Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Dropper.BCMiner


  • This topic is locked This topic is locked
8 replies to this topic

#1 wouterdekabouter

wouterdekabouter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 June 2012 - 08:11 AM

I need help with removing this virus, it won't go away. I'm using windows 7 and opera as a browser. It started with mcafee telling me every ten minutes that it removed a trojan called Artemis!6DE2078B3DAF. I decided to use avg, malwarebytes and spybot, they removed a couple of trojans, after this my computer worked better, but the next time I booted it got slower and slower until I couldn't open any program and the only way the computer would shut down was when I pulled the plug. I then decided to us safe mode to try and do the same scans again, but for some reason i changed the screen resolution in safe mode to a resolution that it couldn't handle, after this i was stuck with a normal mode that wouldn't work and a safe mode with a black screen. So I did a system restore as far back as it could go.

After reading this thread: http://www.bleepingcomputer.com/forums/topic455556.html i did TDSSkiller, aswMBR, ES online scan, mini toolbox and after rebooting this morning I ran malwarebytes. (I couldn't run Rogue killer) I will post the results in the next post.

Edited by wouterdekabouter, 03 June 2012 - 08:17 AM.


BC AdBot (Login to Remove)

 


#2 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 June 2012 - 08:13 AM

TDSS



01:36:30.0059 3560 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
01:36:30.0199 3560 ============================================================
01:36:30.0199 3560 Current date / time: 2012/06/03 01:36:30.0199
01:36:30.0199 3560 SystemInfo:
01:36:30.0199 3560
01:36:30.0199 3560 OS Version: 6.1.7601 ServicePack: 1.0
01:36:30.0199 3560 Product type: Workstation
01:36:30.0199 3560 ComputerName: WOUTER-PC
01:36:30.0199 3560 UserName: Wouter
01:36:30.0199 3560 Windows directory: C:\Windows
01:36:30.0199 3560 System windows directory: C:\Windows
01:36:30.0199 3560 Running under WOW64
01:36:30.0199 3560 Processor architecture: Intel x64
01:36:30.0199 3560 Number of processors: 4
01:36:30.0199 3560 Page size: 0x1000
01:36:30.0199 3560 Boot type: Normal boot
01:36:30.0199 3560 ============================================================
01:36:31.0244 3560 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:36:31.0254 3560 ============================================================
01:36:31.0254 3560 \Device\Harddisk0\DR0:
01:36:31.0254 3560 MBR partitions:
01:36:31.0254 3560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x187F000
01:36:31.0254 3560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1893000, BlocksNum 0x72E73000
01:36:31.0254 3560 ============================================================
01:36:31.0264 3560 C: <-> \Device\Harddisk0\DR0\Partition1
01:36:31.0264 3560 ============================================================
01:36:31.0264 3560 Initialize success
01:36:31.0264 3560 ============================================================
01:36:38.0739 1188 ============================================================
01:36:38.0739 1188 Scan started
01:36:38.0739 1188 Mode: Manual; TDLFS;
01:36:38.0739 1188 ============================================================
01:36:39.0756 1188 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
01:36:39.0759 1188 !SASCORE - ok
01:36:39.0879 1188 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:36:39.0884 1188 1394ohci - ok
01:36:39.0924 1188 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:36:39.0929 1188 ACPI - ok
01:36:39.0941 1188 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:36:39.0944 1188 AcpiPmi - ok
01:36:40.0031 1188 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:36:40.0031 1188 AdobeARMservice - ok
01:36:40.0056 1188 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
01:36:40.0064 1188 adp94xx - ok
01:36:40.0129 1188 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
01:36:40.0134 1188 adpahci - ok
01:36:40.0151 1188 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
01:36:40.0154 1188 adpu320 - ok
01:36:40.0179 1188 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:36:40.0179 1188 AeLookupSvc - ok
01:36:40.0224 1188 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:36:40.0231 1188 AFD - ok
01:36:40.0246 1188 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:36:40.0249 1188 agp440 - ok
01:36:40.0264 1188 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:36:40.0264 1188 ALG - ok
01:36:40.0279 1188 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:36:40.0281 1188 aliide - ok
01:36:40.0331 1188 AMD External Events Utility (11276158eeeeadf3eb154061bfc80a19) C:\Windows\system32\atiesrxx.exe
01:36:40.0331 1188 AMD External Events Utility - ok
01:36:40.0341 1188 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:36:40.0341 1188 amdide - ok
01:36:40.0356 1188 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
01:36:40.0359 1188 AmdK8 - ok
01:36:40.0571 1188 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
01:36:40.0689 1188 amdkmdag - ok
01:36:40.0746 1188 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
01:36:40.0751 1188 amdkmdap - ok
01:36:40.0766 1188 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
01:36:40.0769 1188 AmdPPM - ok
01:36:40.0814 1188 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:36:40.0816 1188 amdsata - ok
01:36:40.0836 1188 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
01:36:40.0839 1188 amdsbs - ok
01:36:40.0856 1188 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:36:40.0859 1188 amdxata - ok
01:36:40.0914 1188 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:36:40.0916 1188 AppID - ok
01:36:40.0929 1188 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:36:40.0931 1188 AppIDSvc - ok
01:36:40.0944 1188 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:36:40.0946 1188 Appinfo - ok
01:36:40.0956 1188 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
01:36:40.0959 1188 arc - ok
01:36:40.0976 1188 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
01:36:40.0979 1188 arcsas - ok
01:36:41.0061 1188 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:36:41.0061 1188 aspnet_state - ok
01:36:41.0091 1188 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:36:41.0091 1188 AsyncMac - ok
01:36:41.0119 1188 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:36:41.0119 1188 atapi - ok
01:36:41.0169 1188 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
01:36:41.0171 1188 AtiHDAudioService - ok
01:36:41.0194 1188 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:36:41.0199 1188 AudioEndpointBuilder - ok
01:36:41.0204 1188 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:36:41.0206 1188 AudioSrv - ok
01:36:41.0256 1188 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:36:41.0259 1188 AxInstSV - ok
01:36:41.0309 1188 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
01:36:41.0314 1188 b06bdrv - ok
01:36:41.0334 1188 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:36:41.0339 1188 b57nd60a - ok
01:36:41.0491 1188 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
01:36:41.0494 1188 BBSvc - ok
01:36:41.0509 1188 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
01:36:41.0511 1188 BBUpdate - ok
01:36:41.0524 1188 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:36:41.0526 1188 BDESVC - ok
01:36:41.0534 1188 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:36:41.0536 1188 Beep - ok
01:36:41.0574 1188 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
01:36:41.0586 1188 BITS - ok
01:36:41.0596 1188 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:36:41.0599 1188 blbdrive - ok
01:36:41.0619 1188 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:36:41.0619 1188 bowser - ok
01:36:41.0631 1188 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
01:36:41.0634 1188 BrFiltLo - ok
01:36:41.0671 1188 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
01:36:41.0671 1188 BrFiltUp - ok
01:36:41.0721 1188 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:36:41.0724 1188 Browser - ok
01:36:41.0744 1188 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:36:41.0749 1188 Brserid - ok
01:36:41.0764 1188 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:36:41.0766 1188 BrSerWdm - ok
01:36:41.0776 1188 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:36:41.0779 1188 BrUsbMdm - ok
01:36:41.0786 1188 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:36:41.0786 1188 BrUsbSer - ok
01:36:41.0809 1188 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
01:36:41.0809 1188 BTHMODEM - ok
01:36:41.0844 1188 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:36:41.0846 1188 bthserv - ok
01:36:41.0879 1188 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:36:41.0881 1188 cdfs - ok
01:36:41.0899 1188 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:36:41.0901 1188 cdrom - ok
01:36:41.0934 1188 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:36:41.0936 1188 CertPropSvc - ok
01:36:41.0974 1188 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
01:36:41.0976 1188 cfwids - ok
01:36:41.0994 1188 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
01:36:41.0994 1188 circlass - ok
01:36:42.0016 1188 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:36:42.0021 1188 CLFS - ok
01:36:42.0159 1188 CLKMSVC10_9EC60124 (730bf325e4cc1e3935b81943ac6da216) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
01:36:42.0161 1188 CLKMSVC10_9EC60124 - ok
01:36:42.0214 1188 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:36:42.0216 1188 clr_optimization_v2.0.50727_32 - ok
01:36:42.0259 1188 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:36:42.0261 1188 clr_optimization_v2.0.50727_64 - ok
01:36:42.0316 1188 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:36:42.0316 1188 clr_optimization_v4.0.30319_32 - ok
01:36:42.0359 1188 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:36:42.0359 1188 clr_optimization_v4.0.30319_64 - ok
01:36:42.0419 1188 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
01:36:42.0419 1188 CmBatt - ok
01:36:42.0436 1188 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:36:42.0436 1188 cmdide - ok
01:36:42.0494 1188 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
01:36:42.0501 1188 CNG - ok
01:36:42.0554 1188 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
01:36:42.0581 1188 CnxtHdAudService - ok
01:36:42.0626 1188 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
01:36:42.0626 1188 Compbatt - ok
01:36:42.0659 1188 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
01:36:42.0661 1188 CompositeBus - ok
01:36:42.0664 1188 COMSysApp - ok
01:36:42.0686 1188 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
01:36:42.0689 1188 crcdisk - ok
01:36:42.0734 1188 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
01:36:42.0736 1188 CryptSvc - ok
01:36:42.0869 1188 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:36:42.0871 1188 cvhsvc - ok
01:36:42.0914 1188 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
01:36:42.0916 1188 CVirtA - ok
01:36:43.0049 1188 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
01:36:43.0061 1188 CVPND - ok
01:36:43.0126 1188 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
01:36:43.0131 1188 CVPNDRVA - ok
01:36:43.0196 1188 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:36:43.0204 1188 DcomLaunch - ok
01:36:43.0226 1188 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:36:43.0231 1188 defragsvc - ok
01:36:43.0276 1188 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:36:43.0279 1188 DfsC - ok
01:36:43.0334 1188 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:36:43.0339 1188 Dhcp - ok
01:36:43.0349 1188 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:36:43.0351 1188 discache - ok
01:36:43.0384 1188 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
01:36:43.0386 1188 Disk - ok
01:36:43.0424 1188 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
01:36:43.0426 1188 DNE - ok
01:36:43.0474 1188 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:36:43.0476 1188 Dnscache - ok
01:36:43.0489 1188 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:36:43.0494 1188 dot3svc - ok
01:36:43.0511 1188 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:36:43.0514 1188 DPS - ok
01:36:43.0551 1188 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:36:43.0551 1188 drmkaud - ok
01:36:43.0626 1188 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
01:36:43.0629 1188 dtsoftbus01 - ok
01:36:43.0664 1188 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:36:43.0671 1188 DXGKrnl - ok
01:36:43.0706 1188 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:36:43.0709 1188 EapHost - ok
01:36:43.0804 1188 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
01:36:43.0861 1188 ebdrv - ok
01:36:43.0964 1188 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:36:43.0966 1188 EFS - ok
01:36:44.0009 1188 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:36:44.0014 1188 ehRecvr - ok
01:36:44.0026 1188 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:36:44.0029 1188 ehSched - ok
01:36:44.0069 1188 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
01:36:44.0076 1188 elxstor - ok
01:36:44.0104 1188 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:36:44.0106 1188 ErrDev - ok
01:36:44.0161 1188 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:36:44.0166 1188 EventSystem - ok
01:36:44.0209 1188 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:36:44.0211 1188 exfat - ok
01:36:44.0229 1188 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:36:44.0231 1188 fastfat - ok
01:36:44.0261 1188 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:36:44.0271 1188 Fax - ok
01:36:44.0284 1188 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
01:36:44.0284 1188 fdc - ok
01:36:44.0314 1188 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:36:44.0316 1188 fdPHost - ok
01:36:44.0329 1188 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:36:44.0331 1188 FDResPub - ok
01:36:44.0366 1188 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:36:44.0369 1188 FileInfo - ok
01:36:44.0376 1188 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:36:44.0376 1188 Filetrace - ok
01:36:44.0389 1188 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
01:36:44.0391 1188 flpydisk - ok
01:36:44.0414 1188 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:36:44.0419 1188 FltMgr - ok
01:36:44.0466 1188 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:36:44.0496 1188 FontCache - ok
01:36:44.0551 1188 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:36:44.0551 1188 FontCache3.0.0.0 - ok
01:36:44.0569 1188 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:36:44.0571 1188 FsDepends - ok
01:36:44.0606 1188 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:36:44.0609 1188 Fs_Rec - ok
01:36:44.0624 1188 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:36:44.0629 1188 fvevol - ok
01:36:44.0644 1188 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
01:36:44.0646 1188 gagp30kx - ok
01:36:44.0676 1188 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:36:44.0686 1188 gpsvc - ok
01:36:44.0809 1188 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:36:44.0811 1188 gupdate - ok
01:36:44.0814 1188 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:36:44.0816 1188 gupdatem - ok
01:36:44.0831 1188 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:36:44.0831 1188 hcw85cir - ok
01:36:44.0871 1188 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:36:44.0874 1188 HDAudBus - ok
01:36:44.0884 1188 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
01:36:44.0886 1188 HidBatt - ok
01:36:44.0901 1188 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
01:36:44.0904 1188 HidBth - ok
01:36:44.0934 1188 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
01:36:44.0934 1188 HidIr - ok
01:36:44.0949 1188 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
01:36:44.0951 1188 hidserv - ok
01:36:45.0011 1188 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:36:45.0014 1188 HidUsb - ok
01:36:45.0024 1188 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:36:45.0026 1188 hkmsvc - ok
01:36:45.0066 1188 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:36:45.0071 1188 HomeGroupListener - ok
01:36:45.0111 1188 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:36:45.0114 1188 HomeGroupProvider - ok
01:36:45.0124 1188 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:36:45.0126 1188 HpSAMD - ok
01:36:45.0159 1188 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:36:45.0166 1188 HTTP - ok
01:36:45.0174 1188 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:36:45.0176 1188 hwpolicy - ok
01:36:45.0191 1188 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
01:36:45.0194 1188 i8042prt - ok
01:36:45.0286 1188 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:36:45.0299 1188 iaStorV - ok
01:36:45.0376 1188 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:36:45.0381 1188 idsvc - ok
01:36:45.0446 1188 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
01:36:45.0446 1188 iirsp - ok
01:36:45.0509 1188 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:36:45.0519 1188 IKEEXT - ok
01:36:45.0541 1188 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:36:45.0544 1188 intelide - ok
01:36:45.0576 1188 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:36:45.0579 1188 intelppm - ok
01:36:45.0616 1188 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:36:45.0621 1188 IPBusEnum - ok
01:36:45.0634 1188 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:36:45.0636 1188 IpFilterDriver - ok
01:36:45.0641 1188 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:36:45.0644 1188 IPMIDRV - ok
01:36:45.0651 1188 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:36:45.0651 1188 IPNAT - ok
01:36:45.0664 1188 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:36:45.0666 1188 IRENUM - ok
01:36:45.0686 1188 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:36:45.0689 1188 isapnp - ok
01:36:45.0714 1188 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:36:45.0716 1188 iScsiPrt - ok
01:36:45.0729 1188 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:36:45.0736 1188 kbdclass - ok
01:36:45.0746 1188 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:36:45.0746 1188 kbdhid - ok
01:36:45.0779 1188 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:36:45.0781 1188 KeyIso - ok
01:36:45.0799 1188 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
01:36:45.0801 1188 KSecDD - ok
01:36:45.0811 1188 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
01:36:45.0814 1188 KSecPkg - ok
01:36:45.0831 1188 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:36:45.0831 1188 ksthunk - ok
01:36:45.0859 1188 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:36:45.0864 1188 KtmRm - ok
01:36:45.0904 1188 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
01:36:45.0909 1188 LanmanServer - ok
01:36:45.0926 1188 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:36:45.0929 1188 LanmanWorkstation - ok
01:36:46.0099 1188 Lavasoft Ad-Aware Service (55afd4a9d5ed4ad40d5215ccdf4d65f3) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
01:36:46.0116 1188 Lavasoft Ad-Aware Service - ok
01:36:46.0161 1188 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
01:36:46.0164 1188 Lavasoft Kernexplorer - ok
01:36:46.0294 1188 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
01:36:46.0294 1188 Lbd - ok
01:36:46.0356 1188 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:36:46.0359 1188 lltdio - ok
01:36:46.0406 1188 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:36:46.0411 1188 lltdsvc - ok
01:36:46.0424 1188 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:36:46.0426 1188 lmhosts - ok
01:36:46.0464 1188 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
01:36:46.0466 1188 LSI_FC - ok
01:36:46.0664 1188 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
01:36:46.0664 1188 LSI_SAS - ok
01:36:46.0674 1188 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
01:36:46.0674 1188 LSI_SAS2 - ok
01:36:46.0689 1188 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
01:36:46.0691 1188 LSI_SCSI - ok
01:36:46.0749 1188 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:36:46.0751 1188 luafv - ok
01:36:46.0836 1188 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
01:36:46.0839 1188 McAWFwk - ok
01:36:46.0901 1188 McMPFSvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:36:46.0904 1188 McMPFSvc - ok
01:36:46.0926 1188 mcmscsvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
01:36:46.0929 1188 mcmscsvc - ok
01:36:46.0934 1188 McNaiAnn (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
01:36:46.0936 1188 McNaiAnn - ok
01:36:46.0951 1188 McNASvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
01:36:46.0954 1188 McNASvc - ok
01:36:47.0029 1188 McODS (3809b77eb1734cd5fb317425f188abc1) C:\Program Files\mcafee\VirusScan\mcods.exe
01:36:47.0034 1188 McODS - ok
01:36:47.0039 1188 McOobeSv (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
01:36:47.0044 1188 McOobeSv - ok
01:36:47.0049 1188 McProxy (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
01:36:47.0051 1188 McProxy - ok
01:36:47.0091 1188 McShield (87cc32f90123313a3febe6a71fc62dad) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
01:36:47.0094 1188 McShield - ok
01:36:47.0151 1188 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:36:47.0154 1188 Mcx2Svc - ok
01:36:47.0189 1188 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
01:36:47.0191 1188 megasas - ok
01:36:47.0236 1188 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
01:36:47.0241 1188 MegaSR - ok
01:36:47.0274 1188 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
01:36:47.0276 1188 MEIx64 - ok
01:36:47.0291 1188 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
01:36:47.0294 1188 mfeapfk - ok
01:36:47.0314 1188 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
01:36:47.0316 1188 mfeavfk - ok
01:36:47.0334 1188 mfeavfk01 - ok
01:36:47.0364 1188 mfefire (ad2b622b46b78f212eb82330073b79e0) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
01:36:47.0369 1188 mfefire - ok
01:36:47.0419 1188 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
01:36:47.0426 1188 mfefirek - ok
01:36:47.0476 1188 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
01:36:47.0484 1188 mfehidk - ok
01:36:47.0524 1188 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
01:36:47.0526 1188 mfenlfk - ok
01:36:47.0544 1188 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
01:36:47.0546 1188 mferkdet - ok
01:36:47.0566 1188 mfevtp (39e1dfb1700294e6c829465bd39e58b2) C:\Windows\system32\mfevtps.exe
01:36:47.0569 1188 mfevtp - ok
01:36:47.0584 1188 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
01:36:47.0589 1188 mfewfpk - ok
01:36:47.0611 1188 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:36:47.0614 1188 MMCSS - ok
01:36:47.0629 1188 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:36:47.0629 1188 Modem - ok
01:36:47.0656 1188 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:36:47.0656 1188 monitor - ok
01:36:47.0699 1188 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:36:47.0699 1188 mouclass - ok
01:36:47.0754 1188 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:36:47.0754 1188 mouhid - ok
01:36:47.0766 1188 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:36:47.0769 1188 mountmgr - ok
01:36:47.0784 1188 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:36:47.0786 1188 mpio - ok
01:36:47.0806 1188 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:36:47.0806 1188 mpsdrv - ok
01:36:47.0826 1188 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:36:47.0829 1188 MRxDAV - ok
01:36:47.0886 1188 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:36:47.0889 1188 mrxsmb - ok
01:36:47.0941 1188 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:36:47.0944 1188 mrxsmb10 - ok
01:36:47.0961 1188 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:36:47.0964 1188 mrxsmb20 - ok
01:36:47.0984 1188 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:36:47.0986 1188 msahci - ok
01:36:48.0001 1188 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:36:48.0004 1188 msdsm - ok
01:36:48.0019 1188 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:36:48.0021 1188 MSDTC - ok
01:36:48.0036 1188 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:36:48.0036 1188 Msfs - ok
01:36:48.0054 1188 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:36:48.0054 1188 mshidkmdf - ok
01:36:48.0069 1188 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:36:48.0071 1188 msisadrv - ok
01:36:48.0096 1188 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:36:48.0101 1188 MSiSCSI - ok
01:36:48.0104 1188 msiserver - ok
01:36:48.0174 1188 MSK80Service (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:36:48.0179 1188 MSK80Service - ok
01:36:48.0211 1188 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:36:48.0211 1188 MSKSSRV - ok
01:36:48.0226 1188 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:36:48.0226 1188 MSPCLOCK - ok
01:36:48.0241 1188 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:36:48.0241 1188 MSPQM - ok
01:36:48.0259 1188 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:36:48.0264 1188 MsRPC - ok
01:36:48.0279 1188 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
01:36:48.0281 1188 mssmbios - ok
01:36:48.0289 1188 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:36:48.0291 1188 MSTEE - ok
01:36:48.0304 1188 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
01:36:48.0306 1188 MTConfig - ok
01:36:48.0321 1188 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:36:48.0324 1188 Mup - ok
01:36:48.0391 1188 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:36:48.0399 1188 napagent - ok
01:36:48.0441 1188 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:36:48.0446 1188 NativeWifiP - ok
01:36:48.0501 1188 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
01:36:48.0514 1188 NDIS - ok
01:36:48.0544 1188 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:36:48.0544 1188 NdisCap - ok
01:36:48.0584 1188 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:36:48.0584 1188 NdisTapi - ok
01:36:48.0601 1188 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:36:48.0604 1188 Ndisuio - ok
01:36:48.0621 1188 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:36:48.0624 1188 NdisWan - ok
01:36:48.0641 1188 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:36:48.0641 1188 NDProxy - ok
01:36:48.0664 1188 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:36:48.0664 1188 NetBIOS - ok
01:36:48.0699 1188 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:36:48.0704 1188 NetBT - ok
01:36:48.0751 1188 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:36:48.0754 1188 Netlogon - ok
01:36:48.0791 1188 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:36:48.0796 1188 Netman - ok
01:36:48.0869 1188 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:36:48.0871 1188 NetMsmqActivator - ok
01:36:48.0876 1188 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:36:48.0879 1188 NetPipeActivator - ok
01:36:48.0929 1188 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:36:48.0936 1188 netprofm - ok
01:36:48.0941 1188 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:36:48.0944 1188 NetTcpActivator - ok
01:36:48.0946 1188 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:36:48.0949 1188 NetTcpPortSharing - ok
01:36:48.0996 1188 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
01:36:48.0999 1188 nfrd960 - ok
01:36:49.0044 1188 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:36:49.0049 1188 NlaSvc - ok
01:36:49.0181 1188 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
01:36:49.0196 1188 NOBU - ok
01:36:49.0244 1188 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:36:49.0244 1188 Npfs - ok
01:36:49.0259 1188 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:36:49.0259 1188 nsi - ok
01:36:49.0271 1188 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:36:49.0274 1188 nsiproxy - ok
01:36:49.0359 1188 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:36:49.0386 1188 Ntfs - ok
01:36:49.0421 1188 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:36:49.0421 1188 Null - ok
01:36:49.0476 1188 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:36:49.0479 1188 nvraid - ok
01:36:49.0501 1188 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:36:49.0504 1188 nvstor - ok
01:36:49.0546 1188 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:36:49.0549 1188 nv_agp - ok
01:36:49.0561 1188 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:36:49.0561 1188 ohci1394 - ok
01:36:49.0584 1188 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:36:49.0586 1188 ose - ok
01:36:49.0796 1188 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:36:49.0824 1188 osppsvc - ok
01:36:49.0884 1188 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:36:49.0889 1188 p2pimsvc - ok
01:36:49.0911 1188 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:36:49.0919 1188 p2psvc - ok
01:36:49.0931 1188 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
01:36:49.0934 1188 Parport - ok
01:36:49.0979 1188 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:36:49.0981 1188 partmgr - ok
01:36:49.0996 1188 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:36:50.0001 1188 PcaSvc - ok
01:36:50.0096 1188 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
01:36:50.0099 1188 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
01:36:50.0124 1188 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:36:50.0126 1188 pci - ok
01:36:50.0149 1188 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:36:50.0151 1188 pciide - ok
01:36:50.0169 1188 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
01:36:50.0174 1188 pcmcia - ok
01:36:50.0186 1188 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:36:50.0186 1188 pcw - ok
01:36:50.0221 1188 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:36:50.0231 1188 PEAUTH - ok
01:36:50.0314 1188 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:36:50.0314 1188 PerfHost - ok
01:36:50.0371 1188 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:36:50.0399 1188 pla - ok
01:36:50.0434 1188 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:36:50.0439 1188 PlugPlay - ok
01:36:50.0454 1188 PnkBstrA - ok
01:36:50.0469 1188 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:36:50.0471 1188 PNRPAutoReg - ok
01:36:50.0491 1188 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:36:50.0496 1188 PNRPsvc - ok
01:36:50.0526 1188 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:36:50.0534 1188 PolicyAgent - ok
01:36:50.0576 1188 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:36:50.0581 1188 Power - ok
01:36:50.0629 1188 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:36:50.0631 1188 PptpMiniport - ok
01:36:50.0646 1188 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
01:36:50.0646 1188 Processor - ok
01:36:50.0669 1188 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
01:36:50.0674 1188 ProfSvc - ok
01:36:50.0716 1188 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:36:50.0719 1188 ProtectedStorage - ok
01:36:50.0731 1188 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:36:50.0734 1188 Psched - ok
01:36:50.0759 1188 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
01:36:50.0761 1188 PxHlpa64 - ok
01:36:50.0836 1188 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
01:36:50.0866 1188 ql2300 - ok
01:36:50.0921 1188 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
01:36:50.0924 1188 ql40xx - ok
01:36:50.0944 1188 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:36:50.0946 1188 QWAVE - ok
01:36:50.0959 1188 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:36:50.0959 1188 QWAVEdrv - ok
01:36:50.0966 1188 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:36:50.0966 1188 RasAcd - ok
01:36:51.0046 1188 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:36:51.0046 1188 RasAgileVpn - ok
01:36:51.0086 1188 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:36:51.0089 1188 RasAuto - ok
01:36:51.0106 1188 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:36:51.0109 1188 Rasl2tp - ok
01:36:51.0156 1188 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:36:51.0164 1188 RasMan - ok
01:36:51.0179 1188 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:36:51.0181 1188 RasPppoe - ok
01:36:51.0189 1188 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:36:51.0191 1188 RasSstp - ok
01:36:51.0214 1188 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:36:51.0219 1188 rdbss - ok
01:36:51.0236 1188 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
01:36:51.0236 1188 rdpbus - ok
01:36:51.0251 1188 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:36:51.0251 1188 RDPCDD - ok
01:36:51.0261 1188 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:36:51.0261 1188 RDPENCDD - ok
01:36:51.0269 1188 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:36:51.0271 1188 RDPREFMP - ok
01:36:51.0314 1188 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
01:36:51.0316 1188 RDPWD - ok
01:36:51.0361 1188 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:36:51.0364 1188 rdyboost - ok
01:36:51.0391 1188 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:36:51.0396 1188 RemoteAccess - ok
01:36:51.0406 1188 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:36:51.0411 1188 RemoteRegistry - ok
01:36:51.0534 1188 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
01:36:51.0544 1188 RoxMediaDB12OEM - ok
01:36:51.0581 1188 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
01:36:51.0584 1188 RoxWatch12 - ok
01:36:51.0629 1188 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:36:51.0631 1188 RpcEptMapper - ok
01:36:51.0644 1188 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:36:51.0646 1188 RpcLocator - ok
01:36:51.0701 1188 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:36:51.0706 1188 RpcSs - ok
01:36:51.0786 1188 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:36:51.0789 1188 rspndr - ok
01:36:51.0839 1188 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:36:51.0846 1188 RTL8167 - ok
01:36:51.0881 1188 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:36:51.0884 1188 SamSs - ok
01:36:51.0966 1188 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
01:36:51.0969 1188 SASDIFSV - ok
01:36:52.0001 1188 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
01:36:52.0001 1188 SASKUTIL - ok
01:36:52.0021 1188 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:36:52.0024 1188 sbp2port - ok
01:36:52.0044 1188 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:36:52.0049 1188 SCardSvr - ok
01:36:52.0064 1188 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:36:52.0064 1188 scfilter - ok
01:36:52.0111 1188 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:36:52.0134 1188 Schedule - ok
01:36:52.0156 1188 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:36:52.0159 1188 SCPolicySvc - ok
01:36:52.0171 1188 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:36:52.0176 1188 SDRSVC - ok
01:36:52.0211 1188 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:36:52.0211 1188 secdrv - ok
01:36:52.0226 1188 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:36:52.0229 1188 seclogon - ok
01:36:52.0279 1188 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
01:36:52.0281 1188 SENS - ok
01:36:52.0291 1188 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:36:52.0294 1188 SensrSvc - ok
01:36:52.0329 1188 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
01:36:52.0331 1188 Serenum - ok
01:36:52.0371 1188 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
01:36:52.0374 1188 Serial - ok
01:36:52.0379 1188 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
01:36:52.0381 1188 sermouse - ok
01:36:52.0401 1188 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:36:52.0404 1188 SessionEnv - ok
01:36:52.0406 1188 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:36:52.0406 1188 sffdisk - ok
01:36:52.0421 1188 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:36:52.0421 1188 sffp_mmc - ok
01:36:52.0434 1188 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:36:52.0436 1188 sffp_sd - ok
01:36:52.0444 1188 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
01:36:52.0444 1188 sfloppy - ok
01:36:52.0501 1188 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
01:36:52.0511 1188 Sftfs - ok
01:36:52.0606 1188 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:36:52.0609 1188 sftlist - ok
01:36:52.0704 1188 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:36:52.0706 1188 Sftplay - ok
01:36:52.0719 1188 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:36:52.0721 1188 Sftredir - ok
01:36:52.0829 1188 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
01:36:52.0841 1188 SftService - ok
01:36:52.0891 1188 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
01:36:52.0894 1188 Sftvol - ok
01:36:52.0914 1188 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:36:52.0916 1188 sftvsa - ok
01:36:52.0949 1188 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:36:52.0956 1188 ShellHWDetection - ok
01:36:52.0976 1188 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
01:36:52.0976 1188 SiSRaid2 - ok
01:36:52.0994 1188 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
01:36:52.0996 1188 SiSRaid4 - ok
01:36:53.0044 1188 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:36:53.0046 1188 Smb - ok
01:36:53.0074 1188 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:36:53.0076 1188 SNMPTRAP - ok
01:36:53.0084 1188 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:36:53.0084 1188 spldr - ok
01:36:53.0136 1188 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:36:53.0141 1188 Spooler - ok
01:36:53.0244 1188 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:36:53.0259 1188 sppsvc - ok
01:36:53.0316 1188 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:36:53.0319 1188 sppuinotify - ok
01:36:53.0371 1188 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:36:53.0376 1188 srv - ok
01:36:53.0396 1188 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:36:53.0401 1188 srv2 - ok
01:36:53.0416 1188 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:36:53.0419 1188 srvnet - ok
01:36:53.0474 1188 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:36:53.0479 1188 SSDPSRV - ok
01:36:53.0576 1188 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
01:36:53.0576 1188 SSPORT - ok
01:36:53.0589 1188 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:36:53.0591 1188 SstpSvc - ok
01:36:53.0616 1188 Steam Client Service - ok
01:36:53.0639 1188 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
01:36:53.0641 1188 stexstor - ok
01:36:53.0699 1188 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:36:53.0709 1188 stisvc - ok
01:36:53.0734 1188 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
01:36:53.0734 1188 stllssvr - ok
01:36:53.0739 1188 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
01:36:53.0739 1188 swenum - ok
01:36:53.0766 1188 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:36:53.0774 1188 swprv - ok
01:36:53.0829 1188 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:36:53.0856 1188 SysMain - ok
01:36:53.0899 1188 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:36:53.0901 1188 TabletInputService - ok
01:36:53.0921 1188 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:36:53.0926 1188 TapiSrv - ok
01:36:53.0941 1188 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:36:53.0946 1188 TBS - ok
01:36:54.0064 1188 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:36:54.0096 1188 Tcpip - ok
01:36:54.0214 1188 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:36:54.0229 1188 TCPIP6 - ok
01:36:54.0294 1188 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:36:54.0296 1188 tcpipreg - ok
01:36:54.0316 1188 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:36:54.0316 1188 TDPIPE - ok
01:36:54.0356 1188 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:36:54.0359 1188 TDTCP - ok
01:36:54.0376 1188 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:36:54.0379 1188 tdx - ok
01:36:54.0399 1188 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
01:36:54.0399 1188 TermDD - ok
01:36:54.0434 1188 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:36:54.0441 1188 TermService - ok
01:36:54.0451 1188 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:36:54.0454 1188 Themes - ok
01:36:54.0479 1188 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:36:54.0481 1188 THREADORDER - ok
01:36:54.0496 1188 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:36:54.0499 1188 TrkWks - ok
01:36:54.0521 1188 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:36:54.0524 1188 TrustedInstaller - ok
01:36:54.0536 1188 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:36:54.0536 1188 tssecsrv - ok
01:36:54.0569 1188 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:36:54.0571 1188 TsUsbFlt - ok
01:36:54.0576 1188 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
01:36:54.0579 1188 TsUsbGD - ok
01:36:54.0619 1188 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:36:54.0621 1188 tunnel - ok
01:36:54.0639 1188 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
01:36:54.0641 1188 uagp35 - ok
01:36:54.0661 1188 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:36:54.0666 1188 udfs - ok
01:36:54.0696 1188 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:36:54.0699 1188 UI0Detect - ok
01:36:54.0704 1188 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:36:54.0706 1188 uliagpkx - ok
01:36:54.0711 1188 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
01:36:54.0711 1188 umbus - ok
01:36:54.0714 1188 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
01:36:54.0716 1188 UmPass - ok
01:36:54.0731 1188 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:36:54.0736 1188 upnphost - ok
01:36:54.0796 1188 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
01:36:54.0799 1188 usbaudio - ok
01:36:54.0886 1188 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
01:36:54.0889 1188 usbccgp - ok
01:36:54.0899 1188 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:36:54.0901 1188 usbcir - ok
01:36:54.0909 1188 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
01:36:54.0911 1188 usbehci - ok
01:36:54.0964 1188 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
01:36:54.0969 1188 usbhub - ok
01:36:54.0989 1188 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:36:54.0989 1188 usbohci - ok
01:36:55.0024 1188 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:36:55.0024 1188 usbprint - ok
01:36:55.0059 1188 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:36:55.0059 1188 usbscan - ok
01:36:55.0071 1188 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:36:55.0074 1188 USBSTOR - ok
01:36:55.0089 1188 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:36:55.0091 1188 usbuhci - ok
01:36:55.0144 1188 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
01:36:55.0149 1188 usbvideo - ok
01:36:55.0164 1188 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:36:55.0166 1188 UxSms - ok
01:36:55.0204 1188 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:36:55.0204 1188 VaultSvc - ok
01:36:55.0216 1188 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:36:55.0219 1188 vdrvroot - ok
01:36:55.0254 1188 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:36:55.0264 1188 vds - ok
01:36:55.0279 1188 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:36:55.0279 1188 vga - ok
01:36:55.0291 1188 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:36:55.0291 1188 VgaSave - ok
01:36:55.0309 1188 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:36:55.0311 1188 vhdmp - ok
01:36:55.0314 1188 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:36:55.0316 1188 viaide - ok
01:36:55.0331 1188 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:36:55.0334 1188 volmgr - ok
01:36:55.0352 1188 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:36:55.0357 1188 volmgrx - ok
01:36:55.0369 1188 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:36:55.0374 1188 volsnap - ok
01:36:55.0392 1188 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
01:36:55.0394 1188 vsmraid - ok
01:36:55.0442 1188 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:36:55.0452 1188 VSS - ok
01:36:55.0514 1188 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
01:36:55.0517 1188 vwifibus - ok
01:36:55.0562 1188 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:36:55.0569 1188 W32Time - ok
01:36:55.0589 1188 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
01:36:55.0589 1188 WacomPen - ok
01:36:55.0607 1188 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:36:55.0607 1188 WANARP - ok
01:36:55.0612 1188 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:36:55.0612 1188 Wanarpv6 - ok
01:36:55.0717 1188 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:36:55.0734 1188 WatAdminSvc - ok
01:36:55.0789 1188 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:36:55.0809 1188 wbengine - ok
01:36:55.0869 1188 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:36:55.0872 1188 WbioSrvc - ok
01:36:55.0899 1188 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:36:55.0904 1188 wcncsvc - ok
01:36:55.0917 1188 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:36:55.0922 1188 WcsPlugInService - ok
01:36:55.0942 1188 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
01:36:55.0944 1188 Wd - ok
01:36:55.0974 1188 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:36:55.0984 1188 Wdf01000 - ok
01:36:56.0002 1188 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:36:56.0004 1188 WdiServiceHost - ok
01:36:56.0007 1188 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:36:56.0009 1188 WdiSystemHost - ok
01:36:56.0024 1188 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:36:56.0027 1188 WebClient - ok
01:36:56.0044 1188 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:36:56.0047 1188 Wecsvc - ok
01:36:56.0064 1188 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:36:56.0064 1188 wercplsupport - ok
01:36:56.0102 1188 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:36:56.0107 1188 WerSvc - ok
01:36:56.0182 1188 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:36:56.0184 1188 WfpLwf - ok
01:36:56.0284 1188 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
01:36:56.0287 1188 WimFltr - ok
01:36:56.0294 1188 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:36:56.0294 1188 WIMMount - ok
01:36:56.0307 1188 WinHttpAutoProxySvc - ok
01:36:56.0359 1188 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:36:56.0364 1188 Winmgmt - ok
01:36:56.0429 1188 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:36:56.0464 1188 WinRM - ok
01:36:56.0567 1188 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:36:56.0577 1188 Wlansvc - ok
01:36:56.0619 1188 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:36:56.0622 1188 wlcrasvc - ok
01:36:56.0722 1188 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:36:56.0732 1188 wlidsvc - ok
01:36:56.0922 1188 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:36:56.0922 1188 WmiAcpi - ok
01:36:56.0944 1188 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:36:56.0949 1188 wmiApSrv - ok
01:36:56.0972 1188 WMPNetworkSvc - ok
01:36:56.0979 1188 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:36:56.0982 1188 WPCSvc - ok
01:36:56.0999 1188 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:36:57.0004 1188 WPDBusEnum - ok
01:36:57.0012 1188 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:36:57.0014 1188 ws2ifsl - ok
01:36:57.0017 1188 WSearch - ok
01:36:57.0094 1188 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
01:36:57.0129 1188 wuauserv - ok
01:36:57.0174 1188 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:36:57.0177 1188 WudfPf - ok
01:36:57.0202 1188 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:36:57.0207 1188 WUDFRd - ok
01:36:57.0217 1188 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:36:57.0219 1188 wudfsvc - ok
01:36:57.0244 1188 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:36:57.0249 1188 WwanSvc - ok
01:36:57.0267 1188 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:36:57.0467 1188 \Device\Harddisk0\DR0 - ok
01:36:57.0504 1188 Boot (0x1200) (08512158313613e3df39a08349e8b6dc) \Device\Harddisk0\DR0\Partition0
01:36:57.0504 1188 \Device\Harddisk0\DR0\Partition0 - ok
01:36:57.0509 1188 Boot (0x1200) (ff855fd68568cc580e6572a32fc3fbb6) \Device\Harddisk0\DR0\Partition1
01:36:57.0509 1188 \Device\Harddisk0\DR0\Partition1 - ok
01:36:57.0509 1188 ============================================================
01:36:57.0509 1188 Scan finished
01:36:57.0509 1188 ============================================================
01:36:57.0519 4456 Detected object count: 0
01:36:57.0519 4456 Actual detected object count: 0
01:37:57.0435 3536 Deinitialize success








ASWMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-03 01:38:38
-----------------------------
01:38:38.463 OS Version: Windows x64 6.1.7601 Service Pack 1
01:38:38.463 Number of processors: 4 586 0x2A07
01:38:38.466 ComputerName: WOUTER-PC UserName: Wouter
01:38:40.803 Initialize success
01:39:46.417 AVAST engine defs: 12060201
01:39:52.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:39:52.674 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
01:39:52.699 Disk 0 MBR read successfully
01:39:52.702 Disk 0 MBR scan
01:39:52.707 Disk 0 Windows VISTA default MBR code
01:39:52.709 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
01:39:52.762 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
01:39:52.772 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941286 MB offset 25767936
01:39:52.787 Disk 0 scanning C:\Windows\system32\drivers
01:40:02.839 Service scanning
01:40:18.307 Modules scanning
01:40:18.315 Disk 0 trace - called modules:
01:40:18.332 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
01:40:18.662 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065c0060]
01:40:18.667 3 CLASSPNP.SYS[fffff880019be43f] -> nt!IofCallDriver -> [0xfffffa80062b8580]
01:40:18.672 5 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80062ba060]
01:40:27.690 AVAST engine scan C:\Windows
01:40:38.145 AVAST engine scan C:\Windows\system32
01:42:31.519 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
01:42:33.917 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
01:44:55.477 AVAST engine scan C:\Windows\system32\drivers
01:45:07.465 AVAST engine scan C:\Users\Wouter
01:46:17.396 Disk 0 MBR has been saved successfully to "C:\Users\Wouter\Desktop\MBR.dat"
01:46:17.404 The log file has been saved successfully to "C:\Users\Wouter\Desktop\aswMBR.txt"
01:58:48.090 Disk 0 MBR has been saved successfully to "C:\Users\Wouter\Desktop\MBR.dat"
01:58:48.093 The log file has been saved successfully to "C:\Users\Wouter\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-03 01:38:38
-----------------------------
01:38:38.463 OS Version: Windows x64 6.1.7601 Service Pack 1
01:38:38.463 Number of processors: 4 586 0x2A07
01:38:38.466 ComputerName: WOUTER-PC UserName: Wouter
01:38:40.803 Initialize success
01:39:46.417 AVAST engine defs: 12060201
01:39:52.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:39:52.674 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
01:39:52.699 Disk 0 MBR read successfully
01:39:52.702 Disk 0 MBR scan
01:39:52.707 Disk 0 Windows VISTA default MBR code
01:39:52.709 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
01:39:52.762 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
01:39:52.772 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941286 MB offset 25767936
01:39:52.787 Disk 0 scanning C:\Windows\system32\drivers
01:40:02.839 Service scanning
01:40:18.307 Modules scanning
01:40:18.315 Disk 0 trace - called modules:
01:40:18.332 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
01:40:18.662 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065c0060]
01:40:18.667 3 CLASSPNP.SYS[fffff880019be43f] -> nt!IofCallDriver -> [0xfffffa80062b8580]
01:40:18.672 5 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80062ba060]
01:40:27.690 AVAST engine scan C:\Windows
01:40:38.145 AVAST engine scan C:\Windows\system32
01:42:31.519 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
01:42:33.917 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
01:44:55.477 AVAST engine scan C:\Windows\system32\drivers
01:45:07.465 AVAST engine scan C:\Users\Wouter
01:46:17.396 Disk 0 MBR has been saved successfully to "C:\Users\Wouter\Desktop\MBR.dat"
01:46:17.404 The log file has been saved successfully to "C:\Users\Wouter\Desktop\aswMBR.txt"
01:58:48.090 Disk 0 MBR has been saved successfully to "C:\Users\Wouter\Desktop\MBR.dat"
01:58:48.093 The log file has been saved successfully to "C:\Users\Wouter\Desktop\aswMBR.txt"
01:59:49.124 AVAST engine scan C:\ProgramData
02:03:48.134 Scan finished successfully
02:04:00.190 Disk 0 MBR has been saved successfully to "C:\Users\Wouter\Desktop\MBR.dat"
02:04:00.195 The log file has been saved successfully to "C:\Users\Wouter\Desktop\aswMBR.txt"

#3 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 June 2012 - 08:16 AM

ESET online scan

C:\Users\Wouter\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9CK8RDQ0\videorewardspot_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\n Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan



Mini toolbox


MiniToolBox by Farbar Version: 14-01-2012
Ran by Wouter (administrator) on 03-06-2012 at 03:12:33
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP-configuratie

De DNS-omzettingscache is leeggemaakt.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = LAN-verbinding (Connected)
Cisco Systems VPN Adapter for 64-bit Windows = LAN-verbinding 2 (Hardware not present)
Kan het volgende DLL-bestand niet laden: WSHELPER.DLL.


# ----------------------------------
# IPv4-configuratie
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="LAN-verbinding" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="LAN-verbinding 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# Einde van IPv4-configuratie



Windows IP-configuratie

Hostnaam . . . . . . . . . . . . : Wouter-PC
Primair DNS-achtervoegsel . . . . :
Knooppunttype . . . . . . . . . . : hybride
IP-routering ingeschakeld . . . . : nee
WINS-proxy ingeschakeld . . . . . : nee

Ethernet-adapter voor LAN-verbinding:

Verbindingsspec. DNS-achtervoegsel:
Beschrijving. . . . . . . . . . . : Realtek PCIe GBE Family Controller
Fysiek adres. . . . . . . . . . . : F0-4D-A2-F5-37-29
DHCP ingeschakeld . . . . . . . . : ja
Autom. configuratie ingeschakeld : ja
Link-local IPv6-adres . . . . . . : fe80::9c8f:b1a1:1e4c:1083%11(voorkeur)
IPv4-adres. . . . . . . . . . . . : 145.116.11.107(voorkeur)
Subnetmasker. . . . . . . . . . . : 255.255.254.0
Lease verkregen . . . . . . . . . : zondag 3 juni 2012 1:24:59
Lease verlopen. . . . . . . . . . : zondag 3 juni 2012 3:38:28
Standaardgateway. . . . . . . . . : 145.116.11.254
DHCP-server . . . . . . . . . . . : 10.255.255.5
DHCPv6 IAID . . . . . . . . . . . : 250629538
DHCPv6-client DUID. . . . . . . . : 00-01-00-01-15-92-25-48-F0-4D-A2-F5-37-29
DNS-servers . . . . . . . . . . . : 192.87.106.106
192.87.36.36
NetBIOS via TCPIP . . . . . . . . : ingeschakeld

Tunnel-adapter voor LAN-verbinding*:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Beschrijving. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP ingeschakeld . . . . . . . . : nee
Autom. configuratie ingeschakeld : ja

Tunnel-adapter voor 6TO4 Adapter:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Beschrijving. . . . . . . . . . . : Microsoft 6to4 Adapter #2
Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP ingeschakeld . . . . . . . . : nee
Autom. configuratie ingeschakeld : ja

Tunnel-adapter voor isatap.{BFC2E472-362C-42FA-A827-65857017B27E}:

Mediumstatus. . . . . . . . . . . : medium ontkoppeld
Verbindingsspec. DNS-achtervoegsel:
Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter
Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP ingeschakeld . . . . . . . . : nee
Autom. configuratie ingeschakeld : ja

Pingen naar google.com [173.194.65.113] met 32 bytes aan gegevens:
Antwoord van 173.194.65.113: bytes=32 tijd=5 ms TTL=51
Antwoord van 173.194.65.113: bytes=32 tijd=5 ms TTL=51

Ping-statistieken voor 173.194.65.113:
Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
(0% verlies).

De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:
Minimum = 5ms, Maximum = 5ms, Gemiddelde = 5ms

Pingen naar yahoo.com [72.30.38.140] met 32 bytes aan gegevens:
Antwoord van 72.30.38.140: bytes=32 tijd=251 ms TTL=52
Antwoord van 72.30.38.140: bytes=32 tijd=210 ms TTL=52

Ping-statistieken voor 72.30.38.140:
Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
(0% verlies).

De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:
Minimum = 210ms, Maximum = 251ms, Gemiddelde = 230ms

Pingen naar bleepingcomputer.com [208.43.87.2] met 32 bytes aan gegevens:
Antwoord van 208.43.87.2: De doelhost is niet bereikbaar.
Antwoord van 208.43.87.2: De doelhost is niet bereikbaar.

Ping-statistieken voor 208.43.87.2:
Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
(0% verlies).

Pingen naar 127.0.0.1 met 32 bytes aan gegevens:
Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128
Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128

Ping-statistieken voor 127.0.0.1:
Pakketten: verzonden = 2, ontvangen = 2, verloren = 0
(0% verlies).

De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:
Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms
===========================================================================
Interfacelijst
11...f0 4d a2 f5 37 29 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 routetabel
===========================================================================
Actieve routes:
Netwerkadres Netmasker Gateway Interface Metric
0.0.0.0 0.0.0.0 145.116.11.254 145.116.11.107 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
145.116.10.0 255.255.254.0 On-link 145.116.11.107 286
145.116.11.107 255.255.255.255 On-link 145.116.11.107 286
145.116.11.255 255.255.255.255 On-link 145.116.11.107 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 145.116.11.107 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 145.116.11.107 286
===========================================================================
Permanente routes:
Geen

IPv6 routetabel
===========================================================================
Actieve routes:
Indien metrische netwerkbestemming Gateway
1 306 ::1/128 On-link
11 286 fe80::/64 On-link
11 286 fe80::9c8f:b1a1:1e4c:1083/128
On-link
1 306 ff00::/8 On-link
11 286 ff00::/8 On-link
===========================================================================
Permanente routes:
Geen
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/03/2012 02:07:05 AM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/03/2012 02:05:38 AM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/03/2012 02:05:13 AM) (Source: SideBySide) (User: )
Description: Kan activeringscontext voor C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1 niet maken. Fout in manifest of beleidsbestand C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 op regel C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Een onderdeelversie die nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds actief is.
Conflicterende onderdelen zijn:
Onderdeel 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Onderdeel 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/03/2012 02:03:35 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Het uitpakken van een basislijst uit het CAB-bestand voor automatische updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
.

Error: (06/03/2012 01:26:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2012 01:13:53 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Het uitpakken van een basislijst uit het CAB-bestand voor automatische updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
.

Error: (06/03/2012 01:07:23 AM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: OffSpon.EXE, versie: 0.0.0.0, tijdstempel: 0x4b8a345a
Naam van module met fout: sftldr_wow64.dll, versie: 4.6.2.22610, tijdstempel: 0x4e85edec
Uitzonderingscode: 0xc0000005
Foutoffset: 0x0007e421
Id van proces met fout: 0x1018
Starttijd van toepassing met fout: 0xOffSpon.EXE0
Pad naar toepassing met fout: OffSpon.EXE1
Pad naar module met fout: OffSpon.EXE2
Rapport-id: OffSpon.EXE3

Error: (06/03/2012 01:02:12 AM) (Source: Application Error) (User: )
Description: Naam van toepassing met fout: explorer.exe, versie: 6.1.7601.17567, tijdstempel: 0x4d6727a7
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutoffset: 0x5efb1488
Id van proces met fout: 0x32c
Starttijd van toepassing met fout: 0xexplorer.exe0
Pad naar toepassing met fout: explorer.exe1
Pad naar module met fout: explorer.exe2
Rapport-id: explorer.exe3

Error: (06/03/2012 01:00:47 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Het uitpakken van een basislijst uit het CAB-bestand voor automatische updates is mislukt op <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> met de fout: Een benodigd certificaat valt niet binnen de geldigheidsduur als gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.
.

Error: (06/03/2012 00:59:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/03/2012 01:27:52 AM) (Source: Service Control Manager) (User: )
Description: McAfee Personal Firewall Service-service is afhankelijk van deze service: MpsSvc. Deze service is mogelijk niet geïnstalleerd.

Error: (06/03/2012 01:27:52 AM) (Source: Service Control Manager) (User: )
Description: McAfee Personal Firewall Service-service is afhankelijk van deze service: MpsSvc. Deze service is mogelijk niet geïnstalleerd.

Error: (06/03/2012 01:25:54 AM) (Source: Service Control Manager) (User: )
Description: De HomeGroup Provider-service is afhankelijk van de Function Discovery Resource Publication-service, die vanwege de volgende fout niet kan worden gestart:
%%-2147024891

Error: (06/03/2012 01:25:54 AM) (Source: Service Control Manager) (User: )
Description: De Function Discovery Resource Publication-service is gestopt met de volgende foutcode:
%%-2147024891.

Error: (06/03/2012 01:25:04 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy Agent-service is afhankelijk van deze service: BFE. Deze service is mogelijk niet geïnstalleerd.

Error: (06/03/2012 01:25:04 AM) (Source: Service Control Manager) (User: )
Description: De Computer Browser-service is gestopt met de volgende foutcode:
%%1060.

Error: (06/03/2012 01:25:02 AM) (Source: Service Control Manager) (User: )
Description: McAfee Personal Firewall Service-service is afhankelijk van deze service: MpsSvc. Deze service is mogelijk niet geïnstalleerd.

Error: (06/03/2012 01:25:02 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying Modules-service is afhankelijk van deze service: BFE. Deze service is mogelijk niet geïnstalleerd.

Error: (06/03/2012 01:25:00 AM) (Source: Service Control Manager) (User: )
Description: De Lavasoft Ad-Aware Service-service kan vanwege de volgende fout niet worden gestart:
%%1053

Error: (06/03/2012 01:25:00 AM) (Source: Service Control Manager) (User: )
Description: Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Lavasoft Ad-Aware Service.


Microsoft Office Sessions:
=========================
Error: (06/03/2012 02:07:05 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wouter\Desktop\esetsmartinstaller_enu.exe

Error: (06/03/2012 02:05:38 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wouter\Desktop\esetsmartinstaller_enu.exe

Error: (06/03/2012 02:05:13 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wouter\Desktop\esetsmartinstaller_enu.exe

Error: (06/03/2012 02:03:35 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEen benodigd certificaat valt niet binnen de geldigheidsduur als gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.

Error: (06/03/2012 01:26:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2012 01:13:53 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEen benodigd certificaat valt niet binnen de geldigheidsduur als gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.

Error: (06/03/2012 01:07:23 AM) (Source: Application Error)(User: )
Description: OffSpon.EXE0.0.0.04b8a345asftldr_wow64.dll4.6.2.226104e85edecc00000050007e421101801cd4114769d8520Q:\140066.nld\Office14\OffSpon.EXEC:\Windows\system32\sftldr_wow64.dllb59fc5ea-ad07-11e1-8164-f04da2f53729

Error: (06/03/2012 01:02:12 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d6727a7unknown0.0.0.000000000c00000055efb148832c01cd4113bd690683C:\Windows\SysWOW64\explorer.exeunknownfc82ee15-ad06-11e1-8164-f04da2f53729

Error: (06/03/2012 01:00:47 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEen benodigd certificaat valt niet binnen de geldigheidsduur als gekeken wordt naar de huidige systeemklok of de tijdstempel in het ondertekende bestand.

Error: (06/03/2012 00:59:26 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Ad-Aware (Version: 9.0.7)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235)
Adobe Reader X (10.1.1) MUI (Version: 10.1.1)
America's Army 3
ATI AVIVO64 Codecs (Version: 11.6.0.10104)
ATI Catalyst Install Manager (Version: 3.0.808.0)
µTorrent (Version: 3.1.3)
Battlefield 3™ (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.118.0)
Battlestations: Pacific (Version: 1.00.0000)
Bing Bar (Version: 7.1.361.0)
Call of Duty - World at War (Version: 1.00.0000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center InstallProxy (Version: 2011.0104.2155.39304)
Catalyst Control Center Localization All (Version: 2011.0104.2155.39304)
ccc-core-static (Version: 2011.0104.2155.39304)
ccc-utility64 (Version: 2011.0104.2155.39304)
CCC Help Chinese Standard (Version: 2011.0104.2154.39304)
CCC Help Chinese Traditional (Version: 2011.0104.2154.39304)
CCC Help Czech (Version: 2011.0104.2154.39304)
CCC Help Danish (Version: 2011.0104.2154.39304)
CCC Help Dutch (Version: 2011.0104.2154.39304)
CCC Help English (Version: 2011.0104.2154.39304)
CCC Help Finnish (Version: 2011.0104.2154.39304)
CCC Help French (Version: 2011.0104.2154.39304)
CCC Help German (Version: 2011.0104.2154.39304)
CCC Help Greek (Version: 2011.0104.2154.39304)
CCC Help Hungarian (Version: 2011.0104.2154.39304)
CCC Help Italian (Version: 2011.0104.2154.39304)
CCC Help Japanese (Version: 2011.0104.2154.39304)
CCC Help Korean (Version: 2011.0104.2154.39304)
CCC Help Norwegian (Version: 2011.0104.2154.39304)
CCC Help Polish (Version: 2011.0104.2154.39304)
CCC Help Portuguese (Version: 2011.0104.2154.39304)
CCC Help Russian (Version: 2011.0104.2154.39304)
CCC Help Spanish (Version: 2011.0104.2154.39304)
CCC Help Swedish (Version: 2011.0104.2154.39304)
CCC Help Thai (Version: 2011.0104.2154.39304)
CCC Help Turkish (Version: 2011.0104.2154.39304)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
Click to Call with Skype (Version: 5.6.8153)
ComicRack v0.9.153 (Version: v0.9.153)
Conexant HD Audio (Version: 8.50.4.0)
Counter-Strike: Source
CyberLink PowerDVD 9.5 (Version: 9.5.1.3426)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.40.2.0131)
Darkest Hour: Europe '44-'45
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell DataSafe Online (Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell MusicStage (Version: 1.4.162.0)
Dell PhotoStage (Version: 1.5.0.30)
Dell Stage (Version: 1.5.420.0)
Dell Support Center (Version: 3.1.5907.39)
Dell VideoStage (Version: 1.1.1.1408)
DirectX 9 Runtime (Version: 1.00.0000)
eBay (Version: 1.4.0)
Empires
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.111)
Installer (Version: 1.0.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware versie 1.61.0.1400 (Version: 1.61.0.1400)
McAfee SecurityCenter (Version: 10.5.239)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Klik-en-Klaar 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Nederlands (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Mozilla Thunderbird 12.0.1 (x86 nl) (Version: 12.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA PhysX (Version: 9.09.0814)
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 11.64 (Version: 11.64.1403)
Origin (Version: 8.5.0.4550)
PhotoShowExpress (Version: 2.0.063)
PunkBuster Services (Version: 0.991)
RBVirtualFolder64Inst (Version: 1.00.0000)
Red Orchestra: Ostfront 41-45
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
S.W.A.T. 4
Skype™ 5.5 (Version: 5.5.124)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1144)
SWAT 4 - The Stetchkov Syndicate (Version: 1.0.0)
The Walking Dead © 3 version 1 (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VLC media player 1.1.10 (Version: 1.1.10)
Winamp (Version: 5.61 )
Winamp Applicatie Detect (Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (Version: 15.4.5722.2)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.00 (32-bit) (Version: 4.00.0)

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 6126.64 MB
Available physical RAM: 3710.37 MB
Total Pagefile: 12251.48 MB
Available Pagefile: 8778.02 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.21 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:503.63 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.39 GB) NTFS

========================= Users: ========================================

Gebruikersaccounts voor \\WOUTER-PC

Administrator ASPNET Gast
Wouter
De opdracht is voltooid.


**** End of log ****

#4 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 June 2012 - 08:20 AM

I don't know if it's part of the same problem, but every time I reboot, all the icons on my desktop are organized on the left side of my screen, while I normally put them in groups.

#5 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 June 2012 - 08:26 AM

here is the mbam log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Databaseversie: v2012.06.03.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wouter :: WOUTER-PC [administrator]

3-6-2012 13:53:23
mbam-log-2012-06-03 (13-53-23).txt

Scantype: Volledige scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 395019
Verstreken tijd: 59 minuut/minuten, 12 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 1
C:\Windows\Installer\{589628e8-7abd-cdc2-6131-5a620e8b70b3}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:22 AM

Posted 03 June 2012 - 08:44 AM

For your infection, I recommend that you follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic. If you receive a reply from the HelpBot, then please follow the instructions outlined in the helpbot's post.

#7 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 June 2012 - 09:21 AM

ok thanks, working on it.

#8 wouterdekabouter

wouterdekabouter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 June 2012 - 09:58 AM

here is the new topic http://www.bleepingcomputer.com/forums/topic455748.html

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:22 PM

Posted 03 June 2012 - 10:10 AM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 3 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

...,.,.
You're welcome

Now that your log is properly posted and replied to I am closing this one.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users