Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

White-Listed Trojan Horse in services.exe and Rootkit


  • Please log in to reply
19 replies to this topic

#1 coincidental

coincidental

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 15 July 2012 - 02:06 PM

I was downloading a TV series via Utorrent yesterday (I think this was the trigger, I was watching an online movie at the time also) and now an AVG window pops up every 10 minutes or so saying:
File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Patched_c.LYU

Detected an open.

the only option given is to ignore the threat.

I then downloaded Malwarebytes hoping it might help the situation, and I scanned with it and it detected 2 'Rootkit.0Access' files but not the aforementioned trojan. I moved them to the quarantine and restarted the computer. However, when the computer restarted I scanned again with Malwarebytes and another 5 similar files appeared and I repeated this process a couple of times with the same results.

I'm on Windows 7 Home Premium Service Pack 1. thanks in advance

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 15 July 2012 - 07:08 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 coincidental

coincidental
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 16 July 2012 - 09:55 AM

..

Hi, thanks for replying.
TDSS Killer log:
10:26:41.0563 5032 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
10:26:41.0923 5032 ============================================================
10:26:41.0923 5032 Current date / time: 2012/07/16 10:26:41.0923
10:26:41.0923 5032 SystemInfo:
10:26:41.0923 5032
10:26:41.0923 5032 OS Version: 6.1.7601 ServicePack: 1.0
10:26:41.0923 5032 Product type: Workstation
10:26:41.0923 5032 ComputerName: BEN-PC
10:26:41.0924 5032 UserName: Ben
10:26:41.0924 5032 Windows directory: C:\Windows
10:26:41.0924 5032 System windows directory: C:\Windows
10:26:41.0924 5032 Processor architecture: Intel x86
10:26:41.0924 5032 Number of processors: 2
10:26:41.0924 5032 Page size: 0x1000
10:26:41.0924 5032 Boot type: Normal boot
10:26:41.0924 5032 ============================================================
10:26:42.0735 5032 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:26:42.0740 5032 ============================================================
10:26:42.0740 5032 \Device\Harddisk0\DR0:
10:26:42.0741 5032 MBR partitions:
10:26:42.0741 5032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x32000
10:26:42.0741 5032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x1165E800
10:26:42.0741 5032 ============================================================
10:26:42.0769 5032 C: <-> \Device\Harddisk0\DR0\Partition1
10:26:42.0770 5032 ============================================================
10:26:42.0770 5032 Initialize success
10:26:42.0770 5032 ============================================================
10:27:33.0395 5868 ============================================================
10:27:33.0395 5868 Scan started
10:27:33.0395 5868 Mode: Manual; TDLFS;
10:27:33.0395 5868 ============================================================
10:27:34.0470 5868 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:27:34.0482 5868 1394ohci - ok
10:27:34.0536 5868 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:27:34.0553 5868 ACPI - ok
10:27:34.0657 5868 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:27:34.0661 5868 AcpiPmi - ok
10:27:34.0787 5868 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:27:34.0789 5868 AdobeARMservice - ok
10:27:34.0865 5868 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:27:34.0898 5868 adp94xx - ok
10:27:34.0953 5868 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:27:34.0983 5868 adpahci - ok
10:27:35.0021 5868 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:27:35.0036 5868 adpu320 - ok
10:27:35.0089 5868 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:27:35.0091 5868 AeLookupSvc - ok
10:27:35.0165 5868 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:27:35.0201 5868 AFD - ok
10:27:35.0326 5868 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
10:27:35.0375 5868 AgereSoftModem - ok
10:27:35.0426 5868 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:27:35.0462 5868 agp440 - ok
10:27:35.0519 5868 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:27:35.0522 5868 aic78xx - ok
10:27:36.0047 5868 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
10:27:36.0048 5868 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
10:27:36.0063 5868 Akamai ( HiddenFile.Multi.Generic ) - warning
10:27:36.0063 5868 Akamai - detected HiddenFile.Multi.Generic (1)
10:27:36.0248 5868 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:27:36.0250 5868 ALG - ok
10:27:36.0318 5868 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:27:36.0320 5868 aliide - ok
10:27:36.0359 5868 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:27:36.0362 5868 amdagp - ok
10:27:36.0382 5868 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:27:36.0384 5868 amdide - ok
10:27:36.0432 5868 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:27:36.0435 5868 AmdK8 - ok
10:27:36.0472 5868 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:27:36.0475 5868 AmdPPM - ok
10:27:36.0544 5868 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:27:36.0547 5868 amdsata - ok
10:27:36.0629 5868 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:27:36.0634 5868 amdsbs - ok
10:27:36.0685 5868 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:27:36.0687 5868 amdxata - ok
10:27:36.0816 5868 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:27:36.0818 5868 AppID - ok
10:27:36.0884 5868 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:27:36.0886 5868 AppIDSvc - ok
10:27:36.0949 5868 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
10:27:36.0952 5868 Appinfo - ok
10:27:37.0116 5868 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:27:37.0118 5868 Apple Mobile Device - ok
10:27:37.0220 5868 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:27:37.0224 5868 arc - ok
10:27:37.0289 5868 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:27:37.0293 5868 arcsas - ok
10:27:37.0396 5868 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:27:37.0398 5868 AsyncMac - ok
10:27:37.0503 5868 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:27:37.0516 5868 atapi - ok
10:27:37.0690 5868 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
10:27:37.0723 5868 athr - ok
10:27:37.0818 5868 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:27:37.0823 5868 AudioEndpointBuilder - ok
10:27:37.0835 5868 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:27:37.0840 5868 Audiosrv - ok
10:27:38.0462 5868 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
10:27:38.0514 5868 AVGIDSAgent - ok
10:27:38.0865 5868 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
10:27:38.0867 5868 AVGIDSDriver - ok
10:27:38.0896 5868 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
10:27:38.0897 5868 AVGIDSFilter - ok
10:27:39.0009 5868 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
10:27:39.0012 5868 AVGIDSHX - ok
10:27:39.0041 5868 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
10:27:39.0043 5868 AVGIDSShim - ok
10:27:39.0127 5868 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
10:27:39.0131 5868 Avgldx86 - ok
10:27:39.0144 5868 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:27:39.0146 5868 Avgmfx86 - ok
10:27:39.0213 5868 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:27:39.0216 5868 Avgrkx86 - ok
10:27:39.0285 5868 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
10:27:39.0289 5868 Avgtdix - ok
10:27:39.0526 5868 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
10:27:39.0529 5868 avgwd - ok
10:27:39.0688 5868 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
10:27:39.0691 5868 AxInstSV - ok
10:27:39.0793 5868 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:27:39.0827 5868 b06bdrv - ok
10:27:39.0909 5868 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:27:39.0920 5868 b57nd60x - ok
10:27:39.0965 5868 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:27:39.0968 5868 BDESVC - ok
10:27:39.0998 5868 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:27:39.0999 5868 Beep - ok
10:27:40.0089 5868 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
10:27:40.0131 5868 BFE - ok
10:27:40.0202 5868 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:27:40.0205 5868 blbdrive - ok
10:27:40.0336 5868 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:27:40.0341 5868 Bonjour Service - ok
10:27:40.0443 5868 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:27:40.0444 5868 bowser - ok
10:27:40.0471 5868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:27:40.0473 5868 BrFiltLo - ok
10:27:40.0490 5868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:27:40.0493 5868 BrFiltUp - ok
10:27:40.0536 5868 Brother XP spl Service (c711ed965009bdcff9aa62ceb6ff1aad) C:\Windows\system32\brsvc01a.exe
10:27:40.0537 5868 Brother XP spl Service - ok
10:27:40.0617 5868 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
10:27:40.0620 5868 Browser - ok
10:27:40.0667 5868 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:27:40.0718 5868 Brserid - ok
10:27:40.0739 5868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:27:40.0742 5868 BrSerWdm - ok
10:27:40.0751 5868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:27:40.0754 5868 BrUsbMdm - ok
10:27:40.0767 5868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:27:40.0769 5868 BrUsbSer - ok
10:27:40.0784 5868 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:27:40.0787 5868 BTHMODEM - ok
10:27:40.0832 5868 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:27:40.0834 5868 bthserv - ok
10:27:40.0866 5868 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:27:40.0869 5868 cdfs - ok
10:27:40.0937 5868 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
10:27:40.0954 5868 cdrom - ok
10:27:41.0008 5868 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:27:41.0011 5868 CertPropSvc - ok
10:27:41.0033 5868 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:27:41.0035 5868 circlass - ok
10:27:41.0074 5868 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:27:41.0077 5868 CLFS - ok
10:27:41.0150 5868 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:41.0169 5868 clr_optimization_v2.0.50727_32 - ok
10:27:41.0272 5868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:27:41.0295 5868 clr_optimization_v4.0.30319_32 - ok
10:27:41.0328 5868 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:27:41.0330 5868 CmBatt - ok
10:27:41.0370 5868 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:27:41.0372 5868 cmdide - ok
10:27:41.0443 5868 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:27:41.0472 5868 CNG - ok
10:27:41.0522 5868 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:27:41.0525 5868 Compbatt - ok
10:27:41.0614 5868 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:27:41.0617 5868 CompositeBus - ok
10:27:41.0651 5868 COMSysApp - ok
10:27:41.0684 5868 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:27:41.0687 5868 crcdisk - ok
10:27:41.0764 5868 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
10:27:41.0766 5868 CryptSvc - ok
10:27:41.0837 5868 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:27:41.0845 5868 DcomLaunch - ok
10:27:41.0901 5868 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:27:41.0944 5868 defragsvc - ok
10:27:42.0061 5868 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:27:42.0064 5868 DfsC - ok
10:27:42.0188 5868 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
10:27:42.0192 5868 Dhcp - ok
10:27:42.0236 5868 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:27:42.0238 5868 discache - ok
10:27:42.0292 5868 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:27:42.0295 5868 Disk - ok
10:27:42.0353 5868 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
10:27:42.0356 5868 Dnscache - ok
10:27:42.0449 5868 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
10:27:42.0482 5868 dot3svc - ok
10:27:42.0566 5868 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
10:27:42.0569 5868 DPS - ok
10:27:42.0713 5868 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:27:42.0715 5868 drmkaud - ok
10:27:42.0822 5868 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:27:42.0830 5868 DXGKrnl - ok
10:27:42.0866 5868 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:27:42.0869 5868 EapHost - ok
10:27:43.0178 5868 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:27:43.0263 5868 ebdrv - ok
10:27:43.0414 5868 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
10:27:43.0418 5868 EFS - ok
10:27:43.0520 5868 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
10:27:43.0535 5868 ehRecvr - ok
10:27:43.0617 5868 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:27:43.0650 5868 ehSched - ok
10:27:43.0767 5868 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:27:43.0783 5868 elxstor - ok
10:27:43.0828 5868 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:27:43.0830 5868 ErrDev - ok
10:27:43.0913 5868 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:27:43.0918 5868 EventSystem - ok
10:27:43.0941 5868 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:27:43.0945 5868 exfat - ok
10:27:43.0973 5868 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:27:43.0987 5868 fastfat - ok
10:27:44.0084 5868 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
10:27:44.0101 5868 Fax - ok
10:27:44.0135 5868 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:27:44.0138 5868 fdc - ok
10:27:44.0153 5868 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:27:44.0156 5868 fdPHost - ok
10:27:44.0174 5868 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:27:44.0177 5868 FDResPub - ok
10:27:44.0194 5868 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:27:44.0196 5868 FileInfo - ok
10:27:44.0222 5868 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:27:44.0224 5868 Filetrace - ok
10:27:44.0381 5868 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:27:44.0411 5868 FLEXnet Licensing Service - ok
10:27:44.0449 5868 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:27:44.0452 5868 flpydisk - ok
10:27:44.0500 5868 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:27:44.0503 5868 FltMgr - ok
10:27:44.0687 5868 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
10:27:44.0705 5868 FontCache - ok
10:27:44.0829 5868 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:27:44.0832 5868 FontCache3.0.0.0 - ok
10:27:44.0907 5868 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:27:44.0909 5868 FsDepends - ok
10:27:45.0025 5868 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
10:27:45.0028 5868 Fs_Rec - ok
10:27:45.0091 5868 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:27:45.0115 5868 fvevol - ok
10:27:45.0151 5868 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:27:45.0154 5868 gagp30kx - ok
10:27:45.0199 5868 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:27:45.0201 5868 GEARAspiWDM - ok
10:27:45.0281 5868 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
10:27:45.0288 5868 gpsvc - ok
10:27:45.0395 5868 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:27:45.0397 5868 gupdate - ok
10:27:45.0405 5868 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:27:45.0408 5868 gupdatem - ok
10:27:45.0462 5868 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
10:27:45.0465 5868 hamachi - ok
10:27:45.0502 5868 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:27:45.0505 5868 hcw85cir - ok
10:27:45.0569 5868 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:27:45.0654 5868 HdAudAddService - ok
10:27:45.0707 5868 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:27:45.0744 5868 HDAudBus - ok
10:27:45.0778 5868 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:27:45.0780 5868 HidBatt - ok
10:27:45.0798 5868 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:27:45.0818 5868 HidBth - ok
10:27:45.0857 5868 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:27:45.0860 5868 HidIr - ok
10:27:45.0893 5868 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
10:27:45.0896 5868 hidserv - ok
10:27:45.0934 5868 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
10:27:45.0936 5868 HidUsb - ok
10:27:45.0972 5868 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
10:27:45.0976 5868 hkmsvc - ok
10:27:46.0031 5868 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
10:27:46.0044 5868 HomeGroupListener - ok
10:27:46.0086 5868 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
10:27:46.0101 5868 HomeGroupProvider - ok
10:27:46.0125 5868 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:27:46.0129 5868 HpSAMD - ok
10:27:46.0212 5868 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:27:46.0218 5868 HTTP - ok
10:27:46.0260 5868 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:27:46.0262 5868 hwpolicy - ok
10:27:46.0308 5868 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:27:46.0310 5868 i8042prt - ok
10:27:46.0377 5868 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
10:27:46.0381 5868 iaStor - ok
10:27:46.0419 5868 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:27:46.0436 5868 iaStorV - ok
10:27:46.0568 5868 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:27:46.0591 5868 idsvc - ok
10:27:47.0566 5868 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:27:47.0768 5868 igfx - ok
10:27:47.0980 5868 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:27:47.0982 5868 iirsp - ok
10:27:48.0084 5868 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
10:27:48.0099 5868 IKEEXT - ok
10:27:48.0378 5868 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys
10:27:48.0405 5868 IntcAzAudAddService - ok
10:27:48.0564 5868 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:27:48.0567 5868 intelide - ok
10:27:48.0663 5868 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:27:48.0665 5868 intelppm - ok
10:27:48.0705 5868 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:27:48.0710 5868 IPBusEnum - ok
10:27:48.0730 5868 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:27:48.0733 5868 IpFilterDriver - ok
10:27:48.0787 5868 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:27:48.0794 5868 IPMIDRV - ok
10:27:48.0834 5868 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:27:48.0849 5868 IPNAT - ok
10:27:48.0994 5868 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
10:27:49.0002 5868 iPod Service - ok
10:27:49.0045 5868 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:27:49.0047 5868 IRENUM - ok
10:27:49.0084 5868 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:27:49.0086 5868 isapnp - ok
10:27:49.0141 5868 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:27:49.0150 5868 iScsiPrt - ok
10:27:49.0220 5868 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
10:27:49.0233 5868 k57nd60x - ok
10:27:49.0368 5868 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:27:49.0370 5868 kbdclass - ok
10:27:49.0508 5868 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:27:49.0510 5868 kbdhid - ok
10:27:49.0662 5868 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:27:49.0666 5868 KeyIso - ok
10:27:49.0714 5868 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:27:49.0717 5868 KSecDD - ok
10:27:49.0752 5868 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:27:49.0768 5868 KSecPkg - ok
10:27:49.0817 5868 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:27:49.0855 5868 KtmRm - ok
10:27:49.0920 5868 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
10:27:49.0927 5868 LanmanServer - ok
10:27:50.0022 5868 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
10:27:50.0028 5868 LanmanWorkstation - ok
10:27:50.0103 5868 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:27:50.0105 5868 lltdio - ok
10:27:50.0169 5868 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:27:50.0199 5868 lltdsvc - ok
10:27:50.0214 5868 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:27:50.0217 5868 lmhosts - ok
10:27:50.0284 5868 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:27:50.0289 5868 LSI_FC - ok
10:27:50.0322 5868 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:27:50.0340 5868 LSI_SAS - ok
10:27:50.0364 5868 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:27:50.0366 5868 LSI_SAS2 - ok
10:27:50.0410 5868 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:27:50.0414 5868 LSI_SCSI - ok
10:27:50.0447 5868 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:27:50.0449 5868 luafv - ok
10:27:50.0505 5868 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
10:27:50.0507 5868 LVPr2Mon - ok
10:27:50.0673 5868 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
10:27:50.0676 5868 LVPrcSrv - ok
10:27:51.0246 5868 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\Windows\system32\DRIVERS\lvuvc.sys
10:27:51.0396 5868 LVUVC - ok
10:27:51.0679 5868 lxeaCATSCustConnectService (2349335a8033fd9834d1c401eae1c9bf) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
10:27:51.0949 5868 lxeaCATSCustConnectService - ok
10:27:51.0955 5868 lxea_device - ok
10:27:52.0144 5868 mbamchameleon (ca0a6ff40ebb10b19f108eb2404f40a7) C:\Windows\system32\drivers\mbamchameleon.sys
10:27:52.0146 5868 mbamchameleon - ok
10:27:52.0281 5868 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
10:27:52.0283 5868 MBAMProtector - ok
10:27:52.0394 5868 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:27:52.0404 5868 MBAMService - ok
10:27:52.0489 5868 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
10:27:52.0498 5868 McComponentHostService - ok
10:27:52.0545 5868 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
10:27:52.0551 5868 Mcx2Svc - ok
10:27:52.0650 5868 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:27:52.0653 5868 megasas - ok
10:27:52.0711 5868 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:27:52.0730 5868 MegaSR - ok
10:27:52.0756 5868 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:27:52.0760 5868 MMCSS - ok
10:27:52.0777 5868 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:27:52.0779 5868 Modem - ok
10:27:52.0813 5868 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:27:52.0815 5868 monitor - ok
10:27:52.0868 5868 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
10:27:52.0870 5868 mouclass - ok
10:27:52.0907 5868 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:27:52.0911 5868 mouhid - ok
10:27:52.0957 5868 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:27:52.0961 5868 mountmgr - ok
10:27:53.0057 5868 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:27:53.0059 5868 MozillaMaintenance - ok
10:27:53.0113 5868 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:27:53.0128 5868 mpio - ok
10:27:53.0151 5868 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:27:53.0155 5868 mpsdrv - ok
10:27:53.0326 5868 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
10:27:53.0346 5868 MpsSvc - ok
10:27:53.0443 5868 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:27:53.0455 5868 MRxDAV - ok
10:27:53.0550 5868 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:27:53.0590 5868 mrxsmb - ok
10:27:53.0821 5868 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:27:53.0826 5868 mrxsmb10 - ok
10:27:53.0916 5868 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:27:53.0920 5868 mrxsmb20 - ok
10:27:53.0971 5868 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:27:53.0987 5868 msahci - ok
10:27:54.0033 5868 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:27:54.0081 5868 msdsm - ok
10:27:54.0134 5868 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:27:54.0190 5868 MSDTC - ok
10:27:54.0251 5868 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:27:54.0258 5868 Msfs - ok
10:27:54.0276 5868 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:27:54.0278 5868 mshidkmdf - ok
10:27:54.0616 5868 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:27:54.0619 5868 msisadrv - ok
10:27:54.0872 5868 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:27:54.0879 5868 MSiSCSI - ok
10:27:54.0886 5868 msiserver - ok
10:27:55.0030 5868 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:27:55.0040 5868 MSKSSRV - ok
10:27:55.0087 5868 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:27:55.0094 5868 MSPCLOCK - ok
10:27:55.0131 5868 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:27:55.0168 5868 MSPQM - ok
10:27:55.0252 5868 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:27:55.0268 5868 MsRPC - ok
10:27:55.0324 5868 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:27:55.0326 5868 mssmbios - ok
10:27:55.0446 5868 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:27:55.0448 5868 MSTEE - ok
10:27:55.0476 5868 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:27:55.0478 5868 MTConfig - ok
10:27:55.0536 5868 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:27:55.0543 5868 Mup - ok
10:27:55.0755 5868 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
10:27:55.0764 5868 napagent - ok
10:27:55.0955 5868 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:27:55.0958 5868 NativeWifiP - ok
10:27:56.0109 5868 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:27:56.0121 5868 NDIS - ok
10:27:56.0203 5868 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:27:56.0237 5868 NdisCap - ok
10:27:56.0292 5868 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:27:56.0293 5868 NdisTapi - ok
10:27:56.0396 5868 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:27:56.0398 5868 Ndisuio - ok
10:27:56.0453 5868 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:27:56.0469 5868 NdisWan - ok
10:27:56.0519 5868 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:27:56.0521 5868 NDProxy - ok
10:27:56.0995 5868 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:27:56.0999 5868 NetBIOS - ok
10:27:57.0204 5868 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:27:57.0209 5868 NetBT - ok
10:27:57.0485 5868 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:27:57.0489 5868 Netlogon - ok
10:27:57.0694 5868 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:27:57.0724 5868 Netman - ok
10:27:57.0825 5868 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:27:57.0832 5868 netprofm - ok
10:27:57.0982 5868 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:27:58.0014 5868 NetTcpPortSharing - ok
10:27:58.0061 5868 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:27:58.0064 5868 nfrd960 - ok
10:27:58.0155 5868 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
10:27:58.0160 5868 NlaSvc - ok
10:27:58.0175 5868 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:27:58.0178 5868 Npfs - ok
10:27:58.0252 5868 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:27:58.0255 5868 nsi - ok
10:27:58.0294 5868 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:27:58.0296 5868 nsiproxy - ok
10:27:58.0498 5868 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:27:58.0544 5868 Ntfs - ok
10:27:58.0659 5868 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:27:58.0661 5868 Null - ok
10:27:58.0717 5868 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:27:58.0720 5868 nvraid - ok
10:27:58.0794 5868 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:27:58.0809 5868 nvstor - ok
10:27:58.0826 5868 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:27:58.0830 5868 nv_agp - ok
10:27:58.0946 5868 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:27:58.0980 5868 odserv - ok
10:27:59.0049 5868 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:27:59.0052 5868 ohci1394 - ok
10:27:59.0104 5868 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:27:59.0119 5868 ose - ok
10:27:59.0195 5868 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:27:59.0203 5868 p2pimsvc - ok
10:27:59.0299 5868 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:27:59.0320 5868 p2psvc - ok
10:27:59.0360 5868 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:27:59.0362 5868 Parport - ok
10:27:59.0402 5868 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
10:27:59.0405 5868 partmgr - ok
10:27:59.0450 5868 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:27:59.0465 5868 Parvdm - ok
10:27:59.0495 5868 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:27:59.0511 5868 PcaSvc - ok
10:27:59.0557 5868 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:27:59.0572 5868 pci - ok
10:27:59.0643 5868 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:27:59.0646 5868 pciide - ok
10:27:59.0671 5868 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:27:59.0676 5868 pcmcia - ok
10:27:59.0702 5868 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:27:59.0705 5868 pcw - ok
10:27:59.0777 5868 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:27:59.0784 5868 PEAUTH - ok
10:27:59.0956 5868 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
10:28:00.0037 5868 pla - ok
10:28:00.0318 5868 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
10:28:00.0325 5868 PlugPlay - ok
10:28:00.0389 5868 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:28:00.0394 5868 PNRPAutoReg - ok
10:28:00.0449 5868 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:28:00.0455 5868 PNRPsvc - ok
10:28:00.0556 5868 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
10:28:00.0649 5868 PolicyAgent - ok
10:28:00.0853 5868 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
10:28:00.0861 5868 Power - ok
10:28:00.0947 5868 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:28:00.0950 5868 PptpMiniport - ok
10:28:00.0977 5868 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:28:00.0980 5868 Processor - ok
10:28:01.0046 5868 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
10:28:01.0051 5868 ProfSvc - ok
10:28:01.0092 5868 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:28:01.0095 5868 ProtectedStorage - ok
10:28:01.0137 5868 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:28:01.0142 5868 Psched - ok
10:28:01.0295 5868 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:28:01.0332 5868 ql2300 - ok
10:28:01.0512 5868 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:28:01.0527 5868 ql40xx - ok
10:28:01.0613 5868 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:28:01.0655 5868 QWAVE - ok
10:28:01.0670 5868 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:28:01.0672 5868 QWAVEdrv - ok
10:28:01.0687 5868 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:28:01.0690 5868 RasAcd - ok
10:28:01.0735 5868 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:28:01.0737 5868 RasAgileVpn - ok
10:28:01.0758 5868 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:28:01.0763 5868 RasAuto - ok
10:28:01.0790 5868 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:28:01.0793 5868 Rasl2tp - ok
10:28:01.0875 5868 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
10:28:01.0893 5868 RasMan - ok
10:28:01.0920 5868 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:28:01.0923 5868 RasPppoe - ok
10:28:01.0974 5868 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:28:01.0978 5868 RasSstp - ok
10:28:02.0032 5868 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:28:02.0043 5868 rdbss - ok
10:28:02.0061 5868 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:28:02.0063 5868 rdpbus - ok
10:28:02.0100 5868 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:28:02.0102 5868 RDPCDD - ok
10:28:02.0149 5868 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:28:02.0151 5868 RDPENCDD - ok
10:28:02.0170 5868 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:28:02.0172 5868 RDPREFMP - ok
10:28:02.0222 5868 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
10:28:02.0253 5868 RDPWD - ok
10:28:02.0320 5868 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:28:02.0332 5868 rdyboost - ok
10:28:02.0370 5868 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:28:02.0375 5868 RemoteAccess - ok
10:28:02.0417 5868 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:28:02.0446 5868 RemoteRegistry - ok
10:28:02.0478 5868 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:28:02.0483 5868 RpcEptMapper - ok
10:28:02.0520 5868 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:28:02.0524 5868 RpcLocator - ok
10:28:02.0624 5868 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:28:02.0631 5868 RpcSs - ok
10:28:02.0691 5868 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:28:02.0693 5868 rspndr - ok
10:28:02.0754 5868 RTL2832UBDA (87fbe0aa5b7dfd003d4bc6b625a2b180) C:\Windows\system32\drivers\RTL2832UBDA.sys
10:28:02.0778 5868 RTL2832UBDA - ok
10:28:02.0795 5868 RTL2832UUSB (1e4462cea673a4f58a2adabb19344b93) C:\Windows\system32\Drivers\RTL2832UUSB.sys
10:28:02.0798 5868 RTL2832UUSB - ok
10:28:03.0001 5868 RTL2832U_IRHID (636f046efd77b22f7c95716895d172e2) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
10:28:03.0004 5868 RTL2832U_IRHID - ok
10:28:03.0116 5868 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:28:03.0118 5868 SamSs - ok
10:28:03.0172 5868 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:28:03.0213 5868 sbp2port - ok
10:28:03.0247 5868 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:28:03.0262 5868 SCardSvr - ok
10:28:03.0301 5868 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:28:03.0303 5868 scfilter - ok
10:28:03.0400 5868 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
10:28:03.0412 5868 Schedule - ok
10:28:03.0455 5868 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:28:03.0457 5868 SCPolicySvc - ok
10:28:03.0513 5868 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
10:28:03.0527 5868 SDRSVC - ok
10:28:03.0570 5868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:28:03.0572 5868 secdrv - ok
10:28:03.0664 5868 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:28:03.0669 5868 seclogon - ok
10:28:03.0703 5868 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:28:03.0707 5868 SENS - ok
10:28:03.0732 5868 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:28:03.0737 5868 SensrSvc - ok
10:28:03.0770 5868 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:28:03.0772 5868 Serenum - ok
10:28:03.0798 5868 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:28:03.0803 5868 Serial - ok
10:28:03.0834 5868 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:28:03.0837 5868 sermouse - ok
10:28:03.0900 5868 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
10:28:03.0917 5868 SessionEnv - ok
10:28:03.0956 5868 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:28:03.0959 5868 sffdisk - ok
10:28:03.0966 5868 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:28:03.0974 5868 sffp_mmc - ok
10:28:03.0995 5868 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:28:03.0997 5868 sffp_sd - ok
10:28:04.0014 5868 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:28:04.0019 5868 sfloppy - ok
10:28:04.0091 5868 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
10:28:04.0099 5868 ShellHWDetection - ok
10:28:04.0136 5868 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:28:04.0141 5868 sisagp - ok
10:28:04.0177 5868 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:28:04.0180 5868 SiSRaid2 - ok
10:28:04.0200 5868 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:28:04.0203 5868 SiSRaid4 - ok
10:28:04.0243 5868 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:28:04.0261 5868 Smb - ok
10:28:04.0304 5868 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:28:04.0311 5868 SNMPTRAP - ok
10:28:04.0332 5868 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:28:04.0334 5868 spldr - ok
10:28:04.0391 5868 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
10:28:04.0398 5868 Spooler - ok
10:28:04.0729 5868 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
10:28:04.0788 5868 sppsvc - ok
10:28:04.0939 5868 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
10:28:04.0944 5868 sppuinotify - ok
10:28:05.0037 5868 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:28:05.0041 5868 srv - ok
10:28:05.0081 5868 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:28:05.0085 5868 srv2 - ok
10:28:05.0122 5868 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:28:05.0124 5868 srvnet - ok
10:28:05.0176 5868 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:28:05.0268 5868 SSDPSRV - ok
10:28:05.0293 5868 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:28:05.0312 5868 SstpSvc - ok
10:28:05.0355 5868 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:28:05.0358 5868 stexstor - ok
10:28:05.0456 5868 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
10:28:05.0465 5868 StiSvc - ok
10:28:05.0568 5868 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:28:05.0570 5868 swenum - ok
10:28:05.0718 5868 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:28:05.0744 5868 swprv - ok
10:28:05.0826 5868 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
10:28:05.0830 5868 SynTP - ok
10:28:05.0961 5868 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
10:28:05.0978 5868 SysMain - ok
10:28:06.0030 5868 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
10:28:06.0035 5868 TabletInputService - ok
10:28:06.0095 5868 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
10:28:06.0113 5868 TapiSrv - ok
10:28:06.0153 5868 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:28:06.0158 5868 TBS - ok
10:28:06.0324 5868 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
10:28:06.0358 5868 Tcpip - ok
10:28:06.0697 5868 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
10:28:06.0713 5868 TCPIP6 - ok
10:28:06.0844 5868 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:28:06.0846 5868 tcpipreg - ok
10:28:06.0891 5868 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:28:06.0894 5868 TDPIPE - ok
10:28:06.0941 5868 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:28:06.0944 5868 TDTCP - ok
10:28:06.0994 5868 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:28:07.0010 5868 tdx - ok
10:28:07.0053 5868 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:28:07.0055 5868 TermDD - ok
10:28:07.0138 5868 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
10:28:07.0156 5868 TermService - ok
10:28:07.0193 5868 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:28:07.0197 5868 Themes - ok
10:28:07.0254 5868 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:28:07.0257 5868 THREADORDER - ok
10:28:07.0286 5868 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:28:07.0291 5868 TrkWks - ok
10:28:07.0358 5868 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
10:28:07.0369 5868 TrustedInstaller - ok
10:28:07.0394 5868 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:28:07.0396 5868 tssecsrv - ok
10:28:07.0452 5868 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:28:07.0454 5868 TsUsbFlt - ok
10:28:07.0529 5868 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:28:07.0532 5868 tunnel - ok
10:28:07.0564 5868 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:28:07.0569 5868 uagp35 - ok
10:28:07.0677 5868 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:28:07.0685 5868 udfs - ok
10:28:07.0725 5868 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:28:07.0730 5868 UI0Detect - ok
10:28:07.0861 5868 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:28:07.0865 5868 uliagpkx - ok
10:28:08.0161 5868 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:28:08.0163 5868 umbus - ok
10:28:08.0205 5868 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:28:08.0210 5868 UmPass - ok
10:28:08.0261 5868 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:28:08.0279 5868 upnphost - ok
10:28:08.0333 5868 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
10:28:08.0336 5868 USBAAPL - ok
10:28:08.0376 5868 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
10:28:08.0379 5868 usbbus - ok
10:28:08.0400 5868 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:28:08.0404 5868 usbccgp - ok
10:28:08.0457 5868 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:28:08.0462 5868 usbcir - ok
10:28:08.0485 5868 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
10:28:08.0488 5868 UsbDiag - ok
10:28:08.0512 5868 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:28:08.0515 5868 usbehci - ok
10:28:08.0548 5868 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:28:08.0556 5868 usbhub - ok
10:28:08.0573 5868 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
10:28:08.0576 5868 USBModem - ok
10:28:08.0647 5868 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:28:08.0650 5868 usbohci - ok
10:28:08.0698 5868 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:28:08.0700 5868 usbprint - ok
10:28:08.0735 5868 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
10:28:08.0738 5868 usbscan - ok
10:28:08.0762 5868 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:28:08.0781 5868 USBSTOR - ok
10:28:08.0801 5868 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:28:08.0803 5868 usbuhci - ok
10:28:08.0832 5868 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:28:08.0836 5868 UxSms - ok
10:28:08.0875 5868 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:28:08.0879 5868 VaultSvc - ok
10:28:08.0918 5868 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:28:08.0921 5868 vdrvroot - ok
10:28:08.0995 5868 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
10:28:09.0014 5868 vds - ok
10:28:09.0052 5868 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:28:09.0054 5868 vga - ok
10:28:09.0079 5868 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:28:09.0081 5868 VgaSave - ok
10:28:09.0124 5868 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:28:09.0139 5868 vhdmp - ok
10:28:09.0171 5868 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:28:09.0174 5868 viaagp - ok
10:28:09.0219 5868 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:28:09.0222 5868 ViaC7 - ok
10:28:09.0261 5868 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:28:09.0264 5868 viaide - ok
10:28:09.0281 5868 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:28:09.0284 5868 volmgr - ok
10:28:09.0348 5868 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:28:09.0367 5868 volmgrx - ok
10:28:09.0406 5868 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:28:09.0425 5868 volsnap - ok
10:28:09.0473 5868 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:28:09.0477 5868 vsmraid - ok
10:28:09.0665 5868 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
10:28:09.0688 5868 VSS - ok
10:28:09.0744 5868 vusbser (75d83d1f061a252e5a6e893d3c7bc1de) C:\Windows\system32\DRIVERS\vusbser.sys
10:28:09.0747 5868 vusbser - ok
10:28:09.0762 5868 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:28:09.0764 5868 vwifibus - ok
10:28:09.0784 5868 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:28:09.0786 5868 vwififlt - ok
10:28:09.0843 5868 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:28:09.0858 5868 W32Time - ok
10:28:09.0898 5868 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:28:09.0901 5868 WacomPen - ok
10:28:09.0963 5868 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:28:09.0966 5868 WANARP - ok
10:28:09.0973 5868 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:28:09.0975 5868 Wanarpv6 - ok
10:28:10.0163 5868 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
10:28:10.0325 5868 WatAdminSvc - ok
10:28:10.0680 5868 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
10:28:10.0713 5868 wbengine - ok
10:28:10.0751 5868 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:28:10.0765 5868 WbioSrvc - ok
10:28:10.0815 5868 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
10:28:10.0835 5868 wcncsvc - ok
10:28:10.0854 5868 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:28:10.0860 5868 WcsPlugInService - ok
10:28:10.0916 5868 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:28:10.0919 5868 Wd - ok
10:28:10.0973 5868 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:28:10.0995 5868 Wdf01000 - ok
10:28:11.0017 5868 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:28:11.0035 5868 WdiServiceHost - ok
10:28:11.0044 5868 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:28:11.0050 5868 WdiSystemHost - ok
10:28:11.0104 5868 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
10:28:11.0116 5868 WebClient - ok
10:28:11.0145 5868 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:28:11.0160 5868 Wecsvc - ok
10:28:11.0181 5868 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:28:11.0187 5868 wercplsupport - ok
10:28:11.0233 5868 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:28:11.0239 5868 WerSvc - ok
10:28:11.0272 5868 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:28:11.0274 5868 WfpLwf - ok
10:28:11.0289 5868 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:28:11.0292 5868 WIMMount - ok
10:28:11.0305 5868 WinHttpAutoProxySvc - ok
10:28:11.0406 5868 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:28:11.0409 5868 Winmgmt - ok
10:28:11.0564 5868 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
10:28:11.0603 5868 WinRM - ok
10:28:11.0731 5868 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
10:28:11.0734 5868 WinUsb - ok
10:28:11.0848 5868 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:28:11.0862 5868 Wlansvc - ok
10:28:12.0123 5868 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:28:12.0143 5868 wlidsvc - ok
10:28:12.0309 5868 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:28:12.0310 5868 WmiAcpi - ok
10:28:12.0391 5868 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:28:12.0406 5868 wmiApSrv - ok
10:28:12.0679 5868 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:28:12.0692 5868 WMPNetworkSvc - ok
10:28:12.0983 5868 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:28:12.0991 5868 WPCSvc - ok
10:28:13.0173 5868 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
10:28:13.0192 5868 WPDBusEnum - ok
10:28:13.0361 5868 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:28:13.0363 5868 ws2ifsl - ok
10:28:13.0382 5868 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
10:28:13.0385 5868 WSDPrintDevice - ok
10:28:13.0396 5868 WSearch - ok
10:28:13.0449 5868 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:28:13.0451 5868 WudfPf - ok
10:28:13.0483 5868 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:28:13.0499 5868 WUDFRd - ok
10:28:13.0565 5868 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
10:28:13.0570 5868 wudfsvc - ok
10:28:13.0771 5868 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:28:13.0779 5868 WwanSvc - ok
10:28:13.0848 5868 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:28:14.0126 5868 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:28:14.0126 5868 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:28:14.0133 5868 Boot (0x1200) (f2a6bde60ebc39045c49cc49b98d041e) \Device\Harddisk0\DR0\Partition0
10:28:14.0136 5868 \Device\Harddisk0\DR0\Partition0 - ok
10:28:14.0183 5868 Boot (0x1200) (be7fec1c93570405038eedd66867c23f) \Device\Harddisk0\DR0\Partition1
10:28:14.0185 5868 \Device\Harddisk0\DR0\Partition1 - ok
10:28:14.0186 5868 ============================================================
10:28:14.0186 5868 Scan finished
10:28:14.0186 5868 ============================================================
10:28:14.0214 5860 Detected object count: 2
10:28:14.0214 5860 Actual detected object count: 2


aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 10:40:10
-----------------------------
10:40:10.587 OS Version: Windows 6.1.7601 Service Pack 1
10:40:10.587 Number of processors: 2 586 0x170A
10:40:10.592 ComputerName: BEN-PC UserName: Ben
10:40:11.345 Initialize success
10:40:17.576 AVAST engine defs: 12071600
10:40:32.191 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:40:32.195 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
10:40:32.223 Disk 0 MBR read successfully
10:40:32.228 Disk 0 MBR scan
10:40:32.237 Disk 0 Windows 7 default MBR code
10:40:32.282 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
10:40:32.305 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 20482048
10:40:32.325 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 142525 MB offset 20686848
10:40:32.336 Disk 0 scanning sectors +312578048
10:40:32.415 Disk 0 scanning C:\Windows\system32\drivers
10:40:46.362 Service scanning
10:41:14.550 Modules scanning
10:41:21.078 Disk 0 trace - called modules:
10:41:21.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
10:41:21.119 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e64030]
10:41:21.130 3 CLASSPNP.SYS[8ba7d59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86024028]
10:41:22.361 AVAST engine scan C:\Windows
10:41:24.645 AVAST engine scan C:\Windows\system32
10:45:26.434 AVAST engine scan C:\Windows\system32\drivers
10:45:48.816 AVAST engine scan C:\Users\Ben
10:46:26.027 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
10:46:26.043 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"

ESET Online Scanner:
C:\Users\Ben\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\7ea0cc96-1c21a34f multiple threats
C:\Users\Ben\Downloads\24_Season_1.exe Win32/BundleInstaller application

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 16 July 2012 - 09:59 AM

Please post the MBAM log

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe

Click on LOOK,post the generated log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#5 coincidental

coincidental
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 16 July 2012 - 12:47 PM

...

MBAM log:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ben :: BEN-PC [administrator]

Protection: Enabled

16/07/2012 16:19:39
mbam-log-2012-07-16 (18-38-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 556179
Time elapsed: 2 hour(s), 18 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}\U\00000001.@ (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}\U\800000cb.@ (Rootkit.0Access) -> No action taken.

(end)

SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:56 on 16/07/2012 by Ben
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] A302BBFF2A7278C0E239EE5D471D86A9
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

-= EOF =-

Minitoolbox:

MiniToolBox by Farbar Version: 15-07-2012
Ran by Ben (administrator) on 16-07-2012 at 17:05:26
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

74.208.10.249 gs.apple.com

========================= IP Configuration: ================================

Atheros AR5B91 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Ben-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Atheros AR5B91 Wireless Network Adapter
Physical Address. . . . . . . . . : 00-26-5E-03-53-7B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::48e2:3b1a:b24c:3a73%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 16 July 2012 11:08:31
Lease Expires . . . . . . . . . . : 17 July 2012 15:51:25
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 218113630
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-43-79-E1-00-1F-16-AA-21-27
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-1F-16-AA-21-27
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{61A7FB96-E791-470A-9F58-917718B3BF68}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: O2WirelessBox.lan
Address: 192.168.1.254

Name: google.com
Addresses: 2a00:1450:4009:801::1009
173.194.34.110
173.194.34.105
173.194.34.102
173.194.34.100
173.194.34.99
173.194.34.104
173.194.34.97
173.194.34.103
173.194.34.96
173.194.34.98
173.194.34.101


Pinging google.com [173.194.34.104] with 32 bytes of data:
Reply from 173.194.34.104: bytes=32 time=116ms TTL=57
Reply from 173.194.34.104: bytes=32 time=109ms TTL=57

Ping statistics for 173.194.34.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 109ms, Maximum = 116ms, Average = 112ms
Server: O2WirelessBox.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=210ms TTL=53
Reply from 209.191.122.70: bytes=32 time=238ms TTL=53

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 210ms, Maximum = 238ms, Average = 224ms
Server: O2WirelessBox.lan
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 5ms, Average = 4ms
===========================================================================
Interface List
11...00 26 5e 03 53 7b ......Atheros AR5B91 Wireless Network Adapter
10...00 1f 16 aa 21 27 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.72 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.72 281
192.168.1.72 255.255.255.255 On-link 192.168.1.72 281
192.168.1.255 255.255.255.255 On-link 192.168.1.72 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.72 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.72 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::48e2:3b1a:b24c:3a73/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/16/2012 03:26:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 913464

Error: (07/16/2012 03:26:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 913464

Error: (07/16/2012 03:26:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2012 03:26:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 911935

Error: (07/16/2012 03:26:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 911935

Error: (07/16/2012 03:26:17 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2012 03:26:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 910827

Error: (07/16/2012 03:26:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 910827

Error: (07/16/2012 03:26:16 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2012 03:26:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 909517


System errors:
=============
Error: (07/16/2012 03:26:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (07/16/2012 03:04:51 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/16/2012 03:04:51 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/16/2012 01:36:55 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/16/2012 01:36:55 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/16/2012 11:09:39 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/16/2012 11:09:31 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/16/2012 11:09:31 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/16/2012 11:08:32 AM) (Source: Service Control Manager) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (07/16/2012 11:08:32 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.


Microsoft Office Sessions:
=========================
Error: (03/19/2012 08:42:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 114754 seconds with 300 seconds of active time. This session ended with a crash.

Error: (11/26/2011 02:49:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/22/2011 07:43:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 762 seconds with 120 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
µTorrent (Version: 2.2.1)
AVG 2012 (Version: 12.0.2195)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2195)
Bonjour (Version: 3.0.0.10)
Bonjour Print Services (Version: 2.0.2.0)
CameraHelperMsi (Version: 13.00.1774.0)
CCleaner (Version: 3.00)
D3DX10 (Version: 15.4.2368.0902)
EPSON Scan
EPSON SX130 Series Printer Uninstall
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
Feedback Tool (Version: 1.1.0)
ffdshow v1.1.4238 [2012-01-09] (Version: 1.1.4238.0)
File Type Assistant
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Lexmark S300-S400 Series
LG USB Modem Drivers (Version: 4.9.4)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.01.1018.0)
LWS Gallery (Version: 13.01.1018.0)
LWS Help_main (Version: 13.01.1025.0)
LWS Launcher (Version: 13.01.1024.0)
LWS Motion Detection (Version: 13.01.1018.0)
LWS Pictures And Video (Version: 13.01.1018.0)
LWS Video Mask Maker (Version: 13.00.1774.0)
LWS VideoEffects (Version: 13.00.1774.0)
LWS Webcam Software (Version: 13.00.1774.0)
LWS WLM Plugin (Version: 1.00.1774.0)
LWS YouTube Plugin (Version: 13.01.1022.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MathPlayer (Version: 2.2)
McAfee Security Scan Plus (Version: 2.0.181.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Mathematics (Version: 4.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Minecraft Beta Cracked
Mozilla Firefox 13.0.1 (x86 en-GB) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 6.0.1.5888)
Rovio Firmware Updater
Rovio Software
Sense-Lang Certificate
Skype Click to Call (Version: 5.7.8524)
Skype™ 5.5 (Version: 5.5.124)
SweetIM for Messenger 3.6 (Version: 3.6.0008)
SweetPacks Toolbar for Internet Explorer 4.5 (Version: 4.5.0000)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 14.0.3.0)
UKCAT Practice Tests (Version: 2.11.2.138)
UltraVnc (Version: 1.0.9.6.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Manager for SweetPacks 1.0 (Version: 1.0.0005)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 1.1.5 (Version: 1.1.5)
WBFS Manager 2.5 (Version: 2.5)
WBFS to ISO
WebSlingPlayer ActiveX (Version: 1.5.7158)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
World of Tanks
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 3000.84 MB
Available physical RAM: 1481.04 MB
Total Pagefile: 5999.96 MB
Available Pagefile: 4146.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.16 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:139.18 GB) (Free:27.74 GB) NTFS

========================= Users: ========================================

User accounts for \\BEN-PC

Administrator Ben Guest


**** End of log ****


FSS:

Farbar Service Scanner Version: 08-07-2012
Ran by Ben (administrator) on 16-07-2012 at 17:06:54
Running from "C:\Users\Ben\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

Edited by coincidental, 16 July 2012 - 12:49 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 16 July 2012 - 08:10 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}

delete the folder

Please post the MBAM log

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}

Click on LOOK,post the generated log

#7 coincidental

coincidental
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 17 July 2012 - 05:02 AM

..

It's not letting me delete one of the files in the folder because 'the file is open in services.exe'. I tried deleting everything in the temp folder but a notepad file called FSXAPIDebugLog is in use in another process.


MBAM log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ben :: BEN-PC [administrator]

Protection: Disabled

17/07/2012 10:14:23
mbam-log-2012-07-17 (10-14-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199275
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 10:20 on 17/07/2012 by Ben
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

========== folderfind ==========

Searching for "{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}"
C:\Users\Ben\AppData\Local\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe} d--hs-- [20:16 11/01/2012]
C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe} d--hs-- [20:16 11/01/2012]

-= EOF =-

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 17 July 2012 - 06:26 AM

Please run the Script ,restart the PC and delete both the folders

Run system look again

#9 coincidental

coincidental
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 17 July 2012 - 07:32 AM

Please run the Script ,restart the PC and delete both the folders

Run system look again

Still can't delete the
C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe} folder. I had a blue screen when I restarted the computer and it went into 'startup repair' and it did a system restore, not sure if that's relevant or not. When I run the script it says in cmd 'ERROR: The system cannot find the file specified'
Here's system look anyway:
SystemLook 30.07.11 by jpshortstuff
Log created at 13:13 on 17/07/2012 by Ben
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

========== folderfind ==========

Searching for "{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}"
C:\Users\Ben\AppData\Local\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe} d--hs-- [20:16 11/01/2012]
C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe} d--hs-- [20:16 11/01/2012]

-= EOF =-

I ran MalwareBytes again aswell since it did a system restore...
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.17.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Ben :: BEN-PC [administrator]

Protection: Enabled

17/07/2012 13:22:07
mbam-log-2012-07-17 (13-28-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199511
Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}\U\00000001.@ (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}\U\800000cb.@ (Rootkit.0Access) -> No action taken.

(end)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 17 July 2012 - 07:40 AM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe

Click on LOOK,post the generated log

IMP:Do not restart the PC ,unless instructed.

Edited by narenxp, 17 July 2012 - 08:07 AM.


#11 coincidental

coincidental
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 17 July 2012 - 08:20 AM

...

SystemLook 30.07.11 by jpshortstuff
Log created at 14:08 on 17/07/2012 by Ben
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

-= EOF =-

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 17 July 2012 - 08:46 AM

That looks good

C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}\U\00000001.@ (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}\U\800000cb.@ (Rootkit.0Access) -> No action taken.


Please run MBAM again and remove them

Restart the PC and delete both the folders

C:\Users\Ben\AppData\Local\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}
C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}

Let me know if it worked

Edited by narenxp, 17 July 2012 - 08:47 AM.


#13 coincidental

coincidental
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 17 July 2012 - 09:54 AM

That looks good


C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}\U\00000001.@ (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}\U\800000cb.@ (Rootkit.0Access) -> No action taken.


Please run MBAM again and remove them

Restart the PC and delete both the folders

C:\Users\Ben\AppData\Local\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}
C:\Windows\Installer\{8d87e3cf-e30f-ef0a-b106-9cdd759644fe}

Let me know if it worked

Yeah it seems to be working! Thanks a lot for your help, really useful.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:45 AM

Posted 17 July 2012 - 10:02 AM

Grt :)

If you find this file delete it,else SKIP to next step

C:\windows\system32\services.exe.old

Download

wuauserv
BITS
wscsvc
defender


Launch them ,click YES when you get UAC prompt

restart the PC

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the new FSS log

#15 coincidental

coincidental
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 17 July 2012 - 10:26 AM

...

FSS Log:
Farbar Service Scanner Version: 08-07-2012
Ran by Ben (administrator) on 17-07-2012 at 16:22:06
Running from "C:\Users\Ben\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users