Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: svchost acting weird possible virus?  (Read 37309 times)

0 Members and 1 Guest are viewing this topic.

ghostskater

    Topic Starter


    Greenhorn

    • Experience: Beginner
    • OS: Unknown
    svchost acting weird possible virus?
    « on: January 15, 2012, 06:20:38 PM »
    well a few days ago 3 or 4  i was crashed with a blue screen i dont remember the exact error but it was like 0x0000E something anyways, i know my way around a computer a little more then most i guess you could say and i knew it was because of virtual memory since it wouldnt do it if i ended the task for anything i didnt absolutely need to run so i started up a program i have called "process explorer" and it showed that a svchost was running at over 400-600k virtual memory and on my other pc they top off at about 50k as the highest ive ran several scans myself but no matter what i do it always is there so i was wondering if it was a possible virus or maybe something else, also ive noticed that if i suspend it, the VM dosent go up but i also dont lose anything i would have lost like internet connection but i do lose sound from videos and such but if i end a task and an aleart pops up saying there may be errors if i end the task i hear that sound,

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: svchost acting weird possible virus?
    « Reply #1 on: January 15, 2012, 06:29:55 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    SUPERAntiSpyware

    If you already have SUPERAntiSpyware be sure to check for updates before scanning!


    Download SuperAntispyware Free Edition (SAS)
    * Double-click the icon on your desktop to run the installer.
    * When asked to Update the program definitions, click Yes
    * If you encounter any problems while downloading the updates, manually download and unzip them from here
    * Next click the Preferences button.

    •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
    * Click the Scanning Control tab.
    * Under Scanner Options make sure only the following are checked:

    •Close browsers before scanning
    •Scan for tracking cookies
    •Terminate memory threats before quarantining
    Please leave the others unchecked

    •Click the Close button to leave the control center screen.

    * On the main screen click Scan your computer
    * On the left check the box for the drive you are scanning.
    * On the right choose Perform Complete Scan
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK
    * Make sure everything in the white box has a check next to it, then click Next
    * It will quarantine what it found and if it asks if you want to reboot, click Yes

    •To retrieve the removal information please do the following:
    •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    •Click Preferences. Click the Statistics/Logs tab.

    •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

    •It will open in your default text editor (preferably Notepad).
    •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    *Copy and Paste the log in your post.
    *************************************************
    Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    ************************************************
    Download DDS from HERE or HERE and save it to your desktop.

    Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs.
    * Save both reports to your desktop.
    * The instructions here ask you to attach the Attach.txt.



    1) DDS.txt
    2) Attach.txt
    Instead of attaching, please copy/past both logs into your Thread

    Note: DDS will instruct you to post the Attach.txt log as an attachment.
    Please just post it as you would any other log by copying and pasting it into the reply.

    •Close the program window, and delete the program from your desktop.

    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
    Windows 8 and Windows 10 dual boot with two SSD's

    ghostskater

      Topic Starter


      Greenhorn

      • Experience: Beginner
      • OS: Unknown
      Re: svchost acting weird possible virus?
      « Reply #2 on: January 15, 2012, 06:41:02 PM »
      it wont let me install SAS, i click on it and it says something like initializing the setup (a little window appears and says it and within a second or two it dissapears) and it says its running when i go to task manager but it never does anything, also i cant run safe mode as it stalls when trying to load it

      SuperDave

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: svchost acting weird possible virus?
      « Reply #3 on: January 15, 2012, 06:51:06 PM »
      Please try the other two scanners.
      Windows 8 and Windows 10 dual boot with two SSD's

      ghostskater

        Topic Starter


        Greenhorn

        • Experience: Beginner
        • OS: Unknown
        Re: svchost acting weird possible virus?
        « Reply #4 on: January 15, 2012, 08:01:46 PM »
        i am doing the mbam tho its taking a really long time ill have the log posted when it finishes

        ghostskater

          Topic Starter


          Greenhorn

          • Experience: Beginner
          • OS: Unknown
          Re: svchost acting weird possible virus?
          « Reply #5 on: January 15, 2012, 08:14:16 PM »
          here is the log for mbam

          Malwarebytes Anti-Malware 1.60.0.1800
          www.malwarebytes.org

          Database version: v2012.01.15.04

          Windows XP Service Pack 3 x86 NTFS
          Internet Explorer 8.0.6001.18702
          Ann :: HI [administrator]

          1/15/2012 9:01:29 PM
          mbam-log-2012-01-15 (21-01-29).txt

          Scan type: Full scan
          Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
          Scan options disabled: P2P
          Objects scanned: 89642
          Time elapsed: 1 hour(s), 16 minute(s), 40 second(s)

          Memory Processes Detected: 0
          (No malicious items detected)

          Memory Modules Detected: 0
          (No malicious items detected)

          Registry Keys Detected: 0
          (No malicious items detected)

          Registry Values Detected: 0
          (No malicious items detected)

          Registry Data Items Detected: 0
          (No malicious items detected)

          Folders Detected: 0
          (No malicious items detected)

          Files Detected: 0
          (No malicious items detected)

          (end)



          and i ran DDS and it came up and said
          "this scan should not take longer then three minutes and that a log file shall pop up" but its been over 6 minutes and no log file poped up
          « Last Edit: January 15, 2012, 08:24:17 PM by ghostskater »

          SuperDave

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: svchost acting weird possible virus?
          « Reply #6 on: January 16, 2012, 04:25:07 PM »
          Please give it a bit more time. If it doesn't finish within an hour, let me know.
          Windows 8 and Windows 10 dual boot with two SSD's

          ghostskater

            Topic Starter


            Greenhorn

            • Experience: Beginner
            • OS: Unknown
            Re: svchost acting weird possible virus?
            « Reply #7 on: January 16, 2012, 04:46:18 PM »
            will do, if it works ill post the log if not ill let you know

            ghostskater

              Topic Starter


              Greenhorn

              • Experience: Beginner
              • OS: Unknown
              Re: svchost acting weird possible virus?
              « Reply #8 on: January 16, 2012, 06:13:08 PM »
              .
              DDS (Ver_2011-06-23.01) - NTFSx86
              Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_19
              Run by Ann at 20:13:03 on 2012-01-16
              Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.894.440 [GMT -5:00]
              .
              AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
              AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
              .
              ============== Running Processes ===============
              .
              C:\WINDOWS\system32\svchost -k DcomLaunch
              svchost.exe
              C:\WINDOWS\System32\svchost.exe -k netsvcs
              C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
              svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\System32\svchost.exe -k Akamai
              svchost.exe
              C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
              C:\Program Files\Prevx\prevx.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
              C:\Program Files\Prevx\prevx.exe
              C:\Program Files\Java\jre6\bin\jqs.exe
              C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
              C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
              C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
              C:\WINDOWS\system32\nvsvc32.exe
              C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
              C:\WINDOWS\system32\svchost.exe -k imgsvc
              C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
              C:\WINDOWS\system32\SearchIndexer.exe
              C:\WINDOWS\system32\taskmgr.exe
              C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
              C:\WINDOWS\notepad.exe
              C:\Program Files\Opera\opera.exe
              C:\WINDOWS\system32\SearchProtocolHost.exe
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = hxxp://mystart.incredimail.com?a=DgVhqt6Fi0
              uSearch Page =
              uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW
              uDefault_Page_URL = hxxp://www.msn.com
              uSearch Bar =
              uLocal Page =
              uWindow Title = Internet Explorer, optimized for Bing and MSN
              mStart Page = hxxp://www.yahoo.com
              mLocal Page =
              mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
              mDefault_Page_URL = hxxp://www.yahoo.com
              mSearchAssistant =
              uURLSearchHooks: H - No File
              mURLSearchHooks: H - No File
              {02478d38-c3f9-4efb-9b51-7695eca05670}
              BHO: AcroIEHelperShimObj Class: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
              BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
              BHO: {30f9b915-b755-4826-820b-08fba6bd249d}: Conduit Engine
              BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
              {5c255c8a-e604-49b4-9d64-90988571cecb}
              BHO: {627af46b-2076-42ae-a2fd-8428734d3e74}: Simppull Toolbar
              BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
              {9d425283-d487-4337-bab6-ab8354a81457}
              {e4e6bf2a-1667-11df-a01f-1f9655d89593}
              TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
              TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
              TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
              TB: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
              {9d425283-d487-4337-bab6-ab8354a81457}
              mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
              IE: &Search
              IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
              IE: LimeShop Preferences - file://c:\program files\limeshop\system\temp\limeshop_script0.htm
              Trusted Zone: carepages.com\www
              DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
              DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
              DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
              TCP: DhcpNameServer = 192.168.2.1
              TCP: Interfaces\{9E81DE14-C90B-4A53-AB58-FAC8DDE64283} : DhcpNameServer = 209.18.47.61 209.18.47.62
              TCP: Interfaces\{CD8B3187-B3AF-4CF5-B07C-5CB446FF58F7} : DhcpNameServer = 68.87.75.198 68.87.64.150
              TCP: Interfaces\{D66A37DB-EBB4-426B-B40C-66B602111FF9} : DhcpNameServer = 192.168.2.1
              SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
              SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
              LSA: Notification Packages = scecli scecli
              .
              ================= FIREFOX ===================
              .
              FF - ProfilePath - c:\documents and settings\ann\application data\mozilla\firefox\profiles\jpsdhgn9.default\
              FF - prefs.js: browser.search.defaulturl -
              FF - prefs.js: browser.search.selectedEngine - MyStart Search
              FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
              FF - prefs.js: keyword.URL - hxxp://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=rjULCNWE&q=
              FF - prefs.js: network.proxy.type - 0
              FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
              FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
              FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
              FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
              FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
              FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
              FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
              FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
              FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
              FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
              FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
              FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
              FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
              FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
              FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
              .
              ---- FIREFOX POLICIES ----
              .
              FF - user.js: keyword.URL - hxxp://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=rjULCNWE&q=
              FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extentions.y2layers.installId, e21dc7eb-25cc-44e7-b203-c1cdb6ff686f
              FF - user.js: extentions.y2layers.defaultEnableAppsLi st - BestVideoDownloader,BestVideoDownloader,
              .
              ============= SERVICES / DRIVERS ===============
              .
              R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2012-1-11 32008]
              R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2011-4-21 22312]
              R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
              R1 MpKsl16ea247d;MpKsl16ea247d;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\MpKsl16ea247d.sys [2012-1-16 29904]
              R1 MpKsl1bb56746;MpKsl1bb56746;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\MpKsl1bb56746.sys [2012-1-16 29904]
              R1 MpKsld24df2b7;MpKsld24df2b7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\MpKsld24df2b7.sys [2012-1-16 29904]
              R1 MpKsldacb7a6a;MpKsldacb7a6a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\MpKsldacb7a6a.sys [2012-1-16 29904]
              R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2012-1-11 76696]
              R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2006-2-28 14336]
              R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
              R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2012-1-11 6416120]
              R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-3-2 10640]
              R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
              R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
              R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2012-1-11 26096]
              R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-3-1 197224]
              R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2011-9-14 627072]
              S0 dsculhy;dsculhy;c:\windows\system32\drivers\qpwxifby.sys --> c:\windows\system32\drivers\qpwxifby.sys [?]
              S1 MpKsl02b29ddb;MpKsl02b29ddb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0526329-96f2-4d17-ab35-130ac014d264}\mpksl02b29ddb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0526329-96f2-4d17-ab35-130ac014d264}\MpKsl02b29ddb.sys [?]
              S1 MpKsl06fe9b80;MpKsl06fe9b80;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7b6bfa9-3139-47ef-8dcf-43e9fc3e0d90}\mpksl06fe9b80.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7b6bfa9-3139-47ef-8dcf-43e9fc3e0d90}\MpKsl06fe9b80.sys [?]
              S1 MpKsl090d418a;MpKsl090d418a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{232fede5-1240-4c88-a0ac-c992d32700de}\mpksl090d418a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{232fede5-1240-4c88-a0ac-c992d32700de}\MpKsl090d418a.sys [?]
              S1 MpKsl09a25e4a;MpKsl09a25e4a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b6bce4b-fd8a-495e-abca-f819467cbb89}\mpksl09a25e4a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4b6bce4b-fd8a-495e-abca-f819467cbb89}\MpKsl09a25e4a.sys [?]
              S1 MpKsl0aac03dc;MpKsl0aac03dc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e6cf095-f8fb-4a44-9a8a-511dcd87785d}\mpksl0aac03dc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e6cf095-f8fb-4a44-9a8a-511dcd87785d}\MpKsl0aac03dc.sys [?]
              S1 MpKsl137032df;MpKsl137032df;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksl137032df.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsl137032df.sys [?]
              S1 MpKsl14014bc3;MpKsl14014bc3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0526329-96f2-4d17-ab35-130ac014d264}\mpksl14014bc3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a0526329-96f2-4d17-ab35-130ac014d264}\MpKsl14014bc3.sys [?]
              S1 MpKsl154b080e;MpKsl154b080e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ae83a61-9a80-429d-9d1c-edb0208ef5b2}\mpksl154b080e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ae83a61-9a80-429d-9d1c-edb0208ef5b2}\MpKsl154b080e.sys [?]
              S1 MpKsl1a241680;MpKsl1a241680;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f10317-f388-4159-9e24-184a289b7e36}\mpksl1a241680.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f10317-f388-4159-9e24-184a289b7e36}\MpKsl1a241680.sys [?]
              S1 MpKsl1a71ba52;MpKsl1a71ba52;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef2b3d42-0ba6-4df1-9291-1755569f9606}\mpksl1a71ba52.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef2b3d42-0ba6-4df1-9291-1755569f9606}\MpKsl1a71ba52.sys [?]
              S1 MpKsl1ab5dae6;MpKsl1ab5dae6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b74a9df3-52dc-45fc-8c95-f44144a5d629}\mpksl1ab5dae6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b74a9df3-52dc-45fc-8c95-f44144a5d629}\MpKsl1ab5dae6.sys [?]
              S1 MpKsl1dcfb898;MpKsl1dcfb898;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7692b89-e8fe-44fd-a3b5-c080c0c84eb9}\mpksl1dcfb898.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7692b89-e8fe-44fd-a3b5-c080c0c84eb9}\MpKsl1dcfb898.sys [?]
              S1 MpKsl1e27db35;MpKsl1e27db35;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f10317-f388-4159-9e24-184a289b7e36}\mpksl1e27db35.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f10317-f388-4159-9e24-184a289b7e36}\MpKsl1e27db35.sys [?]
              S1 MpKsl1f5c59ce;MpKsl1f5c59ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0cfe9a3-ec58-46bc-bafd-a0196d04b81c}\mpksl1f5c59ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0cfe9a3-ec58-46bc-bafd-a0196d04b81c}\MpKsl1f5c59ce.sys [?]
              S1 MpKsl2048e164;MpKsl2048e164;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f10317-f388-4159-9e24-184a289b7e36}\mpksl2048e164.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f10317-f388-4159-9e24-184a289b7e36}\MpKsl2048e164.sys [?]
              S1 MpKsl2264ebd3;MpKsl2264ebd3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bca97c80-49fb-4a70-9168-dfb14e082fc2}\mpksl2264ebd3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bca97c80-49fb-4a70-9168-dfb14e082fc2}\MpKsl2264ebd3.sys [?]
              S1 MpKsl23be63e1;MpKsl23be63e1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3159044c-8182-4df8-a32f-30b0f597e264}\mpksl23be63e1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3159044c-8182-4df8-a32f-30b0f597e264}\MpKsl23be63e1.sys [?]
              S1 MpKsl23ebc9ca;MpKsl23ebc9ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f10317-f388-4159-9e24-184a289b7e36}\mpksl23ebc9ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f10317-f388-4159-9e24-184a289b7e36}\MpKsl23ebc9ca.sys [?]
              S1 MpKsl248432be;MpKsl248432be;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f592556-b093-4e52-9f21-d115d198728c}\mpksl248432be.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f592556-b093-4e52-9f21-d115d198728c}\MpKsl248432be.sys [?]
              S1 MpKsl2488eea8;MpKsl2488eea8;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22fd63af-c53e-48d9-9594-6c904dbff66d}\mpksl2488eea8.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{22fd63af-c53e-48d9-9594-6c904dbff66d}\MpKsl2488eea8.sys [?]
              S1 MpKsl256c3267;MpKsl256c3267;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7bc8b9df-45a2-4e09-8a9b-176315d929ac}\mpksl256c3267.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7bc8b9df-45a2-4e09-8a9b-176315d929ac}\MpKsl256c3267.sys [?]
              S1 MpKsl269adfef;MpKsl269adfef;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1a8de37b-da3f-4dac-8077-ac0b8dae22b0}\mpksl269adfef.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1a8de37b-da3f-4dac-8077-ac0b8dae22b0}\MpKsl269adfef.sys [?]
              S1 MpKsl2c06434a;MpKsl2c06434a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a13923bd-4bd2-465a-a7bd-94db7821cccd}\mpksl2c06434a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a13923bd-4bd2-465a-a7bd-94db7821cccd}\MpKsl2c06434a.sys [?]
              S1 MpKsl2e0ba22f;MpKsl2e0ba22f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{87d82f58-3ea8-4da3-8083-46755146eda6}\mpksl2e0ba22f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{87d82f58-3ea8-4da3-8083-46755146eda6}\MpKsl2e0ba22f.sys [?]
              S1 MpKsl2f2d8401;MpKsl2f2d8401;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksl2f2d8401.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsl2f2d8401.sys [?]
              S1 MpKsl2fe65658;MpKsl2fe65658;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef2b3d42-0ba6-4df1-9291-1755569f9606}\mpksl2fe65658.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ef2b3d42-0ba6-4df1-9291-1755569f9606}\MpKsl2fe65658.sys [?]
              S1 MpKsl30d951dc;MpKsl30d951dc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6c749f67-cf2c-4934-8bad-a4f430548e89}\mpksl30d951dc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6c749f67-cf2c-4934-8bad-a4f430548e89}\MpKsl30d951dc.sys [?]
              S1 MpKsl311cef4f;MpKsl311cef4f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3c853cef-657a-4553-ad15-a98923af8112}\mpksl311cef4f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3c853cef-657a-4553-ad15-a98923af8112}\MpKsl311cef4f.sys [?]
              S1 MpKsl361f8961;MpKsl361f8961;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{139b40a6-028c-4385-9fc1-aa191ae2c8e2}\mpksl361f8961.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{139b40a6-028c-4385-9fc1-aa191ae2c8e2}\MpKsl361f8961.sys [?]
              S1 MpKsl377d5d68;MpKsl377d5d68;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7bac5eb7-0cb8-433d-99cc-b4d4de38e19f}\mpksl377d5d68.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7bac5eb7-0cb8-433d-99cc-b4d4de38e19f}\MpKsl377d5d68.sys [?]
              S1 MpKsl3ac7b564;MpKsl3ac7b564;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bca97c80-49fb-4a70-9168-dfb14e082fc2}\mpksl3ac7b564.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bca97c80-49fb-4a70-9168-dfb14e082fc2}\MpKsl3ac7b564.sys [?]
              S1 MpKsl3f8b844c;MpKsl3f8b844c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksl3f8b844c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsl3f8b844c.sys [?]
              S1 MpKsl402943b5;MpKsl402943b5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47c56c90-a9cd-47ab-83d2-a19a7f390072}\mpksl402943b5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47c56c90-a9cd-47ab-83d2-a19a7f390072}\MpKsl402943b5.sys [?]
              S1 MpKsl404201eb;MpKsl404201eb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1903f0c3-3931-4758-af63-1941fe4bc255}\mpksl404201eb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1903f0c3-3931-4758-af63-1941fe4bc255}\MpKsl404201eb.sys [?]
              S1 MpKsl40c84562;MpKsl40c84562;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40f828fe-8fad-4118-ae3c-7ec1dabd3b8f}\mpksl40c84562.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40f828fe-8fad-4118-ae3c-7ec1dabd3b8f}\MpKsl40c84562.sys [?]
              S1 MpKsl439aec24;MpKsl439aec24;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{96286b55-7f2f-47aa-8005-0126c8915a9e}\mpksl439aec24.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{96286b55-7f2f-47aa-8005-0126c8915a9e}\MpKsl439aec24.sys [?]
              S1 MpKsl478731dc;MpKsl478731dc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{96286b55-7f2f-47aa-8005-0126c8915a9e}\mpksl478731dc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{96286b55-7f2f-47aa-8005-0126c8915a9e}\MpKsl478731dc.sys [?]
              S1 MpKsl4a370dd1;MpKsl4a370dd1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bca97c80-49fb-4a70-9168-dfb14e082fc2}\mpksl4a370dd1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bca97c80-49fb-4a70-9168-dfb14e082fc2}\MpKsl4a370dd1.sys [?]
              S1 MpKsl4be90c91;MpKsl4be90c91;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b866c4d-7f17-4fae-af5d-142bff8155ab}\mpksl4be90c91.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b866c4d-7f17-4fae-af5d-142bff8155ab}\MpKsl4be90c91.sys [?]
              S1 MpKsl4ce1419f;MpKsl4ce1419f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{057154ab-dbe1-4217-bd73-90c6a305a26e}\mpksl4ce1419f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{057154ab-dbe1-4217-bd73-90c6a305a26e}\MpKsl4ce1419f.sys [?]
              S1 MpKsl4cfb634d;MpKsl4cfb634d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abb73062-8496-4a6d-80c3-95b15f6726b7}\mpksl4cfb634d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abb73062-8496-4a6d-80c3-95b15f6726b7}\MpKsl4cfb634d.sys [?]
              S1 MpKsl4ddee8be;MpKsl4ddee8be;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b624c0e-b07a-4b1e-8104-d08bb2e56b50}\mpksl4ddee8be.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b624c0e-b07a-4b1e-8104-d08bb2e56b50}\MpKsl4ddee8be.sys [?]
              S1 MpKsl51d2ed1d;MpKsl51d2ed1d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1fdcb441-e06f-486a-a274-7b666501254b}\mpksl51d2ed1d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1fdcb441-e06f-486a-a274-7b666501254b}\MpKsl51d2ed1d.sys [?]
              S1 MpKsl549f2497;MpKsl549f2497;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b1fab439-6886-42ef-88a6-2722dbd713e5}\mpksl549f2497.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b1fab439-6886-42ef-88a6-2722dbd713e5}\MpKsl549f2497.sys [?]
              S1 MpKsl55b92963;MpKsl55b92963;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47c56c90-a9cd-47ab-83d2-a19a7f390072}\mpksl55b92963.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47c56c90-a9cd-47ab-83d2-a19a7f390072}\MpKsl55b92963.sys [?]
              S1 MpKsl568d630d;MpKsl568d630d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b74a9df3-52dc-45fc-8c95-f44144a5d629}\mpksl568d630d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b74a9df3-52dc-45fc-8c95-f44144a5d629}\MpKsl568d630d.sys [?]
              S1 MpKsl56a92bbc;MpKsl56a92bbc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33541341-0217-4a46-8690-d717045530d3}\mpksl56a92bbc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33541341-0217-4a46-8690-d717045530d3}\MpKsl56a92bbc.sys [?]
              S1 MpKsl58d2e019;MpKsl58d2e019;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksl58d2e019.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsl58d2e019.sys [?]
              S1 MpKsl5a9d47b0;MpKsl5a9d47b0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae166945-4554-4763-a577-ca97e196e5d7}\mpksl5a9d47b0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae166945-4554-4763-a577-ca97e196e5d7}\MpKsl5a9d47b0.sys [?]
              S1 MpKsl5b6f4c58;MpKsl5b6f4c58;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksl5b6f4c58.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsl5b6f4c58.sys [?]
              S1 MpKsl5b909573;MpKsl5b909573;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksl5b909573.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsl5b909573.sys [?]
              S1 MpKsl5e21a40a;MpKsl5e21a40a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f55bbdad-6fa9-4a3e-9b97-6cb4fd1e1a14}\mpksl5e21a40a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f55bbdad-6fa9-4a3e-9b97-6cb4fd1e1a14}\MpKsl5e21a40a.sys [?]
              S1 MpKsl5e38cbcb;MpKsl5e38cbcb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ae83a61-9a80-429d-9d1c-edb0208ef5b2}\mpksl5e38cbcb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ae83a61-9a80-429d-9d1c-edb0208ef5b2}\MpKsl5e38cbcb.sys [?]
              S1 MpKsl6222f29f;MpKsl6222f29f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc4fd753-b412-44ea-ab8f-8cd7899c9dc6}\mpksl6222f29f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dc4fd753-b412-44ea-ab8f-8cd7899c9dc6}\MpKsl6222f29f.sys [?]
              S1 MpKsl6567df1b;MpKsl6567df1b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksl6567df1b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsl6567df1b.sys [?]
              S1 MpKsl67486d5d;MpKsl67486d5d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bca97c80-49fb-4a70-9168-dfb14e082fc2}\mpksl67486d5d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bca97c80-49fb-4a70-9168-dfb14e082fc2}\MpKsl67486d5d.sys [?]
              S1 MpKsl67f2b670;MpKsl67f2b670;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43acd692-08e4-4c08-abf1-b9f81a4d3c93}\mpksl67f2b670.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43acd692-08e4-4c08-abf1-b9f81a4d3c93}\MpKsl67f2b670.sys [?]
              S1 MpKsl698a6f83;MpKsl698a6f83;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88c93e4c-a4b2-42e1-9ccd-2eb568e3ef98}\mpksl698a6f83.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{88c93e4c-a4b2-42e1-9ccd-2eb568e3ef98}\MpKsl698a6f83.sys [?]
              S1 MpKsl6b9de192;MpKsl6b9de192;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a11362a2-9899-4ce1-97a4-daf88f2a7f5b}\mpksl6b9de192.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a11362a2-9899-4ce1-97a4-daf88f2a7f5b}\MpKsl6b9de192.sys [?]
              S1 MpKsl6c7e8d3a;MpKsl6c7e8d3a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1903f0c3-3931-4758-af63-1941fe4bc255}\mpksl6c7e8d3a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1903f0c3-3931-4758-af63-1941fe4bc255}\MpKsl6c7e8d3a.sys [?]
              S1 MpKsl6e270d42;MpKsl6e270d42;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{896b3617-f2ed-4fb6-90fe-467a8c06d24b}\mpksl6e270d42.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{896b3617-f2ed-4fb6-90fe-467a8c06d24b}\MpKsl6e270d42.sys [?]
              S1 MpKsl704d84bd;MpKsl704d84bd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abc24d70-394e-4480-94e0-5bd04d34a9c1}\mpksl704d84bd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abc24d70-394e-4480-94e0-5bd04d34a9c1}\MpKsl704d84bd.sys [?]
              S1 MpKsl722fb615;MpKsl722fb615;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksl722fb615.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsl722fb615.sys [?]
              S1 MpKsl7a9bdb65;MpKsl7a9bdb65;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72815dea-6869-4ccb-bce1-b0646a25ea2b}\mpksl7a9bdb65.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72815dea-6869-4ccb-bce1-b0646a25ea2b}\MpKsl7a9bdb65.sys [?]
              S1 MpKsl7bdfa65c;MpKsl7bdfa65c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f3c5f737-b43f-4265-ba42-0a2e2dba33a5}\mpksl7bdfa65c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f3c5f737-b43f-4265-ba42-0a2e2dba33a5}\MpKsl7bdfa65c.sys [?]
              S1 MpKsl7cbcb60c;MpKsl7cbcb60c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e6263d-f9d6-4035-ab41-180efdf4ad02}\mpksl7cbcb60c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e6263d-f9d6-4035-ab41-180efdf4ad02}\MpKsl7cbcb60c.sys [?]
              S1 MpKsl7d95ebc5;MpKsl7d95ebc5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0cfe9a3-ec58-46bc-bafd-a0196d04b81c}\mpksl7d95ebc5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0cfe9a3-ec58-46bc-bafd-a0196d04b81c}\MpKsl7d95ebc5.sys [?]
              S1 MpKsl81ec637f;MpKsl81ec637f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1903f0c3-3931-4758-af63-1941fe4bc255}\mpksl81ec637f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1903f0c3-3931-4758-af63-1941fe4bc255}\MpKsl81ec637f.sys [?]
              S1 MpKsl8489705b;MpKsl8489705b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5416a4e2-542b-4276-9df6-a1ece53e3404}\mpksl8489705b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5416a4e2-542b-4276-9df6-a1ece53e3404}\MpKsl8489705b.sys [?]
              S1 MpKsl85060208;MpKsl85060208;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c0a2a57-0996-4709-89a9-6a0e6975f2b1}\mpksl85060208.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0c0a2a57-0996-4709-89a9-6a0e6975f2b1}\MpKsl85060208.sys [?]
              S1 MpKsl87390e7b;MpKsl87390e7b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e58dc24-3351-4f45-9130-203d68a94af4}\mpksl87390e7b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e58dc24-3351-4f45-9130-203d68a94af4}\MpKsl87390e7b.sys [?]
              S1 MpKsl874ba78f;MpKsl874ba78f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f10317-f388-4159-9e24-184a289b7e36}\mpksl874ba78f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c7f10317-f388-4159-9e24-184a289b7e36}\MpKsl874ba78f.sys [?]
              S1 MpKsl88f92caa;MpKsl88f92caa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c35211e-d098-442b-b053-78c64dd6fe8a}\mpksl88f92caa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8c35211e-d098-442b-b053-78c64dd6fe8a}\MpKsl88f92caa.sys [?]
              S1 MpKsl8a18c595;MpKsl8a18c595;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksl8a18c595.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsl8a18c595.sys [?]
              S1 MpKsl8a5c977a;MpKsl8a5c977a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e36f2ee-c5cc-4adc-ae00-34e6be9e3dec}\mpksl8a5c977a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8e36f2ee-c5cc-4adc-ae00-34e6be9e3dec}\MpKsl8a5c977a.sys [?]
              S1 MpKsl8d4228f3;MpKsl8d4228f3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ab03e24c-b19a-440b-8302-178dbda4c1dc}\mpksl8d4228f3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ab03e24c-b19a-440b-8302-178dbda4c1dc}\MpKsl8d4228f3.sys [?]
              S1 MpKsl91c99504;MpKsl91c99504;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksl91c99504.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsl91c99504.sys [?]
              S1 MpKsl9231c667;MpKsl9231c667;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e224ab7e-0046-44c5-ad16-aaed6f6af518}\mpksl9231c667.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e224ab7e-0046-44c5-ad16-aaed6f6af518}\MpKsl9231c667.sys [?]
              S1 MpKsl93bf1e24;MpKsl93bf1e24;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ac8d776-322e-4f63-b57e-09ea1aa74af3}\mpksl93bf1e24.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2ac8d776-322e-4f63-b57e-09ea1aa74af3}\MpKsl93bf1e24.sys [?]
              S1 MpKsl954ac7cc;MpKsl954ac7cc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72815dea-6869-4ccb-bce1-b0646a25ea2b}\mpksl954ac7cc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72815dea-6869-4ccb-bce1-b0646a25ea2b}\MpKsl954ac7cc.sys [?]
              S1 MpKsl9b74020e;MpKsl9b74020e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e58dc24-3351-4f45-9130-203d68a94af4}\mpksl9b74020e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e58dc24-3351-4f45-9130-203d68a94af4}\MpKsl9b74020e.sys [?]
              S1 MpKsl9c992e22;MpKsl9c992e22;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{116ef31b-bcee-4ae0-b2dc-f09b6f32e4a5}\mpksl9c992e22.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{116ef31b-bcee-4ae0-b2dc-f09b6f32e4a5}\MpKsl9c992e22.sys [?]
              S1 MpKsl9e18f35b;MpKsl9e18f35b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{796b4824-2529-4dd3-a264-96186f11dc76}\mpksl9e18f35b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{796b4824-2529-4dd3-a264-96186f11dc76}\MpKsl9e18f35b.sys [?]
              S1 MpKsl9e44c321;MpKsl9e44c321;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d52b46b-84bb-4524-88c5-e7210b38f033}\mpksl9e44c321.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9d52b46b-84bb-4524-88c5-e7210b38f033}\MpKsl9e44c321.sys [?]
              S1 MpKsla1a6d745;MpKsla1a6d745;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7692b89-e8fe-44fd-a3b5-c080c0c84eb9}\mpksla1a6d745.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d7692b89-e8fe-44fd-a3b5-c080c0c84eb9}\MpKsla1a6d745.sys [?]
              S1 MpKsla1ebb61b;MpKsla1ebb61b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bca97c80-49fb-4a70-9168-dfb14e082fc2}\mpksla1ebb61b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bca97c80-49fb-4a70-9168-dfb14e082fc2}\MpKsla1ebb61b.sys [?]
              S1 MpKsla218cc1e;MpKsla218cc1e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dab5d477-23a0-42be-934a-ee5554390c28}\mpksla218cc1e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{dab5d477-23a0-42be-934a-ee5554390c28}\MpKsla218cc1e.sys [?]
              S1 MpKsla22da0f9;MpKsla22da0f9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5edbc090-047b-435b-8287-05662f707a62}\mpksla22da0f9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5edbc090-047b-435b-8287-05662f707a62}\MpKsla22da0f9.sys [?]
              S1 MpKsla6f4d2a0;MpKsla6f4d2a0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33541341-0217-4a46-8690-d717045530d3}\mpksla6f4d2a0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{33541341-0217-4a46-8690-d717045530d3}\MpKsla6f4d2a0.sys [?]
              S1 MpKsla7288f6a;MpKsla7288f6a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a544c92e-867c-4bd8-b1e5-e72a2c4e9e99}\mpksla7288f6a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a544c92e-867c-4bd8-b1e5-e72a2c4e9e99}\MpKsla7288f6a.sys [?]
              S1 MpKsla8bdb4b2;MpKsla8bdb4b2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksla8bdb4b2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsla8bdb4b2.sys [?]
              S1 MpKsla8d63f7c;MpKsla8d63f7c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72815dea-6869-4ccb-bce1-b0646a25ea2b}\mpksla8d63f7c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72815dea-6869-4ccb-bce1-b0646a25ea2b}\MpKsla8d63f7c.sys [?]
              S1 MpKslab67b128;MpKslab67b128;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b1fab439-6886-42ef-88a6-2722dbd713e5}\mpkslab67b128.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b1fab439-6886-42ef-88a6-2722dbd713e5}\MpKslab67b128.sys [?]
              S1 MpKslad18071c;MpKslad18071c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\MpKslad18071c.sys [2012-1-16 29904]
              S1 MpKslb204cc24;MpKslb204cc24;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47c56c90-a9cd-47ab-83d2-a19a7f390072}\mpkslb204cc24.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47c56c90-a9cd-47ab-83d2-a19a7f390072}\MpKslb204cc24.sys [?]
              S1 MpKslb3521484;MpKslb3521484;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95051c38-e59f-4be9-9e8c-f60094c1cbf6}\mpkslb3521484.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95051c38-e59f-4be9-9e8c-f60094c1cbf6}\MpKslb3521484.sys [?]
              S1 MpKslb362037c;MpKslb362037c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpkslb362037c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKslb362037c.sys [?]
              S1 MpKslb3c69067;MpKslb3c69067;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47c56c90-a9cd-47ab-83d2-a19a7f390072}\mpkslb3c69067.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47c56c90-a9cd-47ab-83d2-a19a7f390072}\MpKslb3c69067.sys [?]
              S1 MpKslb6d20153;MpKslb6d20153;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{665babf0-979c-4ee7-9da4-af1131404cd9}\mpkslb6d20153.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{665babf0-979c-4ee7-9da4-af1131404cd9}\MpKslb6d20153.sys [?]
              S1 MpKslb8f0e957;MpKslb8f0e957;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f076a8c0-638e-46cd-9584-f6e1d3e2ebb5}\mpkslb8f0e957.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f076a8c0-638e-46cd-9584-f6e1d3e2ebb5}\MpKslb8f0e957.sys [?]
              S1 MpKslba958cda;MpKslba958cda;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0dfcf4a4-28c4-442f-b550-4afa43d1bbbf}\mpkslba958cda.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0dfcf4a4-28c4-442f-b550-4afa43d1bbbf}\MpKslba958cda.sys [?]
              S1 MpKslbe550197;MpKslbe550197;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43acd692-08e4-4c08-abf1-b9f81a4d3c93}\mpkslbe550197.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{43acd692-08e4-4c08-abf1-b9f81a4d3c93}\MpKslbe550197.sys [?]
              S1 MpKslbff56188;MpKslbff56188;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75c028cf-0caf-45d7-ba53-72f94d22df03}\mpkslbff56188.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{75c028cf-0caf-45d7-ba53-72f94d22df03}\MpKslbff56188.sys [?]
              S1 MpKslc0c2dc40;MpKslc0c2dc40;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a19ee0c0-ff03-48b7-b0f5-9e5ef3d56863}\mpkslc0c2dc40.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a19ee0c0-ff03-48b7-b0f5-9e5ef3d56863}\MpKslc0c2dc40.sys [?]
              S1 MpKslc1e0b9c6;MpKslc1e0b9c6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5edbc090-047b-435b-8287-05662f707a62}\mpkslc1e0b9c6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5edbc090-047b-435b-8287-05662f707a62}\MpKslc1e0b9c6.sys [?]
              S1 MpKslc51f5e5b;MpKslc51f5e5b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{896b3617-f2ed-4fb6-90fe-467a8c06d24b}\mpkslc51f5e5b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{896b3617-f2ed-4fb6-90fe-467a8c06d24b}\MpKslc51f5e5b.sys [?]
              S1 MpKslc542f8fa;MpKslc542f8fa;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a11362a2-9899-4ce1-97a4-daf88f2a7f5b}\mpkslc542f8fa.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a11362a2-9899-4ce1-97a4-daf88f2a7f5b}\MpKslc542f8fa.sys [?]
              S1 MpKslc5cf39ee;MpKslc5cf39ee;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpkslc5cf39ee.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKslc5cf39ee.sys [?]
              S1 MpKslc86530b1;MpKslc86530b1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{31010216-b60a-4355-bd52-ceb43c522542}\mpkslc86530b1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{31010216-b60a-4355-bd52-ceb43c522542}\MpKslc86530b1.sys [?]
              S1 MpKslcbfe71a0;MpKslcbfe71a0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f592556-b093-4e52-9f21-d115d198728c}\mpkslcbfe71a0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9f592556-b093-4e52-9f21-d115d198728c}\MpKslcbfe71a0.sys [?]
              S1 MpKslcdf7bcd9;MpKslcdf7bcd9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{418ff432-a098-4c0f-97df-52a15fe9fab8}\mpkslcdf7bcd9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{418ff432-a098-4c0f-97df-52a15fe9fab8}\MpKslcdf7bcd9.sys [?]
              S1 MpKslcece083b;MpKslcece083b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{139b40a6-028c-4385-9fc1-aa191ae2c8e2}\mpkslcece083b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{139b40a6-028c-4385-9fc1-aa191ae2c8e2}\MpKslcece083b.sys [?]
              S1 MpKslceed757a;MpKslceed757a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f55bbdad-6fa9-4a3e-9b97-6cb4fd1e1a14}\mpkslceed757a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f55bbdad-6fa9-4a3e-9b97-6cb4fd1e1a14}\MpKslceed757a.sys [?]
              S1 MpKslcf372286;MpKslcf372286;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abb73062-8496-4a6d-80c3-95b15f6726b7}\mpkslcf372286.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abb73062-8496-4a6d-80c3-95b15f6726b7}\MpKslcf372286.sys [?]
              S1 MpKsld1c076be;MpKsld1c076be;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d3f1f0d-72b3-452a-acf1-e3effe4ea9f5}\mpksld1c076be.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d3f1f0d-72b3-452a-acf1-e3effe4ea9f5}\MpKsld1c076be.sys [?]
              S1 MpKsld4c3df25;MpKsld4c3df25;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a13923bd-4bd2-465a-a7bd-94db7821cccd}\mpksld4c3df25.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a13923bd-4bd2-465a-a7bd-94db7821cccd}\MpKsld4c3df25.sys [?]
              S1 MpKsld5887eca;MpKsld5887eca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8175282a-2e6f-4114-b7ec-bb4b898fc990}\mpksld5887eca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8175282a-2e6f-4114-b7ec-bb4b898fc990}\MpKsld5887eca.sys [?]
              S1 MpKsld70e1567;MpKsld70e1567;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{99358a61-1499-44d3-a6b3-b95753bf5ab1}\mpksld70e1567.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{99358a61-1499-44d3-a6b3-b95753bf5ab1}\MpKsld70e1567.sys [?]
              S1 MpKsld712f424;MpKsld712f424;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e6cf095-f8fb-4a44-9a8a-511dcd87785d}\mpksld712f424.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6e6cf095-f8fb-4a44-9a8a-511dcd87785d}\MpKsld712f424.sys [?]
              S1 MpKsld783757d;MpKsld783757d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{37c1738a-9c5a-4399-8b7d-31e641ffa91b}\mpksld783757d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{37c1738a-9c5a-4399-8b7d-31e641ffa91b}\MpKsld783757d.sys [?]
              S1 MpKsld7b7f927;MpKsld7b7f927;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3159044c-8182-4df8-a32f-30b0f597e264}\mpksld7b7f927.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3159044c-8182-4df8-a32f-30b0f597e264}\MpKsld7b7f927.sys [?]
              S1 MpKsld8d397b6;MpKsld8d397b6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ac305f7-a439-43f9-bbc7-b389e87feb24}\mpksld8d397b6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9ac305f7-a439-43f9-bbc7-b389e87feb24}\MpKsld8d397b6.sys [?]
              S1 MpKslda00b19d;MpKslda00b19d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b1fab439-6886-42ef-88a6-2722dbd713e5}\mpkslda00b19d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b1fab439-6886-42ef-88a6-2722dbd713e5}\MpKslda00b19d.sys [?]
              S1 MpKsldca882e4;MpKsldca882e4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47c56c90-a9cd-47ab-83d2-a19a7f390072}\mpksldca882e4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{47c56c90-a9cd-47ab-83d2-a19a7f390072}\MpKsldca882e4.sys [?]
              S1 MpKsldfdd346d;MpKsldfdd346d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0dfcf4a4-28c4-442f-b550-4afa43d1bbbf}\mpksldfdd346d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0dfcf4a4-28c4-442f-b550-4afa43d1bbbf}\MpKsldfdd346d.sys [?]
              S1 MpKsle1027c5e;MpKsle1027c5e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpksle1027c5e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKsle1027c5e.sys [?]
              S1 MpKsle23759c4;MpKsle23759c4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a14bb1ba-434a-4524-a571-2b34eeadb006}\mpksle23759c4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a14bb1ba-434a-4524-a571-2b34eeadb006}\MpKsle23759c4.sys [?]
              S1 MpKsle60b8e8f;MpKsle60b8e8f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7039e935-f6a6-49d1-9800-073e0a953402}\mpksle60b8e8f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7039e935-f6a6-49d1-9800-073e0a953402}\MpKsle60b8e8f.sys [?]
              S1 MpKsle7ca3b39;MpKsle7ca3b39;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a14bb1ba-434a-4524-a571-2b34eeadb006}\mpksle7ca3b39.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a14bb1ba-434a-4524-a571-2b34eeadb006}\MpKsle7ca3b39.sys [?]
              S1 MpKslf08e9b9b;MpKslf08e9b9b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e6263d-f9d6-4035-ab41-180efdf4ad02}\mpkslf08e9b9b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55e6263d-f9d6-4035-ab41-180efdf4ad02}\MpKslf08e9b9b.sys [?]
              S1 MpKslf1b7eef5;MpKslf1b7eef5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpkslf1b7eef5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKslf1b7eef5.sys [?]
              S1 MpKslf630528d;MpKslf630528d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{057154ab-dbe1-4217-bd73-90c6a305a26e}\mpkslf630528d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{057154ab-dbe1-4217-bd73-90c6a305a26e}\MpKslf630528d.sys [?]
              S1 MpKslfc4bdb71;MpKslfc4bdb71;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\mpkslfc4bdb71.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2893bd93-e2c1-489b-9724-97b0bfec474d}\MpKslfc4bdb71.sys [?]
              S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-8 136176]
              S2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);

              S3 CleanMyPCService;CleanMyPC Watcher;c:\program files\cleanmypc\CleanMyPCService.exe [2011-7-23 73520]
              S3 dump_wmimmc;dump_wmimmc;\??\c:\aeriagames\wolfteam\gameguard\dump_wmimmc.sys --> c:\aeriagames\wolfteam\gameguard\dump_wmimmc.sys [?]
              S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
              S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-8 136176]
              S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-15 40776]
              S3 McComponentHostService;McAfee Security Scan Component Host Service;

              S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
              S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
              S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
              .
              =============== Created Last 30 ================
              .
              2012-01-17 01:13:42   6881616   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b5e34281-366c-420e-a31a-ee45ff553ef2}\mpengine.dll
              2012-01-17 01:12:27   29904   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\MpKsl1bb56746.sys
              2012-01-17 01:11:05   29904   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\MpKslad18071c.sys
              2012-01-17 00:57:54   29904   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\MpKsld24df2b7.sys
              2012-01-17 00:57:03   29904   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\MpKsldacb7a6a.sys
              2012-01-17 00:38:13   29904   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\MpKsl16ea247d.sys
              2012-01-17 00:37:26   56200   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\offreg.dll
              2012-01-17 00:37:18   6823496   ----a-w-   c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8620da4c-81e8-4a0c-8a91-2850b9d85eed}\mpengine.dll
              2012-01-16 23:04:59   114688   ----a-w-   c:\windows\~DF5F7A.tmp
              2012-01-16 23:04:35   114688   ----a-w-   c:\windows\~DF3F6A.tmp
              2012-01-16 23:03:20   114688   ----a-w-   c:\windows\~DFEC8A.tmp
              2012-01-16 23:02:06   114688   ----a-w-   c:\windows\~DFA20C.tmp
              2012-01-16 22:57:58   114688   ----a-w-   c:\windows\~DF72DC.tmp
              2012-01-16 22:54:41   114688   ----a-w-   c:\windows\~DF5E45.tmp
              2012-01-16 02:00:47   40776   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
              2012-01-16 00:23:38   --------   d-----w-   c:\documents and settings\ann\application data\TestApp
              2012-01-15 23:04:03   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
              2012-01-15 23:04:03   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
              2012-01-15 22:28:30   --------   dc----w-   c:\documents and settings\all users\application data\AVAST Software
              2012-01-15 22:28:30   --------   d-----w-   c:\program files\AVAST Software
              2012-01-15 22:26:17   --------   dc----w-   c:\documents and settings\all users\application data\SUPERSetup
              2012-01-13 01:04:24   --------   d-----w-   c:\program files\DiskInternals
              2012-01-12 04:05:37   --------   dc----w-   C:\Nexon
              2012-01-12 00:57:29   71880   ----a-w-   c:\windows\system32\PxSecure.dll
              2012-01-12 00:57:26   76696   ----a-w-   c:\windows\system32\drivers\pxrts.sys
              2012-01-12 00:57:26   32008   ----a-w-   c:\windows\system32\drivers\pxscan.sys
              2012-01-12 00:57:24   26096   ----a-w-   c:\windows\system32\drivers\pxkbf.sys
              2012-01-12 00:57:22   --------   d-----w-   c:\program files\Prevx
              2012-01-12 00:57:14   --------   dc----w-   c:\documents and settings\all users\application data\PrevxCSI
              2012-01-11 22:25:04   --------   d-----w-   c:\documents and settings\ann\local settings\application data\PMB Files
              2012-01-11 22:24:45   --------   dc----w-   c:\documents and settings\all users\application data\PMB Files
              2012-01-11 15:46:10   --------   d-----w-   c:\windows\system32\wbem\repository\FS
              2012-01-11 15:46:10   --------   d-----w-   c:\windows\system32\wbem\Repository
              2012-01-10 04:51:54   626688   ----a-w-   c:\program files\mozilla firefox\msvcr80.dll
              2012-01-10 04:51:54   548864   ----a-w-   c:\program files\mozilla firefox\msvcp80.dll
              2012-01-10 04:51:54   479232   ----a-w-   c:\program files\mozilla firefox\msvcm80.dll
              2012-01-10 04:51:54   43992   ----a-w-   c:\program files\mozilla firefox\mozutils.dll
              2012-01-10 01:10:02   --------   d-----w-   c:\program files\MediaFire
              2012-01-07 22:04:55   --------   d-sh--w-   C:\found.000
              2012-01-06 10:45:42   --------   d-----w-   c:\program files\PCHand Screen Recorder
              2012-01-05 22:10:04   --------   d-----w-   c:\documents and settings\ann\local settings\application data\RobloxDownloads
              2012-01-05 22:10:02   --------   d-----w-   c:\documents and settings\ann\local settings\application data\RobloxVersions
              2012-01-05 22:09:52   --------   d-----w-   c:\documents and settings\ann\local settings\application data\Roblox
              2011-12-31 12:15:08   --------   d-----w-   c:\documents and settings\ann\application data\AVG2012
              2011-12-26 02:36:40   --------   d-----w-   c:\program files\COMODO
              .
              ==================== Find3M  ====================
              .
              201

              ghostskater

                Topic Starter


                Greenhorn

                • Experience: Beginner
                • OS: Unknown
                Re: svchost acting weird possible virus?
                « Reply #9 on: January 16, 2012, 06:15:56 PM »
                .
                UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
                IF REQUESTED, ZIP IT UP & ATTACH IT
                .
                DDS (Ver_2011-06-23.01)
                .
                Microsoft Windows XP Home Edition
                Boot Device: \Device\HarddiskVolume2
                Install Date: 9/3/2010 3:28:59 PM
                System Uptime: 1/16/2012 8:09:31 PM (0 hours ago)
                .
                Motherboard: eMachines |  | WMCP61M
                Processor: AMD Athlon(tm) Processor 2650e | Socket AM2  | 1607/201mhz
                .
                ==== Disk Partitions =========================
                .
                C: is FIXED (NTFS) - 69 GiB total, 31.229 GiB free.
                D: is FIXED (NTFS) - 70 GiB total, 68.583 GiB free.
                E: is CDROM ()
                .
                ==== Disabled Device Manager Items =============
                .
                Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
                Description: Packet Scheduler Miniport
                Device ID: ROOT\MS_PSCHEDMP\0003
                Manufacturer: Microsoft
                Name: Packet Scheduler Miniport #4
                PNP Device ID: ROOT\MS_PSCHEDMP\0003
                Service: PSched
                .
                ==== System Restore Points ===================
                .
                No restore point in system.
                .
                ==== Installed Programs ======================
                .
                µTorrent
                Acrobat.com
                Adobe Flash Player 10 ActiveX
                Adobe Flash Player 10 Plugin
                Adobe Reader X (10.1.1)
                Advertising Center
                AIM 7
                Akamai NetSession Interface
                Akamai NetSession Interface Service
                Ask Toolbar
                Audacity 1.3.13 (Unicode)
                AVG 2012
                AX88772A & AX88772 Windows XP Drivers
                Bandisoft MPEG-1 Decoder
                Canon MP190 series MP Drivers
                CCleaner
                CDDRV_Installer
                CleanMyPC version 1.0.55
                ClubWPT
                Download Updater (AOL LLC)
                Game Booster 3
                GearDrvs
                GIMP 2.6.11
                Google Earth
                Google Toolbar for Internet Explorer
                Google Update Helper
                Hex Workshop v5.1
                HiYo
                Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
                Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
                Hotfix for Windows XP (KB2158563)
                Hotfix for Windows XP (KB2443685)
                Hotfix for Windows XP (KB2570791)
                Hotfix for Windows XP (KB915800-v4)
                Hotfix for Windows XP (KB952287)
                Hotfix for Windows XP (KB961118)
                HyperCam 2
                ImagXpress
                IMVU Avatar Chat Software
                Jasc Paint Shop Pro 9
                Java Auto Updater
                Java DB 10.4.1.3
                Java(TM) 6 Update 22
                Java(TM) SE Development Kit 6 Update 13
                KhalInstallWrapper
                LightScribe  1.4.142.1
                Magic ISO Maker v5.5 (build 0281)
                Malwarebytes Anti-Malware version 1.60.0.1800
                MapleStory
                MCR_screensaver
                Microsoft .NET Framework 1.1
                Microsoft .NET Framework 1.1 Security Update (KB2572067)
                Microsoft .NET Framework 2.0 Service Pack 2
                Microsoft .NET Framework 3.0 Service Pack 2
                Microsoft .NET Framework 3.5 SP1
                Microsoft Antimalware
                Microsoft Application Error Reporting
                Microsoft Base Smart Card Cryptographic Service Provider Package
                Microsoft Choice Guard
                Microsoft Flight Simulator X Demo
                Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
                Microsoft Security Client
                Microsoft Security Essentials
                Microsoft SQL Server 2005
                Microsoft SQL Server 2005 Tools Express Edition
                Microsoft SQL Server Native Client
                Microsoft SQL Server Setup Support Files (English)
                Microsoft SQL Server VSS Writer
                Microsoft VC9 runtime libraries
                Microsoft Visual C++ 2005 Redistributable
                Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
                Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
                Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
                Microsoft WinUsb 1.0
                Mozilla Firefox 9.0.1 (x86 en-US)
                MSVCRT
                MSXML 4.0 SP2 Parser and SDK
                MSXML 6 Service Pack 2 (KB973686)
                Nero CoverDesigner
                Nero Installer
                Nero PhotoSnap
                Nero Recode
                Nero ShowTime
                Nero StartSmart
                NeroBurningROM
                NeroExpress
                neroxml
                Nexon Game Manager
                NTI Backup Now Standard
                NTI Media Maker 8
                NVIDIA Control Panel 275.33
                NVIDIA Drivers
                NVIDIA ForceWare Network Access Manager
                NVIDIA Graphics Driver 275.33
                NVIDIA Install Application
                NVIDIA nView 135.85
                NVIDIA nView Desktop Manager
                Opera 11.60
                Paint.NET v3.5.4
                Pando Media Booster
                PCHand Screen Recorder 1.8.5.4
                PDFill PDF Editor with FREE Writer and Free Tools
                Pet Workshop
                Photo Notifier and Animation Creator
                PhotoMail Maker
                PokerStars.net
                Prevx
                REACTOR
                RealNetworks - Microsoft Visual C++ 2008 Runtime
                RealPlayer
                REALTEK GbE & FE Ethernet PCI NIC Driver
                Realtek High Definition Audio Driver
                Realtek USB 2.0 Card Reader
                RealUpgrade 1.1
                Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
                Security Update for Microsoft Windows (KB2564958)
                Security Update for Windows Internet Explorer 8 (KB2586448)
                Security Update for Windows Media Player (KB2378111)
                Security Update for Windows Media Player (KB975558)
                Security Update for Windows Media Player (KB978695)
                Security Update for Windows Search 4 - KB963093
                Security Update for Windows XP (KB2079403)
                Security Update for Windows XP (KB2115168)
                Security Update for Windows XP (KB2121546)
                Security Update for Windows XP (KB2160329)
                Security Update for Windows XP (KB2229593)
                Security Update for Windows XP (KB2259922)
                Security Update for Windows XP (KB2279986)
                Security Update for Windows XP (KB2286198)
                Security Update for Windows XP (KB2296011)
                Security Update for Windows XP (KB2296199)
                Security Update for Windows XP (KB2347290)
                Security Update for Windows XP (KB2360937)
                Security Update for Windows XP (KB2387149)
                Security Update for Windows XP (KB2393802)
                Security Update for Windows XP (KB2412687)
                Security Update for Windows XP (KB2419632)
                Security Update for Windows XP (KB2423089)
                Security Update for Windows XP (KB2436673)
                Security Update for Windows XP (KB2440591)
                Security Update for Windows XP (KB2443105)
                Security Update for Windows XP (KB2476490)
                Security Update for Windows XP (KB2476687)
                Security Update for Windows XP (KB2478960)
                Security Update for Windows XP (KB2478971)
                Security Update for Windows XP (KB2479628)
                Security Update for Windows XP (KB2479943)
                Security Update for Windows XP (KB2481109)
                Security Update for Windows XP (KB2483185)
                Security Update for Windows XP (KB2485376)
                Security Update for Windows XP (KB2485663)
                Security Update for Windows XP (KB2503658)
                Security Update for Windows XP (KB2503665)
                Security Update for Windows XP (KB2506212)
                Security Update for Windows XP (KB2506223)
                Security Update for Windows XP (KB2507618)
                Security Update for Windows XP (KB2507938)
                Security Update for Windows XP (KB2508272)
                Security Update for Windows XP (KB2508429)
                Security Update for Windows XP (KB2509553)
                Security Update for Windows XP (KB2511455)
                Security Update for Windows XP (KB2524375)
                Security Update for Windows XP (KB2535512)
                Security Update for Windows XP (KB2536276-v2)
                Security Update for Windows XP (KB2536276)
                Security Update for Windows XP (KB2544893)
                Security Update for Windows XP (KB2555917)
                Security Update for Windows XP (KB2562937)
                Security Update for Windows XP (KB2566454)
                Security Update for Windows XP (KB2567053)
                Security Update for Windows XP (KB2567680)
                Security Update for Windows XP (KB2570222)
                Security Update for Windows XP (KB2570947)
                Security Update for Windows XP (KB2592799)
                Security Update for Windows XP (KB923561)
                Security Update for Windows XP (KB941569)
                Security Update for Windows XP (KB946648)
                Security Update for Windows XP (KB950762)
                Security Update for Windows XP (KB950974)
                Security Update for Windows XP (KB951376-v2)
                Security Update for Windows XP (KB951748)
                Security Update for Windows XP (KB952004)
                Security Update for Windows XP (KB952954)
                Security Update for Windows XP (KB955069)
                Security Update for Windows XP (KB956572)
                Security Update for Windows XP (KB956744)
                Security Update for Windows XP (KB956802)
                Security Update for Windows XP (KB956803)
                Security Update for Windows XP (KB956844)
                Security Update for Windows XP (KB958644)
                Security Update for Windows XP (KB958869)
                Security Update for Windows XP (KB959426)
                Security Update for Windows XP (KB960803)
                Security Update for Windows XP (KB960859)
                Security Update for Windows XP (KB961501)
                Security Update for Windows XP (KB969059)
                Security Update for Windows XP (KB970238)
                Security Update for Windows XP (KB970430)
                Security Update for Windows XP (KB971468)
                Security Update for Windows XP (KB971657)
                Security Update for Windows XP (KB972270)
                Security Update for Windows XP (KB973507)
                Security Update for Windows XP (KB973869)
                Security Update for Windows XP (KB973904)
                Security Update for Windows XP (KB974112)
                Security Update for Windows XP (KB974318)
                Security Update for Windows XP (KB974392)
                Security Update for Windows XP (KB974571)
                Security Update for Windows XP (KB975025)
                Security Update for Windows XP (KB975467)
                Security Update for Windows XP (KB975560)
                Security Update for Windows XP (KB975561)
                Security Update for Windows XP (KB975562)
                Security Update for Windows XP (KB975713)
                Security Update for Windows XP (KB977816)
                Security Update for Windows XP (KB977914)
                Security Update for Windows XP (KB978037)
                Security Update for Windows XP (KB978338)
                Security Update for Windows XP (KB978542)
                Security Update for Windows XP (KB978601)
                Security Update for Windows XP (KB978706)
                Security Update for Windows XP (KB979309)
                Security Update for Windows XP (KB979482)
                Security Update for Windows XP (KB979559)
                Security Update for Windows XP (KB979683)
                Security Update for Windows XP (KB979687)
                Security Update for Windows XP (KB980195)
                Security Update for Windows XP (KB980218)
                Security Update for Windows XP (KB980232)
                Security Update for Windows XP (KB980436)
                Security Update for Windows XP (KB981322)
                Security Update for Windows XP (KB981852)
                Security Update for Windows XP (KB981957)
                Security Update for Windows XP (KB981997)
                Security Update for Windows XP (KB982132)
                Security Update for Windows XP (KB982214)
                Security Update for Windows XP (KB982665)
                Security Update for Windows XP (KB982802)
                Segoe UI
                Skype™ 5.5
                SLOW-PCfighter
                SoundTrax
                TextPad 5
                TuneUp Utilities Language Pack (en-US)
                Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
                Update for Microsoft Windows (KB971513)
                Update for Windows Internet Explorer 8 (KB2447568)
                Update for Windows XP (KB2141007)
                Update for Windows XP (KB2345886)
                Update for Windows XP (KB2467659)
                Update for Windows XP (KB2492386)
                Update for Windows XP (KB2541763)
                Update for Windows XP (KB2607712)
                Update for Windows XP (KB2616676-v2)
                Update for Windows XP (KB951978)
                Update for Windows XP (KB955759)
                Update for Windows XP (KB961503)
                Update for Windows XP (KB967715)
                Update for Windows XP (KB968389)
                Update for Windows XP (KB971029)
                Update for Windows XP (KB971737)
                Update for Windows XP (KB973687)
                Update for Windows XP (KB973815)
                VC80CRTRedist - 8.0.50727.6195
                VideoLAN VLC media player 0.8.6f
                WampServer 2.2
                WavePad Sound Editor
                WeatherBug
                WebFldrs XP
                Windows Easy Transfer for Windows 7
                Windows Genuine Advantage Validation Tool (KB892130)
                Windows Live Call
                Windows Live Communications Platform
                Windows Live Essentials
                Windows Live Messenger
                Windows Live Upload Tool
                Windows Management Framework Core
                Windows Media Format 11 runtime
                Windows Media Player 11
                Windows Movie Maker 2.0
                Windows Presentation Foundation
                Windows Search 4.0
                Windows XP Service Pack 3
                WinRAR 4.01 (32-bit)
                WolfQuest
                Xfire (remove only)
                XML Paper Specification Shared Components Pack 1.0
                Zoo Tycoon 2 - Ultimate Collection
                .
                ==== Event Viewer Messages From Past Week ========
                .
                1/16/2012 8:04:13 PM, error: Service Control Manager [7034]  - The Telephony service terminated unexpectedly.  It has done this 2 time(s).
                1/16/2012 8:04:13 PM, error: Service Control Manager [7034]  - The System Event Notification service terminated unexpectedly.  It has done this 2 time(s).
                1/16/2012 8:04:13 PM, error: Service Control Manager [7034]  - The Remote Access Connection Manager service terminated unexpectedly.  It has done this 2 time(s).
                1/16/2012 8:04:13 PM, error: Service Control Manager [7034]  - The Network Location Awareness (NLA) service terminated unexpectedly.  It has done this 2 time(s).
                1/16/2012 8:04:13 PM, error: Service Control Manager [7034]  - The Network Connections service terminated unexpectedly.  It has done this 2 time(s).
                1/16/2012 8:04:13 PM, error: Service Control Manager [7034]  - The COM+ Event System service terminated unexpectedly.  It has done this 2 time(s).
                1/16/2012 8:04:13 PM, error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
                1/16/2012 8:04:13 PM, error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
                1/16/2012 8:04:13 PM, error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
                1/16/2012 8:04:13 PM, error: Service Control Manager [7031]  - The Help and Support service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
                1/16/2012 7:25:36 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 1.109.351.0    Update Source: Microsoft Update Server    Update Stage: Search    Source Path: Default URL    Signature Type: AntiVirus    Update Type: Full    User: NT AUTHORITY\SYSTEM    Current Engine Version:     Previous Engine Version: 1.1.7104.0    Error code: 0x80070422    Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
                1/16/2012 7:25:36 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
                1/12/2012 7:27:35 PM, error: Service Control Manager [7034]  - The CleanMyPC Watcher service terminated unexpectedly.  It has done this 3 time(s).
                1/12/2012 7:26:16 PM, error: Service Control Manager [7031]  - The CleanMyPC Watcher service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
                1/12/2012 7:21:16 PM, error: Application Popup [877]  - There was error [DATABASE OPEN FAILED] processing the driver database.
                1/12/2012 2:44:05 AM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
                1/12/2012 2:43:25 AM, error: Service Control Manager [7034]  - The Wireless Zero Configuration service terminated unexpectedly.  It has done this 1 time(s).
                1/12/2012 2:43:24 AM, error: Service Control Manager [7034]  - The Windows Audio service terminated unexpectedly.  It has done this 1 time(s).
                1/12/2012 2:43:24 AM, error: Service Control Manager [7034]  - The Server service terminated unexpectedly.  It has done this 1 time(s).
                1/12/2012 2:43:24 AM, error: Service Control Manager [7034]  - The HID Input Service service terminated unexpectedly.  It has done this 1 time(s).
                1/12/2012 2:43:24 AM, error: Service Control Manager [7034]  - The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).
                1/12/2012 2:43:24 AM, error: Service Control Manager [7034]  - The Cryptographic Services service terminated unexpectedly.  It has done this 1 time(s).
                1/12/2012 2:43:24 AM, error: Service Control Manager [7034]  - The Computer Browser service terminated unexpectedly.  It has done this 1 time(s).
                1/12/2012 2:43:24 AM, error: Service Control Manager [7034]  - The COM+ Event System service terminated unexpectedly.  It has done this 1 time(s).
                1/12/2012 2:43:24 AM, error: Service Control Manager [7034]  - The Automatic Updates service terminated unexpectedly.  It has done this 1 time(s).
                1/12/2012 2:43:24 AM, error: Service Control Manager [7031]  - The Windows Time service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
                1/12/2012 2:43:24 AM, error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
                1/12/2012 2:43:24 AM, error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.
                1/12/2012 2:43:24 AM, error: Service Control Manager [7031]  - The Help and Support service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
                1/12/2012 2:43:24 AM, error: Service Control Manager [7031]  - The CleanMyPC Watcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
                1/12/2012 2:43:24 AM, error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
                1/12/2012 2:43:24 AM, error: Service Control Manager [7022]  - The Automatic Updates service hung on starting.
                1/12/2012 2:43:24 AM, error: Service Control Manager [7000]  - The Windows Firewall/Internet Connection Sharing (ICS) service failed to start due to the following error:  The pipe state is invalid.
                1/12/2012 2:43:24 AM, error: Service Control Manager [7000]  - The Security Center service failed to start due to the following error:  The pipe state is invalid.
                1/12/2012 2:16:30 AM, error: Service Control Manager [7034]  - The COM+ Event System service terminated unexpectedly.  It has done this 4 time(s).
                1/11/2012 9:57:23 PM, error: Service Control Manager [7034]  - The Network Location Awareness (NLA) service terminated unexpectedly.  It has done this 3 time(s).
                1/11/2012 9:57:23 PM, error: Service Control Manager [7034]  - The COM+ Event System service terminated unexpectedly.  It has done this 3 time(s).
                1/11/2012 9:44:50 AM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
                1/11/2012 8:10:30 PM, error: Service Control Manager [7034]  - The Workstation service terminated unexpectedly.  It has done this 1 time(s).
                1/11/2012 8:10:30 PM, error: Service Control Manager [7034]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated unexpectedly.  It has done this 1 time(s).
                1/11/2012 8:10:30 PM, error: Service Control Manager [7034]  - The Telephony service terminated unexpectedly.  It has done this 1 time(s).
                1/11/2012 8:10:30 PM, error: Service Control Manager [7034]  - The System Event Notification service terminated unexpectedly.  It has done this 1 time(s).
                1/11/2012 8:10:30 PM, error: Service Control Manager [7034]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).
                1/11/2012 8:10:30 PM, error: Service Control Manager [7034]  - The Remote Access Connection Manager service terminated unexpectedly.  It has done this 1 time(s).
                1/11/2012 8:10:30 PM, error: Service Control Manager [7034]  - The Network Location Awareness (NLA) service terminated unexpectedly.  It has done this 1 time(s).
                1/11/2012 8:10:30 PM, error: Service Control Manager [7034]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).
                1/11/2012 8:10:30 PM, error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
                1/11/2012 7:58:00 PM, error: nvgts [5]  - A parity error was detected on \Device\Scsi\nvgts1.
                1/11/2012 3:42:04 PM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
                1/11/2012 3:07:09 PM, error: Service Control Manager [7022]  - The CleanMyPC Watcher service hung on starting.
                1/11/2012 12:09:41 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
                1/11/2012 11:30:14 PM, error: Service Control Manager [7034]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 3 time(s).
                1/11/2012 11:28:45 PM, error: Service Control Manager [7031]  - The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.
                1/11/2012 11:25:37 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM ElRawDisk Fips MpFilter
                1/11/2012 11:10:32 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdPPM Avgldx86 Avgmfx86 ElRawDisk Fips MpFilter
                1/11/2012 11:09:54 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
                1/11/2012 10:45:19 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
                1/11/2012 10:29:17 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the CleanMyPC Watcher service to connect.
                1/11/2012 10:29:17 AM, error: Service Control Manager [7000]  - The SupportSoft Repair Service (providercomcast) service failed to start due to the following error:  The system cannot find the path specified.
                1/11/2012 10:29:17 AM, error: Service Control Manager [7000]  - The My Web Search Service service failed to start due to the following error:  The system cannot find the file specified.
                1/11/2012 10:29:17 AM, error: Service Control Manager [7000]  - The CleanMyPC Watcher service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
                1/10/2012 1:32:22 AM, error: Service Control Manager [7034]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).
                .
                ==== End Of File ===========================

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: svchost acting weird possible virus?
                « Reply #10 on: January 16, 2012, 07:49:33 PM »
                The DDS log shows that you have two AV's running on your computer which is a no-no. Either AVG Anti-Virus Free Edition 2012 or Microsoft Security Essentials should be permanently disabled or uninstalled.

                Please go to Jotti's malware scan
                (If more than one file needs scanned they must be done separately and links posted for each one)

                * Copy the file path in the below Code box:

                Code: [Select]
                c:\windows\system32\drivers\qpwxifby.sys 
                * At the upload site, click once inside the window next to Browse.
                * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
                * Next click Submit file
                * Your file will possibly be entered into a queue which normally takes less than a minute to clear.
                * This will perform a scan across multiple different virus scanning engines.
                * Important: Wait for all of the scanning engines to complete.
                * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
                ***********************************************************
                * Open OTL
                * Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

                Code: [Select]
                :OTL

                uURLSearchHooks: H - No File
                mURLSearchHooks: H - No File {02478d38-c3f9-4efb-9b51-7695eca05670}
                TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
                TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
                TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
                TB: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File {9d425283-d487-4337-bab6-ab8354a81457}
                Trusted Zone: carepages.com\www

                :files

                c:\windows\~DF5F7A.tmp
                c:\windows\~DF3F6A.tmp
                c:\windows\~DFEC8A.tmp
                c:\windows\~DFA20C.tmp
                c:\windows\~DF72DC.tmp
                c:\windows\~DF5E45.tmp
                C:\found.000
                c:\aeriagames\wolfteam\gameguard\dump_wmimmc.sys

                :folders
                c:\aeriagames\wolfteam

                :services
                S3 dump_wmimmc;dump_wmimmc;

                :COMMANDS
                [resethosts]
                [purity]
                [start explorer]

                * Click Run Fix
                * OTLI2 may ask to reboot the machine. Please do so if asked.
                * Click OK
                * A report will open. Copy and Paste that report in your next reply.
                *****************************************************************
                Download Combofix from any of the links below, and save it to your desktop

                Link 1
                Link 2
                Link 3

                When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

                Refer to this image:

                To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
                • Close any open windows and double click PCHelpForum.exe to run it.

                  You will see the following image:


                Click I Agree to start the program.

                ComboFix will then extract the necessary files and you will see this:



                As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

                It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

                If you did not have it installed, you will see the prompt below. Choose YES.



                Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

                **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

                Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



                Click on Yes, to continue scanning for malware.

                When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

                Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

                Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.
                Windows 8 and Windows 10 dual boot with two SSD's