Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a trojan which includes a rootkit.


  • Please log in to reply
32 replies to this topic

#1 Exalted One

Exalted One

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 30 June 2012 - 04:47 PM

what do I do?

I've ran malwarebytes a few times and from what I can tell it's the sirefef trojan or something.

malwarebytes removed a few files but everytime I restart or so and I run another quick scan it finds rootkit.0access.

I've looked around on the internet and used tdsskiller but it didn't find anything besides the patching service for tribes ascend.

what do I do?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:06 PM

Posted 30 June 2012 - 05:24 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Exalted One

Exalted One
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 30 June 2012 - 07:02 PM

TDSSkiller:
15:28:37.0717 2112 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
15:28:38.0197 2112 ============================================================
15:28:38.0197 2112 Current date / time: 2012/06/30 15:28:38.0197
15:28:38.0197 2112 SystemInfo:
15:28:38.0197 2112
15:28:38.0197 2112 OS Version: 6.1.7601 ServicePack: 1.0
15:28:38.0197 2112 Product type: Workstation
15:28:38.0197 2112 ComputerName: OSCAR-GAMING-PC
15:28:38.0197 2112 UserName: Oscar
15:28:38.0197 2112 Windows directory: C:\Windows
15:28:38.0197 2112 System windows directory: C:\Windows
15:28:38.0197 2112 Running under WOW64
15:28:38.0197 2112 Processor architecture: Intel x64
15:28:38.0197 2112 Number of processors: 4
15:28:38.0197 2112 Page size: 0x1000
15:28:38.0197 2112 Boot type: Normal boot
15:28:38.0197 2112 ============================================================
15:28:38.0507 2112 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:38.0507 2112 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:38.0517 2112 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:38.0537 2112 ============================================================
15:28:38.0537 2112 \Device\Harddisk0\DR0:
15:28:38.0537 2112 MBR partitions:
15:28:38.0537 2112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
15:28:38.0537 2112 \Device\Harddisk1\DR1:
15:28:38.0537 2112 MBR partitions:
15:28:38.0537 2112 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:28:38.0537 2112 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
15:28:38.0537 2112 \Device\Harddisk2\DR2:
15:28:38.0537 2112 MBR partitions:
15:28:38.0537 2112 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
15:28:38.0537 2112 ============================================================
15:28:38.0537 2112 C: <-> \Device\Harddisk1\DR1\Partition1
15:28:38.0567 2112 I: <-> \Device\Harddisk0\DR0\Partition0
15:28:38.0587 2112 J: <-> \Device\Harddisk2\DR2\Partition0
15:28:38.0587 2112 ============================================================
15:28:38.0587 2112 Initialize success
15:28:38.0587 2112 ============================================================
15:28:39.0577 2576 ============================================================
15:28:39.0577 2576 Scan started
15:28:39.0577 2576 Mode: Manual;
15:28:39.0577 2576 ============================================================
15:28:39.0947 2576 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:28:39.0957 2576 1394ohci - ok
15:28:39.0967 2576 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:28:39.0977 2576 ACPI - ok
15:28:39.0977 2576 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:28:39.0977 2576 AcpiPmi - ok
15:28:40.0037 2576 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:28:40.0047 2576 AdobeFlashPlayerUpdateSvc - ok
15:28:40.0057 2576 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:28:40.0067 2576 adp94xx - ok
15:28:40.0077 2576 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:28:40.0087 2576 adpahci - ok
15:28:40.0097 2576 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:28:40.0097 2576 adpu320 - ok
15:28:40.0117 2576 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:28:40.0117 2576 AeLookupSvc - ok
15:28:40.0137 2576 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:28:40.0147 2576 AFD - ok
15:28:40.0157 2576 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:28:40.0157 2576 agp440 - ok
15:28:40.0177 2576 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:28:40.0177 2576 ALG - ok
15:28:40.0177 2576 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:28:40.0177 2576 aliide - ok
15:28:40.0187 2576 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
15:28:40.0197 2576 AMD External Events Utility - ok
15:28:40.0197 2576 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:28:40.0197 2576 amdide - ok
15:28:40.0207 2576 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:28:40.0217 2576 AmdK8 - ok
15:28:40.0457 2576 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
15:28:40.0557 2576 amdkmdag - ok
15:28:40.0617 2576 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
15:28:40.0617 2576 amdkmdap - ok
15:28:40.0627 2576 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:28:40.0627 2576 AmdPPM - ok
15:28:40.0637 2576 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:28:40.0637 2576 amdsata - ok
15:28:40.0647 2576 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:28:40.0657 2576 amdsbs - ok
15:28:40.0657 2576 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:28:40.0657 2576 amdxata - ok
15:28:40.0667 2576 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:28:40.0667 2576 AppID - ok
15:28:40.0667 2576 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:28:40.0677 2576 AppIDSvc - ok
15:28:40.0687 2576 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:28:40.0687 2576 Appinfo - ok
15:28:40.0697 2576 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:28:40.0697 2576 arc - ok
15:28:40.0707 2576 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:28:40.0707 2576 arcsas - ok
15:28:40.0737 2576 asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
15:28:40.0747 2576 asComSvc - ok
15:28:40.0767 2576 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
15:28:40.0777 2576 asHmComSvc - ok
15:28:40.0827 2576 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
15:28:40.0827 2576 AsIO - ok
15:28:40.0877 2576 asmthub3 (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys
15:28:40.0877 2576 asmthub3 - ok
15:28:40.0897 2576 asmtxhci (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys
15:28:40.0897 2576 asmtxhci - ok
15:28:40.0917 2576 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:28:40.0917 2576 aspnet_state - ok
15:28:40.0917 2576 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:40.0917 2576 AsyncMac - ok
15:28:40.0927 2576 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:28:40.0927 2576 atapi - ok
15:28:40.0927 2576 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
15:28:40.0927 2576 AthBTPort - ok
15:28:40.0937 2576 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\system32\Drivers\AthDfu.sys
15:28:40.0937 2576 ATHDFU - ok
15:28:40.0957 2576 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
15:28:40.0957 2576 AtherosSvc - ok
15:28:40.0987 2576 athr (d8f2e5c32da31f6a6ee660fb4b0b692a) C:\Windows\system32\DRIVERS\WG311Tx.sys
15:28:40.0987 2576 athr - ok
15:28:41.0007 2576 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
15:28:41.0007 2576 AtiHDAudioService - ok
15:28:41.0027 2576 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:28:41.0037 2576 AudioEndpointBuilder - ok
15:28:41.0037 2576 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:28:41.0047 2576 AudioSrv - ok
15:28:41.0057 2576 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:28:41.0057 2576 AxInstSV - ok
15:28:41.0077 2576 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:28:41.0077 2576 b06bdrv - ok
15:28:41.0097 2576 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:28:41.0097 2576 b57nd60a - ok
15:28:41.0127 2576 BCMH43XX (e49110a58a32e9450356686a95dd7763) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
15:28:41.0127 2576 BCMH43XX - ok
15:28:41.0137 2576 BCUService (7ed4e1d2e124ad4e6a287cf49dbc9bba) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
15:28:41.0137 2576 BCUService - ok
15:28:41.0157 2576 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:28:41.0157 2576 BDESVC - ok
15:28:41.0157 2576 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:28:41.0157 2576 Beep - ok
15:28:41.0157 2576 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:28:41.0167 2576 blbdrive - ok
15:28:41.0177 2576 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:28:41.0177 2576 bowser - ok
15:28:41.0177 2576 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:28:41.0177 2576 BrFiltLo - ok
15:28:41.0187 2576 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:28:41.0187 2576 BrFiltUp - ok
15:28:41.0197 2576 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:28:41.0207 2576 Browser - ok
15:28:41.0217 2576 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:28:41.0217 2576 Brserid - ok
15:28:41.0227 2576 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:28:41.0227 2576 BrSerWdm - ok
15:28:41.0227 2576 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:28:41.0227 2576 BrUsbMdm - ok
15:28:41.0237 2576 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:28:41.0237 2576 BrUsbSer - ok
15:28:41.0247 2576 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
15:28:41.0247 2576 BTATH_A2DP - ok
15:28:41.0257 2576 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
15:28:41.0257 2576 BTATH_BUS - ok
15:28:41.0267 2576 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
15:28:41.0267 2576 BTATH_HCRP - ok
15:28:41.0277 2576 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:28:41.0277 2576 BTATH_LWFLT - ok
15:28:41.0287 2576 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
15:28:41.0297 2576 BTATH_RCP - ok
15:28:41.0307 2576 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
15:28:41.0307 2576 BtFilter - ok
15:28:41.0317 2576 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:28:41.0317 2576 BthEnum - ok
15:28:41.0327 2576 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:28:41.0337 2576 BTHMODEM - ok
15:28:41.0337 2576 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:28:41.0347 2576 BthPan - ok
15:28:41.0357 2576 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:28:41.0367 2576 BTHPORT - ok
15:28:41.0377 2576 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:28:41.0377 2576 bthserv - ok
15:28:41.0387 2576 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:28:41.0387 2576 BTHUSB - ok
15:28:41.0397 2576 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:28:41.0397 2576 cdfs - ok
15:28:41.0407 2576 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:28:41.0407 2576 cdrom - ok
15:28:41.0417 2576 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:28:41.0417 2576 CertPropSvc - ok
15:28:41.0427 2576 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:28:41.0427 2576 circlass - ok
15:28:41.0447 2576 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:28:41.0447 2576 CLFS - ok
15:28:41.0467 2576 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:28:41.0467 2576 clr_optimization_v2.0.50727_32 - ok
15:28:41.0477 2576 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:28:41.0477 2576 clr_optimization_v2.0.50727_64 - ok
15:28:41.0507 2576 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:28:41.0507 2576 clr_optimization_v4.0.30319_32 - ok
15:28:41.0527 2576 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:28:41.0527 2576 clr_optimization_v4.0.30319_64 - ok
15:28:41.0537 2576 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:28:41.0537 2576 CmBatt - ok
15:28:41.0537 2576 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:28:41.0537 2576 cmdide - ok
15:28:41.0557 2576 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:28:41.0557 2576 CNG - ok
15:28:41.0567 2576 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:28:41.0567 2576 Compbatt - ok
15:28:41.0577 2576 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:28:41.0577 2576 CompositeBus - ok
15:28:41.0577 2576 COMSysApp - ok
15:28:41.0577 2576 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:28:41.0577 2576 crcdisk - ok
15:28:41.0587 2576 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:28:41.0587 2576 CryptSvc - ok
15:28:41.0597 2576 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys
15:28:41.0597 2576 danewFltr - ok
15:28:41.0607 2576 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:28:41.0617 2576 DcomLaunch - ok
15:28:41.0627 2576 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:28:41.0637 2576 defragsvc - ok
15:28:41.0637 2576 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:28:41.0647 2576 DfsC - ok
15:28:41.0657 2576 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:28:41.0667 2576 Dhcp - ok
15:28:41.0667 2576 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:28:41.0667 2576 discache - ok
15:28:41.0677 2576 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:28:41.0677 2576 Disk - ok
15:28:41.0697 2576 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:28:41.0697 2576 Dnscache - ok
15:28:41.0717 2576 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:28:41.0717 2576 dot3svc - ok
15:28:41.0727 2576 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:28:41.0727 2576 DPS - ok
15:28:41.0737 2576 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:28:41.0737 2576 drmkaud - ok
15:28:41.0757 2576 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:28:41.0767 2576 DXGKrnl - ok
15:28:41.0787 2576 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
15:28:41.0787 2576 e1cexpress - ok
15:28:41.0797 2576 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:28:41.0797 2576 EapHost - ok
15:28:41.0877 2576 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:28:41.0907 2576 ebdrv - ok
15:28:41.0947 2576 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:28:41.0957 2576 EFS - ok
15:28:41.0977 2576 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:28:41.0977 2576 ehRecvr - ok
15:28:41.0987 2576 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:28:41.0997 2576 ehSched - ok
15:28:42.0017 2576 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:28:42.0027 2576 elxstor - ok
15:28:42.0027 2576 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:28:42.0027 2576 ErrDev - ok
15:28:42.0047 2576 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:28:42.0057 2576 EventSystem - ok
15:28:42.0067 2576 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:28:42.0077 2576 exfat - ok
15:28:42.0087 2576 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:28:42.0087 2576 fastfat - ok
15:28:42.0107 2576 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:28:42.0117 2576 Fax - ok
15:28:42.0117 2576 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:28:42.0117 2576 fdc - ok
15:28:42.0127 2576 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:28:42.0127 2576 fdPHost - ok
15:28:42.0127 2576 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:28:42.0137 2576 FDResPub - ok
15:28:42.0147 2576 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:28:42.0147 2576 FileInfo - ok
15:28:42.0147 2576 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:28:42.0147 2576 Filetrace - ok
15:28:42.0157 2576 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:28:42.0157 2576 flpydisk - ok
15:28:42.0167 2576 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:28:42.0177 2576 FltMgr - ok
15:28:42.0207 2576 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:28:42.0217 2576 FontCache - ok
15:28:42.0227 2576 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:28:42.0227 2576 FontCache3.0.0.0 - ok
15:28:42.0237 2576 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:28:42.0247 2576 FsDepends - ok
15:28:42.0247 2576 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:28:42.0247 2576 Fs_Rec - ok
15:28:42.0267 2576 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:28:42.0267 2576 fvevol - ok
15:28:42.0267 2576 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:28:42.0267 2576 gagp30kx - ok
15:28:42.0297 2576 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:28:42.0307 2576 gpsvc - ok
15:28:42.0317 2576 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
15:28:42.0317 2576 hamachi - ok
15:28:42.0377 2576 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:28:42.0387 2576 Hamachi2Svc - ok
15:28:42.0437 2576 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:28:42.0447 2576 hcw85cir - ok
15:28:42.0457 2576 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:28:42.0467 2576 HdAudAddService - ok
15:28:42.0477 2576 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:28:42.0477 2576 HDAudBus - ok
15:28:42.0487 2576 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:28:42.0487 2576 HidBatt - ok
15:28:42.0497 2576 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:28:42.0507 2576 HidBth - ok
15:28:42.0507 2576 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:28:42.0507 2576 HidIr - ok
15:28:42.0517 2576 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:28:42.0517 2576 hidserv - ok
15:28:42.0527 2576 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:28:42.0527 2576 HidUsb - ok
15:28:42.0557 2576 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) I:\Games\Hi-Rez Studios\HiPatchService.exe
15:28:42.0557 2576 HiPatchService - ok
15:28:42.0567 2576 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:28:42.0567 2576 hkmsvc - ok
15:28:42.0577 2576 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:28:42.0577 2576 HomeGroupListener - ok
15:28:42.0597 2576 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:28:42.0597 2576 HomeGroupProvider - ok
15:28:42.0607 2576 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:28:42.0607 2576 HpSAMD - ok
15:28:42.0637 2576 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:28:42.0647 2576 HTTP - ok
15:28:42.0657 2576 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:28:42.0657 2576 hwpolicy - ok
15:28:42.0667 2576 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:28:42.0667 2576 i8042prt - ok
15:28:42.0687 2576 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
15:28:42.0697 2576 iaStor - ok
15:28:42.0697 2576 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:28:42.0697 2576 IAStorDataMgrSvc - ok
15:28:42.0717 2576 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:28:42.0727 2576 iaStorV - ok
15:28:42.0757 2576 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:28:42.0757 2576 idsvc - ok
15:28:42.0767 2576 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:28:42.0767 2576 iirsp - ok
15:28:42.0787 2576 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:28:42.0797 2576 IKEEXT - ok
15:28:42.0867 2576 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
15:28:42.0877 2576 IntcAzAudAddService - ok
15:28:42.0937 2576 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:28:42.0947 2576 intelide - ok
15:28:42.0957 2576 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:28:42.0957 2576 intelppm - ok
15:28:42.0967 2576 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
15:28:42.0967 2576 Intel® PROSet Monitoring Service - ok
15:28:42.0987 2576 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:28:42.0987 2576 IPBusEnum - ok
15:28:42.0997 2576 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:28:42.0997 2576 IpFilterDriver - ok
15:28:43.0007 2576 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:28:43.0017 2576 IPMIDRV - ok
15:28:43.0027 2576 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:28:43.0027 2576 IPNAT - ok
15:28:43.0027 2576 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:28:43.0027 2576 IRENUM - ok
15:28:43.0037 2576 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:28:43.0037 2576 isapnp - ok
15:28:43.0047 2576 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:28:43.0057 2576 iScsiPrt - ok
15:28:43.0067 2576 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
15:28:43.0067 2576 JRAID - ok
15:28:43.0077 2576 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:28:43.0077 2576 kbdclass - ok
15:28:43.0087 2576 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:28:43.0087 2576 kbdhid - ok
15:28:43.0087 2576 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:28:43.0087 2576 KeyIso - ok
15:28:43.0107 2576 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:28:43.0107 2576 KSecDD - ok
15:28:43.0117 2576 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:28:43.0117 2576 KSecPkg - ok
15:28:43.0117 2576 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:28:43.0127 2576 ksthunk - ok
15:28:43.0137 2576 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:28:43.0137 2576 KtmRm - ok
15:28:43.0157 2576 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:28:43.0157 2576 LanmanServer - ok
15:28:43.0167 2576 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:28:43.0167 2576 LanmanWorkstation - ok
15:28:43.0177 2576 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:28:43.0177 2576 lltdio - ok
15:28:43.0187 2576 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:28:43.0197 2576 lltdsvc - ok
15:28:43.0197 2576 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:28:43.0197 2576 lmhosts - ok
15:28:43.0217 2576 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:28:43.0217 2576 LSI_FC - ok
15:28:43.0227 2576 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:28:43.0227 2576 LSI_SAS - ok
15:28:43.0247 2576 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:28:43.0247 2576 LSI_SAS2 - ok
15:28:43.0257 2576 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:28:43.0257 2576 LSI_SCSI - ok
15:28:43.0267 2576 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:28:43.0267 2576 luafv - ok
15:28:43.0287 2576 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
15:28:43.0297 2576 LVRS64 - ok
15:28:43.0407 2576 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:28:43.0437 2576 LVUVC64 - ok
15:28:43.0497 2576 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:28:43.0497 2576 Mcx2Svc - ok
15:28:43.0507 2576 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:28:43.0507 2576 megasas - ok
15:28:43.0527 2576 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:28:43.0527 2576 MegaSR - ok
15:28:43.0537 2576 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:28:43.0537 2576 MEIx64 - ok
15:28:43.0547 2576 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:28:43.0547 2576 MMCSS - ok
15:28:43.0557 2576 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:28:43.0557 2576 Modem - ok
15:28:43.0567 2576 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:28:43.0567 2576 monitor - ok
15:28:43.0577 2576 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:28:43.0577 2576 mouclass - ok
15:28:43.0577 2576 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:28:43.0577 2576 mouhid - ok
15:28:43.0597 2576 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:28:43.0597 2576 mountmgr - ok
15:28:43.0607 2576 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:28:43.0607 2576 MozillaMaintenance - ok
15:28:43.0617 2576 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
15:28:43.0617 2576 MpFilter - ok
15:28:43.0637 2576 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:28:43.0637 2576 mpio - ok
15:28:43.0647 2576 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:28:43.0647 2576 mpsdrv - ok
15:28:43.0657 2576 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:28:43.0667 2576 MRxDAV - ok
15:28:43.0677 2576 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:28:43.0677 2576 mrxsmb - ok
15:28:43.0697 2576 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:28:43.0697 2576 mrxsmb10 - ok
15:28:43.0717 2576 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:28:43.0717 2576 mrxsmb20 - ok
15:28:43.0727 2576 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:28:43.0727 2576 msahci - ok
15:28:43.0737 2576 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:28:43.0737 2576 msdsm - ok
15:28:43.0747 2576 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:28:43.0757 2576 MSDTC - ok
15:28:43.0767 2576 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:28:43.0767 2576 Msfs - ok
15:28:43.0767 2576 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:28:43.0767 2576 mshidkmdf - ok
15:28:43.0777 2576 MSICDSetup - ok
15:28:43.0777 2576 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:28:43.0777 2576 msisadrv - ok
15:28:43.0787 2576 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:28:43.0797 2576 MSiSCSI - ok
15:28:43.0797 2576 msiserver - ok
15:28:43.0797 2576 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:28:43.0797 2576 MSKSSRV - ok
15:28:43.0797 2576 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:28:43.0797 2576 MSPCLOCK - ok
15:28:43.0807 2576 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:28:43.0807 2576 MSPQM - ok
15:28:43.0837 2576 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:28:43.0847 2576 MsRPC - ok
15:28:43.0847 2576 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:28:43.0847 2576 mssmbios - ok
15:28:43.0847 2576 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:28:43.0857 2576 MSTEE - ok
15:28:43.0857 2576 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:28:43.0857 2576 MTConfig - ok
15:28:43.0857 2576 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:28:43.0867 2576 Mup - ok
15:28:43.0877 2576 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:28:43.0887 2576 napagent - ok
15:28:43.0897 2576 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:28:43.0907 2576 NativeWifiP - ok
15:28:43.0937 2576 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:28:43.0947 2576 NDIS - ok
15:28:43.0957 2576 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:28:43.0957 2576 NdisCap - ok
15:28:43.0957 2576 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:28:43.0957 2576 NdisTapi - ok
15:28:43.0967 2576 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:28:43.0967 2576 Ndisuio - ok
15:28:43.0987 2576 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:28:43.0987 2576 NdisWan - ok
15:28:43.0997 2576 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:28:43.0997 2576 NDProxy - ok
15:28:43.0997 2576 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:28:44.0007 2576 NetBIOS - ok
15:28:44.0017 2576 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:28:44.0017 2576 NetBT - ok
15:28:44.0027 2576 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:28:44.0027 2576 Netlogon - ok
15:28:44.0037 2576 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:28:44.0047 2576 Netman - ok
15:28:44.0067 2576 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:28:44.0067 2576 NetMsmqActivator - ok
15:28:44.0077 2576 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:28:44.0077 2576 NetPipeActivator - ok
15:28:44.0087 2576 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:28:44.0097 2576 netprofm - ok
15:28:44.0097 2576 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:28:44.0097 2576 NetTcpActivator - ok
15:28:44.0097 2576 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:28:44.0097 2576 NetTcpPortSharing - ok
15:28:44.0117 2576 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:28:44.0117 2576 nfrd960 - ok
15:28:44.0137 2576 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:28:44.0137 2576 NisDrv - ok
15:28:44.0147 2576 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
15:28:44.0147 2576 NisSrv - ok
15:28:44.0157 2576 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:28:44.0167 2576 NlaSvc - ok
15:28:44.0167 2576 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:28:44.0167 2576 Npfs - ok
15:28:44.0177 2576 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:28:44.0177 2576 nsi - ok
15:28:44.0177 2576 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:28:44.0177 2576 nsiproxy - ok
15:28:44.0217 2576 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:28:44.0237 2576 Ntfs - ok
15:28:44.0287 2576 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:28:44.0287 2576 Null - ok
15:28:44.0297 2576 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:28:44.0297 2576 nvraid - ok
15:28:44.0307 2576 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:28:44.0317 2576 nvstor - ok
15:28:44.0327 2576 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:28:44.0327 2576 nv_agp - ok
15:28:44.0337 2576 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:28:44.0337 2576 ohci1394 - ok
15:28:44.0357 2576 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:28:44.0357 2576 p2pimsvc - ok
15:28:44.0377 2576 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:28:44.0387 2576 p2psvc - ok
15:28:44.0397 2576 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:28:44.0397 2576 Parport - ok
15:28:44.0407 2576 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:28:44.0407 2576 partmgr - ok
15:28:44.0427 2576 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:28:44.0427 2576 PcaSvc - ok
15:28:44.0437 2576 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:28:44.0437 2576 pci - ok
15:28:44.0447 2576 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:28:44.0447 2576 pciide - ok
15:28:44.0457 2576 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:28:44.0457 2576 pcmcia - ok
15:28:44.0467 2576 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:28:44.0467 2576 pcw - ok
15:28:44.0477 2576 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:28:44.0487 2576 PEAUTH - ok
15:28:44.0537 2576 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:28:44.0537 2576 PerfHost - ok
15:28:44.0587 2576 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:28:44.0607 2576 pla - ok
15:28:44.0627 2576 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:28:44.0627 2576 PlugPlay - ok
15:28:44.0637 2576 PnkBstrA - ok
15:28:44.0637 2576 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:28:44.0637 2576 PNRPAutoReg - ok
15:28:44.0657 2576 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:28:44.0657 2576 PNRPsvc - ok
15:28:44.0677 2576 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:28:44.0677 2576 PolicyAgent - ok
15:28:44.0697 2576 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:28:44.0697 2576 Power - ok
15:28:44.0717 2576 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:28:44.0717 2576 PptpMiniport - ok
15:28:44.0727 2576 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:28:44.0727 2576 Processor - ok
15:28:44.0737 2576 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:28:44.0747 2576 ProfSvc - ok
15:28:44.0747 2576 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:28:44.0747 2576 ProtectedStorage - ok
15:28:44.0767 2576 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:28:44.0767 2576 Psched - ok
15:28:44.0807 2576 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:28:44.0817 2576 ql2300 - ok
15:28:44.0877 2576 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:28:44.0877 2576 ql40xx - ok
15:28:44.0897 2576 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:28:44.0897 2576 QWAVE - ok
15:28:44.0907 2576 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:28:44.0907 2576 QWAVEdrv - ok
15:28:44.0917 2576 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:28:44.0917 2576 RasAcd - ok
15:28:44.0927 2576 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:28:44.0927 2576 RasAgileVpn - ok
15:28:44.0937 2576 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:28:44.0947 2576 RasAuto - ok
15:28:44.0957 2576 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:28:44.0957 2576 Rasl2tp - ok
15:28:44.0967 2576 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:28:44.0977 2576 RasMan - ok
15:28:44.0987 2576 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:28:44.0987 2576 RasPppoe - ok
15:28:44.0997 2576 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:28:45.0007 2576 RasSstp - ok
15:28:45.0017 2576 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:28:45.0017 2576 rdbss - ok
15:28:45.0027 2576 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:28:45.0027 2576 rdpbus - ok
15:28:45.0027 2576 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:28:45.0027 2576 RDPCDD - ok
15:28:45.0037 2576 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:28:45.0037 2576 RDPENCDD - ok
15:28:45.0037 2576 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:28:45.0037 2576 RDPREFMP - ok
15:28:45.0047 2576 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:28:45.0057 2576 RDPWD - ok
15:28:45.0067 2576 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:28:45.0067 2576 rdyboost - ok
15:28:45.0087 2576 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:28:45.0087 2576 RemoteAccess - ok
15:28:45.0107 2576 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:28:45.0107 2576 RemoteRegistry - ok
15:28:45.0127 2576 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:28:45.0127 2576 RFCOMM - ok
15:28:45.0137 2576 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:28:45.0137 2576 RpcEptMapper - ok
15:28:45.0147 2576 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:28:45.0147 2576 RpcLocator - ok
15:28:45.0167 2576 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:28:45.0167 2576 RpcSs - ok
15:28:45.0177 2576 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:28:45.0187 2576 rspndr - ok
15:28:45.0187 2576 RTCore64 (3ecd3ca61ffc54b0d93f8b19161b83da) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
15:28:45.0187 2576 RTCore64 - ok
15:28:45.0207 2576 RzSynapse (f71eea505290b0aad48850f0d750702d) C:\Windows\system32\DRIVERS\RzSynapse.sys
15:28:45.0207 2576 RzSynapse - ok
15:28:45.0207 2576 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:28:45.0207 2576 SamSs - ok
15:28:45.0227 2576 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:28:45.0227 2576 sbp2port - ok
15:28:45.0237 2576 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:28:45.0237 2576 SCardSvr - ok
15:28:45.0247 2576 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:28:45.0247 2576 scfilter - ok
15:28:45.0277 2576 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:28:45.0287 2576 Schedule - ok
15:28:45.0297 2576 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:28:45.0297 2576 SCPolicySvc - ok
15:28:45.0307 2576 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:28:45.0307 2576 SDRSVC - ok
15:28:45.0317 2576 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:28:45.0317 2576 secdrv - ok
15:28:45.0327 2576 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:28:45.0327 2576 seclogon - ok
15:28:45.0337 2576 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:28:45.0337 2576 SENS - ok
15:28:45.0347 2576 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:28:45.0347 2576 SensrSvc - ok
15:28:45.0347 2576 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:28:45.0347 2576 Serenum - ok
15:28:45.0357 2576 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:28:45.0367 2576 Serial - ok
15:28:45.0367 2576 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:28:45.0367 2576 sermouse - ok
15:28:45.0387 2576 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:28:45.0387 2576 SessionEnv - ok
15:28:45.0387 2576 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:28:45.0387 2576 sffdisk - ok
15:28:45.0397 2576 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:28:45.0397 2576 sffp_mmc - ok
15:28:45.0397 2576 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:28:45.0397 2576 sffp_sd - ok
15:28:45.0397 2576 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:28:45.0407 2576 sfloppy - ok
15:28:45.0427 2576 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:28:45.0427 2576 ShellHWDetection - ok
15:28:45.0437 2576 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:28:45.0437 2576 SiSRaid2 - ok
15:28:45.0447 2576 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:28:45.0447 2576 SiSRaid4 - ok
15:28:45.0467 2576 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:28:45.0467 2576 Smb - ok
15:28:45.0467 2576 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:28:45.0467 2576 SNMPTRAP - ok
15:28:45.0477 2576 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:28:45.0477 2576 spldr - ok
15:28:45.0497 2576 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:28:45.0497 2576 Spooler - ok
15:28:45.0587 2576 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:28:45.0617 2576 sppsvc - ok
15:28:45.0677 2576 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:28:45.0677 2576 sppuinotify - ok
15:28:45.0697 2576 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:28:45.0707 2576 srv - ok
15:28:45.0717 2576 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:28:45.0727 2576 srv2 - ok
15:28:45.0737 2576 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:28:45.0737 2576 srvnet - ok
15:28:45.0747 2576 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:28:45.0757 2576 SSDPSRV - ok
15:28:45.0767 2576 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:28:45.0767 2576 SstpSvc - ok
15:28:45.0777 2576 Steam Client Service - ok
15:28:45.0777 2576 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:28:45.0777 2576 stexstor - ok
15:28:45.0797 2576 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:28:45.0807 2576 stisvc - ok
15:28:45.0807 2576 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:28:45.0817 2576 swenum - ok
15:28:45.0827 2576 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:28:45.0837 2576 swprv - ok
15:28:45.0877 2576 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:28:45.0897 2576 SysMain - ok
15:28:45.0947 2576 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:28:45.0957 2576 TabletInputService - ok
15:28:45.0977 2576 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:28:45.0977 2576 TapiSrv - ok
15:28:45.0987 2576 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:28:45.0987 2576 TBS - ok
15:28:46.0037 2576 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:28:46.0057 2576 Tcpip - ok
15:28:46.0157 2576 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:28:46.0167 2576 TCPIP6 - ok
15:28:46.0227 2576 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:28:46.0227 2576 tcpipreg - ok
15:28:46.0237 2576 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:28:46.0237 2576 TDPIPE - ok
15:28:46.0247 2576 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:28:46.0247 2576 TDTCP - ok
15:28:46.0257 2576 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:28:46.0257 2576 tdx - ok
15:28:46.0267 2576 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:28:46.0267 2576 TermDD - ok
15:28:46.0297 2576 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:28:46.0307 2576 TermService - ok
15:28:46.0317 2576 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:28:46.0317 2576 Themes - ok
15:28:46.0337 2576 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:28:46.0337 2576 THREADORDER - ok
15:28:46.0347 2576 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:28:46.0357 2576 TrkWks - ok
15:28:46.0367 2576 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:28:46.0367 2576 TrustedInstaller - ok
15:28:46.0377 2576 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:28:46.0377 2576 tssecsrv - ok
15:28:46.0387 2576 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:28:46.0387 2576 TsUsbFlt - ok
15:28:46.0387 2576 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:28:46.0387 2576 TsUsbGD - ok
15:28:46.0407 2576 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:28:46.0407 2576 tunnel - ok
15:28:46.0417 2576 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:28:46.0417 2576 uagp35 - ok
15:28:46.0437 2576 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:28:46.0437 2576 udfs - ok
15:28:46.0447 2576 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:28:46.0447 2576 UI0Detect - ok
15:28:46.0457 2576 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:28:46.0457 2576 uliagpkx - ok
15:28:46.0467 2576 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:28:46.0467 2576 umbus - ok
15:28:46.0477 2576 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:28:46.0477 2576 UmPass - ok
15:28:46.0497 2576 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:28:46.0497 2576 UMVPFSrv - ok
15:28:46.0517 2576 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:28:46.0527 2576 upnphost - ok
15:28:46.0537 2576 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:28:46.0537 2576 usbaudio - ok
15:28:46.0557 2576 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:28:46.0557 2576 usbccgp - ok
15:28:46.0567 2576 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:28:46.0577 2576 usbcir - ok
15:28:46.0577 2576 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:28:46.0577 2576 usbehci - ok
15:28:46.0587 2576 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:28:46.0597 2576 usbhub - ok
15:28:46.0597 2576 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:28:46.0597 2576 usbohci - ok
15:28:46.0597 2576 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:28:46.0607 2576 usbprint - ok
15:28:46.0607 2576 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:28:46.0617 2576 usbscan - ok
15:28:46.0617 2576 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:28:46.0617 2576 USBSTOR - ok
15:28:46.0627 2576 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:28:46.0627 2576 usbuhci - ok
15:28:46.0637 2576 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:28:46.0637 2576 UxSms - ok
15:28:46.0637 2576 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:28:46.0637 2576 VaultSvc - ok
15:28:46.0647 2576 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:28:46.0647 2576 vdrvroot - ok
15:28:46.0667 2576 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:28:46.0677 2576 vds - ok
15:28:46.0687 2576 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:28:46.0687 2576 vga - ok
15:28:46.0687 2576 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:28:46.0687 2576 VgaSave - ok
15:28:46.0707 2576 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:28:46.0707 2576 vhdmp - ok
15:28:46.0707 2576 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:28:46.0707 2576 viaide - ok
15:28:46.0717 2576 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
15:28:46.0717 2576 VKbms - ok
15:28:46.0727 2576 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:28:46.0727 2576 volmgr - ok
15:28:46.0747 2576 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:28:46.0747 2576 volmgrx - ok
15:28:46.0767 2576 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:28:46.0767 2576 volsnap - ok
15:28:46.0777 2576 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:28:46.0777 2576 vsmraid - ok
15:28:46.0827 2576 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:28:46.0837 2576 VSS - ok
15:28:46.0897 2576 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:28:46.0897 2576 vwifibus - ok
15:28:46.0907 2576 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:28:46.0907 2576 vwififlt - ok
15:28:46.0917 2576 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:28:46.0917 2576 vwifimp - ok
15:28:46.0937 2576 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:28:46.0937 2576 W32Time - ok
15:28:46.0947 2576 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:28:46.0947 2576 WacomPen - ok
15:28:46.0957 2576 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:28:46.0957 2576 WANARP - ok
15:28:46.0957 2576 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:28:46.0957 2576 Wanarpv6 - ok
15:28:46.0997 2576 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:28:47.0007 2576 WatAdminSvc - ok
15:28:47.0047 2576 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:28:47.0067 2576 wbengine - ok
15:28:47.0117 2576 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:28:47.0127 2576 WbioSrvc - ok
15:28:47.0147 2576 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:28:47.0147 2576 wcncsvc - ok
15:28:47.0157 2576 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:28:47.0157 2576 WcsPlugInService - ok
15:28:47.0167 2576 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:28:47.0167 2576 Wd - ok
15:28:47.0187 2576 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:28:47.0187 2576 Wdf01000 - ok
15:28:47.0207 2576 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:28:47.0207 2576 WdiServiceHost - ok
15:28:47.0207 2576 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:28:47.0207 2576 WdiSystemHost - ok
15:28:47.0227 2576 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:28:47.0227 2576 WebClient - ok
15:28:47.0237 2576 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:28:47.0237 2576 Wecsvc - ok
15:28:47.0247 2576 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:28:47.0257 2576 wercplsupport - ok
15:28:47.0267 2576 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:28:47.0267 2576 WerSvc - ok
15:28:47.0277 2576 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:28:47.0277 2576 WfpLwf - ok
15:28:47.0277 2576 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:28:47.0277 2576 WIMMount - ok
15:28:47.0287 2576 WinHttpAutoProxySvc - ok
15:28:47.0307 2576 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:28:47.0307 2576 Winmgmt - ok
15:28:47.0367 2576 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:28:47.0397 2576 WinRM - ok
15:28:47.0467 2576 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:28:47.0487 2576 Wlansvc - ok
15:28:47.0547 2576 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:28:47.0557 2576 wlidsvc - ok
15:28:47.0607 2576 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:28:47.0607 2576 WmiAcpi - ok
15:28:47.0627 2576 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:28:47.0637 2576 wmiApSrv - ok
15:28:47.0637 2576 WMPNetworkSvc - ok
15:28:47.0647 2576 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:28:47.0647 2576 WPCSvc - ok
15:28:47.0657 2576 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:28:47.0657 2576 WPDBusEnum - ok
15:28:47.0667 2576 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:28:47.0667 2576 ws2ifsl - ok
15:28:47.0667 2576 WSearch - ok
15:28:47.0687 2576 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:28:47.0687 2576 WudfPf - ok
15:28:47.0697 2576 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:28:47.0697 2576 WUDFRd - ok
15:28:47.0707 2576 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:28:47.0717 2576 wudfsvc - ok
15:28:47.0727 2576 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:28:47.0727 2576 WwanSvc - ok
15:28:47.0747 2576 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
15:28:47.0747 2576 xusb21 - ok
15:28:47.0757 2576 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:28:47.0757 2576 \Device\Harddisk0\DR0 - ok
15:28:47.0767 2576 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:28:47.0817 2576 \Device\Harddisk1\DR1 - ok
15:28:47.0827 2576 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
15:28:47.0827 2576 \Device\Harddisk2\DR2 - ok
15:28:47.0827 2576 Boot (0x1200) (7845de4a9fd062fe46eb80896009d22d) \Device\Harddisk0\DR0\Partition0
15:28:47.0827 2576 \Device\Harddisk0\DR0\Partition0 - ok
15:28:47.0827 2576 Boot (0x1200) (5a4b0b4148513475b218acaf095522fe) \Device\Harddisk1\DR1\Partition0
15:28:47.0827 2576 \Device\Harddisk1\DR1\Partition0 - ok
15:28:47.0827 2576 Boot (0x1200) (8f6455a4b0ea8fa0ee49026695be32a1) \Device\Harddisk1\DR1\Partition1
15:28:47.0837 2576 \Device\Harddisk1\DR1\Partition1 - ok
15:28:47.0837 2576 Boot (0x1200) (9ccb7948aa545b298471300bf23b61a8) \Device\Harddisk2\DR2\Partition0
15:28:47.0837 2576 \Device\Harddisk2\DR2\Partition0 - ok
15:28:47.0837 2576 ============================================================
15:28:47.0837 2576 Scan finished
15:28:47.0837 2576 ============================================================
15:28:47.0837 2464 Detected object count: 0
15:28:47.0837 2464 Actual detected object count: 0
15:28:51.0347 1580 Deinitialize success



aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-30 15:29:54
-----------------------------
15:29:54.737 OS Version: Windows x64 6.1.7601 Service Pack 1
15:29:54.737 Number of processors: 4 586 0x2A07
15:29:54.737 ComputerName: OSCAR-GAMING-PC UserName: Oscar
15:29:54.867 Initialize success
15:33:10.107 AVAST engine defs: 12063001
15:33:19.567 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:33:19.567 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
15:33:19.577 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
15:33:19.577 Disk 1 Vendor: INTEL_SS 4PC1 Size: 76319MB BusType: 3
15:33:19.577 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
15:33:19.587 Disk 2 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
15:33:19.587 Disk 1 MBR read successfully
15:33:19.597 Disk 1 MBR scan
15:33:19.597 Disk 1 Windows 7 default MBR code
15:33:19.597 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:33:19.607 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
15:33:19.607 Disk 1 scanning C:\Windows\system32\drivers
15:33:21.857 Service scanning
15:33:27.067 Modules scanning
15:33:27.077 Disk 1 trace - called modules:
15:33:27.087 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:33:27.097 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8009491060]
15:33:27.107 3 CLASSPNP.SYS[fffff88001d9d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007051050]
15:33:27.277 AVAST engine scan C:\Windows
15:33:27.597 AVAST engine scan C:\Windows\system32
15:34:21.197 AVAST engine scan C:\Windows\system32\drivers
15:34:23.887 AVAST engine scan C:\Users\Oscar
15:34:53.597 AVAST engine scan C:\ProgramData
15:35:02.427 Scan finished successfully
15:35:09.067 Disk 1 MBR has been saved successfully to "C:\Users\Oscar\Documents\MBR.dat"
15:35:09.067 The log file has been saved successfully to "C:\Users\Oscar\Documents\aswMBR.txt"



ESET:
I:\Games\Dwarf Fortress\LazyNewbPack[0.31.25][V9.2]\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfattachtest.exe probably a variant of Win32/Agent.HHSRUDW trojan cleaned by deleting - quarantined
I:\Games\Dwarf Fortress\LazyNewbPack[0.31.25][V9.2]\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfautodump.exe probably a variant of Win32/Agent.GVCIGSK trojan cleaned by deleting - quarantined
I:\Games\Dwarf Fortress\LazyNewbPack[0.31.25][V9.2]\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfcleanmap.exe probably a variant of Win32/Agent.GWPDLOK trojan cleaned by deleting - quarantined
I:\Games\Dwarf Fortress\LazyNewbPack[0.31.25][V9.2]\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfderamp.exe probably a variant of Win32/Agent.BALMYQZ trojan cleaned by deleting - quarantined
I:\Games\Dwarf Fortress\LazyNewbPack[0.31.25][V9.2]\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfpause.exe probably a variant of Win32/Agent.FOKESCJ trojan cleaned by deleting - quarantined
I:\Games\Dwarf Fortress\LazyNewbPack[0.31.25][V9.2]\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfposition.exe probably a variant of Win32/Agent.BUXIVFR trojan cleaned by deleting - quarantined
I:\Games\Dwarf Fortress\LazyNewbPack[0.31.25][V9.2]\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dftubefill.exe probably a variant of Win32/Agent.ICWSIRW trojan cleaned by deleting - quarantined
I:\Games\Dwarf Fortress\LazyNewbPack[0.31.25][V9.2]\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfunreveal.exe probably a variant of Win32/Agent.HYRWUE trojan cleaned by deleting - quarantined
I:\Games\Dwarf Fortress\LazyNewbPack[0.31.25][V9.2]\LazyNewbPack[0.31.25][V9.2]\LNP\Utilities\C-Hacks\DFhack 0.5.15\dfvdig.exe probably a variant of Win32/Agent.CGELMFL trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:06 PM

Posted 30 June 2012 - 07:12 PM

Please post the MBAM log

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe

Click on LOOK,post the generated log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all options

Click on "Scan".
Please copy and paste the log to your reply.

#5 Exalted One

Exalted One
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 30 June 2012 - 07:20 PM

MBAM LOGS:

this is the first one.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Oscar :: OSCAR-GAMING-PC [administrator]

6/30/2012 1:01:35 PM
mbam-log-2012-06-30 (13-01-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206934
Time elapsed: 53 second(s)

Memory Processes Detected: 1
C:\Users\Oscar\AppData\Roaming\System32\csrss.exe (Trojan.Dropper) -> 2480 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Service Host Process for Windows (Trojan.Agent) -> Data: C:\Users\Oscar\AppData\Roaming\svchost.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Client Server Runtime Process (Trojan.Dropper) -> Data: C:\Users\Oscar\AppData\Roaming\System32\csrss.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Dropper) -> Data: C:\Users\Oscar\AppData\Roaming\System32\csrss.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Windows\Installer\{9d04a022-16d1-cd60-2d5e-ba7d5843ad1d}\n (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\Installer\{9d04a022-16d1-cd60-2d5e-ba7d5843ad1d}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Oscar\AppData\Roaming\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Oscar\AppData\Roaming\rundll32.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Oscar\AppData\Roaming\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Oscar\AppData\Roaming\System32\csrss.exe (Trojan.Dropper) -> Delete on reboot.
C:\Users\Oscar\AppData\Roaming\System32\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

This was a full scan after the quick scan.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Oscar :: OSCAR-GAMING-PC [administrator]

6/30/2012 1:04:31 PM
mbam-log-2012-06-30 (13-04-31).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 698268
Time elapsed: 1 hour(s), 10 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Oscar\AppData\Local\{9d04a022-16d1-cd60-2d5e-ba7d5843ad1d}\n (Trojan.Sirefef) -> Delete on reboot.
C:\Windows\Installer\{9d04a022-16d1-cd60-2d5e-ba7d5843ad1d}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

this was a scan made after I rebooted.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.30.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Oscar :: OSCAR-GAMING-PC [administrator]

6/30/2012 2:18:34 PM
mbam-log-2012-06-30 (14-18-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206671
Time elapsed: 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{9d04a022-16d1-cd60-2d5e-ba7d5843ad1d}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

systemlook:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:17 on 30/06/2012 by Oscar
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-



mini toolbox:

MiniToolBox by Farbar Version: 25-06-2012
Ran by Oscar (administrator) on 30-06-2012 at 17:18:58
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Wireless N-300 USB Adapter WNA3100 = Wireless Network Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
Intel® 82579V Gigabit Network Connection = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Oscar-Gaming-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : E0-46-9A-06-83-0E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Wireless N-300 USB Adapter WNA3100
Physical Address. . . . . . . . . : E0-46-9A-06-83-0E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9a4:9a36:daed:e1ff%15(Preferred)
IPv4 Address. . . . . . . . . . . : 10.171.189.122(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 30, 2012 5:13:38 PM
Lease Expires . . . . . . . . . . : Sunday, July 01, 2012 5:13:38 PM
Default Gateway . . . . . . . . . : 10.171.189.162
DHCP Server . . . . . . . . . . . : 10.171.189.162
DHCPv6 IAID . . . . . . . . . . . : 383796890
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D4-0F-6C-14-DA-E9-06-4B-53
DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
2001:4860:4860::8844
10.171.189.162
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-26-83-30-A1-00
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
Physical Address. . . . . . . . . : 14-DA-E9-06-4B-53
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-BE-55-BC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::5be:55bc(Preferred)
Link-local IPv6 Address . . . . . : fe80::842b:5aaf:15e8:4468%18(Preferred)
IPv4 Address. . . . . . . . . . . : 5.190.85.188(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Saturday, June 30, 2012 5:13:37 PM
Lease Expires . . . . . . . . . . : Sunday, June 30, 2013 5:15:43 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 477788568
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D4-0F-6C-14-DA-E9-06-4B-53
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{9F63A227-3968-4D6E-A6F5-E96EBCC78AE4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0AB687E9-8C84-4B46-82C8-C8E94C9E6258}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{37E25A97-3ADD-4091-9BA4-18991CFB7E68}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 2001:4860:4860::8888


Pinging google.com [74.125.224.37] with 32 bytes of data:
Reply from 74.125.224.37: bytes=32 time=17ms TTL=53
Reply from 74.125.224.37: bytes=32 time=17ms TTL=53

Ping statistics for 74.125.224.37:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 17ms, Average = 17ms
Server: UnKnown
Address: 2001:4860:4860::8888


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=18ms TTL=52
Reply from 72.30.38.140: bytes=32 time=17ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 18ms, Average = 17ms
Server: UnKnown
Address: 2001:4860:4860::8888


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
20...e0 46 9a 06 83 0e ......Microsoft Virtual WiFi Miniport Adapter
15...e0 46 9a 06 83 0e ......Wireless N-300 USB Adapter WNA3100
13...00 26 83 30 a1 00 ......Bluetooth Device (Personal Area Network)
11...14 da e9 06 4b 53 ......Intel® 82579V Gigabit Network Connection
18...7a 79 05 be 55 bc ......Hamachi Network Interface
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.190.85.188 9256
0.0.0.0 0.0.0.0 10.171.189.162 10.171.189.122 25
5.0.0.0 255.0.0.0 On-link 5.190.85.188 9256
5.190.85.188 255.255.255.255 On-link 5.190.85.188 9256
5.255.255.255 255.255.255.255 On-link 5.190.85.188 9256
10.171.189.0 255.255.255.0 On-link 10.171.189.122 281
10.171.189.122 255.255.255.255 On-link 10.171.189.122 281
10.171.189.255 255.255.255.255 On-link 10.171.189.122 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.190.85.188 9256
224.0.0.0 240.0.0.0 On-link 10.171.189.122 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.190.85.188 9256
255.255.255.255 255.255.255.255 On-link 10.171.189.122 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
18 276 2620:9b::/96 On-link
18 276 2620:9b::5be:55bc/128 On-link
18 276 fe80::/64 On-link
15 281 fe80::/64 On-link
15 281 fe80::9a4:9a36:daed:e1ff/128
On-link
18 276 fe80::842b:5aaf:15e8:4468/128
On-link
1 306 ff00::/8 On-link
18 276 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/30/2012 05:15:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 03:36:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000068985db00000
Faulting process id: 0x918
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (06/30/2012 03:36:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2012 03:36:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2012 03:28:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 03:14:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 03:02:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 02:35:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 02:30:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 02:20:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/29/2012 06:02:52 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/29/2012 11:33:12 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
%%1053

Error: (06/29/2012 11:33:12 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

Error: (06/29/2012 11:33:12 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/19/2012 11:02:54 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (06/19/2012 11:02:54 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (05/30/2012 03:45:42 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:41:51 PM on ?5/?30/?2012 was unexpected.

Error: (05/19/2012 00:14:52 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (05/19/2012 00:14:52 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (05/18/2012 05:19:12 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.125.1861.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (06/30/2012 05:15:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 03:36:42 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c0000005000068985db0000091801cd5710858de6cbC:\Windows\system32\svchost.exeunknown104b51ee-c304-11e1-9c92-14dae9064b53

Error: (06/30/2012 03:36:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Oscar\Downloads\esetsmartinstaller_enu.exe

Error: (06/30/2012 03:36:04 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Oscar\Downloads\esetsmartinstaller_enu.exe

Error: (06/30/2012 03:28:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 03:14:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 03:02:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 02:35:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 02:30:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2012 02:20:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Alice: Madness Returns
Alpha Protocol
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70405.2224)
Amnesia: The Dark Descent
And Yet It Moves
Aquaria
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.4.5.0)
Assassin's Creed Brotherhood
ATI AVIVO64 Codecs (Version: 11.6.0.51118)
ATI Problem Report Wizard (Version: 3.0.800.0)
Audiosurf
Bastion
Batman: Arkham City™
Battlefield: Bad Company 2
BIT.TRIP BEAT
BIT.TRIP RUNNER
Bloodline Champions
BlueJ 3.0.5
Bluetooth Win7 Suite (64) (Version: 7.2.0.65)
Borderlands
Braid
Breath of Death VII
Brink
Browser Configuration Utility (Version: 1.0.10.0)
Bulletstorm
Call of Cthulhu: Dark Corners of the Earth
CanoScan LiDE 210 Scanner Driver
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0405.2205.37728)
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728)
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728)
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728)
Cave Story+
ccc-utility64 (Version: 2012.0405.2205.37728)
CCC Help Chinese Standard (Version: 2012.0405.2204.37728)
CCC Help Chinese Traditional (Version: 2012.0405.2204.37728)
CCC Help Czech (Version: 2012.0405.2204.37728)
CCC Help Danish (Version: 2012.0405.2204.37728)
CCC Help Dutch (Version: 2012.0405.2204.37728)
CCC Help English (Version: 2012.0405.2204.37728)
CCC Help Finnish (Version: 2012.0405.2204.37728)
CCC Help French (Version: 2012.0405.2204.37728)
CCC Help German (Version: 2012.0405.2204.37728)
CCC Help Greek (Version: 2012.0405.2204.37728)
CCC Help Hungarian (Version: 2012.0405.2204.37728)
CCC Help Italian (Version: 2012.0405.2204.37728)
CCC Help Japanese (Version: 2012.0405.2204.37728)
CCC Help Korean (Version: 2012.0405.2204.37728)
CCC Help Norwegian (Version: 2012.0405.2204.37728)
CCC Help Polish (Version: 2012.0405.2204.37728)
CCC Help Portuguese (Version: 2012.0405.2204.37728)
CCC Help Russian (Version: 2012.0405.2204.37728)
CCC Help Spanish (Version: 2012.0405.2204.37728)
CCC Help Swedish (Version: 2012.0405.2204.37728)
CCC Help Thai (Version: 2012.0405.2204.37728)
CCC Help Turkish (Version: 2012.0405.2204.37728)
Chantelise
ComicRack v0.9.153 (Version: v0.9.153)
Commander Keen Complete Pack
Company of Heroes: Tales of Valor
Counter-Strike: Source
Crusader Kings II
Crysis
Cthulhu Saves the World
Curse Client (Version: 4.0.1.260)
Darksiders
DarksidersInstaller (Version: 1.00.1000)
Deus Ex: Game of the Year Edition
Deus Ex: Invisible War
DOOM 3
DOOM 3: Resurrection of Evil
DOOM II: Hell on Earth
Dota 2
Dreamkiller
Dual-Core Optimizer (Version: 1.1.4.0169)
Dungeon Defenders
Dungeons of Dredmor
Dustforce
E.Y.E: Divine Cybermancy
Empire: Total War
ESET Online Scanner v3
F.E.A.R. 2: Project Origin
Fallout 2
Fallout Tactics
Fallout: New Vegas
Final DOOM
Flotilla
From Dust
Frozen Synapse
FXAA Post Process Injector
Garry's Mod
GIMP 2.6.11 (Version: 2.6.11)
Gish
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
GRID
Hacker Evolution Duality
Heretic: Shadow of the Serpent Riders
Heroes of Newerth (Version: 2.0.26)
HeXen II
HeXen: Beyond Heretic
HeXen: Deathkings of the Dark Citadel
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
Hitman 2: Silent Assassin
Hitman: Blood Money
Hitman: Codename 47
Hunted: The Demon's Forge
HydraVision (Version: 4.2.184.0)
Inkscape 0.48.2 (Version: 0.48.2)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Network Connections 15.6.25.0 (Version: 15.6.25.0)
Intel® Rapid Storage Technology (Version: 10.5.0.1026)
Java Auto Updater (Version: 2.1.5.1)
Java™ 7 (Version: 7.0.0)
Java™ SE Development Kit 7 (Version: 1.7.0.0)
JMicron JMB36X Driver (Version: 1.17.58.2)
Jolly Rover
Killing Floor
King's Bounty: The Legend
Left 4 Dead 2
LibreOffice 3.3 (Version: 3.3.6)
LIMBO
LogMeIn Hamachi (Version: 2.1.0.210)
LOLReplay (Version: 0.6.9.34)
Machinarium
Magic: The Gathering — Duels of the Planeswalkers 2012
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Master Levels for DOOM II
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mount & Blade
Mount & Blade: With Fire and Sword
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSI Afterburner 2.0.0 (Version: 2.0.0)
Neverwinter Nights 2: Platinum
Notepad++ (Version: 5.8.7)
NVIDIA PhysX (Version: 9.10.0513)
Oddworld: Stranger's Wrath
OpenAL
Orcs Must Die!
PAYDAY: The Heist
PCSX2 - Playstation 2 Emulator
Portal 2
Project64 1.6 (Version: 1.6.1)
Prototype
PunkBuster Services (Version: 0.993)
Puzzle Agent
Puzzle Quest
Quake 4
Quake II: Ground Zero
Quake II: The Reckoning
Quake III Arena
Quake III: Team Arena
Quake Mission Pack 1: Scourge of Armagon
Quake Mission Pack 2: Dissolution of Eternity
Razer BlackWidow (Version: 1.04.04)
Razer DeathAdder™ Mouse (Version: 3.03)
Realm of the Mad God
Realtek High Definition Audio Driver (Version: 6.0.1.6251)
Recettear: An Item Shop's Tale
Red Faction: Guerrilla
Return to Castle Wolfenstein
Rise of Immortals
Rusty Hearts
S.T.A.L.K.E.R.: Call of Pripyat
S.T.A.L.K.E.R.: Shadow of Chernobyl
Section 8: Prejudice
Shank 2
Sid Meier's Civilization V
Sins of a Solar Empire: Trinity
Skype™ 5.5 (Version: 5.5.124)
Sniper Elite V2
StarCraft II (Version: 1.4.3.21029)
Steam (Version: 1.0.0.0)
SumatraPDF (Version: 2.1.1)
Super Meat Boy
Supreme Commander 2
Team Fortress 2
TERA (Version: 1.41)
Terrafirma (Version: 1.8.2)
Terraria
The Binding Of Isaac
The Elder Scrolls III: Morrowind
The Elder Scrolls IV: Oblivion
The Last Remnant
The Ultimate DOOM
The Witcher: Enhanced Edition
Thief: Deadly Shadows
Tom Clancy's Ghost Recon Future Soldier
Torchlight
TortoiseSVN 1.6.16.21511 (64 bit) (Version: 1.6.21511)
Total War: SHOGUN 2
Tribes Ascend Open Beta (Version: 0.1.848.1)
Tropico 3 - Steam Special Edition
Tropico 4
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Vampire: The Masquerade - Bloodlines
Velvet Assassin
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 1.1.7 (Version: 1.1.7)
VVVVVV
Warhammer 40,000 Space Marine
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Wolfenstein 3D
Wolfenstein 3D: Spear of Destiny
World of Goo
World of Warcraft (Version: 4.3.2.15211)
X-COM: Apocalypse
X-COM: Enforcer
X-COM: Interceptor
X-COM: Terror from the Deep
X-COM: UFO Defense
X-Universe Plugin Manager 1.41 (Version: 1.41)
X3: Albion Prelude
X3: Terran Conflict

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8168.63 MB
Available physical RAM: 6022.67 MB
Total Pagefile: 16335.45 MB
Available Pagefile: 13968.61 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.83 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.43 GB) (Free:18.09 GB) NTFS
2 Drive d: (WNA3100) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
7 Drive i: () (Fixed) (Total:931.51 GB) (Free:329.93 GB) NTFS
8 Drive j: () (Fixed) (Total:931.51 GB) (Free:900.73 GB) NTFS

========================= Users: ========================================

User accounts for \\OSCAR-GAMING-PC

Administrator Guest Oscar


**** End of log ****


FSS:
Farbar Service Scanner Version: 25-06-2012 01
Ran by Oscar (administrator) on 30-06-2012 at 17:20:29
Running from "C:\Users\Oscar\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:06 PM

Posted 30 June 2012 - 07:28 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
del services.exe.old
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER


Open your C drive

On top ,click on organize-folder and search options

Click on view tab and scroll down

Checkmark show hidden files
Uncheck Hide operating system files

CLick ok

Delete this folder C:\Windows\Installer\{9d04a022-16d1-cd60-2d5e-ba7d5843ad1d}


Launch system look again copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{9d04a022-16d1-cd60-2d5e-ba7d5843ad1d}


Click on LOOK,post the generated log

#7 Exalted One

Exalted One
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 30 June 2012 - 07:34 PM

it's not letting me delete the folder you specified.

it says it's in use by another program.

Edited by Exalted One, 30 June 2012 - 07:36 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:06 PM

Posted 30 June 2012 - 07:36 PM

Run MBAM once again,remove infections,restart the PC.You should be able to delete it now

#9 Exalted One

Exalted One
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 30 June 2012 - 07:40 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:40 on 30/06/2012 by Oscar
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{9d04a022-16d1-cd60-2d5e-ba7d5843ad1d}"
C:\Users\Oscar\AppData\Local\{9d04a022-16d1-cd60-2d5e-ba7d5843ad1d} d--hs-- [19:09 11/01/2012]

-= EOF =-


Was I supposed to empty the recycle bin?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:06 PM

Posted 30 June 2012 - 07:42 PM

Delete this folder

C:\Users\Oscar\AppData\Local\{9d04a022-16d1-cd60-2d5e-ba7d5843ad1d}

and yes empty the recycle bin.Anyway we will be doing that at last

Create a restore point before trying this

Download

MpsSvc
BFE
wscsvc
defender


Launch them ,click YES when you get UAC prompt

restart the PC

Press Windows+R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

Edited by narenxp, 30 June 2012 - 07:43 PM.


#11 Exalted One

Exalted One
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 30 June 2012 - 07:48 PM

Farbar Service Scanner Version: 25-06-2012 01
Ran by Oscar (administrator) on 30-06-2012 at 17:48:27
Running from "C:\Users\Oscar\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:06 PM

Posted 30 June 2012 - 07:49 PM

Please post the FSS log after running the repair tool

#13 Exalted One

Exalted One
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 30 June 2012 - 07:52 PM

with the windows repair tool It's not letting me get the file in the link you put, it redirects me to tweaking.com and I can't find a zip file like that.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:06 PM

Posted 30 June 2012 - 07:53 PM

Download from here

http://majorgeeks.com/download.php?det=7141

#15 Exalted One

Exalted One
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 30 June 2012 - 07:57 PM

the repair_windows.exe has like steps and stuff and nothing like what you described.

nevermind.

Edited by Exalted One, 30 June 2012 - 07:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users