 secdrv - ok
    18:55:16.0891 5564 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:55:16.0921 5564 Serenum - ok
    18:55:16.0951 5564 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:55:16.0991 5564 Serial - ok
    18:55:17.0031 5564 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    18:55:17.0081 5564 sermouse - ok
    18:55:17.0211 5564 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    18:55:17.0281 5564 sffdisk - ok
    18:55:17.0311 5564 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    18:55:17.0361 5564 sffp_mmc - ok
    18:55:17.0471 5564 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    18:55:17.0521 5564 sffp_sd - ok
    18:55:17.0581 5564 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:55:17.0631 5564 sfloppy - ok
    18:55:17.0821 5564 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:55:17.0861 5564 SiSRaid2 - ok
    18:55:17.0891 5564 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:55:17.0931 5564 SiSRaid4 - ok
    18:55:17.0981 5564 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:55:18.0091 5564 Smb - ok
    18:55:18.0231 5564 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:55:18.0551 5564 spldr - ok
    18:55:18.0691 5564 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    18:55:18.0781 5564 srv - ok
    18:55:18.0911 5564 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    18:55:18.0991 5564 srv2 - ok
    18:55:19.0101 5564 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    18:55:19.0161 5564 SrvHsfHDA - ok
    18:55:19.0291 5564 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    18:55:19.0381 5564 SrvHsfV92 - ok
    18:55:19.0511 5564 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    18:55:19.0591 5564 SrvHsfWinac - ok
    18:55:19.0691 5564 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    18:55:19.0761 5564 srvnet - ok
    18:55:19.0881 5564 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    18:55:19.0921 5564 stexstor - ok
    18:55:19.0981 5564 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
    18:55:20.0071 5564 STHDA - ok
    18:55:20.0221 5564 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    18:55:20.0251 5564 swenum - ok
    18:55:20.0341 5564 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
    18:55:20.0461 5564 SynTP - ok
    18:55:20.0611 5564 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    18:55:20.0761 5564 Tcpip - ok
    18:55:20.0981 5564 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    18:55:21.0101 5564 TCPIP6 - ok
    18:55:21.0211 5564 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    18:55:21.0311 5564 tcpipreg - ok
    18:55:21.0361 5564 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:55:21.0451 5564 TDPIPE - ok
    18:55:21.0563 5564 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    18:55:21.0643 5564 TDTCP - ok
    18:55:21.0693 5564 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    18:55:21.0793 5564 tdx - ok
    18:55:21.0953 5564 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    18:55:22.0023 5564 TermDD - ok
    18:55:22.0243 5564 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:55:22.0363 5564 tssecsrv - ok
    18:55:22.0393 5564 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    18:55:22.0463 5564 TsUsbFlt - ok
    18:55:22.0583 5564 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    18:55:22.0713 5564 tunnel - ok
    18:55:22.0763 5564 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    18:55:22.0813 5564 uagp35 - ok
    18:55:22.0933 5564 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    18:55:23.0063 5564 udfs - ok
    18:55:23.0123 5564 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    18:55:23.0163 5564 uliagpkx - ok
    18:55:23.0283 5564 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    18:55:23.0343 5564 umbus - ok
    18:55:23.0393 5564 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    18:55:23.0443 5564 UmPass - ok
    18:55:23.0573 5564 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    18:55:23.0643 5564 USBAAPL64 - ok
    18:55:23.0703 5564 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    18:55:23.0773 5564 usbaudio - ok
    18:55:23.0883 5564 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:55:23.0943 5564 usbccgp - ok
    18:55:24.0053 5564 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    18:55:24.0123 5564 usbcir - ok
    18:55:24.0163 5564 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    18:55:24.0223 5564 usbehci - ok
    18:55:24.0323 5564 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    18:55:24.0393 5564 usbhub - ok
    18:55:24.0443 5564 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    18:55:24.0503 5564 usbohci - ok
    18:55:24.0603 5564 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    18:55:24.0673 5564 usbprint - ok
    18:55:24.0703 5564 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    18:55:24.0753 5564 usbscan - ok
    18:55:24.0853 5564 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:55:24.0923 5564 USBSTOR - ok
    18:55:24.0963 5564 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    18:55:25.0003 5564 usbuhci - ok
    18:55:25.0123 5564 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    18:55:25.0183 5564 usbvideo - ok
    18:55:25.0233 5564 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    18:55:25.0263 5564 vdrvroot - ok
    18:55:25.0373 5564 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:55:25.0423 5564 vga - ok
    18:55:25.0463 5564 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:55:25.0593 5564 VgaSave - ok
    18:55:25.0653 5564 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    18:55:25.0713 5564 vhdmp - ok
    18:55:25.0803 5564 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    18:55:25.0833 5564 viaide - ok
    18:55:25.0863 5564 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    18:55:25.0893 5564 volmgr - ok
    18:55:25.0943 5564 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    18:55:25.0993 5564 volmgrx - ok
    18:55:26.0083 5564 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    18:55:26.0133 5564 volsnap - ok
    18:55:26.0183 5564 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:55:26.0223 5564 vsmraid - ok
    18:55:26.0353 5564 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    18:55:26.0413 5564 vwifibus - ok
    18:55:26.0443 5564 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    18:55:26.0514 5564 vwififlt - ok
    18:55:26.0635 5564 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    18:55:26.0685 5564 vwifimp - ok
    18:55:26.0735 5564 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    18:55:26.0795 5564 WacomPen - ok
    18:55:26.0905 5564 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:55:27.0025 5564 WANARP - ok
    18:55:27.0025 5564 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:55:27.0125 5564 Wanarpv6 - ok
    18:55:27.0195 5564 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    18:55:27.0225 5564 Wd - ok
    18:55:27.0305 5564 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:55:27.0365 5564 Wdf01000 - ok
    18:55:27.0465 5564 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
    18:55:27.0495 5564 wdkmd - ok
    18:55:27.0546 5564 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:55:27.0656 5564 WfpLwf - ok
    18:55:27.0776 5564 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:55:27.0806 5564 WIMMount - ok
    18:55:27.0996 5564 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    18:55:28.0056 5564 WinUsb - ok
    18:55:28.0186 5564 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    18:55:28.0236 5564 WmiAcpi - ok
    18:55:28.0306 5564 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:55:28.0416 5564 ws2ifsl - ok
    18:55:28.0526 5564 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    18:55:28.0646 5564 WudfPf - ok
    18:55:28.0766 5564 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:55:28.0896 5564 WUDFRd - ok
    18:55:29.0026 5564 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    18:55:29.0096 5564 yukonw7 - ok
    18:55:29.0176 5564 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0
    18:55:29.0206 5564 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    18:55:29.0206 5564 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    18:55:29.0236 5564 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    18:55:29.0236 5564 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    18:55:29.0266 5564 Boot (0x1200) (6cc633cacf9659960d7d291bc2e8263e) \Device\Harddisk0\DR0\Partition0
    18:55:29.0276 5564 \Device\Harddisk0\DR0\Partition0 - ok
    18:55:29.0286 5564 Boot (0x1200) (6c64312669ced661972b133046a294c8) \Device\Harddisk0\DR0\Partition1
    18:55:29.0286 5564 \Device\Harddisk0\DR0\Partition1 - ok
    18:55:29.0326 5564 Boot (0x1200) (1d96079336252f7743eed5a8b5dbbb5a) \Device\Harddisk0\DR0\Partition2
    18:55:29.0326 5564 \Device\Harddisk0\DR0\Partition2 - ok
    18:55:29.0346 5564 Boot (0x1200) (a41414e267ba3d1a84fde624ab339814) \Device\Harddisk0\DR0\Partition3
    18:55:29.0346 5564 \Device\Harddisk0\DR0\Partition3 - ok
    18:55:29.0346 5564 ============================================================
    18:55:29.0346 5564 Scan finished
    18:55:29.0346 5564 ============================================================
    18:55:29.0366 6256 Detected object count: 2
    18:55:29.0366 6256 Actual detected object count: 2
    18:55:40.0618 6256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    18:55:40.0618 6256 \Device\Harddisk0\DR0 - ok
    18:55:40.0618 6256 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    18:55:40.0618 6256 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    18:55:40.0618 6256 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    18:55:58.0171 6272 Deinitialize success
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     
  8. kandy123

    kandy123 Thread Starter

    Joined:
    Aug 16, 2007
    Messages:
    83
    Ok, here is this one. Thanks again.

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.19.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Kandy :: HP [administrator]

    1/19/2012 7:15:52 PM
    mbam-log-2012-01-19 (19-15-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 194645
    Time elapsed: 5 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\Temp\wmcexsrona.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Quit all running programs and run RogueKiller once again.

    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • When prompted, type 2 and validate by tapping Enter
    • The RKreport.txt shall be generated next to the executable.
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

    Please post the contents of the RKreport.txt in your next Reply.

    Next,

    Quit all running programs and run RogueKiller once again.

    • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    • When prompted, type 3 and validate by tapping Enter
    • The RKreport.txt shall be generated next to the executable.
    • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

    Please post the contents of the RKreport.txt in your next Reply.

    Next,

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Let me see the two new logs from RogueKiller and the log from ESET in your reply, also give an update on current issues/concerns....

    I`m in the UK, local time for me is 30 mins after midnight, I`m off to bed. The ESET scan will take a few hours to complete, i`ll catch up later.

    We`ve made excellent progress!

    Kevin
     
  10. kandy123

    kandy123 Thread Starter

    Joined:
    Aug 16, 2007
    Messages:
    83
    Thank you so much. Have a peaceful sleep and I will update the files in the morning. I am in Tennessee, USA and it is 7:50 pm. I will catch up with you later in the evening tomorrow. You are so gracious to use your gifts to help others.

    Thanks again. I will post in the morning.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    OK, post the logs when you`re ready....

    Kevin
     
  12. kandy123

    kandy123 Thread Starter

    Joined:
    Aug 16, 2007
    Messages:
    83
    Good afternoon Kevin. Here are the logs from yesterday.
    RK #2
    RogueKiller V6.2.4 [01/12/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Kandy [Admin rights]
    Mode: Remove -- Date : 01/19/2012 19:43:49

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 4 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A} : NameServer (0.0.0.0) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{93EE0E1A-01FE-4CE6-8F36-35FF574A8B6A} : NameServer (0.0.0.0) -> NOT REMOVED, USE DNSFIX
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    ::1 localhost
    188.119.151.113 www.google-analytics.com.
    188.119.151.113 ad-emea.doubleclick.net.
    188.119.151.113 www.statcounter.com.
    69.72.252.254 www.google-analytics.com.
    69.72.252.254 ad-emea.doubleclick.net.
    69.72.252.254 www.statcounter.com.


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 747bc3ebb45011c3a76199e28d617295
    [BSP] 8b2e311d429bae2828f189a9e2172a71 : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 208 Mo
    1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 409600 | Size: 465408 Mo
    2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 909410304 | Size: 34380 Mo
    3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 976560128 | Size: 108 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt



    RK #3

    RogueKiller V6.2.4 [01/12/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Kandy [Admin rights]
    Mode: HOSTSFix -- Date : 01/19/2012 19:44:24

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    ::1 localhost
    188.119.151.113 www.google-analytics.com.
    188.119.151.113 ad-emea.doubleclick.net.
    188.119.151.113 www.statcounter.com.
    69.72.252.254 www.google-analytics.com.
    69.72.252.254 ad-emea.doubleclick.net.
    69.72.252.254 www.statcounter.com.


    ¤¤¤ Resetted HOSTS: ¤¤¤
    127.0.0.1 localhost

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



    EST scan


    C:\Program Files (x86)\Common Files\ZugoInstaller.exe multiple threats
    C:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Toolbar.Widgi application
    C:\Windows\ServiceProfiles\LocalService\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\502f7dda-45a3fa46 a variant of Java/TrojanDownloader.Agent.NDJ trojan
    C:\Windows\ServiceProfiles\LocalService\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\81bedde-3a658682 a variant of Java/TrojanDownloader.Agent.NDJ trojan
     
  13. kandy123

    kandy123 Thread Starter

    Joined:
    Aug 16, 2007
    Messages:
    83
    Sorry, forgot the current issues. So far it seems back to normal. Reboot is working fine. Firewall, it tries to start, asking for permission to change the pc, but then it error messages. Security center is still unable to open. I do have 2 system restore points that have came up when I deleted Java before we began all the scans. Other than that it seems normal.
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,361
    First Name:
    Kevin
    Download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2

    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text from the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files
      C:\Program Files (x86)\Common Files\ZugoInstaller.exe
      C:\ProgramData\YouTube Downloader\ytd_installer.exe
      ipconfig /flushdns /c
      :Commands
      [EmptyTemp]
      
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Next,

    Please download Farbar Service Scanner and run it on the computer with the issue.

    [*]Make sure the following options are checked:

    • Windows Firewall
    • Security Center
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    Let me see those two logs please...

    Kevin
     
  15. kandy123

    kandy123 Thread Starter

    Joined:
    Aug 16, 2007
    Messages:
    83
    Ok, here are those:

    OTM

    All processes killed
    ========== FILES ==========
    C:\Program Files (x86)\Common Files\ZugoInstaller.exe moved successfully.
    C:\ProgramData\YouTube Downloader\ytd_installer.exe moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Kandy\Desktop\cmd.bat deleted successfully.
    C:\Users\Kandy\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kandy
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 470 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1382879 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 1394 bytes

    Total Files Cleaned = 1.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 01202012_184046


    Farbar: I wasn't sure if I should uncheck the internet service, so I left it checked and checked the other two.

    Farbar Service Scanner Version: 18-01-2012 01
    Ran by Kandy (administrator) on 20-01-2012 at 18:46:03
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to retrieve start type of MpsSvc. The value does not exist.
    Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
    Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.


    Firewall Disabled Policy:
    ==================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1037000

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice