Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE Quarantined Multiple Items Labelled Sirefef


  • Please log in to reply
36 replies to this topic

#1 Wherewolf

Wherewolf

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 09 July 2012 - 11:30 AM

For the past few days, Firefox has been opening tabs with ads randomly. I check add-ons and things, and ran scans in Microsoft Security Essentials and Malwarebytes. I deleted what they found, but the problems persisted. I also ran tdsskiller with similar results. Later, MSE was disabled and it said that it was uninstalled, and I didn't recall uninstalling it. A program called Security Shield popped up and tried to make me fix fake issues and closed task manager when I opened it.

I restarted my computer and reinstalled MSE, and a few hours after another scan that revealed a few more items, a pop-up appeared saying that MSE found an issue and was dealing with it. A minute later it said that it needed to restart my computer, so I let it. When it restarted, it soon found the issue, tried to deal with it, and then asked for a restart. This happened about 3 more times. Eventually it just left the items, Trojan:Win32 and 64/Sirefef.(blank/AB/W/AA/AN/P)

I googled around for solutions and found sirefef.com. I ran gmer, but couldn't find an item that was similar to the example.

I run Windows 7 and am sitting in Safe Mode confused :D

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 PM

Posted 09 July 2012 - 11:37 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Wherewolf

Wherewolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 09 July 2012 - 01:58 PM

TDSSkiller
12:40:27.0067 2004 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
12:40:27.0319 2004 ============================================================
12:40:27.0319 2004 Current date / time: 2012/07/09 12:40:27.0319
12:40:27.0319 2004 SystemInfo:
12:40:27.0319 2004
12:40:27.0319 2004 OS Version: 6.1.7600 ServicePack: 0.0
12:40:27.0319 2004 Product type: Workstation
12:40:27.0320 2004 ComputerName: WHEREWOLF-PC
12:40:27.0320 2004 UserName: Wherewolf
12:40:27.0320 2004 Windows directory: C:\Windows
12:40:27.0320 2004 System windows directory: C:\Windows
12:40:27.0320 2004 Running under WOW64
12:40:27.0320 2004 Processor architecture: Intel x64
12:40:27.0320 2004 Number of processors: 3
12:40:27.0320 2004 Page size: 0x1000
12:40:27.0320 2004 Boot type: Safe boot with network
12:40:27.0320 2004 ============================================================
12:40:28.0225 2004 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
12:40:28.0229 2004 ============================================================
12:40:28.0229 2004 \Device\Harddisk0\DR0:
12:40:28.0229 2004 MBR partitions:
12:40:28.0229 2004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:40:28.0229 2004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
12:40:28.0229 2004 ============================================================
12:40:28.0271 2004 C: <-> \Device\Harddisk0\DR0\Partition1
12:40:28.0271 2004 ============================================================
12:40:28.0271 2004 Initialize success
12:40:28.0271 2004 ============================================================
12:40:43.0690 1136 ============================================================
12:40:43.0690 1136 Scan started
12:40:43.0690 1136 Mode: Manual; TDLFS;
12:40:43.0690 1136 ============================================================
12:40:43.0974 1136 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:40:43.0977 1136 1394ohci - ok
12:40:44.0009 1136 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:40:44.0012 1136 ACPI - ok
12:40:44.0032 1136 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:40:44.0033 1136 AcpiPmi - ok
12:40:44.0160 1136 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:40:44.0161 1136 AdobeARMservice - ok
12:40:44.0189 1136 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:40:44.0194 1136 adp94xx - ok
12:40:44.0230 1136 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:40:44.0233 1136 adpahci - ok
12:40:44.0247 1136 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:40:44.0249 1136 adpu320 - ok
12:40:44.0287 1136 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:40:44.0289 1136 AeLookupSvc - ok
12:40:44.0354 1136 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
12:40:44.0365 1136 AFD - ok
12:40:44.0382 1136 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:40:44.0383 1136 agp440 - ok
12:40:44.0408 1136 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:40:44.0409 1136 ALG - ok
12:40:44.0428 1136 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:40:44.0429 1136 aliide - ok
12:40:44.0518 1136 ALSysIO - ok
12:40:44.0534 1136 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:40:44.0534 1136 amdide - ok
12:40:44.0553 1136 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:40:44.0554 1136 AmdK8 - ok
12:40:44.0577 1136 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:40:44.0578 1136 AmdPPM - ok
12:40:44.0606 1136 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:40:44.0607 1136 amdsata - ok
12:40:44.0621 1136 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:40:44.0624 1136 amdsbs - ok
12:40:44.0656 1136 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:40:44.0657 1136 amdxata - ok
12:40:44.0683 1136 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:40:44.0686 1136 AppID - ok
12:40:44.0696 1136 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:40:44.0697 1136 AppIDSvc - ok
12:40:44.0733 1136 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
12:40:44.0734 1136 Appinfo - ok
12:40:44.0800 1136 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:40:44.0802 1136 Apple Mobile Device - ok
12:40:44.0812 1136 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:40:44.0813 1136 arc - ok
12:40:44.0825 1136 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:40:44.0827 1136 arcsas - ok
12:40:44.0848 1136 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:40:44.0848 1136 AsyncMac - ok
12:40:44.0860 1136 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:40:44.0860 1136 atapi - ok
12:40:44.0886 1136 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:40:44.0893 1136 AudioEndpointBuilder - ok
12:40:44.0910 1136 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
12:40:44.0913 1136 AudioSrv - ok
12:40:44.0937 1136 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
12:40:44.0941 1136 AxInstSV - ok
12:40:44.0979 1136 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:40:44.0985 1136 b06bdrv - ok
12:40:45.0008 1136 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:40:45.0011 1136 b57nd60a - ok
12:40:45.0047 1136 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:40:45.0048 1136 BDESVC - ok
12:40:45.0055 1136 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:40:45.0055 1136 Beep - ok
12:40:45.0101 1136 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
12:40:45.0111 1136 BITS - ok
12:40:45.0129 1136 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:40:45.0130 1136 blbdrive - ok
12:40:45.0198 1136 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:40:45.0203 1136 Bonjour Service - ok
12:40:45.0246 1136 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:40:45.0247 1136 bowser - ok
12:40:45.0257 1136 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:40:45.0258 1136 BrFiltLo - ok
12:40:45.0278 1136 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:40:45.0282 1136 BrFiltUp - ok
12:40:45.0294 1136 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
12:40:45.0296 1136 Browser - ok
12:40:45.0316 1136 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:40:45.0319 1136 Brserid - ok
12:40:45.0347 1136 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:40:45.0348 1136 BrSerWdm - ok
12:40:45.0356 1136 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:40:45.0356 1136 BrUsbMdm - ok
12:40:45.0360 1136 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:40:45.0361 1136 BrUsbSer - ok
12:40:45.0376 1136 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:40:45.0377 1136 BTHMODEM - ok
12:40:45.0388 1136 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:40:45.0390 1136 bthserv - ok
12:40:45.0423 1136 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:40:45.0424 1136 cdfs - ok
12:40:45.0454 1136 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:40:45.0456 1136 cdrom - ok
12:40:45.0497 1136 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:40:45.0499 1136 CertPropSvc - ok
12:40:45.0518 1136 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:40:45.0519 1136 circlass - ok
12:40:45.0545 1136 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:40:45.0549 1136 CLFS - ok
12:40:45.0629 1136 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:40:45.0630 1136 clr_optimization_v2.0.50727_32 - ok
12:40:45.0700 1136 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:40:45.0701 1136 clr_optimization_v2.0.50727_64 - ok
12:40:45.0759 1136 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:40:45.0761 1136 clr_optimization_v4.0.30319_32 - ok
12:40:45.0776 1136 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:40:45.0778 1136 clr_optimization_v4.0.30319_64 - ok
12:40:45.0791 1136 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:40:45.0791 1136 CmBatt - ok
12:40:45.0803 1136 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:40:45.0804 1136 cmdide - ok
12:40:45.0836 1136 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
12:40:45.0841 1136 CNG - ok
12:40:45.0850 1136 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:40:45.0852 1136 Compbatt - ok
12:40:45.0870 1136 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:40:45.0871 1136 CompositeBus - ok
12:40:45.0872 1136 COMSysApp - ok
12:40:45.0887 1136 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:40:45.0887 1136 crcdisk - ok
12:40:45.0934 1136 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
12:40:45.0936 1136 CryptSvc - ok
12:40:46.0024 1136 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:40:46.0032 1136 cvhsvc - ok
12:40:46.0082 1136 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys
12:40:46.0083 1136 danewFltr - ok
12:40:46.0119 1136 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
12:40:46.0120 1136 dc3d - ok
12:40:46.0155 1136 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:40:46.0161 1136 DcomLaunch - ok
12:40:46.0197 1136 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:40:46.0200 1136 defragsvc - ok
12:40:46.0236 1136 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:40:46.0237 1136 DfsC - ok
12:40:46.0271 1136 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
12:40:46.0275 1136 Dhcp - ok
12:40:46.0285 1136 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:40:46.0286 1136 discache - ok
12:40:46.0307 1136 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:40:46.0308 1136 Disk - ok
12:40:46.0339 1136 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
12:40:46.0342 1136 Dnscache - ok
12:40:46.0363 1136 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
12:40:46.0366 1136 dot3svc - ok
12:40:46.0381 1136 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
12:40:46.0384 1136 DPS - ok
12:40:46.0408 1136 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:40:46.0409 1136 drmkaud - ok
12:40:46.0457 1136 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:40:46.0466 1136 DXGKrnl - ok
12:40:46.0489 1136 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:40:46.0491 1136 EapHost - ok
12:40:46.0577 1136 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:40:46.0606 1136 ebdrv - ok
12:40:46.0678 1136 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
12:40:46.0679 1136 EFS - ok
12:40:46.0740 1136 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
12:40:46.0747 1136 ehRecvr - ok
12:40:46.0778 1136 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:40:46.0782 1136 ehSched - ok
12:40:46.0846 1136 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:40:46.0851 1136 elxstor - ok
12:40:46.0859 1136 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:40:46.0859 1136 ErrDev - ok
12:40:46.0880 1136 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:40:46.0884 1136 EventSystem - ok
12:40:46.0899 1136 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:40:46.0901 1136 exfat - ok
12:40:46.0910 1136 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:40:46.0913 1136 fastfat - ok
12:40:46.0944 1136 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
12:40:46.0951 1136 Fax - ok
12:40:46.0964 1136 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:40:46.0965 1136 fdc - ok
12:40:46.0983 1136 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:40:46.0984 1136 fdPHost - ok
12:40:46.0992 1136 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:40:46.0993 1136 FDResPub - ok
12:40:47.0001 1136 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:40:47.0002 1136 FileInfo - ok
12:40:47.0012 1136 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:40:47.0013 1136 Filetrace - ok
12:40:47.0026 1136 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:40:47.0026 1136 flpydisk - ok
12:40:47.0047 1136 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:40:47.0050 1136 FltMgr - ok
12:40:47.0097 1136 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
12:40:47.0109 1136 FontCache - ok
12:40:47.0172 1136 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:40:47.0173 1136 FontCache3.0.0.0 - ok
12:40:47.0238 1136 Freemake Improver (37c2ff67a2565286f1c1c1072be74678) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
12:40:47.0239 1136 Freemake Improver - ok
12:40:47.0256 1136 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:40:47.0257 1136 FsDepends - ok
12:40:47.0283 1136 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
12:40:47.0284 1136 Fs_Rec - ok
12:40:47.0317 1136 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:40:47.0320 1136 fvevol - ok
12:40:47.0343 1136 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:40:47.0344 1136 gagp30kx - ok
12:40:47.0381 1136 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:40:47.0381 1136 GEARAspiWDM - ok
12:40:47.0402 1136 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
12:40:47.0410 1136 gpsvc - ok
12:40:47.0479 1136 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:40:47.0480 1136 gupdate - ok
12:40:47.0498 1136 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:40:47.0499 1136 gupdatem - ok
12:40:47.0508 1136 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:40:47.0509 1136 hcw85cir - ok
12:40:47.0548 1136 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:40:47.0552 1136 HdAudAddService - ok
12:40:47.0569 1136 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:40:47.0570 1136 HDAudBus - ok
12:40:47.0583 1136 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:40:47.0583 1136 HidBatt - ok
12:40:47.0595 1136 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:40:47.0596 1136 HidBth - ok
12:40:47.0612 1136 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:40:47.0612 1136 HidIr - ok
12:40:47.0627 1136 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
12:40:47.0628 1136 hidserv - ok
12:40:47.0649 1136 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:40:47.0650 1136 HidUsb - ok
12:40:47.0757 1136 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
12:40:47.0778 1136 HiPatchService - ok
12:40:47.0905 1136 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
12:40:47.0906 1136 hkmsvc - ok
12:40:47.0938 1136 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
12:40:47.0941 1136 HomeGroupListener - ok
12:40:47.0967 1136 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
12:40:47.0970 1136 HomeGroupProvider - ok
12:40:47.0999 1136 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:40:48.0000 1136 HpSAMD - ok
12:40:48.0039 1136 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:40:48.0045 1136 HTTP - ok
12:40:48.0054 1136 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:40:48.0054 1136 hwpolicy - ok
12:40:48.0085 1136 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:40:48.0086 1136 i8042prt - ok
12:40:48.0113 1136 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:40:48.0118 1136 iaStorV - ok
12:40:48.0208 1136 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:40:48.0216 1136 idsvc - ok
12:40:48.0224 1136 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:40:48.0225 1136 iirsp - ok
12:40:48.0283 1136 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
12:40:48.0291 1136 IKEEXT - ok
12:40:48.0306 1136 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:40:48.0307 1136 intelide - ok
12:40:48.0328 1136 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:40:48.0329 1136 intelppm - ok
12:40:48.0340 1136 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:40:48.0341 1136 IPBusEnum - ok
12:40:48.0356 1136 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:40:48.0358 1136 IpFilterDriver - ok
12:40:48.0371 1136 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:40:48.0372 1136 IPMIDRV - ok
12:40:48.0390 1136 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:40:48.0392 1136 IPNAT - ok
12:40:48.0494 1136 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
12:40:48.0506 1136 iPod Service - ok
12:40:48.0532 1136 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
12:40:48.0534 1136 irda - ok
12:40:48.0550 1136 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:40:48.0550 1136 IRENUM - ok
12:40:48.0566 1136 Irmon (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll
12:40:48.0567 1136 Irmon - ok
12:40:48.0595 1136 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
12:40:48.0595 1136 irsir - ok
12:40:48.0608 1136 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:40:48.0609 1136 isapnp - ok
12:40:48.0625 1136 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:40:48.0626 1136 iScsiPrt - ok
12:40:48.0636 1136 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:40:48.0636 1136 kbdclass - ok
12:40:48.0657 1136 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:40:48.0657 1136 kbdhid - ok
12:40:48.0690 1136 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:40:48.0691 1136 KeyIso - ok
12:40:48.0719 1136 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
12:40:48.0721 1136 KSecDD - ok
12:40:48.0735 1136 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
12:40:48.0737 1136 KSecPkg - ok
12:40:48.0744 1136 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:40:48.0744 1136 ksthunk - ok
12:40:48.0775 1136 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:40:48.0779 1136 KtmRm - ok
12:40:48.0813 1136 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
12:40:48.0816 1136 LanmanServer - ok
12:40:48.0838 1136 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
12:40:48.0840 1136 LanmanWorkstation - ok
12:40:48.0880 1136 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:40:48.0881 1136 lltdio - ok
12:40:48.0910 1136 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:40:48.0913 1136 lltdsvc - ok
12:40:48.0927 1136 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:40:48.0928 1136 lmhosts - ok
12:40:48.0952 1136 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:40:48.0953 1136 LSI_FC - ok
12:40:48.0966 1136 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:40:48.0968 1136 LSI_SAS - ok
12:40:48.0978 1136 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:40:48.0979 1136 LSI_SAS2 - ok
12:40:48.0994 1136 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:40:48.0996 1136 LSI_SCSI - ok
12:40:49.0021 1136 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:40:49.0023 1136 luafv - ok
12:40:49.0051 1136 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
12:40:49.0053 1136 Mcx2Svc - ok
12:40:49.0065 1136 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:40:49.0066 1136 megasas - ok
12:40:49.0086 1136 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:40:49.0090 1136 MegaSR - ok
12:40:49.0106 1136 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:40:49.0107 1136 MMCSS - ok
12:40:49.0126 1136 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:40:49.0127 1136 Modem - ok
12:40:49.0140 1136 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:40:49.0141 1136 monitor - ok
12:40:49.0153 1136 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:40:49.0153 1136 mouclass - ok
12:40:49.0169 1136 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:40:49.0170 1136 mouhid - ok
12:40:49.0180 1136 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:40:49.0181 1136 mountmgr - ok
12:40:49.0247 1136 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:40:49.0248 1136 MozillaMaintenance - ok
12:40:49.0287 1136 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
12:40:49.0289 1136 MpFilter - ok
12:40:49.0303 1136 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:40:49.0305 1136 mpio - ok
12:40:49.0322 1136 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:40:49.0323 1136 mpsdrv - ok
12:40:49.0337 1136 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:40:49.0339 1136 MRxDAV - ok
12:40:49.0363 1136 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:40:49.0364 1136 mrxsmb - ok
12:40:49.0396 1136 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:40:49.0399 1136 mrxsmb10 - ok
12:40:49.0409 1136 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:40:49.0410 1136 mrxsmb20 - ok
12:40:49.0425 1136 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:40:49.0425 1136 msahci - ok
12:40:49.0438 1136 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:40:49.0439 1136 msdsm - ok
12:40:49.0457 1136 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:40:49.0458 1136 MSDTC - ok
12:40:49.0480 1136 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:40:49.0482 1136 Msfs - ok
12:40:49.0486 1136 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:40:49.0487 1136 mshidkmdf - ok
12:40:49.0489 1136 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:40:49.0489 1136 msisadrv - ok
12:40:49.0510 1136 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:40:49.0512 1136 MSiSCSI - ok
12:40:49.0514 1136 msiserver - ok
12:40:49.0533 1136 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:40:49.0534 1136 MSKSSRV - ok
12:40:49.0628 1136 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:40:49.0628 1136 MsMpSvc - ok
12:40:49.0643 1136 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:40:49.0644 1136 MSPCLOCK - ok
12:40:49.0650 1136 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:40:49.0650 1136 MSPQM - ok
12:40:49.0673 1136 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:40:49.0677 1136 MsRPC - ok
12:40:49.0689 1136 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:40:49.0689 1136 mssmbios - ok
12:40:49.0702 1136 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:40:49.0703 1136 MSTEE - ok
12:40:49.0712 1136 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:40:49.0713 1136 MTConfig - ok
12:40:49.0734 1136 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:40:49.0735 1136 Mup - ok
12:40:49.0774 1136 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
12:40:49.0779 1136 napagent - ok
12:40:49.0815 1136 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:40:49.0819 1136 NativeWifiP - ok
12:40:49.0856 1136 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:40:49.0865 1136 NDIS - ok
12:40:49.0875 1136 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:40:49.0875 1136 NdisCap - ok
12:40:49.0892 1136 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:40:49.0892 1136 NdisTapi - ok
12:40:49.0913 1136 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:40:49.0914 1136 Ndisuio - ok
12:40:49.0925 1136 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:40:49.0927 1136 NdisWan - ok
12:40:49.0935 1136 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:40:49.0936 1136 NDProxy - ok
12:40:49.0952 1136 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:40:49.0953 1136 NetBIOS - ok
12:40:49.0972 1136 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:40:49.0975 1136 NetBT - ok
12:40:49.0999 1136 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:40:49.0999 1136 Netlogon - ok
12:40:50.0032 1136 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:40:50.0036 1136 Netman - ok
12:40:50.0053 1136 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:40:50.0058 1136 netprofm - ok
12:40:50.0130 1136 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:40:50.0131 1136 NetTcpPortSharing - ok
12:40:50.0161 1136 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:40:50.0162 1136 nfrd960 - ok
12:40:50.0208 1136 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:40:50.0210 1136 NisDrv - ok
12:40:50.0299 1136 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:40:50.0303 1136 NisSrv - ok
12:40:50.0328 1136 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
12:40:50.0332 1136 NlaSvc - ok
12:40:50.0344 1136 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:40:50.0345 1136 Npfs - ok
12:40:50.0364 1136 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:40:50.0365 1136 nsi - ok
12:40:50.0372 1136 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:40:50.0373 1136 nsiproxy - ok
12:40:50.0434 1136 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:40:50.0450 1136 Ntfs - ok
12:40:50.0536 1136 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:40:50.0536 1136 Null - ok
12:40:50.0568 1136 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
12:40:50.0570 1136 NVHDA - ok
12:40:50.0960 1136 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:40:51.0105 1136 nvlddmkm - ok
12:40:51.0135 1136 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:40:51.0137 1136 nvraid - ok
12:40:51.0173 1136 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:40:51.0175 1136 nvstor - ok
12:40:51.0240 1136 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
12:40:51.0249 1136 nvsvc - ok
12:40:51.0414 1136 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:40:51.0436 1136 nvUpdatusService - ok
12:40:51.0482 1136 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:40:51.0484 1136 nv_agp - ok
12:40:51.0498 1136 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:40:51.0499 1136 ohci1394 - ok
12:40:51.0575 1136 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:40:51.0577 1136 ose - ok
12:40:51.0764 1136 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:40:51.0809 1136 osppsvc - ok
12:40:51.0865 1136 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:40:51.0869 1136 p2pimsvc - ok
12:40:51.0894 1136 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:40:51.0899 1136 p2psvc - ok
12:40:51.0922 1136 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:40:51.0924 1136 Parport - ok
12:40:51.0953 1136 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
12:40:51.0954 1136 partmgr - ok
12:40:51.0986 1136 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:40:51.0988 1136 PcaSvc - ok
12:40:52.0010 1136 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:40:52.0012 1136 pci - ok
12:40:52.0018 1136 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:40:52.0019 1136 pciide - ok
12:40:52.0047 1136 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:40:52.0050 1136 pcmcia - ok
12:40:52.0062 1136 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:40:52.0064 1136 pcw - ok
12:40:52.0091 1136 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:40:52.0098 1136 PEAUTH - ok
12:40:52.0172 1136 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:40:52.0173 1136 PerfHost - ok
12:40:52.0220 1136 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
12:40:52.0243 1136 pla - ok
12:40:52.0301 1136 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
12:40:52.0306 1136 PlugPlay - ok
12:40:52.0314 1136 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:40:52.0316 1136 PNRPAutoReg - ok
12:40:52.0326 1136 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:40:52.0328 1136 PNRPsvc - ok
12:40:52.0360 1136 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
12:40:52.0361 1136 Point64 - ok
12:40:52.0397 1136 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
12:40:52.0402 1136 PolicyAgent - ok
12:40:52.0439 1136 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:40:52.0442 1136 Power - ok
12:40:52.0456 1136 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:40:52.0457 1136 PptpMiniport - ok
12:40:52.0471 1136 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:40:52.0473 1136 Processor - ok
12:40:52.0519 1136 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
12:40:52.0521 1136 ProfSvc - ok
12:40:52.0567 1136 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:40:52.0567 1136 ProtectedStorage - ok
12:40:52.0593 1136 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:40:52.0601 1136 Psched - ok
12:40:52.0655 1136 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:40:52.0668 1136 ql2300 - ok
12:40:52.0736 1136 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:40:52.0738 1136 ql40xx - ok
12:40:52.0762 1136 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:40:52.0766 1136 QWAVE - ok
12:40:52.0774 1136 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:40:52.0774 1136 QWAVEdrv - ok
12:40:52.0781 1136 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:40:52.0781 1136 RasAcd - ok
12:40:52.0813 1136 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:40:52.0814 1136 RasAgileVpn - ok
12:40:52.0832 1136 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:40:52.0833 1136 RasAuto - ok
12:40:52.0862 1136 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:40:52.0863 1136 Rasl2tp - ok
12:40:52.0881 1136 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
12:40:52.0885 1136 RasMan - ok
12:40:52.0905 1136 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:40:52.0906 1136 RasPppoe - ok
12:40:52.0924 1136 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:40:52.0925 1136 RasSstp - ok
12:40:52.0945 1136 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:40:52.0948 1136 rdbss - ok
12:40:52.0967 1136 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:40:52.0968 1136 rdpbus - ok
12:40:52.0974 1136 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:40:52.0978 1136 RDPCDD - ok
12:40:53.0008 1136 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:40:53.0008 1136 RDPENCDD - ok
12:40:53.0011 1136 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:40:53.0012 1136 RDPREFMP - ok
12:40:53.0055 1136 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
12:40:53.0058 1136 RDPWD - ok
12:40:53.0083 1136 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:40:53.0086 1136 rdyboost - ok
12:40:53.0127 1136 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:40:53.0129 1136 RemoteAccess - ok
12:40:53.0158 1136 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:40:53.0171 1136 RemoteRegistry - ok
12:40:53.0183 1136 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:40:53.0184 1136 RpcEptMapper - ok
12:40:53.0205 1136 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:40:53.0206 1136 RpcLocator - ok
12:40:53.0237 1136 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
12:40:53.0240 1136 RpcSs - ok
12:40:53.0257 1136 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:40:53.0258 1136 rspndr - ok
12:40:53.0295 1136 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:40:53.0297 1136 RTL8167 - ok
12:40:53.0319 1136 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:40:53.0320 1136 SamSs - ok
12:40:53.0330 1136 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:40:53.0332 1136 sbp2port - ok
12:40:53.0342 1136 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:40:53.0348 1136 SCardSvr - ok
12:40:53.0365 1136 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:40:53.0366 1136 scfilter - ok
12:40:53.0428 1136 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
12:40:53.0439 1136 Schedule - ok
12:40:53.0466 1136 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
12:40:53.0467 1136 SCPolicySvc - ok
12:40:53.0489 1136 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
12:40:53.0491 1136 SDRSVC - ok
12:40:53.0525 1136 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:40:53.0526 1136 secdrv - ok
12:40:53.0547 1136 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
12:40:53.0549 1136 seclogon - ok
12:40:53.0559 1136 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
12:40:53.0560 1136 SENS - ok
12:40:53.0571 1136 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:40:53.0573 1136 SensrSvc - ok
12:40:53.0613 1136 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:40:53.0613 1136 Serenum - ok
12:40:53.0623 1136 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:40:53.0625 1136 Serial - ok
12:40:53.0626 1136 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:40:53.0627 1136 sermouse - ok
12:40:53.0645 1136 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
12:40:53.0647 1136 SessionEnv - ok
12:40:53.0660 1136 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:40:53.0661 1136 sffdisk - ok
12:40:53.0680 1136 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:40:53.0680 1136 sffp_mmc - ok
12:40:53.0696 1136 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:40:53.0697 1136 sffp_sd - ok
12:40:53.0705 1136 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:40:53.0706 1136 sfloppy - ok
12:40:53.0766 1136 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:40:53.0773 1136 Sftfs - ok
12:40:53.0876 1136 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:40:53.0881 1136 sftlist - ok
12:40:53.0895 1136 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:40:53.0898 1136 Sftplay - ok
12:40:53.0921 1136 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:40:53.0922 1136 Sftredir - ok
12:40:53.0927 1136 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:40:53.0928 1136 Sftvol - ok
12:40:53.0947 1136 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:40:53.0949 1136 sftvsa - ok
12:40:53.0994 1136 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
12:40:53.0999 1136 ShellHWDetection - ok
12:40:54.0049 1136 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:40:54.0050 1136 SiSRaid2 - ok
12:40:54.0065 1136 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:40:54.0066 1136 SiSRaid4 - ok
12:40:54.0254 1136 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:40:54.0283 1136 Skype C2C Service - ok
12:40:54.0322 1136 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:40:54.0324 1136 SkypeUpdate - ok
12:40:54.0424 1136 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:40:54.0426 1136 Smb - ok
12:40:54.0444 1136 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:40:54.0445 1136 SNMPTRAP - ok
12:40:54.0456 1136 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:40:54.0457 1136 spldr - ok
12:40:54.0509 1136 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
12:40:54.0515 1136 Spooler - ok
12:40:54.0618 1136 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
12:40:54.0650 1136 sppsvc - ok
12:40:54.0688 1136 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:40:54.0690 1136 sppuinotify - ok
12:40:54.0738 1136 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:40:54.0742 1136 srv - ok
12:40:54.0766 1136 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:40:54.0770 1136 srv2 - ok
12:40:54.0798 1136 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:40:54.0800 1136 srvnet - ok
12:40:54.0833 1136 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:40:54.0836 1136 SSDPSRV - ok
12:40:54.0860 1136 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:40:54.0861 1136 SstpSvc - ok
12:40:54.0895 1136 Steam Client Service - ok
12:40:55.0006 1136 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:40:55.0009 1136 Stereo Service - ok
12:40:55.0024 1136 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:40:55.0025 1136 stexstor - ok
12:40:55.0069 1136 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
12:40:55.0076 1136 stisvc - ok
12:40:55.0082 1136 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:40:55.0083 1136 swenum - ok
12:40:55.0116 1136 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:40:55.0123 1136 swprv - ok
12:40:55.0180 1136 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
12:40:55.0198 1136 SysMain - ok
12:40:55.0237 1136 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
12:40:55.0239 1136 TabletInputService - ok
12:40:55.0260 1136 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
12:40:55.0264 1136 TapiSrv - ok
12:40:55.0283 1136 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:40:55.0285 1136 TBS - ok
12:40:55.0388 1136 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
12:40:55.0405 1136 Tcpip - ok
12:40:55.0487 1136 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
12:40:55.0496 1136 TCPIP6 - ok
12:40:55.0535 1136 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:40:55.0536 1136 tcpipreg - ok
12:40:55.0548 1136 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:40:55.0549 1136 TDPIPE - ok
12:40:55.0569 1136 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
12:40:55.0570 1136 TDTCP - ok
12:40:55.0589 1136 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:40:55.0590 1136 tdx - ok
12:40:55.0930 1136 TeamViewer6 (fe559178000347d2ca1b7847f0379749) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
12:40:55.0951 1136 TeamViewer6 - ok
12:40:55.0996 1136 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:40:55.0997 1136 TermDD - ok
12:40:56.0029 1136 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
12:40:56.0037 1136 TermService - ok
12:40:56.0057 1136 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:40:56.0059 1136 Themes - ok
12:40:56.0083 1136 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:40:56.0084 1136 THREADORDER - ok
12:40:56.0117 1136 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:40:56.0120 1136 TrkWks - ok
12:40:56.0176 1136 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
12:40:56.0179 1136 TrustedInstaller - ok
12:40:56.0191 1136 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:40:56.0192 1136 tssecsrv - ok
12:40:56.0218 1136 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:40:56.0220 1136 tunnel - ok
12:40:56.0237 1136 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:40:56.0238 1136 uagp35 - ok
12:40:56.0259 1136 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
12:40:56.0262 1136 udfs - ok
12:40:56.0278 1136 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:40:56.0280 1136 UI0Detect - ok
12:40:56.0299 1136 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:40:56.0300 1136 uliagpkx - ok
12:40:56.0318 1136 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:40:56.0319 1136 umbus - ok
12:40:56.0329 1136 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:40:56.0330 1136 UmPass - ok
12:40:56.0352 1136 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:40:56.0356 1136 upnphost - ok
12:40:56.0387 1136 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:40:56.0388 1136 USBAAPL64 - ok
12:40:56.0420 1136 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
12:40:56.0421 1136 usbccgp - ok
12:40:56.0441 1136 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:40:56.0443 1136 usbcir - ok
12:40:56.0483 1136 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
12:40:56.0484 1136 usbehci - ok
12:40:56.0523 1136 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
12:40:56.0526 1136 usbhub - ok
12:40:56.0545 1136 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
12:40:56.0546 1136 usbohci - ok
12:40:56.0565 1136 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:40:56.0566 1136 usbprint - ok
12:40:56.0583 1136 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:40:56.0583 1136 usbscan - ok
12:40:56.0611 1136 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:40:56.0612 1136 USBSTOR - ok
12:40:56.0622 1136 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
12:40:56.0623 1136 usbuhci - ok
12:40:56.0632 1136 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:40:56.0634 1136 UxSms - ok
12:40:56.0671 1136 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
12:40:56.0672 1136 VaultSvc - ok
12:40:56.0697 1136 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:40:56.0698 1136 vdrvroot - ok
12:40:56.0738 1136 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
12:40:56.0745 1136 vds - ok
12:40:56.0762 1136 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:40:56.0763 1136 vga - ok
12:40:56.0775 1136 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:40:56.0775 1136 VgaSave - ok
12:40:56.0799 1136 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:40:56.0802 1136 vhdmp - ok
12:40:56.0816 1136 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:40:56.0816 1136 viaide - ok
12:40:56.0867 1136 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
12:40:56.0868 1136 VKbms - ok
12:40:56.0881 1136 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:40:56.0882 1136 volmgr - ok
12:40:56.0905 1136 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:40:56.0909 1136 volmgrx - ok
12:40:56.0942 1136 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:40:56.0946 1136 volsnap - ok
12:40:56.0963 1136 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:40:56.0964 1136 vsmraid - ok
12:40:57.0032 1136 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
12:40:57.0058 1136 VSS - ok
12:40:57.0154 1136 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:40:57.0155 1136 vwifibus - ok
12:40:57.0184 1136 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:40:57.0188 1136 W32Time - ok
12:40:57.0201 1136 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:40:57.0202 1136 WacomPen - ok
12:40:57.0226 1136 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:40:57.0232 1136 WANARP - ok
12:40:57.0242 1136 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:40:57.0243 1136 Wanarpv6 - ok
12:40:57.0326 1136 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:40:57.0337 1136 WatAdminSvc - ok
12:40:57.0391 1136 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
12:40:57.0406 1136 wbengine - ok
12:40:57.0449 1136 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:40:57.0452 1136 WbioSrvc - ok
12:40:57.0495 1136 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
12:40:57.0500 1136 wcncsvc - ok
12:40:57.0508 1136 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:40:57.0510 1136 WcsPlugInService - ok
12:40:57.0529 1136 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:40:57.0530 1136 Wd - ok
12:40:57.0571 1136 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:40:57.0577 1136 Wdf01000 - ok
12:40:57.0585 1136 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:40:57.0588 1136 WdiServiceHost - ok
12:40:57.0589 1136 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:40:57.0591 1136 WdiSystemHost - ok
12:40:57.0632 1136 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
12:40:57.0636 1136 WebClient - ok
12:40:57.0680 1136 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:40:57.0684 1136 Wecsvc - ok
12:40:57.0700 1136 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:40:57.0702 1136 wercplsupport - ok
12:40:57.0724 1136 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:40:57.0726 1136 WerSvc - ok
12:40:57.0751 1136 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:40:57.0752 1136 WfpLwf - ok
12:40:57.0765 1136 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:40:57.0766 1136 WIMMount - ok
12:40:57.0769 1136 WinHttpAutoProxySvc - ok
12:40:57.0818 1136 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:40:57.0820 1136 Winmgmt - ok
12:40:57.0889 1136 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
12:40:57.0908 1136 WinRM - ok
12:40:58.0154 1136 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
12:40:58.0154 1136 WinUsb - ok
12:40:58.0194 1136 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:40:58.0203 1136 Wlansvc - ok
12:40:58.0347 1136 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:40:58.0368 1136 wlidsvc - ok
12:40:58.0395 1136 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:40:58.0396 1136 WmiAcpi - ok
12:40:58.0440 1136 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:40:58.0443 1136 wmiApSrv - ok
12:40:58.0482 1136 WMPNetworkSvc - ok
12:40:58.0496 1136 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:40:58.0498 1136 WPCSvc - ok
12:40:58.0515 1136 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
12:40:58.0517 1136 WPDBusEnum - ok
12:40:58.0532 1136 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:40:58.0534 1136 ws2ifsl - ok
12:40:58.0547 1136 WSearch - ok
12:40:58.0640 1136 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:40:58.0663 1136 wuauserv - ok
12:40:58.0698 1136 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:40:58.0699 1136 WudfPf - ok
12:40:58.0735 1136 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:40:58.0737 1136 WUDFRd - ok
12:40:58.0756 1136 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
12:40:58.0758 1136 wudfsvc - ok
12:40:58.0781 1136 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:40:58.0791 1136 WwanSvc - ok
12:40:58.0810 1136 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:40:58.0971 1136 \Device\Harddisk0\DR0 - ok
12:40:58.0978 1136 Boot (0x1200) (2a59d1daa49d4674eebd1ac6a0d07d02) \Device\Harddisk0\DR0\Partition0
12:40:58.0980 1136 \Device\Harddisk0\DR0\Partition0 - ok
12:40:58.0984 1136 Boot (0x1200) (b9eda18868074ec31053ea57cc025cdc) \Device\Harddisk0\DR0\Partition1
12:40:58.0985 1136 \Device\Harddisk0\DR0\Partition1 - ok
12:40:58.0986 1136 ============================================================
12:40:58.0986 1136 Scan finished
12:40:58.0986 1136 ============================================================
12:40:58.0994 2008 Detected object count: 0
12:40:58.0994 2008 Actual detected object count: 0
12:41:30.0807 1292 Deinitialize success



aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-09 12:53:28
-----------------------------
12:53:28.057 OS Version: Windows x64 6.1.7600
12:53:28.057 Number of processors: 3 586 0x402
12:53:28.058 ComputerName: WHEREWOLF-PC UserName: Wherewolf
12:53:31.652 Initialize success
12:53:36.772 AVAST engine defs: 12070900
12:53:39.269 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
12:53:39.271 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
12:53:39.293 Disk 0 MBR read successfully
12:53:39.295 Disk 0 MBR scan
12:53:39.298 Disk 0 Windows 7 default MBR code
12:53:39.307 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:53:39.316 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
12:53:39.345 Disk 0 scanning C:\Windows\system32\drivers
12:53:49.476 Service scanning
12:54:04.795 Modules scanning
12:54:04.795 Disk 0 trace - called modules:
12:54:04.807 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:54:04.807 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007966060]
12:54:04.807 3 CLASSPNP.SYS[fffff880018d643f] -> nt!IofCallDriver -> [0xfffffa80077be520]
12:54:04.807 5 ACPI.sys[fffff88000f37781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa80077c1680]
12:54:06.206 AVAST engine scan C:\Windows
12:54:11.490 AVAST engine scan C:\Windows\system32
12:56:50.021 AVAST engine scan C:\Windows\system32\drivers
12:56:59.774 AVAST engine scan C:\Users\Wherewolf
13:05:03.308 File: C:\Users\Wherewolf\Downloads\Microsoft Word 2010 + Crack {LCD}\Crack\ACTIVATION V3.5 {LCD}.exe **INFECTED** MSIL:Agent-FL [Trj]
13:07:06.716 AVAST engine scan C:\ProgramData
13:18:59.434 Scan finished successfully
13:22:35.728 Disk 0 MBR has been saved successfully to "C:\Users\Wherewolf\Desktop\MBR.dat"
13:22:35.732 The log file has been saved successfully to "C:\Users\Wherewolf\Desktop\aswMBR.txt"


ESET Online Scanner
C:\Program Files (x86)\intellidownload\torrent.exe Win32/BundleInstaller application cleaned by deleting - quarantined
C:\Users\Wherewolf\Downloads\Microsoft Word 2010 + Crack {LCD}\Crack\ACTIVATION V3.5 {LCD}.exe a variant of MSIL/Kryptik.CF trojan cleaned by deleting - quarantined

Edited by Wherewolf, 09 July 2012 - 02:01 PM.


#4 Wherewolf

Wherewolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 09 July 2012 - 04:55 PM

I'd also like to ask a pair of questions if I can- do I need to be in safe mode for all of this, and if not, can I be playing games and the like between posts or is it better to simply be patient and not run anything?

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 PM

Posted 09 July 2012 - 10:23 PM

Please do not play games while scanning

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe

Click on LOOK,post the generated log

#6 Wherewolf

Wherewolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 09 July 2012 - 10:28 PM

Should I stay in normal or switch back to safe for minitool and systemlook?

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 PM

Posted 09 July 2012 - 10:29 PM

Stay in normal mode

#8 Wherewolf

Wherewolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 09 July 2012 - 11:43 PM

Malwarebytes (safe)
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.10.03

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Wherewolf :: WHEREWOLF-PC [administrator]

7/9/2012 11:25:24 PM
mbam-log-2012-07-09 (23-25-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 585483
Time elapsed: 1 hour(s), 9 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Should I still scan on normal with MBAM?

Edited by Wherewolf, 09 July 2012 - 11:44 PM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 PM

Posted 09 July 2012 - 11:45 PM

Yes

Also can you post the old logs of malwarebytes that detected infections?

Launch malwarebytes-click on LOGS tab,you should find old logs

#10 Wherewolf

Wherewolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 09 July 2012 - 11:52 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.08.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Wherewolf :: WHEREWOLF-PC [administrator]

7/8/2012 1:05:36 PM
mbam-log-2012-07-08 (13-05-36).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 584610
Time elapsed: 1 hour(s), 24 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Program Files (x86)\intellidownload\vfd.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Wherewolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1MONIFJ\vfd-ob[1].exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Installer\{e2fc0e10-e822-2346-eea8-1a07cbbf6da4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

------------------------------------------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.08.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Wherewolf :: WHEREWOLF-PC [administrator]

7/8/2012 8:17:28 PM
mbam-log-2012-07-08 (20-17-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228001
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Detected: 1
C:\Users\Wherewolf\AppData\Local\ynnfmkmer.exe (Trojan.Lameshield) -> 2236 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Wherewolf\AppData\Local\ynnfmkmer.exe (Trojan.Lameshield) -> Delete on reboot.
C:\Users\Wherewolf\Local Settings\ynnfmkmer.exe (Trojan.Lameshield) -> Delete on reboot.
C:\Users\Wherewolf\Local Settings\Application Data\ynnfmkmer.exe (Trojan.Lameshield) -> Delete on reboot.
C:\Windows\Installer\{e2fc0e10-e822-2346-eea8-1a07cbbf6da4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)
------------------------------------------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.08.06

Windows 7 x64 NTFS (Safe Mode)
Internet Explorer 8.0.7600.16385
Wherewolf :: WHEREWOLF-PC [administrator]

7/8/2012 10:08:49 PM
mbam-log-2012-07-08 (22-08-49).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 583904
Time elapsed: 1 hour(s), 8 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{e2fc0e10-e822-2346-eea8-1a07cbbf6da4}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 PM

Posted 09 July 2012 - 11:54 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{e2fc0e10-e822-2346-eea8-1a07cbbf6da4}

Click on LOOK,post the generated log

#12 Wherewolf

Wherewolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 09 July 2012 - 11:57 PM

dumb question >.>

Edited by Wherewolf, 10 July 2012 - 12:14 AM.


#13 Wherewolf

Wherewolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 10 July 2012 - 02:14 AM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.10.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Wherewolf :: WHEREWOLF-PC [administrator]

7/10/2012 12:54:47 AM
mbam-log-2012-07-10 (00-54-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 586609
Time elapsed: 2 hour(s), 1 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 25-06-2012
Ran by Wherewolf (administrator) on 10-07-2012 at 03:11:51
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Wherewolf-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-25-22-64-C9-BD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d5aa:5c2f:a9e5:d3d9%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.113(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, July 10, 2012 12:45:07 AM
Lease Expires . . . . . . . . . . : Wednesday, July 11, 2012 12:45:06 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234890530
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-9D-72-A8-00-25-22-64-C9-BD
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
75.75.75.75
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{80F87D1D-6850-4D03-82F4-1ECFA14392AF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com.hsd1.ma.comcast.net
Address: 67.215.65.132


Pinging google.com [173.194.43.40] with 32 bytes of data:
Reply from 173.194.43.40: bytes=32 time=35ms TTL=54
Reply from 173.194.43.40: bytes=32 time=34ms TTL=54

Ping statistics for 173.194.43.40:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 35ms, Average = 34ms
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com.hsd1.ma.comcast.net
Address: 67.215.65.132


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=65ms TTL=49
Reply from 209.191.122.70: bytes=32 time=65ms TTL=49

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 65ms, Maximum = 65ms, Average = 65ms
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: bleepingcomputer.com.hsd1.ma.comcast.net
Address: 67.215.65.132


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 25 22 64 c9 bd ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.113 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.113 276
192.168.1.113 255.255.255.255 On-link 192.168.1.113 276
192.168.1.255 255.255.255.255 On-link 192.168.1.113 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.113 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.113 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::d5aa:5c2f:a9e5:d3d9/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/10/2012 00:45:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/09/2012 08:41:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/09/2012 01:23:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/09/2012 01:23:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/08/2012 08:34:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74e4c9f1
Faulting process id: 0xe98
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/08/2012 08:33:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74e4c9f1
Faulting process id: 0x1278
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/08/2012 08:32:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74e4c9f1
Faulting process id: 0xf34
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/08/2012 06:14:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.12.9610, time stamp: 0x4f4e85f9
Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850, time stamp: 0x4e211da1
Exception code: 0xc000041d
Fault offset: 0x000000000000a88d
Faulting process id: 0x790
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3

Error: (07/07/2012 05:58:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: xsecva.exe, version: 0.0.0.0, time stamp: 0x4ff61ebf
Faulting module name: RASAPI32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdad7
Exception code: 0xc0000005
Fault offset: 0x000017e9
Faulting process id: 0x850
Faulting application start time: 0xxsecva.exe0
Faulting application path: xsecva.exe1
Faulting module path: xsecva.exe2
Report Id: xsecva.exe3

Error: (07/05/2012 10:18:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: xeracomwns.exe, version: 0.0.0.0, time stamp: 0x4ff61ebf
Faulting module name: RASAPI32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdad7
Exception code: 0xc0000005
Fault offset: 0x000017e9
Faulting process id: 0x1308
Faulting application start time: 0xxeracomwns.exe0
Faulting application path: xeracomwns.exe1
Faulting module path: xeracomwns.exe2
Report Id: xeracomwns.exe3


System errors:
=============
Error: (07/10/2012 00:48:21 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/10/2012 00:48:21 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/10/2012 00:46:31 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/10/2012 00:46:31 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/10/2012 00:45:58 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/10/2012 00:45:57 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/10/2012 00:45:49 AM) (Source: Service Control Manager) (User: )
Description: The Freemake Improver service failed to start due to the following error:
%%1053

Error: (07/10/2012 00:45:49 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.

Error: (07/10/2012 00:45:20 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/10/2012 00:45:17 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (07/10/2012 00:45:37 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Wherewolf\Desktop\esetsmartinstaller_enu.exe

Error: (07/09/2012 08:41:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Wherewolf\Desktop\esetsmartinstaller_enu.exe

Error: (07/09/2012 01:23:09 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Wherewolf\Desktop\esetsmartinstaller_enu.exe

Error: (07/09/2012 01:23:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Wherewolf\Desktop\esetsmartinstaller_enu.exe

Error: (07/08/2012 08:34:57 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574e4c9f1e9801cd5d6aaaecba81C:\Windows\SysWOW64\svchost.exeunknowne89a2b3d-c95d-11e1-b949-00252264c9bd

Error: (07/08/2012 08:33:57 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574e4c9f1127801cd5d6a8705fd87C:\Windows\SysWOW64\svchost.exeunknownc4c0d77d-c95d-11e1-b949-00252264c9bd

Error: (07/08/2012 08:32:56 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574e4c9f1f3401cd5d6a61f560c0C:\Windows\SysWOW64\svchost.exeunknowna06d2d12-c95d-11e1-b949-00252264c9bd

Error: (07/08/2012 06:14:24 PM) (Source: Application Error)(User: )
Description: nvtray.exe7.17.12.96104f4e85f9KERNELBASE.dll6.1.7600.168504e211da1c000041d000000000000a88d79001cd5d3830c2ffd0C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\KERNELBASE.dll45ef9690-c94a-11e1-b897-00252264c9bd

Error: (07/07/2012 05:58:48 PM) (Source: Application Error)(User: )
Description: xsecva.exe0.0.0.04ff61ebfRASAPI32.dll6.1.7600.163854a5bdad7c0000005000017e985001cd5c8afbd1be68C:\Users\Wherewolf\AppData\Roaming\xsecva\xsecva.exeC:\Windows\system32\RASAPI32.dlledb612c2-c87e-11e1-a309-00252264c9bd

Error: (07/05/2012 10:18:30 PM) (Source: Application Error)(User: )
Description: xeracomwns.exe0.0.0.04ff61ebfRASAPI32.dll6.1.7600.163854a5bdad7c0000005000017e9130801cd5b1da1c3363cC:\Users\WHEREW~1\AppData\Local\Temp\xeracomwns.exeC:\Windows\system32\RASAPI32.dlle06e451e-c710-11e1-92ef-00252264c9bd


=========================== Installed Programs ============================

7-Zip 9.20
Ace of Spades (Version: 0.70.017)
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Media Live Encoder 3.1 (Version: 3.1.0)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.62)
Adobe Illustrator CS5 (Version: 15.0)
Adobe Media Player (Version: 1.8)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Akamai NetSession Interface
Akamai NetSession Interface Service
Alien Swarm
AllMyNotes Organizer (Version: 2.60)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Aquaria
Audacity 1.3.12 (Unicode)
Bastion
Beat Hazard
BioShock
BitTorrent (Version: 7.2.1)
Bonjour (Version: 3.0.0.10)
Braid (Version 1.015)
Bulletstorm
Camtasia Studio 7 (Version: 7.1.0)
CCleaner (Version: 3.16)
dBpoweramp Music Converter (Version: Release 14.1)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dota 2
Dropbox (Version: 1.2.52)
ESET Online Scanner v3
Eufloria - Demo
F.lux
Fallout: New Vegas
FLV to MP4 Converter 2009.2.20
foobar2000 v1.1.2 (Version: 1.1.2)
FormatFactory 2.90 (Version: 2.90)
Freemake Video Converter version 3.0.1 (Version: 3.0.1)
Gimp 2.6.2 Debug
GOM Player (Version: 2.1.40.5106)
GOMTV Streamer (Version: 1.0.0.25)
Google Chrome (Version: 20.0.1132.47)
Google Update Helper (Version: 1.3.21.111)
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
InstallIQ Updater (Version: 1.4.3.0)
IrfanView (remove only) (Version: 4.28)
iTunes (Version: 10.6.3.25)
Jack Claw
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 30 (Version: 6.0.300)
Kingdoms of Amalur: Reckoning (Version: 1.0.0.0)
LAME v3.98.3 for Audacity
Left 4 Dead 2
LIMBO
Lugaru HD
Machinarium (Version: 23.10.09)
Mafia
Mafia II
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Excel 2010 (Version: 14.0.6029.1000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 - English (Version: 14.0.5130.5001)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Word 2010 (Version: 14.0.6029.1000)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Monday Night Combat
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
Mumble and Murmur (Version: 1.2.2)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA 3D Vision Driver 296.10 (Version: 296.10)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9610)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
Octoshape add-in for Adobe Flash Player
Octoshape Streaming Services
OpenAL
OpenOffice.org 3.3 (Version: 3.3.9567)
Orcs Must Die!
Origin (Version: 8.5.0.4550)
Osmos
Paint.NET v3.5.8 (Version: 3.58.0)
PDF Settings CS5 (Version: 10.0)
Penumbra: Overture
Plants vs. Zombies: Game of the Year
Portal
Portal 2
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.72.80.56)
Rainmeter (Version: 2.2 r1116)
Razer DeathAdder™ Mouse (Version: 3.03)
Revenge of the Titans HIB (remove only)
Samorost 2
Shadowgrounds 1.05b
Shadowgrounds Survivor 1.09
Skype Click to Call (Version: 6.0.10297)
Skype™ 5.8 (Version: 5.8.158)
SpaceChem
Spotify (Version: 0.8.3.222.g317ab79d)
StarCraft II (Version: 1.4.3.21029)
Steam (Version: 1.0.0.0)
Team Fortress 2
Team Fortress 2 Beta
TeamViewer 6 (Version: 6.0.10194)
Terraria
TinyWord 2.9.0 (Version: 2.9.0)
Tom Clancy's H.A.W.X. 2 (Version: 1.0.0)
Tribes Ascend Closed Beta (Version: 0.1.789.1)
Trine 1.09
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
WhoCrashed 3.03
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
World of Goo
XSplit (Version: 1.0.1201.0504)

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 8191.3 MB
Available physical RAM: 5134.57 MB
Total Pagefile: 16380.75 MB
Available Pagefile: 13362.23 MB
Total Virtual: 4095.88 MB
Available Virtual: 3953.88 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:625.96 GB) NTFS

========================= Users: ========================================

User accounts for \\WHEREWOLF-PC

Administrator Guest UpdatusUser
Wherewolf


**** End of log ****


SystemLook 30.07.11 by jpshortstuff
Log created at 03:07 on 10/07/2012 by Wherewolf
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{e2fc0e10-e822-2346-eea8-1a07cbbf6da4}"
C:\Users\Wherewolf\AppData\Local\{e2fc0e10-e822-2346-eea8-1a07cbbf6da4} d--hs-- [23:59 10/01/2012]
C:\Windows\Installer\{e2fc0e10-e822-2346-eea8-1a07cbbf6da4} d--hs-- [23:59 10/01/2012]

-= EOF =-

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 PM

Posted 10 July 2012 - 04:32 AM

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Wherewolf\AppData\Local\{e2fc0e10-e822-2346-eea8-1a07cbbf6da4}
C:\Windows\Installer\{e2fc0e10-e822-2346-eea8-1a07cbbf6da4}

delete both the folders

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#15 Wherewolf

Wherewolf
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 10 July 2012 - 11:16 AM

Farbar Service Scanner Version: 08-07-2012
Ran by Wherewolf (administrator) on 10-07-2012 at 12:15:24
Running from "C:\Users\Wherewolf\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-14 17:16] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 20:58] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 15:47] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users