Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 sirefef.Y and Win32 sirefef.B


  • Please log in to reply
17 replies to this topic

#1 JamesMoriarty

JamesMoriarty

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 11 July 2012 - 03:47 PM

Hello, I joined bleepingcomputer today because I've simply had it with the two viruses on my computer. I thought I took care of the Win32 sirefef.Y virus but apparently not. I discovered these little bundles of joy on my system the other day when I was redirected several times to websites such as "finalcoutsearch". I know absolutely nothing when it comes to the innerds of a computer and I see people asking others to post logs and such and I have no idea how to do that. Any help in this matter would be much appreciated. In the past I've tried Microsoft Security Essentials but it would detect a problem and restart my computer after a minute or so after startup which became more of a nusiance than the viruses. I've been using MalwareBytes as a scanner and McAfee as a firewall. I don't believe that I have any other firewall or security programs running/on my computer at this time. Any help would be much appreciated, cheers! And God bless!

-James

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 11 July 2012 - 07:30 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 JamesMoriarty

JamesMoriarty
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 12 July 2012 - 06:51 AM

Hello there! And thanks for the reply. I ran all three programs just like you instructed and I came up with this:

23:36:05.0678 2872 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
23:36:06.0568 2872 ============================================================
23:36:06.0568 2872 Current date / time: 2012/07/11 23:36:06.0568
23:36:06.0568 2872 SystemInfo:
23:36:06.0568 2872
23:36:06.0568 2872 OS Version: 6.1.7601 ServicePack: 1.0
23:36:06.0568 2872 Product type: Workstation
23:36:06.0568 2872 ComputerName: *****
23:36:06.0568 2872 UserName: *******
23:36:06.0569 2872 Windows directory: C:\Windows
23:36:06.0569 2872 System windows directory: C:\Windows
23:36:06.0569 2872 Running under WOW64
23:36:06.0569 2872 Processor architecture: Intel x64
23:36:06.0569 2872 Number of processors: 4
23:36:06.0569 2872 Page size: 0x1000
23:36:06.0569 2872 Boot type: Normal boot
23:36:06.0569 2872 ============================================================
23:36:08.0103 2872 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:36:08.0110 2872 ============================================================
23:36:08.0110 2872 \Device\Harddisk0\DR0:
23:36:08.0110 2872 MBR partitions:
23:36:08.0110 2872 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x2E937CC1
23:36:08.0110 2872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F93A696, BlocksNum 0x44DCB32B
23:36:08.0110 2872 ============================================================
23:36:08.0135 2872 C: <-> \Device\Harddisk0\DR0\Partition0
23:36:08.0167 2872 D: <-> \Device\Harddisk0\DR0\Partition1
23:36:08.0167 2872 ============================================================
23:36:08.0167 2872 Initialize success
23:36:08.0167 2872 ============================================================
23:36:16.0527 5104 ============================================================
23:36:16.0527 5104 Scan started
23:36:16.0527 5104 Mode: Manual; TDLFS;
23:36:16.0527 5104 ============================================================
23:36:17.0634 5104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:36:17.0680 5104 1394ohci - ok
23:36:17.0725 5104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:36:17.0771 5104 ACPI - ok
23:36:17.0782 5104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:36:17.0820 5104 AcpiPmi - ok
23:36:17.0854 5104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:36:17.0865 5104 adp94xx - ok
23:36:17.0885 5104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:36:17.0895 5104 adpahci - ok
23:36:17.0910 5104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:36:17.0918 5104 adpu320 - ok
23:36:17.0944 5104 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:36:17.0946 5104 AeLookupSvc - ok
23:36:18.0014 5104 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:36:18.0062 5104 AFD - ok
23:36:18.0099 5104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:36:18.0104 5104 agp440 - ok
23:36:18.0122 5104 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:36:18.0127 5104 ALG - ok
23:36:18.0137 5104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:36:18.0142 5104 aliide - ok
23:36:18.0149 5104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:36:18.0151 5104 amdide - ok
23:36:18.0172 5104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:36:18.0175 5104 AmdK8 - ok
23:36:18.0191 5104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:36:18.0195 5104 AmdPPM - ok
23:36:18.0207 5104 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
23:36:18.0249 5104 amdsata - ok
23:36:18.0260 5104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:36:18.0269 5104 amdsbs - ok
23:36:18.0295 5104 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
23:36:18.0295 5104 amdxata - ok
23:36:18.0327 5104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:36:18.0371 5104 AppID - ok
23:36:18.0389 5104 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:36:18.0393 5104 AppIDSvc - ok
23:36:18.0425 5104 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:36:18.0456 5104 Appinfo - ok
23:36:18.0549 5104 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:36:18.0598 5104 Apple Mobile Device - ok
23:36:18.0614 5104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:36:18.0618 5104 arc - ok
23:36:18.0635 5104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:36:18.0641 5104 arcsas - ok
23:36:18.0743 5104 ASInsHelp (edaa17ce771c696655b6585f7cad2100) C:\Windows\SysWow64\drivers\AsInsHelp64.sys
23:36:18.0791 5104 ASInsHelp - ok
23:36:18.0832 5104 AsIO (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
23:36:18.0877 5104 AsIO - ok
23:36:18.0943 5104 aspnet_state - ok
23:36:18.0991 5104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:36:18.0996 5104 AsyncMac - ok
23:36:19.0023 5104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:36:19.0023 5104 atapi - ok
23:36:19.0069 5104 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:36:19.0106 5104 AudioEndpointBuilder - ok
23:36:19.0113 5104 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:36:19.0147 5104 AudioSrv - ok
23:36:19.0184 5104 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:36:19.0215 5104 AxInstSV - ok
23:36:19.0238 5104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:36:19.0247 5104 b06bdrv - ok
23:36:19.0269 5104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:36:19.0275 5104 b57nd60a - ok
23:36:19.0430 5104 Bandoo Coordinator (799e48fdf68d388b1b9bcbb6bd062fa2) C:\Program Files (x86)\Bandoo\Bandoo.exe
23:36:19.0500 5104 Bandoo Coordinator - ok
23:36:19.0579 5104 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:36:19.0584 5104 BDESVC - ok
23:36:19.0631 5104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:36:19.0636 5104 Beep - ok
23:36:19.0677 5104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:36:19.0683 5104 blbdrive - ok
23:36:19.0769 5104 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:36:19.0815 5104 Bonjour Service - ok
23:36:19.0873 5104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:36:19.0874 5104 bowser - ok
23:36:19.0892 5104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:36:19.0897 5104 BrFiltLo - ok
23:36:19.0907 5104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:36:19.0912 5104 BrFiltUp - ok
23:36:19.0952 5104 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:36:19.0983 5104 Browser - ok
23:36:19.0999 5104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:36:20.0007 5104 Brserid - ok
23:36:20.0020 5104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:36:20.0025 5104 BrSerWdm - ok
23:36:20.0033 5104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:36:20.0037 5104 BrUsbMdm - ok
23:36:20.0043 5104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:36:20.0047 5104 BrUsbSer - ok
23:36:20.0063 5104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:36:20.0066 5104 BTHMODEM - ok
23:36:20.0087 5104 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:36:20.0091 5104 bthserv - ok
23:36:20.0147 5104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:36:20.0153 5104 cdfs - ok
23:36:20.0196 5104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:36:20.0236 5104 cdrom - ok
23:36:20.0272 5104 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:36:20.0303 5104 CertPropSvc - ok
23:36:20.0345 5104 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
23:36:20.0394 5104 cfwids - ok
23:36:20.0403 5104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:36:20.0406 5104 circlass - ok
23:36:20.0492 5104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:36:20.0501 5104 CLFS - ok
23:36:20.0570 5104 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:36:20.0574 5104 clr_optimization_v2.0.50727_32 - ok
23:36:20.0603 5104 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:36:20.0609 5104 clr_optimization_v2.0.50727_64 - ok
23:36:20.0677 5104 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:36:20.0730 5104 clr_optimization_v4.0.30319_32 - ok
23:36:20.0755 5104 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:36:20.0803 5104 clr_optimization_v4.0.30319_64 - ok
23:36:20.0836 5104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:36:20.0840 5104 CmBatt - ok
23:36:20.0870 5104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:36:20.0874 5104 cmdide - ok
23:36:20.0923 5104 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:36:20.0926 5104 CNG - ok
23:36:20.0950 5104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:36:20.0955 5104 Compbatt - ok
23:36:20.0991 5104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:36:21.0033 5104 CompositeBus - ok
23:36:21.0048 5104 COMSysApp - ok
23:36:21.0245 5104 cpuz132 - ok
23:36:21.0314 5104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:36:21.0317 5104 crcdisk - ok
23:36:21.0357 5104 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:36:21.0389 5104 CryptSvc - ok
23:36:21.0436 5104 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:36:21.0441 5104 DcomLaunch - ok
23:36:21.0463 5104 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:36:21.0471 5104 defragsvc - ok
23:36:21.0527 5104 Device Handle Service (4b7c99c585a7be24be410389071d9f14) C:\Windows\SysWOW64\AsHookDevice.exe
23:36:21.0573 5104 Device Handle Service - ok
23:36:21.0659 5104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:36:21.0660 5104 DfsC - ok
23:36:21.0702 5104 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:36:21.0735 5104 Dhcp - ok
23:36:21.0784 5104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:36:21.0788 5104 discache - ok
23:36:21.0795 5104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:36:21.0798 5104 Disk - ok
23:36:21.0835 5104 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:36:21.0866 5104 Dnscache - ok
23:36:21.0905 5104 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:36:21.0937 5104 dot3svc - ok
23:36:21.0979 5104 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:36:22.0015 5104 DPS - ok
23:36:22.0053 5104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:36:22.0058 5104 drmkaud - ok
23:36:22.0128 5104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:36:22.0183 5104 DXGKrnl - ok
23:36:22.0199 5104 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:36:22.0203 5104 EapHost - ok
23:36:22.0311 5104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:36:22.0349 5104 ebdrv - ok
23:36:22.0430 5104 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:36:22.0478 5104 EFS - ok
23:36:22.0584 5104 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:36:22.0640 5104 ehRecvr - ok
23:36:22.0662 5104 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:36:22.0667 5104 ehSched - ok
23:36:22.0708 5104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:36:22.0718 5104 elxstor - ok
23:36:22.0760 5104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:36:22.0765 5104 ErrDev - ok
23:36:22.0802 5104 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:36:22.0810 5104 EventSystem - ok
23:36:22.0831 5104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:36:22.0839 5104 exfat - ok
23:36:22.0875 5104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:36:22.0882 5104 fastfat - ok
23:36:22.0933 5104 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:36:22.0986 5104 Fax - ok
23:36:23.0002 5104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:36:23.0007 5104 fdc - ok
23:36:23.0015 5104 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:36:23.0020 5104 fdPHost - ok
23:36:23.0036 5104 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:36:23.0040 5104 FDResPub - ok
23:36:23.0051 5104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:36:23.0052 5104 FileInfo - ok
23:36:23.0065 5104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:36:23.0069 5104 Filetrace - ok
23:36:23.0175 5104 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
23:36:23.0227 5104 FLEXnet Licensing Service 64 - ok
23:36:23.0300 5104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:36:23.0303 5104 flpydisk - ok
23:36:23.0354 5104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:36:23.0356 5104 FltMgr - ok
23:36:23.0411 5104 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
23:36:23.0453 5104 FontCache - ok
23:36:23.0556 5104 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:36:23.0604 5104 FontCache3.0.0.0 - ok
23:36:23.0630 5104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:36:23.0634 5104 FsDepends - ok
23:36:23.0675 5104 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:36:23.0716 5104 Fs_Rec - ok
23:36:23.0762 5104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:36:23.0763 5104 fvevol - ok
23:36:23.0779 5104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:36:23.0785 5104 gagp30kx - ok
23:36:23.0833 5104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:36:23.0873 5104 GEARAspiWDM - ok
23:36:23.0923 5104 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:36:23.0963 5104 gpsvc - ok
23:36:24.0088 5104 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:24.0143 5104 gupdate - ok
23:36:24.0157 5104 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:24.0213 5104 gupdatem - ok
23:36:24.0243 5104 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
23:36:24.0288 5104 hamachi - ok
23:36:24.0429 5104 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
23:36:24.0493 5104 Hamachi2Svc - ok
23:36:24.0563 5104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:36:24.0567 5104 hcw85cir - ok
23:36:24.0609 5104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:36:24.0659 5104 HdAudAddService - ok
23:36:24.0709 5104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:36:24.0754 5104 HDAudBus - ok
23:36:24.0761 5104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:36:24.0764 5104 HidBatt - ok
23:36:24.0778 5104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:36:24.0783 5104 HidBth - ok
23:36:24.0791 5104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:36:24.0794 5104 HidIr - ok
23:36:24.0805 5104 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:36:24.0810 5104 hidserv - ok
23:36:24.0822 5104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:36:24.0861 5104 HidUsb - ok
23:36:24.0888 5104 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:36:24.0920 5104 hkmsvc - ok
23:36:24.0959 5104 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:36:24.0999 5104 HomeGroupListener - ok
23:36:25.0031 5104 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:36:25.0063 5104 HomeGroupProvider - ok
23:36:25.0101 5104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:36:25.0142 5104 HpSAMD - ok
23:36:25.0207 5104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:36:25.0255 5104 HTTP - ok
23:36:25.0304 5104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:36:25.0305 5104 hwpolicy - ok
23:36:25.0319 5104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:36:25.0325 5104 i8042prt - ok
23:36:25.0379 5104 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
23:36:25.0429 5104 iaStorV - ok
23:36:25.0666 5104 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:36:25.0723 5104 IDriverT - ok
23:36:25.0798 5104 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:36:25.0860 5104 idsvc - ok
23:36:26.0121 5104 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:36:26.0219 5104 igfx - ok
23:36:26.0300 5104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:36:26.0305 5104 iirsp - ok
23:36:26.0357 5104 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:36:26.0403 5104 IKEEXT - ok
23:36:26.0507 5104 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
23:36:26.0560 5104 IntcAzAudAddService - ok
23:36:26.0691 5104 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
23:36:26.0740 5104 IntcHdmiAddService - ok
23:36:26.0771 5104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:36:26.0773 5104 intelide - ok
23:36:26.0808 5104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:36:26.0813 5104 intelppm - ok
23:36:26.0829 5104 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:36:26.0835 5104 IPBusEnum - ok
23:36:26.0878 5104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:36:26.0916 5104 IpFilterDriver - ok
23:36:26.0935 5104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:36:26.0974 5104 IPMIDRV - ok
23:36:26.0988 5104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:36:26.0994 5104 IPNAT - ok
23:36:27.0095 5104 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:36:27.0150 5104 iPod Service - ok
23:36:27.0159 5104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:36:27.0163 5104 IRENUM - ok
23:36:27.0200 5104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:36:27.0203 5104 isapnp - ok
23:36:27.0224 5104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:36:27.0268 5104 iScsiPrt - ok
23:36:27.0300 5104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:36:27.0305 5104 kbdclass - ok
23:36:27.0339 5104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:36:27.0377 5104 kbdhid - ok
23:36:27.0406 5104 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:27.0407 5104 KeyIso - ok
23:36:27.0461 5104 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:36:27.0463 5104 KSecDD - ok
23:36:27.0500 5104 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:36:27.0501 5104 KSecPkg - ok
23:36:27.0546 5104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:36:27.0550 5104 ksthunk - ok
23:36:27.0578 5104 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:36:27.0590 5104 KtmRm - ok
23:36:27.0644 5104 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:36:27.0684 5104 LanmanServer - ok
23:36:27.0718 5104 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:36:27.0749 5104 LanmanWorkstation - ok
23:36:27.0785 5104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:36:27.0789 5104 lltdio - ok
23:36:27.0810 5104 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:36:27.0817 5104 lltdsvc - ok
23:36:27.0832 5104 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:36:27.0837 5104 lmhosts - ok
23:36:27.0855 5104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:36:27.0861 5104 LSI_FC - ok
23:36:27.0884 5104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:36:27.0889 5104 LSI_SAS - ok
23:36:27.0904 5104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:36:27.0909 5104 LSI_SAS2 - ok
23:36:27.0925 5104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:36:27.0930 5104 LSI_SCSI - ok
23:36:27.0947 5104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:36:27.0948 5104 luafv - ok
23:36:28.0055 5104 McAfee SiteAdvisor Service (b891e3920f24ff1a3bead6cd2b42ed99) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
23:36:28.0105 5104 McAfee SiteAdvisor Service - ok
23:36:28.0196 5104 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:36:28.0245 5104 McMPFSvc - ok
23:36:28.0266 5104 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:36:28.0317 5104 mcmscsvc - ok
23:36:28.0336 5104 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:36:28.0384 5104 McNaiAnn - ok
23:36:28.0390 5104 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:36:28.0441 5104 McNASvc - ok
23:36:28.0508 5104 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
23:36:28.0562 5104 McODS - ok
23:36:28.0584 5104 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:36:28.0632 5104 McProxy - ok
23:36:28.0693 5104 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:36:28.0741 5104 McShield - ok
23:36:28.0776 5104 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:36:28.0814 5104 Mcx2Svc - ok
23:36:28.0851 5104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:36:28.0858 5104 megasas - ok
23:36:28.0880 5104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:36:28.0890 5104 MegaSR - ok
23:36:28.0953 5104 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
23:36:28.0993 5104 mfeapfk - ok
23:36:29.0052 5104 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
23:36:29.0095 5104 mfeavfk - ok
23:36:29.0116 5104 mfeavfk01 - ok
23:36:29.0159 5104 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:36:29.0200 5104 mfefire - ok
23:36:29.0253 5104 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
23:36:29.0300 5104 mfefirek - ok
23:36:29.0329 5104 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
23:36:29.0375 5104 mfehidk - ok
23:36:29.0411 5104 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:36:29.0450 5104 mfenlfk - ok
23:36:29.0494 5104 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
23:36:29.0538 5104 mferkdet - ok
23:36:29.0578 5104 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
23:36:29.0624 5104 mfevtp - ok
23:36:29.0660 5104 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
23:36:29.0662 5104 mfewfpk - ok
23:36:29.0765 5104 mi-raysat_3dsmax2012_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
23:36:29.0810 5104 mi-raysat_3dsmax2012_64 - ok
23:36:29.0897 5104 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:36:29.0949 5104 Microsoft Office Groove Audit Service - ok
23:36:29.0974 5104 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:36:29.0977 5104 MMCSS - ok
23:36:29.0997 5104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:36:30.0000 5104 Modem - ok
23:36:30.0009 5104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:36:30.0009 5104 monitor - ok
23:36:30.0049 5104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:36:30.0054 5104 mouclass - ok
23:36:30.0069 5104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:36:30.0074 5104 mouhid - ok
23:36:30.0105 5104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:36:30.0146 5104 mountmgr - ok
23:36:30.0224 5104 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:36:30.0274 5104 MozillaMaintenance - ok
23:36:30.0293 5104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:36:30.0335 5104 mpio - ok
23:36:30.0372 5104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:36:30.0377 5104 mpsdrv - ok
23:36:30.0410 5104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:36:30.0454 5104 MRxDAV - ok
23:36:30.0488 5104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:36:30.0490 5104 mrxsmb - ok
23:36:30.0543 5104 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:36:30.0545 5104 mrxsmb10 - ok
23:36:30.0580 5104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:36:30.0581 5104 mrxsmb20 - ok
23:36:30.0613 5104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:36:30.0663 5104 msahci - ok
23:36:30.0717 5104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:36:30.0769 5104 msdsm - ok
23:36:30.0791 5104 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:36:30.0797 5104 MSDTC - ok
23:36:30.0839 5104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:36:30.0840 5104 Msfs - ok
23:36:30.0851 5104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:36:30.0857 5104 mshidkmdf - ok
23:36:30.0893 5104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:36:30.0896 5104 msisadrv - ok
23:36:30.0924 5104 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:36:30.0930 5104 MSiSCSI - ok
23:36:30.0934 5104 msiserver - ok
23:36:30.0949 5104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:36:30.0954 5104 MSKSSRV - ok
23:36:30.0961 5104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:36:30.0965 5104 MSPCLOCK - ok
23:36:30.0972 5104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:36:30.0975 5104 MSPQM - ok
23:36:31.0017 5104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:36:31.0019 5104 MsRPC - ok
23:36:31.0056 5104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:36:31.0060 5104 mssmbios - ok
23:36:31.0077 5104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:36:31.0080 5104 MSTEE - ok
23:36:31.0092 5104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:36:31.0096 5104 MTConfig - ok
23:36:31.0144 5104 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
23:36:31.0187 5104 MTsensor - ok
23:36:31.0199 5104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:36:31.0200 5104 Mup - ok
23:36:31.0243 5104 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:36:31.0249 5104 napagent - ok
23:36:31.0265 5104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:36:31.0273 5104 NativeWifiP - ok
23:36:31.0309 5104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:36:31.0360 5104 NDIS - ok
23:36:31.0383 5104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:36:31.0388 5104 NdisCap - ok
23:36:31.0403 5104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:36:31.0407 5104 NdisTapi - ok
23:36:31.0444 5104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:36:31.0483 5104 Ndisuio - ok
23:36:31.0517 5104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:36:31.0556 5104 NdisWan - ok
23:36:31.0600 5104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:36:31.0646 5104 NDProxy - ok
23:36:31.0693 5104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:36:31.0694 5104 NetBIOS - ok
23:36:31.0742 5104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:36:31.0786 5104 NetBT - ok
23:36:31.0814 5104 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:31.0815 5104 Netlogon - ok
23:36:31.0841 5104 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:36:31.0849 5104 Netman - ok
23:36:31.0958 5104 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:36:32.0011 5104 NetMsmqActivator - ok
23:36:32.0014 5104 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:36:32.0060 5104 NetPipeActivator - ok
23:36:32.0103 5104 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:36:32.0108 5104 netprofm - ok
23:36:32.0165 5104 netr28ux (eed1fbde98cf5f6d5c0c5b27ab1f68ec) C:\Windows\system32\DRIVERS\netr28ux.sys
23:36:32.0212 5104 netr28ux - ok
23:36:32.0253 5104 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
23:36:32.0265 5104 netr28x - ok
23:36:32.0374 5104 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:36:32.0421 5104 NetTcpActivator - ok
23:36:32.0425 5104 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:36:32.0471 5104 NetTcpPortSharing - ok
23:36:32.0488 5104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:36:32.0491 5104 nfrd960 - ok
23:36:32.0536 5104 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:36:32.0568 5104 NlaSvc - ok
23:36:32.0609 5104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:36:32.0610 5104 Npfs - ok
23:36:32.0632 5104 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:36:32.0638 5104 nsi - ok
23:36:32.0650 5104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:36:32.0654 5104 nsiproxy - ok
23:36:32.0744 5104 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
23:36:32.0758 5104 Ntfs - ok
23:36:32.0842 5104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:36:32.0848 5104 Null - ok
23:36:32.0891 5104 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
23:36:32.0933 5104 NVHDA - ok
23:36:33.0334 5104 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:36:33.0618 5104 nvlddmkm - ok
23:36:33.0716 5104 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
23:36:33.0763 5104 nvraid - ok
23:36:33.0780 5104 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
23:36:33.0822 5104 nvstor - ok
23:36:33.0894 5104 NVSvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
23:36:33.0950 5104 NVSvc - ok
23:36:34.0072 5104 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:36:34.0139 5104 nvUpdatusService - ok
23:36:34.0234 5104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:36:34.0242 5104 nv_agp - ok
23:36:34.0312 5104 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:36:34.0363 5104 odserv - ok
23:36:34.0378 5104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:36:34.0384 5104 ohci1394 - ok
23:36:34.0423 5104 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:36:34.0469 5104 ose - ok
23:36:34.0496 5104 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:36:34.0503 5104 p2pimsvc - ok
23:36:34.0520 5104 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:36:34.0531 5104 p2psvc - ok
23:36:34.0548 5104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:36:34.0553 5104 Parport - ok
23:36:34.0572 5104 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:36:34.0614 5104 partmgr - ok
23:36:34.0626 5104 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:36:34.0633 5104 PcaSvc - ok
23:36:34.0673 5104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:36:34.0720 5104 pci - ok
23:36:34.0732 5104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:36:34.0736 5104 pciide - ok
23:36:34.0752 5104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:36:34.0757 5104 pcmcia - ok
23:36:34.0773 5104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:36:34.0774 5104 pcw - ok
23:36:34.0820 5104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:36:34.0832 5104 PEAUTH - ok
23:36:34.0886 5104 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:36:34.0889 5104 PerfHost - ok
23:36:34.0987 5104 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:36:35.0036 5104 pla - ok
23:36:35.0092 5104 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:36:35.0128 5104 PlugPlay - ok
23:36:35.0158 5104 PnkBstrA - ok
23:36:35.0180 5104 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:36:35.0186 5104 PNRPAutoReg - ok
23:36:35.0205 5104 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:36:35.0213 5104 PNRPsvc - ok
23:36:35.0263 5104 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:36:35.0297 5104 PolicyAgent - ok
23:36:35.0328 5104 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:36:35.0334 5104 Power - ok
23:36:35.0385 5104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:36:35.0424 5104 PptpMiniport - ok
23:36:35.0437 5104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:36:35.0440 5104 Processor - ok
23:36:35.0459 5104 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:36:35.0491 5104 ProfSvc - ok
23:36:35.0521 5104 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:35.0523 5104 ProtectedStorage - ok
23:36:35.0559 5104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:36:35.0560 5104 Psched - ok
23:36:35.0616 5104 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:36:35.0661 5104 PxHlpa64 - ok
23:36:35.0716 5104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:36:35.0796 5104 ql2300 - ok
23:36:35.0934 5104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:36:35.0939 5104 ql40xx - ok
23:36:35.0968 5104 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:36:35.0976 5104 QWAVE - ok
23:36:35.0983 5104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:36:35.0989 5104 QWAVEdrv - ok
23:36:36.0001 5104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:36:36.0005 5104 RasAcd - ok
23:36:36.0024 5104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:36:36.0027 5104 RasAgileVpn - ok
23:36:36.0051 5104 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:36:36.0059 5104 RasAuto - ok
23:36:36.0102 5104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:36:36.0143 5104 Rasl2tp - ok
23:36:36.0160 5104 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:36:36.0194 5104 RasMan - ok
23:36:36.0214 5104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:36:36.0220 5104 RasPppoe - ok
23:36:36.0232 5104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:36:36.0236 5104 RasSstp - ok
23:36:36.0285 5104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:36:36.0326 5104 rdbss - ok
23:36:36.0336 5104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:36:36.0341 5104 rdpbus - ok
23:36:36.0347 5104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:36:36.0348 5104 RDPCDD - ok
23:36:36.0362 5104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:36:36.0365 5104 RDPENCDD - ok
23:36:36.0371 5104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:36:36.0373 5104 RDPREFMP - ok
23:36:36.0413 5104 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:36:36.0454 5104 RDPWD - ok
23:36:36.0492 5104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:36:36.0494 5104 rdyboost - ok
23:36:36.0511 5104 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:36:36.0517 5104 RemoteAccess - ok
23:36:36.0538 5104 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:36:36.0543 5104 RemoteRegistry - ok
23:36:36.0556 5104 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:36:36.0562 5104 RpcEptMapper - ok
23:36:36.0569 5104 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:36:36.0575 5104 RpcLocator - ok
23:36:36.0618 5104 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:36:36.0622 5104 RpcSs - ok
23:36:36.0669 5104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:36:36.0673 5104 rspndr - ok
23:36:36.0718 5104 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:36:36.0763 5104 RTL8167 - ok
23:36:36.0788 5104 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:36.0790 5104 SamSs - ok
23:36:36.0825 5104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:36:36.0868 5104 sbp2port - ok
23:36:36.0890 5104 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:36:36.0897 5104 SCardSvr - ok
23:36:36.0933 5104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:36:36.0975 5104 scfilter - ok
23:36:37.0040 5104 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:36:37.0085 5104 Schedule - ok
23:36:37.0121 5104 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:36:37.0122 5104 SCPolicySvc - ok
23:36:37.0135 5104 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:36:37.0166 5104 SDRSVC - ok
23:36:37.0224 5104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:36:37.0227 5104 secdrv - ok
23:36:37.0241 5104 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:36:37.0276 5104 seclogon - ok
23:36:37.0296 5104 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:36:37.0302 5104 SENS - ok
23:36:37.0309 5104 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:36:37.0312 5104 SensrSvc - ok
23:36:37.0349 5104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:36:37.0352 5104 Serenum - ok
23:36:37.0366 5104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:36:37.0369 5104 Serial - ok
23:36:37.0402 5104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:36:37.0406 5104 sermouse - ok
23:36:37.0452 5104 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:36:37.0491 5104 SessionEnv - ok
23:36:37.0526 5104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:36:37.0530 5104 sffdisk - ok
23:36:37.0536 5104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:36:37.0540 5104 sffp_mmc - ok
23:36:37.0561 5104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:36:37.0603 5104 sffp_sd - ok
23:36:37.0631 5104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:36:37.0634 5104 sfloppy - ok
23:36:37.0681 5104 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:36:37.0716 5104 ShellHWDetection - ok
23:36:37.0728 5104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:36:37.0731 5104 SiSRaid2 - ok
23:36:37.0740 5104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:36:37.0744 5104 SiSRaid4 - ok
23:36:37.0755 5104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:36:37.0760 5104 Smb - ok
23:36:37.0785 5104 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:36:37.0792 5104 SNMPTRAP - ok
23:36:37.0827 5104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:36:37.0828 5104 spldr - ok
23:36:37.0881 5104 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:36:37.0932 5104 Spooler - ok
23:36:38.0060 5104 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:36:38.0130 5104 sppsvc - ok
23:36:38.0217 5104 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:36:38.0225 5104 sppuinotify - ok
23:36:38.0277 5104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:36:38.0280 5104 srv - ok
23:36:38.0308 5104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:36:38.0352 5104 srv2 - ok
23:36:38.0364 5104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:36:38.0402 5104 srvnet - ok
23:36:38.0440 5104 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:36:38.0447 5104 SSDPSRV - ok
23:36:38.0470 5104 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:36:38.0475 5104 SstpSvc - ok
23:36:38.0559 5104 Steam Client Service - ok
23:36:38.0652 5104 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:36:38.0712 5104 Stereo Service - ok
23:36:38.0729 5104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:36:38.0732 5104 stexstor - ok
23:36:38.0789 5104 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:36:38.0830 5104 stisvc - ok
23:36:38.0863 5104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:36:38.0867 5104 swenum - ok
23:36:38.0942 5104 SwitchBoard - ok
23:36:38.0976 5104 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:36:38.0990 5104 swprv - ok
23:36:39.0082 5104 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:36:39.0100 5104 SysMain - ok
23:36:39.0193 5104 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:36:39.0226 5104 TabletInputService - ok
23:36:39.0496 5104 TabletServicePen (c4c20cfa4f42e9b7454e895c5c47bcd3) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
23:36:39.0602 5104 TabletServicePen - ok
23:36:39.0696 5104 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:36:39.0732 5104 TapiSrv - ok
23:36:39.0781 5104 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:36:39.0786 5104 TBS - ok
23:36:39.0900 5104 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:36:39.0948 5104 Tcpip - ok
23:36:40.0037 5104 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:36:40.0082 5104 TCPIP6 - ok
23:36:40.0154 5104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:36:40.0192 5104 tcpipreg - ok
23:36:40.0212 5104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:36:40.0217 5104 TDPIPE - ok
23:36:40.0245 5104 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:36:40.0284 5104 TDTCP - ok
23:36:40.0320 5104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:36:40.0362 5104 tdx - ok
23:36:40.0418 5104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:36:40.0455 5104 TermDD - ok
23:36:40.0501 5104 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:36:40.0540 5104 TermService - ok
23:36:40.0561 5104 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:36:40.0568 5104 Themes - ok
23:36:40.0590 5104 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:36:40.0593 5104 THREADORDER - ok
23:36:40.0729 5104 TouchServicePen (7625dcf246e488e523dc1f64c38abda2) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
23:36:40.0782 5104 TouchServicePen - ok
23:36:40.0808 5104 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:36:40.0814 5104 TrkWks - ok
23:36:40.0865 5104 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:36:40.0908 5104 TrustedInstaller - ok
23:36:40.0954 5104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:36:40.0997 5104 tssecsrv - ok
23:36:41.0040 5104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:36:41.0078 5104 TsUsbFlt - ok
23:36:41.0115 5104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:36:41.0153 5104 tunnel - ok
23:36:41.0174 5104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:36:41.0178 5104 uagp35 - ok
23:36:41.0224 5104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:36:41.0264 5104 udfs - ok
23:36:41.0287 5104 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:36:41.0294 5104 UI0Detect - ok
23:36:41.0335 5104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:36:41.0339 5104 uliagpkx - ok
23:36:41.0356 5104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:36:41.0395 5104 umbus - ok
23:36:41.0414 5104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:36:41.0416 5104 UmPass - ok
23:36:41.0438 5104 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:36:41.0446 5104 upnphost - ok
23:36:41.0488 5104 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
23:36:41.0531 5104 USBAAPL64 - ok
23:36:41.0569 5104 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:36:41.0613 5104 usbaudio - ok
23:36:41.0668 5104 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
23:36:41.0711 5104 usbccgp - ok
23:36:41.0745 5104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:36:41.0749 5104 usbcir - ok
23:36:41.0767 5104 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
23:36:41.0806 5104 usbehci - ok
23:36:41.0825 5104 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
23:36:41.0864 5104 usbhub - ok
23:36:41.0878 5104 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
23:36:41.0882 5104 usbohci - ok
23:36:41.0901 5104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:36:41.0904 5104 usbprint - ok
23:36:41.0940 5104 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:36:41.0978 5104 USBSTOR - ok
23:36:42.0008 5104 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
23:36:42.0010 5104 usbuhci - ok
23:36:42.0028 5104 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:36:42.0033 5104 UxSms - ok
23:36:42.0063 5104 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:42.0065 5104 VaultSvc - ok
23:36:42.0075 5104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:36:42.0075 5104 vdrvroot - ok
23:36:42.0128 5104 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:36:42.0175 5104 vds - ok
23:36:42.0191 5104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:36:42.0194 5104 vga - ok
23:36:42.0206 5104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:36:42.0210 5104 VgaSave - ok
23:36:42.0252 5104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:36:42.0294 5104 vhdmp - ok
23:36:42.0312 5104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:36:42.0316 5104 viaide - ok
23:36:42.0329 5104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:36:42.0330 5104 volmgr - ok
23:36:42.0370 5104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:36:42.0372 5104 volmgrx - ok
23:36:42.0389 5104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:36:42.0391 5104 volsnap - ok
23:36:42.0415 5104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:36:42.0420 5104 vsmraid - ok
23:36:42.0495 5104 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:36:42.0548 5104 VSS - ok
23:36:42.0620 5104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:36:42.0623 5104 vwifibus - ok
23:36:42.0658 5104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:36:42.0663 5104 vwififlt - ok
23:36:42.0703 5104 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:36:42.0713 5104 W32Time - ok
23:36:42.0775 5104 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
23:36:42.0823 5104 wacommousefilter - ok
23:36:42.0842 5104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:36:42.0847 5104 WacomPen - ok
23:36:42.0896 5104 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
23:36:42.0939 5104 wacomvhid - ok
23:36:42.0983 5104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:36:43.0027 5104 WANARP - ok
23:36:43.0047 5104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:36:43.0049 5104 Wanarpv6 - ok
23:36:43.0129 5104 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:36:43.0187 5104 WatAdminSvc - ok
23:36:43.0259 5104 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:36:43.0315 5104 wbengine - ok
23:36:43.0373 5104 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:36:43.0381 5104 WbioSrvc - ok
23:36:43.0428 5104 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:36:43.0463 5104 wcncsvc - ok
23:36:43.0477 5104 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:36:43.0481 5104 WcsPlugInService - ok
23:36:43.0520 5104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:36:43.0525 5104 Wd - ok
23:36:43.0551 5104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:36:43.0555 5104 Wdf01000 - ok
23:36:43.0562 5104 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:36:43.0569 5104 WdiServiceHost - ok
23:36:43.0572 5104 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:36:43.0575 5104 WdiSystemHost - ok
23:36:43.0616 5104 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:36:43.0654 5104 WebClient - ok
23:36:43.0679 5104 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:36:43.0687 5104 Wecsvc - ok
23:36:43.0796 5104 WeGameClientService (a8e0e75f8411ee0fce92f2ce65bdeeec) C:\Program Files (x86)\WeGame\WGClientService.exe
23:36:43.0852 5104 WeGameClientService - ok
23:36:43.0864 5104 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:36:43.0870 5104 wercplsupport - ok
23:36:43.0885 5104 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:36:43.0891 5104 WerSvc - ok
23:36:43.0947 5104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:36:43.0950 5104 WfpLwf - ok
23:36:43.0965 5104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:36:43.0968 5104 WIMMount - ok
23:36:43.0992 5104 WinHttpAutoProxySvc - ok
23:36:44.0047 5104 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:36:44.0053 5104 Winmgmt - ok
23:36:44.0140 5104 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:36:44.0187 5104 WinRM - ok
23:36:44.0319 5104 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:36:44.0365 5104 WinUsb - ok
23:36:44.0400 5104 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:36:44.0415 5104 Wlansvc - ok
23:36:44.0540 5104 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:36:44.0601 5104 wlidsvc - ok
23:36:44.0697 5104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:36:44.0702 5104 WmiAcpi - ok
23:36:44.0757 5104 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:36:44.0759 5104 wmiApSrv - ok
23:36:44.0790 5104 WMPNetworkSvc - ok
23:36:44.0819 5104 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:36:44.0825 5104 WPCSvc - ok
23:36:44.0860 5104 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:36:44.0892 5104 WPDBusEnum - ok
23:36:44.0910 5104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:36:44.0913 5104 ws2ifsl - ok
23:36:44.0919 5104 WSearch - ok
23:36:44.0964 5104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:36:45.0010 5104 WudfPf - ok
23:36:45.0030 5104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:36:45.0069 5104 WUDFRd - ok
23:36:45.0084 5104 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:36:45.0117 5104 wudfsvc - ok
23:36:45.0142 5104 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:36:45.0151 5104 WwanSvc - ok
23:36:45.0357 5104 X6va001 - ok
23:36:45.0557 5104 X6va002 - ok
23:36:45.0757 5104 X6va005 - ok
23:36:45.0800 5104 MBR (0x1B8) (f05261c246ce4b3c544521ffff7aef5d) \Device\Harddisk0\DR0
23:36:46.0134 5104 \Device\Harddisk0\DR0 - ok
23:36:46.0137 5104 Boot (0x1200) (4d888bb74727baf7b500b3db6d553039) \Device\Harddisk0\DR0\Partition0
23:36:46.0139 5104 \Device\Harddisk0\DR0\Partition0 - ok
23:36:46.0166 5104 Boot (0x1200) (b573227ac63327139d27372cbbf377d8) \Device\Harddisk0\DR0\Partition1
23:36:46.0167 5104 \Device\Harddisk0\DR0\Partition1 - ok
23:36:46.0167 5104 ============================================================
23:36:46.0167 5104 Scan finished
23:36:46.0167 5104 ============================================================
23:36:46.0182 3240 Detected object count: 0
23:36:46.0182 3240 Actual detected object count: 0









ASWMBR



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-11 23:38:35
-----------------------------
23:38:35.140 OS Version: Windows x64 6.1.7601 Service Pack 1
23:38:35.141 Number of processors: 4 586 0x170A
23:38:35.142 ComputerName: ***** UserName: *******
23:38:36.137 Initialize success
23:40:11.748 AVAST engine defs: 12071102
23:40:41.409 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:40:41.412 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 3
23:40:41.425 Disk 0 MBR read successfully
23:40:41.427 Disk 0 MBR scan
23:40:41.431 Disk 0 unknown MBR code
23:40:41.434 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 8197 MB offset 63
23:40:41.443 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 381551 MB offset 16787925
23:40:41.465 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 564118 MB offset 798205590
23:40:41.488 Disk 0 scanning C:\Windows\system32\drivers
23:40:52.137 Service scanning
23:41:16.352 Modules scanning
23:41:16.360 Disk 0 trace - called modules:
23:41:16.372 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:41:16.378 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077fe060]
23:41:16.384 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80074f2e40]
23:41:16.389 5 ACPI.sys[fffff88000f617a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80074fd060]
23:41:17.499 AVAST engine scan C:\Windows
23:41:19.712 AVAST engine scan C:\Windows\system32
23:45:36.868 AVAST engine scan C:\Windows\system32\drivers
23:45:51.276 AVAST engine scan C:\Users\JamDrew
23:55:37.590 File: C:\Users\*******\AppData\Local\Temp\~!#2E29.tmp **INFECTED** Win32:Malware-gen
00:00:07.470 File: C:\Users\*******\AppData\Roaming\mfrti.dll **INFECTED** Win32:Agent-AORF [Trj]
00:16:07.505 AVAST engine scan C:\ProgramData
00:16:30.623 File: C:\ProgramData\eabfddddbaaeecbdct.exe **INFECTED** Win32:Malware-gen
00:40:03.112 Scan finished successfully
00:41:07.096 Disk 0 MBR has been saved successfully to "C:\Users\******\Desktop\MBR.dat"
00:41:07.105 The log file has been saved successfully to "C:\Users\*******\Desktop\aswMBR.txt"














ESETS Online Scanner

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=53b64e5475a2ae4f9175bf4176f8b064
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-12 09:12:49
# local_time=2012-07-12 05:12:49 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 2028281 6350756 0 0
# compatibility_mode=5893 16776574 100 94 20716673 93611910 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=453844
# found=7
# cleaned=7
# scan_time=15908
C:\ProgramData\eabfddddbaaeecbdct.exe probably a variant of Win32/Agent.CKTQEHA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\All Users\eabfddddbaaeecbdct.exe probably a variant of Win32/Agent.CKTQEHA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\*******\AppData\Local\Temp\~!#2E29.tmp probably a variant of Win32/Agent.CKTQEHA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\*******\AppData\Local\{9EC618F6-C84E-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\*******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\367bd711-1760d0ec multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\*******\AppData\Roaming\mfrti.dll a variant of Win32/Medfos.AM trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Users\*******\AppData\Roaming\tyxtc.dll a variant of Win32/Medfos.AN trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 12 July 2012 - 06:55 AM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Edited by narenxp, 12 July 2012 - 07:44 AM.


#5 JamesMoriarty

JamesMoriarty
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 12 July 2012 - 05:58 PM

From what i can tell these recent steps haven't deleted any files. One of the programs found some viruses i think but i'm not sure as to wether or not they deleted them.



SystemLook 30.07.11 by jpshortstuff
Log created at 15:17 on 12/07/2012 by *******
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-










Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.12.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
******* :: ***** [administrator]

7/12/2012 3:25:21 PM
mbam-log-2012-07-12 (15-25-21).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 625195
Time elapsed: 3 hour(s), 9 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)








MiniToolBox by Farbar Version: 25-06-2012
Ran by JamDrew (administrator) on 12-07-2012 at 18:51:33
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Belkin N+ Wireless USB Adapter = Wireless Network Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.2 metric=1 publish=Yes
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : *****
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Belkin N+ Wireless USB Adapter
Physical Address. . . . . . . . . : 00-22-75-40-4B-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::158a:ed30:5745:fa01%11(Preferred)
IPv4 Address. . . . . . . . . . . : ***.***.*.*(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, July 12, 2012 7:05:02 AM
Lease Expires . . . . . . . . . . : Friday, July 13, 2012 6:37:30 PM
Default Gateway . . . . . . . . . : ***.***.*.*
DHCP Server . . . . . . . . . . . : ***.***.*.*
DHCPv6 IAID . . . . . . . . . . . : 318775925
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-7D-4B-47-00-26-18-E1-82-C8
DNS Servers . . . . . . . . . . . : ***.***.*.*
71.242.0.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-18-E1-82-C8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-26-30-74
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::526:3074(Preferred)
Link-local IPv6 Address . . . . . : fe80::2d97:97d3:d049:6e37%21(Preferred)
IPv4 Address. . . . . . . . . . . : 5.38.48.116(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Thursday, July 12, 2012 7:04:59 AM
Lease Expires . . . . . . . . . . : Friday, July 12, 2013 6:37:28 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 377125188
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-7D-4B-47-00-26-18-E1-82-C8
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D1E80F3E-072C-485C-9F44-E2457949BE44}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{645FA37F-D6E4-461C-B9DF-B6F928153614}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: ***.***.*.*

Name: google.com
Addresses: 2607:f8b0:4004:802::1006
74.125.228.66
74.125.228.64
74.125.228.65
74.125.228.73
74.125.228.67
74.125.228.70
74.125.228.72
74.125.228.69
74.125.228.78
74.125.228.71
74.125.228.68


Pinging google.com [74.125.228.65] with 32 bytes of data:
Reply from 74.125.228.65: bytes=32 time=14ms TTL=54
Reply from 74.125.228.65: bytes=32 time=15ms TTL=54

Ping statistics for 74.125.228.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 15ms, Average = 14ms
Server: Wireless_Broadband_Router.home
Address: ***.***.*.*

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=146ms TTL=55
Reply from 72.30.38.140: bytes=32 time=260ms TTL=55

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 146ms, Maximum = 260ms, Average = 203ms
Server: Wireless_Broadband_Router.home
Address: ***.***.*.*

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 22 75 40 4b fd ......Belkin N+ Wireless USB Adapter
10...00 26 18 e1 82 c8 ......Realtek PCIe GBE Family Controller
21...7a 79 05 26 30 74 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.38.48.116 9256
0.0.0.0 0.0.0.0 ***.***.*.* 192.168.1.3 25
5.0.0.0 255.0.0.0 On-link 5.38.48.116 9256
5.38.48.116 255.255.255.255 On-link 5.38.48.116 9256
5.255.255.255 255.255.255.255 On-link 5.38.48.116 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 192.168.1.2 192.168.1.3 26
169.254.0.0 255.255.0.0 On-link 5.38.48.116 9256
169.254.255.255 255.255.255.255 On-link 5.38.48.116 9256
192.168.1.0 255.255.255.0 On-link 192.168.1.3 281
192.168.1.3 255.255.255.255 On-link 192.168.1.3 281
192.168.1.255 255.255.255.255 On-link 192.168.1.3 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.38.48.116 9256
224.0.0.0 240.0.0.0 On-link 192.168.1.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.38.48.116 9256
255.255.255.255 255.255.255.255 On-link 192.168.1.3 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.1.2 1
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
21 276 2620:9b::/96 On-link
21 276 2620:9b::526:3074/128 On-link
21 276 fe80::/64 On-link
11 281 fe80::/64 On-link
11 281 fe80::158a:ed30:5745:fa01/128
On-link
21 276 fe80::2d97:97d3:d049:6e37/128
On-link
1 306 ff00::/8 On-link
21 276 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/12/2012 06:37:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7285

Error: (07/12/2012 06:37:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7285

Error: (07/12/2012 06:37:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2012 06:37:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6287

Error: (07/12/2012 06:37:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6287

Error: (07/12/2012 06:37:02 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2012 06:37:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5289

Error: (07/12/2012 06:37:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5289

Error: (07/12/2012 06:37:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/12/2012 06:37:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4290


System errors:
=============
Error: (07/12/2012 06:37:40 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/12/2012 06:37:32 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/12/2012 06:37:31 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/12/2012 06:37:31 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/12/2012 06:37:28 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/12/2012 07:39:16 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/12/2012 07:39:13 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/12/2012 07:39:13 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/12/2012 07:39:06 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (07/12/2012 07:39:06 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR (Version: 3.3.0.3650)
Adobe Download Assistant (Version: 1.2)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Help Manager (Version: 4.0.244)
Adobe Media Player (Version: 1.8)
Adobe Reader 8.1.1 (Version: 8.1.1)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AI Manager (Version: 1.08.03)
Allods Online 1.1.04.44 (Version: 1.1.04.44)
Altitude
APB Reloaded
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ArmA 2 Free Uninstall
ARMA 2: Operation Arrowhead Demo
Assassin's Creed (Version: 1.02)
Assassin's Creed II (Version: 1.01)
ASUSUpdate
ATC for Splinter Cell Chaos Theory 1.0
Audacity 1.2.6
Audacity 1.3.12 (Unicode)
Autodesk 3ds Max 2008 32-bit Additional Maps and Material Libraries (Version: 10.0)
Autodesk 3ds Max 2008 32-bit Architectural Materials Library (Version: 10.0)
Autodesk 3ds Max 2008 32-bit Help (Version: 10.0)
Autodesk 3ds Max 2008 32-bit Vault 2008 Plug-In (Version: 10.0)
Autodesk 3ds Max 2008 32-bit Vault 5 Plug-In (Version: 10.0)
Autodesk 3ds Max 2008 32-bit Videos (Version: 10.0)
Autodesk 3ds Max 2008 64-bit Additional Maps and Material Libraries (Version: 10.0)
Autodesk 3ds Max 2008 64-bit Architectural Materials Library (Version: 10.0)
Autodesk 3ds Max 2008 64-bit Help (Version: 10.0)
Autodesk 3ds Max 2008 64-bit Vault 2008 Plug-In (Version: 10.0)
Autodesk 3ds Max 2008 64-bit Vault 5 Plug-In (Version: 10.0)
Autodesk 3ds Max 2008 64-bit Videos (Version: 10.0)
Autodesk 3ds Max Design 2012 64-bit - English (Version: 14.2.0.375)
Autodesk 3ds Max Design 2012 64-bit - English SP1 (Version: 14.2.0.375)
Autodesk 3ds Max Design 2012 64-bit - English SP2 (Version: 14.2.0.375)
Autodesk Backburner 2012.0.0 (Version: 2012.0.0)
Autodesk FBX Plug-in 2012.0 - 3ds Max Design 2012 64-bit
Autodesk Material Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Medium Resolution Image Library 2012 (Version: 2.5.0.8)
Autodesk SketchBookExpress 2011 (Version: 5.00.0000)
Bamboo (Version: 5.2.5-5)
Bamboo Dock (Version: 4.0)
Bamboo Dock (Version: 4.0.0)
Bandoo (Version: 7.0.0.112207)
Battlefield Heroes
Battlefield: Bad Company 2
Battlefront Extreme 2.2
BattlEye (A2Free) Uninstall
Belkin N+ Wireless USB Adapter (Version: 2.00.11)
Blacklight: Retribution
Bonjour (Version: 3.0.0.10)
Brink
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Tool
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Clone Wars
Command & Conquer Generals (Version: 0.50.0000)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Composite 2012 64-bit (Version: 7.0.0)
ConvertHelper 2.2
CreaToon 3.0
Cross Fire En
Crysis® (Version: 1.21.0000)
D3DX10 (Version: 15.4.2368.0902)
DDS Converter 2.1
DebugMode Wax 2.0
DivX Setup (Version: 2.6.0.34)
Download Updater (AOL LLC)
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801 (Version: 01.17.01.8018)
EAX4 Unified Redist (Version: 4.001)
EPU-4 Engine (Version: 1.00.25)
ESET Online Scanner v3
FBX Plugin 2006.11.1 for Max 2008
FBX Plugin 2006.11.1 for Max 2008 64
FUEL - Demo
GIMP 2.6.11 (Version: 2.6.11)
Global Agenda
Google Chrome (Version: 20.0.1132.57)
Google SketchUp 8 (Version: 3.0.4811)
Google Talk Plugin (Version: 3.1.4.8140)
Google Update Helper (Version: 1.3.21.111)
GTR Evolution Demo
headus UVLayout v2 Demo (Version: 2.08.00)
HyperCam 2
iCloud (Version: 1.1.0.40)
Inkscape 0.48.1 (Version: 0.48.1)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java SE Development Kit 7 Update 4 (64-bit) (Version: 1.7.0.40)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ 7 Update 4 (64-bit) (Version: 7.0.40)
Java™ SE Development Kit 6 Update 21 (64-bit) (Version: 1.6.0.210)
JavaFX 2.1.0 (64-bit) (Version: 2.1.0)
JavaFX 2.1.0 SDK (64-bit) (Version: 2.1.0)
LAME v3.98.3 for Audacity
LogMeIn Hamachi (Version: 2.1.0.210)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee AntiVirus Plus (Version: 11.0.678)
MCSkin3D version 1.4 (Version: 1.4)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE (Version: 3.3.24.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.2.3.0)
Microsoft Halo
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Communicator 2007 (Version: 2.0.6362.0)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Basque) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Catalan) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Galician) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Dutch) 2007 (Version: 12.0.4518.1017)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (Dutch) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Rise Of Nations
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Morrowind
Mount & Blade Demo
Mount and Blade Warband - Demo
Mount and Blade: Warband
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML4 Parser (Version: 1.0.0)
Nation Red
Notepad++ (Version: 6.1.2)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
Oblivion (Version: 1.2.0416)
OpenAL
OPERATION7
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (Version: 2.6.0.8)
PAP 4.0
PAP project files
Prism Video File Converter
PunkBuster Services (Version: 0.992)
Puppy Linux 525 (Version: 525)
PxMergeModule (Version: 1.00.0000)
QuickTime (Version: 7.71.80.42)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Realtek High Definition Audio Driver (Version: 6.0.1.5859)
RebateRobot for Chrome version 2.1.2 (Version: 2.1.2)
Rise of Nations Thrones and Patriots
Rise of Nations Thrones and Patriots Trial Version
Roblox for JamDrew
ROBLOX Studio Beta for JamDrew
Runes of Magic (Version: 3.0.10.2385)
Safari (Version: 5.34.55.3)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.169)
Smart Normal (Version: 1.0)
Star Wars Battlefront II (Version: 1.0)
Star Wars Battlefront II Mod Tools (Version: 1.0)
Steam (Version: 1.0.0.0)
Synfig Studio (Version: 0.63.05)
Team Fortress 2
TES Construction Set
The Lord of the Rings Online™ v03.04.04.8012 (Version: 03.04.04.8012)
Titan Quest (Version: 1.00.0000)
Titan Quest Immortal Throne (Version: 1.00.0000)
Tom Clancy's Rainbow Six Vegas 2 (Version: 1.03)
Tom Clancy's Splinter Cell (Version: 1.00.000)
Tom Clancy's Splinter Cell Chaos Theory (Version: 1.05.157)
Tom Clancy's Splinter Cell Double Agent (Version: 1.00.0000)
Touch Manager (Version: 1.0.1.1)
Turbo Squid Tentacles 3ds Max 2008 (Version: 1.0.70)
Tweaking.com - Windows Repair (All in One) (Version: 1.7.3)
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: )
Unreal Development Kit: 2011-11
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Urban Terror 4.1
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WebTablet FB Plugin (Version: 2.0.0.1)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
WeGame Client 2.4.3.0 (Version: 2.4.3.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR archiver
Xfire (remove only)
XfireXO Toolbar (Version: 6.3.3.3)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 8191.12 MB
Available physical RAM: 6631.41 MB
Total Pagefile: 16380.43 MB
Available Pagefile: 13719.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.42 MB

========================= Partitions: =====================================

1 Drive c: (WIN7) (Fixed) (Total:372.61 GB) (Free:44.54 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:550.9 GB) (Free:550.78 GB) NTFS

========================= Users: ========================================

User accounts for \\MONGO

Administrator ASPNET Guest
******* UpdatusUser


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 12 July 2012 - 06:02 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Post the new system look log

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#7 JamesMoriarty

JamesMoriarty
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 12 July 2012 - 07:56 PM

Thanks for the help thus far, but when I went to run the file it deleted itself and as far as i can tell no new file was created. Did i do something wrong? I opened notepad, copied and pasted the text just like you suggested, rick-clicked and selected Run as Admin but when I typed in Y it ran, then deleted itself. Was there a specific file location I needed to place it in?

#8 JamesMoriarty

JamesMoriarty
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 12 July 2012 - 07:59 PM

I also ran the FSS program you gave me just in case and this is the log from that run:


Farbar Service Scanner Version: 08-07-2012
Ran by ******* (administrator) on 12-07-2012 at 20:57:16
Running from "C:\Users\*******\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 12 July 2012 - 08:43 PM

No problem,you did the right thing

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe

Click on LOOK,post the generated log

Create a restore point before trying this

Download

MpsSvc
BFE
wscsvc
defender


Launch them ,click YES when you get UAC prompt

restart the PC and post the new FSS log

#10 JamesMoriarty

JamesMoriarty
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 13 July 2012 - 07:55 PM

moSystemLook 30.07.11 by jpshortstuff
Log created at 20:40 on 13/07/2012 by *******
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-








Farbar Service Scanner Version: 08-07-2012
Ran by *******(administrator) on 13-07-2012 at 20:52:25
Running from "C:\Users*******\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 13 July 2012 - 07:58 PM

Download

wuauserv
bits

Launch both the keys,click YES

Press Windows+R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Restart the PC ,post the new FSS log

#12 JamesMoriarty

JamesMoriarty
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 13 July 2012 - 11:08 PM

Thanks again for giving me help with this, really appreciate it. How much longer do you think it'll take? Do you know if I'm even half way done removing this thing?

Farbar Service Scanner Version: 08-07-2012
Ran by ******* (administrator) on 13-07-2012 at 23:58:55
Running from "C:\Users\*******\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 Mex112

Mex112

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:22 AM

Posted 14 July 2012 - 12:33 AM

I had a win32sirefef virus as well on my laptop (it didn't redirect me but it kept turning off my firewall). I called McAfee support and they referred me to their virus removal team who removed it for free via remote access. Maybe you can call them if all else fails...?

Edited by Mex112, 14 July 2012 - 12:34 AM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 AM

Posted 14 July 2012 - 04:40 AM

Press Windows+R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Press Windows+R key and type

services.msc and click ok

start the windows firewall,security center and windows update services

Your logs looks clean.Any current issues

#15 JamesMoriarty

JamesMoriarty
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 14 July 2012 - 01:32 PM

So far no problems, I'll post back in a few days just to make sure. Thanks for all the help, it's SO wonderful to have my computer back :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users