Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit


  • Please log in to reply
17 replies to this topic

#1 takeru27

takeru27

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 07 July 2012 - 09:50 PM

I've browsed seemingly everywhere to find a solution to this; posting is my last ditch effort.

OS: Windows 7 64

leading up to problem:
-downloaded something stupid without checking sources
-ran it
-comodo gave me some warnings
-proceeded to clean it through comodo; to no avail

description of suspicious activity:
-Adobe Flash Player Installer runs every couple of minutes (I keep closing out of it)
-google search redirects
-attempting to go to any known mail or social media site in google chrome delivers a warning that the site's signature algorithm is not secure and is most likely fabricated
-every couple of minutes comodo detects a malicious item in C:\Windows\Installer

attempts at cleaning:
-quarantining and deleting of found files doesn't deliver solution as problem persists
-windows restore point from last week didn't fix problem
-avast antiroot kit ran and found the files in my comodo quarantine, cleaned them but problem persists
-Eset scan and found:
Win32/Toolbar.Zugo application
Win32/Toolbar.Zugo application
Win64/Agent.BA trojan
probably a variant of Win32/Spy.Agent.KSRFASP trojan
-After cleaning these problem still persists


Any help would be greatly appreciated.

Edited by takeru27, 07 July 2012 - 10:37 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:28 PM

Posted 08 July 2012 - 01:26 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 takeru27

takeru27
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 08 July 2012 - 12:20 PM

TDSSkiller:


11:30:29.0368 0592 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
11:30:29.0961 0592 ============================================================
11:30:29.0961 0592 Current date / time: 2012/07/08 11:30:29.0961
11:30:29.0961 0592 SystemInfo:
11:30:29.0961 0592
11:30:29.0961 0592 OS Version: 6.1.7601 ServicePack: 1.0
11:30:29.0961 0592 Product type: Workstation
11:30:29.0961 0592 ComputerName: DASHAN-JI
11:30:29.0961 0592 UserName: DaShan
11:30:29.0961 0592 Windows directory: C:\Windows
11:30:29.0961 0592 System windows directory: C:\Windows
11:30:29.0961 0592 Running under WOW64
11:30:29.0961 0592 Processor architecture: Intel x64
11:30:29.0961 0592 Number of processors: 8
11:30:29.0961 0592 Page size: 0x1000
11:30:29.0961 0592 Boot type: Normal boot
11:30:29.0961 0592 ============================================================
11:30:32.0051 0592 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:30:32.0067 0592 ============================================================
11:30:32.0067 0592 \Device\Harddisk0\DR0:
11:30:32.0067 0592 MBR partitions:
11:30:32.0067 0592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:30:32.0067 0592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800
11:30:32.0067 0592 ============================================================
11:30:32.0098 0592 C: <-> \Device\Harddisk0\DR0\Partition1
11:30:32.0098 0592 ============================================================
11:30:32.0098 0592 Initialize success
11:30:32.0098 0592 ============================================================
11:30:36.0107 4484 ============================================================
11:30:36.0107 4484 Scan started
11:30:36.0107 4484 Mode: Manual; TDLFS;
11:30:36.0107 4484 ============================================================
11:30:37.0090 4484 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:30:37.0090 4484 1394ohci - ok
11:30:37.0106 4484 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:30:37.0106 4484 ACPI - ok
11:30:37.0121 4484 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:30:37.0121 4484 AcpiPmi - ok
11:30:37.0152 4484 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:30:37.0152 4484 adp94xx - ok
11:30:37.0168 4484 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:30:37.0184 4484 adpahci - ok
11:30:37.0184 4484 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:30:37.0184 4484 adpu320 - ok
11:30:37.0199 4484 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:30:37.0199 4484 AeLookupSvc - ok
11:30:37.0277 4484 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:30:37.0277 4484 AFD - ok
11:30:37.0293 4484 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:30:37.0293 4484 agp440 - ok
11:30:37.0308 4484 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:30:37.0308 4484 ALG - ok
11:30:37.0355 4484 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:30:37.0355 4484 aliide - ok
11:30:37.0371 4484 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:30:37.0371 4484 amdide - ok
11:30:37.0371 4484 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:30:37.0371 4484 AmdK8 - ok
11:30:37.0386 4484 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:30:37.0386 4484 AmdPPM - ok
11:30:37.0433 4484 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:30:37.0433 4484 amdsata - ok
11:30:37.0449 4484 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:30:37.0449 4484 amdsbs - ok
11:30:37.0464 4484 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:30:37.0464 4484 amdxata - ok
11:30:37.0527 4484 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:30:37.0527 4484 AppID - ok
11:30:37.0542 4484 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:30:37.0542 4484 AppIDSvc - ok
11:30:37.0620 4484 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:30:37.0620 4484 Appinfo - ok
11:30:37.0808 4484 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:30:37.0854 4484 Apple Mobile Device - ok
11:30:37.0886 4484 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:30:37.0886 4484 AppMgmt - ok
11:30:37.0917 4484 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:30:37.0917 4484 arc - ok
11:30:37.0917 4484 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:30:37.0917 4484 arcsas - ok
11:30:38.0057 4484 asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
11:30:38.0057 4484 asComSvc - ok
11:30:38.0260 4484 asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
11:30:38.0276 4484 asHmComSvc - ok
11:30:38.0354 4484 AsIO (fef9dd9ea587f8886ade43c1befbdafe) C:\Windows\syswow64\drivers\AsIO.sys
11:30:38.0354 4484 AsIO - ok
11:30:38.0400 4484 Aspi32 - ok
11:30:38.0510 4484 AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
11:30:38.0572 4484 AsSysCtrlService - ok
11:30:38.0603 4484 AsUpIO (1392b92179b07b672720763d9b1028a5) C:\Windows\syswow64\drivers\AsUpIO.sys
11:30:38.0603 4484 AsUpIO - ok
11:30:38.0697 4484 aswArKrn - ok
11:30:38.0728 4484 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:30:38.0728 4484 AsyncMac - ok
11:30:38.0790 4484 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:30:38.0790 4484 atapi - ok
11:30:38.0868 4484 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:30:38.0868 4484 AudioEndpointBuilder - ok
11:30:38.0868 4484 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:30:38.0868 4484 AudioSrv - ok
11:30:38.0915 4484 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:30:38.0915 4484 AxInstSV - ok
11:30:38.0962 4484 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:30:38.0962 4484 b06bdrv - ok
11:30:38.0978 4484 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:30:38.0978 4484 b57nd60a - ok
11:30:39.0009 4484 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:30:39.0009 4484 BDESVC - ok
11:30:39.0009 4484 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:30:39.0024 4484 Beep - ok
11:30:39.0056 4484 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:30:39.0056 4484 BITS - ok
11:30:39.0071 4484 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:30:39.0071 4484 blbdrive - ok
11:30:39.0446 4484 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:30:39.0446 4484 Bonjour Service - ok
11:30:39.0508 4484 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:30:39.0508 4484 bowser - ok
11:30:39.0539 4484 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:30:39.0539 4484 BrFiltLo - ok
11:30:39.0539 4484 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:30:39.0539 4484 BrFiltUp - ok
11:30:39.0617 4484 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:30:39.0617 4484 Browser - ok
11:30:39.0617 4484 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:30:39.0633 4484 Brserid - ok
11:30:39.0648 4484 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:30:39.0648 4484 BrSerWdm - ok
11:30:39.0664 4484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:30:39.0664 4484 BrUsbMdm - ok
11:30:39.0680 4484 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:30:39.0680 4484 BrUsbSer - ok
11:30:39.0680 4484 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:30:39.0680 4484 BTHMODEM - ok
11:30:39.0711 4484 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:30:39.0711 4484 bthserv - ok
11:30:39.0726 4484 CBDisk (b99d91e4cd9017f213645aa2e80eb425) C:\Windows\system32\drivers\CBDisk.sys
11:30:39.0726 4484 CBDisk - ok
11:30:39.0742 4484 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:30:39.0742 4484 cdfs - ok
11:30:39.0789 4484 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:30:39.0789 4484 cdrom - ok
11:30:39.0820 4484 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:30:39.0820 4484 CertPropSvc - ok
11:30:39.0820 4484 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:30:39.0820 4484 circlass - ok
11:30:39.0851 4484 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:30:39.0851 4484 CLFS - ok
11:30:39.0914 4484 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:30:39.0914 4484 clr_optimization_v2.0.50727_32 - ok
11:30:40.0054 4484 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:30:40.0054 4484 clr_optimization_v2.0.50727_64 - ok
11:30:40.0101 4484 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:30:40.0101 4484 CmBatt - ok
11:30:40.0787 4484 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
11:30:40.0787 4484 cmdAgent - ok
11:30:40.0990 4484 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
11:30:41.0006 4484 cmderd - ok
11:30:41.0037 4484 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
11:30:41.0037 4484 cmdGuard - ok
11:30:41.0052 4484 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
11:30:41.0052 4484 cmdHlp - ok
11:30:41.0084 4484 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:30:41.0084 4484 cmdide - ok
11:30:41.0146 4484 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:30:41.0146 4484 CNG - ok
11:30:41.0177 4484 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:30:41.0177 4484 Compbatt - ok
11:30:41.0208 4484 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:30:41.0208 4484 CompositeBus - ok
11:30:41.0208 4484 COMSysApp - ok
11:30:41.0208 4484 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:30:41.0208 4484 crcdisk - ok
11:30:41.0271 4484 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:30:41.0271 4484 CryptSvc - ok
11:30:41.0380 4484 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:30:41.0380 4484 CSC - ok
11:30:41.0676 4484 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:30:41.0676 4484 CscService - ok
11:30:41.0723 4484 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:30:41.0739 4484 DcomLaunch - ok
11:30:42.0113 4484 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:30:42.0113 4484 defragsvc - ok
11:30:42.0207 4484 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:30:42.0222 4484 DfsC - ok
11:30:42.0254 4484 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:30:42.0254 4484 Dhcp - ok
11:30:42.0269 4484 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:30:42.0269 4484 discache - ok
11:30:42.0316 4484 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:30:42.0316 4484 Disk - ok
11:30:42.0332 4484 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:30:42.0347 4484 Dnscache - ok
11:30:42.0394 4484 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:30:42.0394 4484 dot3svc - ok
11:30:42.0534 4484 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:30:42.0534 4484 DPS - ok
11:30:42.0581 4484 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:30:42.0581 4484 drmkaud - ok
11:30:43.0314 4484 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:30:43.0314 4484 DXGKrnl - ok
11:30:43.0346 4484 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:30:43.0346 4484 EapHost - ok
11:30:44.0282 4484 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:30:44.0297 4484 ebdrv - ok
11:30:44.0843 4484 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:30:44.0843 4484 EFS - ok
11:30:45.0015 4484 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:30:45.0015 4484 ehRecvr - ok
11:30:45.0030 4484 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:30:45.0030 4484 ehSched - ok
11:30:45.0155 4484 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
11:30:45.0171 4484 ElbyCDIO - ok
11:30:45.0218 4484 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:30:45.0218 4484 elxstor - ok
11:30:45.0374 4484 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
11:30:45.0420 4484 EpsonBidirectionalService - ok
11:30:45.0467 4484 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:30:45.0483 4484 ErrDev - ok
11:30:45.0561 4484 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:30:45.0561 4484 EventSystem - ok
11:30:45.0592 4484 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:30:45.0592 4484 exfat - ok
11:30:45.0608 4484 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:30:45.0608 4484 fastfat - ok
11:30:45.0686 4484 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:30:45.0686 4484 Fax - ok
11:30:45.0701 4484 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:30:45.0701 4484 fdc - ok
11:30:45.0732 4484 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:30:45.0732 4484 fdPHost - ok
11:30:45.0748 4484 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:30:45.0748 4484 FDResPub - ok
11:30:45.0795 4484 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:30:45.0795 4484 FileInfo - ok
11:30:45.0795 4484 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:30:45.0795 4484 Filetrace - ok
11:30:45.0810 4484 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:30:45.0810 4484 flpydisk - ok
11:30:46.0200 4484 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:30:46.0200 4484 FltMgr - ok
11:30:46.0278 4484 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:30:46.0294 4484 FontCache - ok
11:30:46.0434 4484 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:30:46.0466 4484 FontCache3.0.0.0 - ok
11:30:46.0575 4484 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:30:46.0591 4484 FsDepends - ok
11:30:46.0653 4484 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:30:46.0653 4484 Fs_Rec - ok
11:30:46.0871 4484 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:30:46.0887 4484 fvevol - ok
11:30:46.0903 4484 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:30:46.0903 4484 gagp30kx - ok
11:30:46.0934 4484 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:30:46.0934 4484 GEARAspiWDM - ok
11:30:47.0043 4484 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:30:47.0043 4484 gpsvc - ok
11:30:47.0371 4484 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:30:47.0371 4484 gupdate - ok
11:30:47.0371 4484 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:30:47.0371 4484 gupdatem - ok
11:30:47.0495 4484 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:30:47.0495 4484 hcw85cir - ok
11:30:47.0589 4484 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:30:47.0589 4484 HdAudAddService - ok
11:30:47.0698 4484 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:30:47.0714 4484 HDAudBus - ok
11:30:47.0714 4484 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:30:47.0714 4484 HidBatt - ok
11:30:47.0839 4484 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:30:47.0839 4484 HidBth - ok
11:30:47.0979 4484 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:30:47.0979 4484 HidIr - ok
11:30:47.0995 4484 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:30:47.0995 4484 hidserv - ok
11:30:48.0104 4484 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:30:48.0104 4484 HidUsb - ok
11:30:48.0229 4484 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:30:48.0244 4484 hkmsvc - ok
11:30:48.0400 4484 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:30:48.0400 4484 HomeGroupListener - ok
11:30:48.0634 4484 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:30:48.0634 4484 HomeGroupProvider - ok
11:30:48.0665 4484 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:30:48.0665 4484 HpSAMD - ok
11:30:48.0962 4484 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:30:48.0962 4484 HTTP - ok
11:30:48.0962 4484 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:30:48.0962 4484 hwpolicy - ok
11:30:49.0024 4484 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:30:49.0024 4484 i8042prt - ok
11:30:49.0165 4484 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:30:49.0165 4484 iaStorV - ok
11:30:49.0258 4484 ICCWDT (c1010add3ddae1196ed21057af7b2aae) C:\Windows\system32\DRIVERS\ICCWDT.sys
11:30:49.0258 4484 ICCWDT - ok
11:30:49.0508 4484 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:30:49.0508 4484 IDriverT - ok
11:30:49.0586 4484 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:30:49.0586 4484 idsvc - ok
11:30:49.0601 4484 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:30:49.0601 4484 iirsp - ok
11:30:49.0773 4484 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:30:49.0773 4484 IKEEXT - ok
11:30:49.0835 4484 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
11:30:49.0835 4484 inspect - ok
11:30:49.0851 4484 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:30:49.0851 4484 intelide - ok
11:30:49.0882 4484 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:30:49.0882 4484 intelppm - ok
11:30:49.0898 4484 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:30:49.0898 4484 IPBusEnum - ok
11:30:49.0991 4484 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:30:49.0991 4484 IpFilterDriver - ok
11:30:50.0038 4484 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:30:50.0038 4484 IPMIDRV - ok
11:30:50.0054 4484 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:30:50.0054 4484 IPNAT - ok
11:30:50.0132 4484 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
11:30:50.0132 4484 iPod Service - ok
11:30:50.0163 4484 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:30:50.0163 4484 IRENUM - ok
11:30:50.0179 4484 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:30:50.0179 4484 isapnp - ok
11:30:50.0210 4484 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:30:50.0210 4484 iScsiPrt - ok
11:30:50.0366 4484 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:30:50.0366 4484 kbdclass - ok
11:30:50.0771 4484 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:30:50.0771 4484 kbdhid - ok
11:30:50.0849 4484 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:50.0849 4484 KeyIso - ok
11:30:50.0896 4484 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:30:50.0896 4484 KSecDD - ok
11:30:51.0021 4484 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:30:51.0021 4484 KSecPkg - ok
11:30:51.0037 4484 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:30:51.0037 4484 ksthunk - ok
11:30:51.0052 4484 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:30:51.0052 4484 KtmRm - ok
11:30:51.0115 4484 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:30:51.0115 4484 LanmanServer - ok
11:30:51.0161 4484 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:30:51.0161 4484 LanmanWorkstation - ok
11:30:51.0614 4484 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
11:30:51.0614 4484 LBTServ - ok
11:30:51.0661 4484 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:30:51.0661 4484 LHidFilt - ok
11:30:51.0707 4484 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:30:51.0707 4484 lltdio - ok
11:30:51.0739 4484 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:30:51.0739 4484 lltdsvc - ok
11:30:51.0770 4484 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:30:51.0770 4484 lmhosts - ok
11:30:51.0770 4484 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:30:51.0770 4484 LMouFilt - ok
11:30:51.0801 4484 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:30:51.0801 4484 LSI_FC - ok
11:30:51.0817 4484 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:30:51.0817 4484 LSI_SAS - ok
11:30:51.0832 4484 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:30:51.0832 4484 LSI_SAS2 - ok
11:30:51.0848 4484 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:30:51.0848 4484 LSI_SCSI - ok
11:30:51.0848 4484 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:30:51.0848 4484 luafv - ok
11:30:51.0910 4484 M4LIC (543080d7653128b1fa7cd8f7db22badb) C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
11:30:51.0973 4484 M4LIC - ok
11:30:52.0019 4484 MacDrive8Service (95c395fdeaf6813a1dc974ddb7ee04b4) C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
11:30:52.0035 4484 MacDrive8Service - ok
11:30:52.0066 4484 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:30:52.0066 4484 MBAMProtector - ok
11:30:52.0519 4484 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:30:52.0534 4484 MBAMService - ok
11:30:52.0862 4484 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:30:52.0862 4484 Mcx2Svc - ok
11:30:52.0893 4484 MDFSYSNT (99875732a0c1373316af28ed79c168cc) C:\Windows\system32\drivers\MDFSYSNT.sys
11:30:52.0893 4484 MDFSYSNT - ok
11:30:52.0909 4484 MDPMGRNT (8d3b834090836a01f49b97f22ae9c83c) C:\Windows\system32\DRIVERS\MDPMGRNT.SYS
11:30:52.0909 4484 MDPMGRNT - ok
11:30:52.0924 4484 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:30:52.0924 4484 megasas - ok
11:30:52.0971 4484 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:30:52.0987 4484 MegaSR - ok
11:30:52.0987 4484 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:30:52.0987 4484 MMCSS - ok
11:30:53.0080 4484 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:30:53.0080 4484 Modem - ok
11:30:53.0143 4484 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:30:53.0143 4484 monitor - ok
11:30:53.0221 4484 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:30:53.0221 4484 mouclass - ok
11:30:53.0236 4484 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:30:53.0236 4484 mouhid - ok
11:30:53.0314 4484 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:30:53.0314 4484 mountmgr - ok
11:30:53.0533 4484 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:30:53.0533 4484 mpio - ok
11:30:53.0642 4484 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:30:53.0642 4484 mpsdrv - ok
11:30:53.0829 4484 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:30:53.0829 4484 MRxDAV - ok
11:30:54.0016 4484 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:30:54.0016 4484 mrxsmb - ok
11:30:54.0172 4484 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:30:54.0172 4484 mrxsmb10 - ok
11:30:54.0281 4484 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:30:54.0281 4484 mrxsmb20 - ok
11:30:54.0469 4484 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:30:54.0469 4484 msahci - ok
11:30:54.0531 4484 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:30:54.0531 4484 msdsm - ok
11:30:54.0562 4484 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:30:54.0562 4484 MSDTC - ok
11:30:54.0625 4484 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:30:54.0625 4484 Msfs - ok
11:30:54.0656 4484 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:30:54.0656 4484 mshidkmdf - ok
11:30:54.0781 4484 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:30:54.0781 4484 msisadrv - ok
11:30:54.0827 4484 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:30:54.0827 4484 MSiSCSI - ok
11:30:54.0827 4484 msiserver - ok
11:30:54.0843 4484 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:30:54.0843 4484 MSKSSRV - ok
11:30:54.0859 4484 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:30:54.0859 4484 MSPCLOCK - ok
11:30:54.0874 4484 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:30:54.0874 4484 MSPQM - ok
11:30:55.0217 4484 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:30:55.0217 4484 MsRPC - ok
11:30:55.0249 4484 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:30:55.0249 4484 mssmbios - ok
11:30:55.0280 4484 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:30:55.0280 4484 MSTEE - ok
11:30:55.0280 4484 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:30:55.0280 4484 MTConfig - ok
11:30:55.0295 4484 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:30:55.0295 4484 Mup - ok
11:30:55.0358 4484 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:30:55.0358 4484 napagent - ok
11:30:55.0389 4484 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:30:55.0389 4484 NativeWifiP - ok
11:30:55.0420 4484 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:30:55.0436 4484 NDIS - ok
11:30:55.0451 4484 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:30:55.0451 4484 NdisCap - ok
11:30:55.0451 4484 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:30:55.0451 4484 NdisTapi - ok
11:30:55.0545 4484 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:30:55.0545 4484 Ndisuio - ok
11:30:55.0748 4484 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:30:55.0748 4484 NdisWan - ok
11:30:55.0826 4484 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:30:55.0826 4484 NDProxy - ok
11:30:55.0857 4484 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:30:55.0857 4484 NetBIOS - ok
11:30:55.0888 4484 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:30:55.0888 4484 NetBT - ok
11:30:55.0935 4484 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:55.0935 4484 Netlogon - ok
11:30:55.0997 4484 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:30:55.0997 4484 Netman - ok
11:30:56.0029 4484 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:30:56.0029 4484 netprofm - ok
11:30:56.0122 4484 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
11:30:56.0138 4484 netr28x - ok
11:30:56.0185 4484 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:30:56.0231 4484 NetTcpPortSharing - ok
11:30:56.0450 4484 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:30:56.0450 4484 nfrd960 - ok
11:30:56.0715 4484 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:30:56.0731 4484 NlaSvc - ok
11:30:56.0762 4484 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:30:56.0762 4484 Npfs - ok
11:30:56.0855 4484 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:30:56.0855 4484 nsi - ok
11:30:56.0855 4484 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:30:56.0855 4484 nsiproxy - ok
11:30:56.0996 4484 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:30:56.0996 4484 Ntfs - ok
11:30:57.0604 4484 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:30:57.0604 4484 Null - ok
11:30:57.0651 4484 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
11:30:57.0651 4484 NVHDA - ok
11:31:01.0869 4484 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:31:01.0918 4484 nvlddmkm - ok
11:31:02.0171 4484 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:31:02.0172 4484 nvraid - ok
11:31:02.0205 4484 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:31:02.0206 4484 nvstor - ok
11:31:02.0296 4484 NVSvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
11:31:02.0300 4484 NVSvc - ok
11:31:02.0813 4484 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:31:02.0870 4484 nvUpdatusService - ok
11:31:03.0309 4484 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:31:03.0309 4484 nv_agp - ok
11:31:03.0356 4484 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:31:03.0356 4484 ohci1394 - ok
11:31:03.0480 4484 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:31:03.0496 4484 p2pimsvc - ok
11:31:04.0026 4484 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:31:04.0042 4484 p2psvc - ok
11:31:04.0494 4484 PaceLicenseDServices (f7bac457d6ae2f7e18fa69c8180a7843) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
11:31:04.0619 4484 PaceLicenseDServices - ok
11:31:04.0713 4484 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:31:04.0713 4484 Parport - ok
11:31:04.0760 4484 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:31:04.0760 4484 partmgr - ok
11:31:04.0775 4484 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:31:04.0775 4484 PcaSvc - ok
11:31:04.0822 4484 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:31:04.0822 4484 pci - ok
11:31:04.0838 4484 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:31:04.0838 4484 pciide - ok
11:31:04.0853 4484 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:31:04.0853 4484 pcmcia - ok
11:31:04.0869 4484 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:31:04.0869 4484 pcw - ok
11:31:04.0900 4484 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:31:04.0900 4484 PEAUTH - ok
11:31:04.0947 4484 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:31:04.0962 4484 PeerDistSvc - ok
11:31:05.0009 4484 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:31:05.0040 4484 PerfHost - ok
11:31:05.0134 4484 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:31:05.0134 4484 pla - ok
11:31:05.0165 4484 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:31:05.0165 4484 PlugPlay - ok
11:31:05.0181 4484 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:31:05.0181 4484 PNRPAutoReg - ok
11:31:05.0196 4484 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:31:05.0196 4484 PNRPsvc - ok
11:31:05.0259 4484 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:31:05.0259 4484 PolicyAgent - ok
11:31:05.0290 4484 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:31:05.0290 4484 Power - ok
11:31:05.0352 4484 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:31:05.0352 4484 PptpMiniport - ok
11:31:05.0368 4484 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:31:05.0368 4484 Processor - ok
11:31:05.0384 4484 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:31:05.0384 4484 ProfSvc - ok
11:31:05.0415 4484 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:31:05.0415 4484 ProtectedStorage - ok
11:31:05.0477 4484 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:31:05.0477 4484 Psched - ok
11:31:05.0540 4484 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:31:05.0540 4484 PxHlpa64 - ok
11:31:05.0602 4484 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:31:05.0602 4484 ql2300 - ok
11:31:05.0680 4484 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:31:05.0680 4484 ql40xx - ok
11:31:05.0696 4484 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:31:05.0711 4484 QWAVE - ok
11:31:05.0711 4484 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:31:05.0711 4484 QWAVEdrv - ok
11:31:05.0820 4484 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
11:31:05.0820 4484 RapportCerberus_34302 - ok
11:31:05.0883 4484 RapportEI64 (908e79026f50c773f56567255a2b1b5f) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
11:31:05.0883 4484 RapportEI64 - ok
11:31:05.0898 4484 RapportKE64 (2ef8acc03d2bc58f7515a8c99cbeb3b5) C:\Windows\system32\Drivers\RapportKE64.sys
11:31:05.0898 4484 RapportKE64 - ok
11:31:06.0008 4484 RapportMgmtService (bdc2827d1dd1c8a6093473ed9f8e093c) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
11:31:06.0086 4484 RapportMgmtService - ok
11:31:06.0101 4484 RapportPG64 (ebabf47b6caa7b701042c830a782cdb4) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
11:31:06.0101 4484 RapportPG64 - ok
11:31:06.0117 4484 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:31:06.0117 4484 RasAcd - ok
11:31:06.0132 4484 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:31:06.0132 4484 RasAgileVpn - ok
11:31:06.0148 4484 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:31:06.0148 4484 RasAuto - ok
11:31:06.0179 4484 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:31:06.0179 4484 Rasl2tp - ok
11:31:06.0210 4484 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:31:06.0226 4484 RasMan - ok
11:31:06.0257 4484 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:31:06.0257 4484 RasPppoe - ok
11:31:06.0320 4484 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:31:06.0320 4484 RasSstp - ok
11:31:06.0351 4484 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:31:06.0351 4484 rdbss - ok
11:31:06.0351 4484 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:31:06.0351 4484 rdpbus - ok
11:31:06.0460 4484 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:31:06.0460 4484 RDPCDD - ok
11:31:06.0507 4484 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:31:06.0507 4484 RDPDR - ok
11:31:06.0522 4484 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:31:06.0522 4484 RDPENCDD - ok
11:31:06.0538 4484 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:31:06.0538 4484 RDPREFMP - ok
11:31:06.0632 4484 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
11:31:06.0632 4484 RdpVideoMiniport - ok
11:31:06.0866 4484 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:31:06.0866 4484 RDPWD - ok
11:31:06.0897 4484 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:31:06.0897 4484 rdyboost - ok
11:31:06.0928 4484 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:31:06.0928 4484 RemoteAccess - ok
11:31:06.0959 4484 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:31:06.0959 4484 RemoteRegistry - ok
11:31:06.0975 4484 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:31:06.0975 4484 RpcEptMapper - ok
11:31:06.0975 4484 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:31:06.0975 4484 RpcLocator - ok
11:31:07.0224 4484 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:31:07.0224 4484 RpcSs - ok
11:31:07.0256 4484 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:31:07.0256 4484 rspndr - ok
11:31:07.0302 4484 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:31:07.0302 4484 s3cap - ok
11:31:07.0365 4484 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:31:07.0365 4484 SamSs - ok
11:31:07.0443 4484 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\DRIVERS\sbp2port.sys
11:31:07.0443 4484 sbp2port - ok
11:31:07.0505 4484 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:31:07.0505 4484 SCardSvr - ok
11:31:07.0568 4484 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:31:07.0568 4484 scfilter - ok
11:31:08.0254 4484 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:31:08.0270 4484 Schedule - ok
11:31:08.0394 4484 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:31:08.0394 4484 SCPolicySvc - ok
11:31:08.0566 4484 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:31:08.0566 4484 SDRSVC - ok
11:31:08.0738 4484 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:31:08.0738 4484 secdrv - ok
11:31:08.0800 4484 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:31:08.0800 4484 seclogon - ok
11:31:08.0816 4484 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:31:08.0831 4484 SENS - ok
11:31:08.0831 4484 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:31:08.0831 4484 SensrSvc - ok
11:31:08.0925 4484 Sentinel64 (84ac127242dd3ccde02f9a4673214b1f) C:\Windows\System32\Drivers\Sentinel64.sys
11:31:08.0925 4484 Sentinel64 - ok
11:31:08.0940 4484 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:31:08.0940 4484 Serenum - ok
11:31:08.0956 4484 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:31:08.0956 4484 Serial - ok
11:31:09.0003 4484 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:31:09.0003 4484 sermouse - ok
11:31:09.0112 4484 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:31:09.0112 4484 SessionEnv - ok
11:31:09.0143 4484 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:31:09.0143 4484 sffdisk - ok
11:31:09.0159 4484 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:31:09.0159 4484 sffp_mmc - ok
11:31:09.0159 4484 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:31:09.0174 4484 sffp_sd - ok
11:31:09.0206 4484 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:31:09.0206 4484 sfloppy - ok
11:31:09.0440 4484 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:31:09.0455 4484 ShellHWDetection - ok
11:31:09.0471 4484 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:31:09.0471 4484 SiSRaid2 - ok
11:31:09.0486 4484 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:31:09.0486 4484 SiSRaid4 - ok
11:31:09.0627 4484 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:31:09.0736 4484 SkypeUpdate - ok
11:31:09.0783 4484 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:31:09.0783 4484 Smb - ok
11:31:09.0814 4484 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:31:09.0814 4484 SNMPTRAP - ok
11:31:09.0830 4484 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:31:09.0830 4484 spldr - ok
11:31:10.0001 4484 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:31:10.0017 4484 Spooler - ok
11:31:10.0516 4484 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:31:10.0532 4484 sppsvc - ok
11:31:10.0672 4484 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:31:10.0672 4484 sppuinotify - ok
11:31:11.0109 4484 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:31:11.0124 4484 srv - ok
11:31:11.0140 4484 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:31:11.0140 4484 srv2 - ok
11:31:11.0156 4484 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:31:11.0156 4484 srvnet - ok
11:31:11.0187 4484 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:31:11.0187 4484 SSDPSRV - ok
11:31:11.0202 4484 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:31:11.0202 4484 SstpSvc - ok
11:31:11.0249 4484 Steam Client Service - ok
11:31:11.0374 4484 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:31:11.0436 4484 Stereo Service - ok
11:31:11.0452 4484 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:31:11.0452 4484 stexstor - ok
11:31:11.0514 4484 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:31:11.0514 4484 stisvc - ok
11:31:11.0577 4484 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:31:11.0577 4484 storflt - ok
11:31:11.0592 4484 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:31:11.0592 4484 storvsc - ok
11:31:11.0608 4484 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:31:11.0608 4484 swenum - ok
11:31:11.0717 4484 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:31:11.0733 4484 SwitchBoard - ok
11:31:11.0748 4484 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:31:11.0764 4484 swprv - ok
11:31:11.0764 4484 Synth3dVsc - ok
11:31:11.0858 4484 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:31:11.0858 4484 SysMain - ok
11:31:11.0967 4484 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:31:11.0967 4484 TabletInputService - ok
11:31:11.0982 4484 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:31:11.0982 4484 TapiSrv - ok
11:31:11.0998 4484 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:31:11.0998 4484 TBS - ok
11:31:12.0107 4484 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:31:12.0123 4484 Tcpip - ok
11:31:12.0185 4484 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:31:12.0201 4484 TCPIP6 - ok
11:31:12.0263 4484 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:31:12.0263 4484 tcpipreg - ok
11:31:12.0279 4484 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:31:12.0279 4484 TDPIPE - ok
11:31:12.0372 4484 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:31:12.0372 4484 TDTCP - ok
11:31:12.0482 4484 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:31:12.0482 4484 tdx - ok
11:31:12.0653 4484 TeamViewer6 (b357451a6958e2b7b506fb1d08271be6) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
11:31:12.0716 4484 TeamViewer6 - ok
11:31:12.0825 4484 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:31:12.0825 4484 TermDD - ok
11:31:12.0872 4484 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:31:12.0872 4484 TermService - ok
11:31:12.0887 4484 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:31:12.0887 4484 Themes - ok
11:31:12.0903 4484 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:31:12.0903 4484 THREADORDER - ok
11:31:13.0012 4484 Tpkd (8dd33a57339adae34cdb12994acbc50f) C:\Windows\system32\drivers\Tpkd.sys
11:31:13.0012 4484 Tpkd - ok
11:31:13.0074 4484 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:31:13.0074 4484 TrkWks - ok
11:31:13.0184 4484 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:31:13.0184 4484 TrustedInstaller - ok
11:31:13.0230 4484 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:31:13.0230 4484 tssecsrv - ok
11:31:13.0293 4484 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:31:13.0293 4484 TsUsbFlt - ok
11:31:13.0308 4484 tsusbhub - ok
11:31:13.0355 4484 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:31:13.0355 4484 tunnel - ok
11:31:13.0402 4484 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:31:13.0402 4484 uagp35 - ok
11:31:13.0464 4484 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:31:13.0464 4484 udfs - ok
11:31:13.0480 4484 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:31:13.0480 4484 UI0Detect - ok
11:31:13.0527 4484 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:31:13.0527 4484 uliagpkx - ok
11:31:13.0558 4484 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:31:13.0558 4484 umbus - ok
11:31:13.0574 4484 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:31:13.0574 4484 UmPass - ok
11:31:13.0620 4484 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:31:13.0620 4484 UmRdpService - ok
11:31:13.0636 4484 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:31:13.0636 4484 upnphost - ok
11:31:13.0683 4484 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:31:13.0683 4484 USBAAPL64 - ok
11:31:13.0730 4484 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:31:13.0730 4484 usbccgp - ok
11:31:13.0776 4484 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:31:13.0776 4484 usbcir - ok
11:31:13.0792 4484 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:31:13.0792 4484 usbehci - ok
11:31:13.0808 4484 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:31:13.0808 4484 usbhub - ok
11:31:13.0823 4484 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:31:13.0823 4484 usbohci - ok
11:31:13.0839 4484 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:31:13.0839 4484 usbprint - ok
11:31:13.0839 4484 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:31:13.0854 4484 USBSTOR - ok
11:31:13.0854 4484 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:31:13.0854 4484 usbuhci - ok
11:31:13.0854 4484 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:31:13.0854 4484 UxSms - ok
11:31:13.0901 4484 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:31:13.0901 4484 VaultSvc - ok
11:31:13.0964 4484 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
11:31:13.0964 4484 VClone - ok
11:31:13.0979 4484 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:31:13.0979 4484 vdrvroot - ok
11:31:14.0026 4484 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:31:14.0026 4484 vds - ok
11:31:14.0042 4484 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:31:14.0042 4484 vga - ok
11:31:14.0057 4484 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:31:14.0057 4484 VgaSave - ok
11:31:14.0073 4484 VGPU - ok
11:31:14.0088 4484 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:31:14.0088 4484 vhdmp - ok
11:31:14.0104 4484 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:31:14.0104 4484 viaide - ok
11:31:14.0120 4484 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:31:14.0135 4484 vmbus - ok
11:31:14.0135 4484 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:31:14.0135 4484 VMBusHID - ok
11:31:14.0135 4484 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:31:14.0151 4484 volmgr - ok
11:31:14.0182 4484 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:31:14.0182 4484 volmgrx - ok
11:31:14.0198 4484 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:31:14.0198 4484 volsnap - ok
11:31:14.0260 4484 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:31:14.0260 4484 vsmraid - ok
11:31:14.0322 4484 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:31:14.0322 4484 VSS - ok
11:31:14.0463 4484 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:31:14.0463 4484 vwifibus - ok
11:31:14.0478 4484 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:31:14.0478 4484 vwififlt - ok
11:31:14.0494 4484 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:31:14.0510 4484 W32Time - ok
11:31:14.0525 4484 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:31:14.0525 4484 WacomPen - ok
11:31:14.0541 4484 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:31:14.0541 4484 WANARP - ok
11:31:14.0556 4484 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:31:14.0556 4484 Wanarpv6 - ok
11:31:14.0634 4484 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:31:14.0634 4484 WatAdminSvc - ok
11:31:14.0728 4484 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:31:14.0728 4484 wbengine - ok
11:31:14.0759 4484 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:31:14.0775 4484 WbioSrvc - ok
11:31:14.0822 4484 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:31:14.0822 4484 wcncsvc - ok
11:31:14.0822 4484 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:31:14.0837 4484 WcsPlugInService - ok
11:31:14.0853 4484 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:31:14.0853 4484 Wd - ok
11:31:14.0884 4484 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:31:14.0884 4484 Wdf01000 - ok
11:31:14.0884 4484 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:31:14.0884 4484 WdiServiceHost - ok
11:31:14.0900 4484 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:31:14.0900 4484 WdiSystemHost - ok
11:31:14.0915 4484 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:31:14.0915 4484 WebClient - ok
11:31:14.0931 4484 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:31:14.0931 4484 Wecsvc - ok
11:31:14.0946 4484 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:31:14.0946 4484 wercplsupport - ok
11:31:14.0962 4484 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:31:14.0962 4484 WerSvc - ok
11:31:14.0993 4484 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:31:14.0993 4484 WfpLwf - ok
11:31:14.0993 4484 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:31:14.0993 4484 WIMMount - ok
11:31:15.0009 4484 WinHttpAutoProxySvc - ok
11:31:15.0056 4484 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:31:15.0056 4484 Winmgmt - ok
11:31:15.0149 4484 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:31:15.0149 4484 WinRM - ok
11:31:15.0290 4484 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:31:15.0290 4484 WinUsb - ok
11:31:15.0336 4484 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:31:15.0336 4484 Wlansvc - ok
11:31:15.0368 4484 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:31:15.0368 4484 WmiAcpi - ok
11:31:15.0399 4484 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:31:15.0399 4484 wmiApSrv - ok
11:31:15.0414 4484 WMPNetworkSvc - ok
11:31:15.0430 4484 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:31:15.0446 4484 WPCSvc - ok
11:31:15.0492 4484 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:31:15.0492 4484 WPDBusEnum - ok
11:31:15.0492 4484 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:31:15.0492 4484 ws2ifsl - ok
11:31:15.0539 4484 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:31:15.0539 4484 WSDPrintDevice - ok
11:31:15.0586 4484 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
11:31:15.0586 4484 WSDScan - ok
11:31:15.0586 4484 WSearch - ok
11:31:15.0695 4484 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:31:15.0711 4484 wuauserv - ok
11:31:15.0773 4484 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:31:15.0773 4484 WudfPf - ok
11:31:15.0804 4484 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:31:15.0804 4484 WUDFRd - ok
11:31:15.0851 4484 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:31:15.0851 4484 wudfsvc - ok
11:31:15.0867 4484 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:31:15.0867 4484 WwanSvc - ok
11:31:15.0867 4484 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:31:16.0038 4484 \Device\Harddisk0\DR0 - ok
11:31:16.0038 4484 Boot (0x1200) (63128df3af90be5c11e0f0178d8df550) \Device\Harddisk0\DR0\Partition0
11:31:16.0038 4484 \Device\Harddisk0\DR0\Partition0 - ok
11:31:16.0070 4484 Boot (0x1200) (709ce473aac67c6ae9ffd5da7714bb9e) \Device\Harddisk0\DR0\Partition1
11:31:16.0070 4484 \Device\Harddisk0\DR0\Partition1 - ok
11:31:16.0070 4484 ============================================================
11:31:16.0070 4484 Scan finished
11:31:16.0070 4484 ============================================================
11:31:16.0070 4208 Detected object count: 0
11:31:16.0070 4208 Actual detected object count: 0



aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-07 21:24:08
-----------------------------
21:24:08.317 OS Version: Windows x64 6.1.7601 Service Pack 1
21:24:08.317 Number of processors: 8 586 0x2A07
21:24:08.317 ComputerName: DASHAN-JI UserName: DaShan
21:24:10.158 Initialize success
21:25:07.513 AVAST engine defs: 12070701
21:25:20.289 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP10T0L0-c
21:25:20.289 Disk 0 Vendor: Hitachi_HDS723015BLA642 MN5OA580 Size: 1430799MB BusType: 11
21:25:20.289 Disk 0 MBR read successfully
21:25:20.305 Disk 0 MBR scan
21:25:20.305 Disk 0 Windows 7 default MBR code
21:25:20.305 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:25:20.320 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848
21:25:20.320 Disk 0 scanning C:\Windows\system32\drivers
21:25:28.978 Service scanning
21:25:45.624 Modules scanning
21:25:45.624 Disk 0 trace - called modules:
21:25:45.639 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:25:45.639 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d4de790]
21:25:45.655 3 CLASSPNP.SYS[fffff8800118d43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP10T0L0-c[0xfffffa800d2a3060]
21:25:47.371 AVAST engine scan C:\Windows
21:25:50.662 AVAST engine scan C:\Windows\system32
21:29:23.498 AVAST engine scan C:\Windows\system32\drivers
21:29:43.495 AVAST engine scan C:\Users\DaShan
21:42:24.818 AVAST engine scan C:\ProgramData
21:44:38.078 Scan finished successfully
21:49:24.740 Disk 0 MBR has been saved successfully to "C:\Users\DaShan\Desktop\MBR.dat"
21:49:24.740 The log file has been saved successfully to "C:\Users\DaShan\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 11:33:15
-----------------------------
11:33:15.863 OS Version: Windows x64 6.1.7601 Service Pack 1
11:33:15.863 Number of processors: 8 586 0x2A07
11:33:15.863 ComputerName: DASHAN-JI UserName: DaShan
11:33:17.454 Initialize success
11:33:21.194 AVAST engine defs: 12070701
11:33:46.916 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP10T0L0-c
11:33:46.916 Disk 0 Vendor: Hitachi_HDS723015BLA642 MN5OA580 Size: 1430799MB BusType: 11
11:33:46.916 Disk 0 MBR read successfully
11:33:46.931 Disk 0 MBR scan
11:33:46.931 Disk 0 Windows 7 default MBR code
11:33:46.931 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:33:46.947 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848
11:33:46.963 Disk 0 scanning C:\Windows\system32\drivers
11:33:55.558 Service scanning
11:34:14.541 Modules scanning
11:34:14.541 Disk 0 trace - called modules:
11:34:14.557 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:34:14.557 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d5b0790]
11:34:14.993 3 CLASSPNP.SYS[fffff88000fbc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP10T0L0-c[0xfffffa800d1ba680]
11:34:17.268 AVAST engine scan C:\Windows
11:34:20.792 AVAST engine scan C:\Windows\system32
11:38:06.345 AVAST engine scan C:\Windows\system32\drivers
11:38:25.569 AVAST engine scan C:\Users\DaShan
11:39:47.848 File: C:\Users\DaShan\AppData\Local\Google\Chrome\User Data\Local State **SUSPICIOUS**
11:50:16.804 AVAST engine scan C:\ProgramData
11:51:56.301 Scan finished successfully
11:52:23.642 Disk 0 MBR has been saved successfully to "C:\Users\DaShan\Desktop\MBR.dat"
11:52:23.657 The log file has been saved successfully to "C:\Users\DaShan\Desktop\aswMBR.txt"



ESET online scanner:



C:\Windows\Installer\{62d71e55-e040-b327-1421-6d0c6b5e7708}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
Operating memory multiple threats


Thanks for the help!

*edit*
I cleaned up everything from the first scans except for what was listed from ESET.

Edited by takeru27, 08 July 2012 - 05:05 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:28 PM

Posted 08 July 2012 - 11:24 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{62d71e55-e040-b327-1421-6d0c6b5e7708}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#5 takeru27

takeru27
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 09 July 2012 - 06:44 AM

I ran superantispyware in the meantime and it took care of my redirect issues and weak algorithms, however I still have the same problems with the fake adobe flash player installer popping up every couple of minutes; Comodo also continues to give me warnings of a malicious item in my windows installer folder.

system look

SystemLook 30.07.11 by jpshortstuff
Log created at 00:36 on 09/07/2012 by DaShan
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 329216 bytes [23:19 13/07/2009] [01:39 14/07/2009] 50BEA589F7D7958BDD2528A8F69D05CC
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{62d71e55-e040-b327-1421-6d0c6b5e7708}"
C:\Windows\Installer\{62d71e55-e040-b327-1421-6d0c6b5e7708} d--hs-- [06:35 11/01/2012]

-= EOF =-



MBAM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DaShan :: DASHAN-JI [administrator]

7/9/2012 12:41:00 AM
mbam-log-2012-07-09 (00-41-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 598781
Time elapsed: 1 hour(s), 22 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





minitoolbox



MiniToolBox by Farbar Version: 25-06-2012
Ran by DaShan (administrator) on 09-07-2012 at 07:42:09
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

# ::1 localhost

========================= IP Configuration: ================================

ASUS 802.11n Wireless LAN Card = Wireless Network Connection (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DaShan-Ji
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nycap.rr.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : nycap.rr.com
Description . . . . . . . . . . . : ASUS 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : E0-69-95-CB-F1-11
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8457:5bcb:63:c496%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 08, 2012 9:02:54 PM
Lease Expires . . . . . . . . . . : Monday, July 09, 2012 9:02:59 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 249588117
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D8-3B-0F-E0-69-95-CB-F1-11
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.nycap.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.228.2] with 32 bytes of data:
Reply from 74.125.228.2: bytes=32 time=30ms TTL=52
Reply from 74.125.228.2: bytes=32 time=29ms TTL=52

Ping statistics for 74.125.228.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 30ms, Average = 29ms

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=93ms TTL=51
Reply from 72.30.38.140: bytes=32 time=92ms TTL=51

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 92ms, Maximum = 93ms, Average = 92ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...e0 69 95 cb f1 11 ......ASUS 802.11n Wireless LAN Card
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.103 281
192.168.1.103 255.255.255.255 On-link 192.168.1.103 281
192.168.1.255 255.255.255.255 On-link 192.168.1.103 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.103 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.103 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::8457:5bcb:63:c496/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/08/2012 09:05:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: DaShan-Ji)DaShan-Ji
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (07/08/2012 09:05:01 PM) (Source: Microsoft-Windows-User Profiles Service) (User: DaShan-Ji)DaShan-Ji
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (07/08/2012 09:02:53 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/08/2012 07:26:50 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/08/2012 11:53:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/08/2012 11:53:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/08/2012 11:30:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/08/2012 11:25:59 AM) (Source: Microsoft-Windows-User Profiles Service) (User: DaShan-Ji)DaShan-Ji
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (07/08/2012 11:25:59 AM) (Source: Microsoft-Windows-User Profiles Service) (User: DaShan-Ji)DaShan-Ji
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (07/08/2012 11:23:48 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.


System errors:
=============
Error: (07/08/2012 09:03:46 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/08/2012 09:03:46 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/08/2012 09:02:58 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (07/08/2012 09:02:58 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (07/08/2012 09:02:58 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (07/08/2012 09:02:57 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aspi32

Error: (07/08/2012 09:02:54 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/08/2012 09:02:54 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/08/2012 09:02:53 PM) (Source: Service Control Manager) (User: )
Description: The Sentinel64 service failed to start due to the following error:
%%20

Error: (07/08/2012 09:02:53 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (07/08/2012 09:05:01 PM) (Source: Microsoft-Windows-User Profiles Service)(User: DaShan-Ji)DaShan-Ji
Description:

Error: (07/08/2012 09:05:01 PM) (Source: Microsoft-Windows-User Profiles Service)(User: DaShan-Ji)DaShan-Ji
Description:

Error: (07/08/2012 09:02:53 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (07/08/2012 07:26:50 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (07/08/2012 11:53:57 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\DaShan\Downloads\esetsmartinstaller_enu.exe

Error: (07/08/2012 11:53:56 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\DaShan\Downloads\esetsmartinstaller_enu.exe

Error: (07/08/2012 11:30:29 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\DaShan\Downloads\esetsmartinstaller_enu.exe

Error: (07/08/2012 11:25:59 AM) (Source: Microsoft-Windows-User Profiles Service)(User: DaShan-Ji)DaShan-Ji
Description:

Error: (07/08/2012 11:25:59 AM) (Source: Microsoft-Windows-User Profiles Service)(User: DaShan-Ji)DaShan-Ji
Description:

Error: (07/08/2012 11:23:48 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000


=========================== Installed Programs ============================

Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.2)
Adobe AIR (Version: 2.7.1.19610)
Adobe Community Help (Version: 3.4.980)
Adobe Content Viewer (Version: 1.4.0)
Adobe Creative Suite 5.5 Master Collection (Version: 5.5)
Adobe Download Assistant (Version: 1.0.3)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Story (Version: 1.0.571)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
AI Suite II (Version: 1.01.14)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ASUS nVidia Driver (Version: 1.00.0000)
Avid EDL Manager (Version: 27.5.2)
Avid FilmScribe (Version: 27.5.2)
Avid License Control (Version: 3.0.0)
Avid Log Exchange (Version: 27.5.2)
Avid Media Composer (Version: 5.5.2)
Avid MediaLog (Version: 27.5.2)
Avid Symphony (Version: 6.1.0)
Bonjour (Version: 3.0.0.10)
Celtx (2.9.7) (Version: 2.9.7 (en-US))
CINEMA 4D 12.048 (Version: 12.048)
COMODO Internet Security (Version: 5.5.64714.1383)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Dropbox (Version: 1.4.7)
Epson Event Manager (Version: 2.40.0001)
Epson FAX Utility (Version: 1.10.00)
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 520 Series Printer Uninstall
EpsonNet Print (Version: 2.4j)
EpsonNet Setup 3.3 (Version: 3.3b)
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
FileZilla Client 3.5.1 (Version: 3.5.1)
Google Chrome (Version: 20.0.1132.47)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
iCloud (Version: 1.1.0.40)
Intel® Watchdog Timer Driver (Intel® WDT)
Interlok driver setup x64 (Version: 5.9.0)
iTunes (Version: 10.5.1.42)
Jarte 4.4 (Version: 4.4)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
JDownloader 0.9 (Version: 0.9)
License Support (Version: 1.1.0.0929)
Lock Poker (Version: 5.0)
Logitech SetPoint 6.32 (Version: 6.32.20)
MacDrive 8 (Version: 8.0.7.38)
Magic Bullet Suite 64-bit (Version: 11.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MetaSync (Version: 27.5.2)
Microsoft Office Converter Pack (Version: 11.0.0.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Nuke 6.3v2
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
OpenOffice.org 3.3 (Version: 3.3.9567)
Origin (Version: 8.3.7.3619)
PDF Settings CS5 (Version: 10.0)
PFTrack 2011.1 (Version: 11.1.1000)
PxMergeModule (Version: 1.00.0000)
QuickTime (Version: 7.71.80.42)
Rapport (Version: 3.5.1108.64)
RarZilla Free Unrar (Version: 3.31)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.57.2)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.158)
Spotify (Version: 0.8.2.572.geb65f9ac)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.5.1006)
TeamViewer 6 (Version: 6.0.11052)
The Elder Scrolls V: Skyrim
Trapcode Suite 64-bit (Version: 11.0)
Twixtor 5, After Effects-compatible plugin set
Unity Web Player (Version: )
Vicon boujou 5.0.2 (Version: 5.0.2)
VirtualCloneDrive
Visual C++ 64-bit Redistributables (Version: 1.1.0.0929)
Visual C++ Redistributables (Version: 1.1.0.0929)
VLC media player 2.0.1 (Version: 2.0.1)
Vue 9.5 xStream 64bit (Version: 9.5)
x264vfw - H.264/MPEG-4 AVC codec (remove only)
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 16351.14 MB
Available physical RAM: 11622.2 MB
Total Pagefile: 32700.47 MB
Available Pagefile: 27879.79 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.19 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:1397.17 GB) (Free:424.9 GB) NTFS

========================= Users: ========================================

User accounts for \\DASHAN-JI

8EDF13ECAF674EF89C34 9C0FDC88D5DF402EA13A Administrator
DaShan Guest UpdatusUser


**** End of log ****



FSS


Farbar Service Scanner Version: 08-07-2012
Ran by DaShan (administrator) on 09-07-2012 at 07:43:31
Running from "C:\Users\DaShan\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:28 PM

Posted 09 July 2012 - 07:38 AM

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Windows\Installer\{62d71e55-e040-b327-1421-6d0c6b5e7708}

delete the folder


Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Post the new system look log

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Edited by narenxp, 09 July 2012 - 07:38 AM.


#7 takeru27

takeru27
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 09 July 2012 - 07:19 PM

Farbar Service Scanner Version: 08-07-2012
Ran by DaShan (administrator) on 09-07-2012 at 20:18:09
Running from "C:\Users\DaShan\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Thanks so much!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:28 PM

Posted 09 July 2012 - 10:25 PM

Post the new system look log

?

Create a restore point before trying this

Download

MpsSvc
BFE
wscsvc
defender


Launch them ,click YES when you get UAC prompt

restart the PC and post the new FSS log

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

Edited by narenxp, 09 July 2012 - 10:25 PM.


#9 takeru27

takeru27
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 11 July 2012 - 07:57 PM

System look (sorry missed this in your post)

SystemLook 30.07.11 by jpshortstuff
Log created at 20:39 on 11/07/2012 by DaShan
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 329216 bytes [23:19 13/07/2009] [01:39 14/07/2009] 50BEA589F7D7958BDD2528A8F69D05CC
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{62d71e55-e040-b327-1421-6d0c6b5e7708}"
No folders found.

-= EOF =-



FSS


Farbar Service Scanner Version: 08-07-2012
Ran by DaShan (administrator) on 11-07-2012 at 20:57:23
Running from "C:\Users\DaShan\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:28 PM

Posted 11 July 2012 - 09:27 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad

@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Post the new system look log


?

#11 takeru27

takeru27
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 11 July 2012 - 09:31 PM

It was the first log in the post above your reply. Did I do something wrong?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:28 PM

Posted 11 July 2012 - 09:34 PM

It seems you did perform these steps.Can you try it again

#13 takeru27

takeru27
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 11 July 2012 - 09:36 PM

should it be named "services.bat" or "sevices.bat"? I followed these steps but named it services.bat

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:28 PM

Posted 11 July 2012 - 09:39 PM

Save it as .bat extension,whatever filename is

#15 takeru27

takeru27
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 11 July 2012 - 09:46 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:42 on 11/07/2012 by DaShan
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{62d71e55-e040-b327-1421-6d0c6b5e7708}"
No folders found.

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users