Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.dropper.bcminer


  • Please log in to reply
9 replies to this topic

#1 Crym

Crym

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 22 July 2012 - 07:20 PM

Hi guys noticed that most of the instruction sets to remove this are system specific so am hoping I could get some help removing this baddy please and thank you.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 PM

Posted 22 July 2012 - 07:26 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Crym

Crym
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 23 July 2012 - 02:02 PM

TDSS Killer:


13:40:11.0627 5312 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
13:40:11.0627 5312 UEFI system
13:40:11.0954 5312 ============================================================
13:40:11.0954 5312 Current date / time: 2012/07/23 13:40:11.0954
13:40:11.0954 5312 SystemInfo:
13:40:11.0954 5312
13:40:11.0954 5312 OS Version: 6.1.7601 ServicePack: 1.0
13:40:11.0954 5312 Product type: Workstation
13:40:11.0954 5312 ComputerName: PHIL-PC
13:40:11.0955 5312 UserName: Phil
13:40:11.0955 5312 Windows directory: C:\Windows
13:40:11.0955 5312 System windows directory: C:\Windows
13:40:11.0955 5312 Running under WOW64
13:40:11.0955 5312 Processor architecture: Intel x64
13:40:11.0955 5312 Number of processors: 4
13:40:11.0955 5312 Page size: 0x1000
13:40:11.0955 5312 Boot type: Normal boot
13:40:11.0955 5312 ============================================================
13:40:12.0126 5312 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
13:40:12.0140 5312 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:40:12.0148 5312 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:40:18.0975 5312 ============================================================
13:40:18.0975 5312 \Device\Harddisk1\DR1:
13:40:18.0975 5312 GPT partitions:
13:40:18.0976 5312 \Device\Harddisk1\DR1\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FE215D02-17B6-4AF1-9AC2-2E90954DDBCA}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
13:40:18.0976 5312 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A453F42A-95E5-49E5-8EC7-66995CB53015}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
13:40:18.0976 5312 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A8EB2096-3179-4FB1-9305-555F2C952FFF}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xDF22000
13:40:18.0976 5312 MBR partitions:
13:40:18.0976 5312 \Device\Harddisk0\DR0:
13:40:18.0976 5312 MBR partitions:
13:40:18.0976 5312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:40:18.0976 5312 \Device\Harddisk3\DR3:
13:40:18.0977 5312 MBR partitions:
13:40:18.0977 5312 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
13:40:18.0977 5312 ============================================================
13:40:18.0978 5312 C: <-> \Device\Harddisk1\DR1\Partition2
13:40:19.0010 5312 D: <-> \Device\Harddisk0\DR0\Partition0
13:40:19.0023 5312 G: <-> \Device\Harddisk3\DR3\Partition0
13:40:19.0023 5312 ============================================================
13:40:19.0023 5312 Initialize success
13:40:19.0023 5312 ============================================================
13:40:28.0412 1792 ============================================================
13:40:28.0412 1792 Scan started
13:40:28.0412 1792 Mode: Manual; TDLFS;
13:40:28.0412 1792 ============================================================
13:40:29.0441 1792 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
13:40:29.0442 1792 1394ohci - ok
13:40:29.0451 1792 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:40:29.0452 1792 ACPI - ok
13:40:29.0454 1792 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:40:29.0455 1792 AcpiPmi - ok
13:40:29.0461 1792 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:40:29.0462 1792 AdobeARMservice - ok
13:40:29.0481 1792 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:40:29.0482 1792 AdobeFlashPlayerUpdateSvc - ok
13:40:29.0494 1792 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:40:29.0496 1792 adp94xx - ok
13:40:29.0506 1792 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:40:29.0507 1792 adpahci - ok
13:40:29.0510 1792 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:40:29.0511 1792 adpu320 - ok
13:40:29.0516 1792 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:40:29.0516 1792 AeLookupSvc - ok
13:40:29.0528 1792 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:40:29.0530 1792 AFD - ok
13:40:29.0534 1792 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:40:29.0534 1792 agp440 - ok
13:40:29.0539 1792 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:40:29.0539 1792 ALG - ok
13:40:29.0541 1792 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:40:29.0541 1792 aliide - ok
13:40:29.0545 1792 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
13:40:29.0545 1792 Alpham1 - ok
13:40:29.0548 1792 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
13:40:29.0548 1792 Alpham2 - ok
13:40:29.0550 1792 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:40:29.0550 1792 amdide - ok
13:40:29.0555 1792 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:40:29.0556 1792 AmdK8 - ok
13:40:29.0559 1792 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:40:29.0560 1792 AmdPPM - ok
13:40:29.0564 1792 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:40:29.0565 1792 amdsata - ok
13:40:29.0572 1792 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:40:29.0573 1792 amdsbs - ok
13:40:29.0575 1792 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:40:29.0575 1792 amdxata - ok
13:40:29.0577 1792 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:40:29.0578 1792 AppID - ok
13:40:29.0581 1792 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:40:29.0581 1792 AppIDSvc - ok
13:40:29.0585 1792 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:40:29.0586 1792 Appinfo - ok
13:40:29.0593 1792 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:40:29.0593 1792 Apple Mobile Device - ok
13:40:29.0597 1792 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:40:29.0598 1792 arc - ok
13:40:29.0602 1792 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:40:29.0602 1792 arcsas - ok
13:40:29.0608 1792 asmthub3 (e1e75921e9eb025009696d4837f531fb) C:\Windows\system32\DRIVERS\asmthub3.sys
13:40:29.0609 1792 asmthub3 - ok
13:40:29.0618 1792 asmtxhci (b0cf9ab16006b61634d4f955345ca5d2) C:\Windows\system32\DRIVERS\asmtxhci.sys
13:40:29.0619 1792 asmtxhci - ok
13:40:29.0623 1792 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:40:29.0623 1792 AsyncMac - ok
13:40:29.0625 1792 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:40:29.0625 1792 atapi - ok
13:40:29.0628 1792 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys
13:40:29.0628 1792 AthBTPort - ok
13:40:29.0632 1792 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys
13:40:29.0632 1792 ATHDFU - ok
13:40:29.0636 1792 AtherosSvc (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
13:40:29.0636 1792 AtherosSvc - ok
13:40:29.0649 1792 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:40:29.0652 1792 AudioEndpointBuilder - ok
13:40:29.0656 1792 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:40:29.0659 1792 AudioSrv - ok
13:40:29.0664 1792 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:40:29.0665 1792 AxInstSV - ok
13:40:29.0676 1792 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:40:29.0678 1792 b06bdrv - ok
13:40:29.0687 1792 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:40:29.0688 1792 b57nd60a - ok
13:40:29.0695 1792 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:40:29.0696 1792 BDESVC - ok
13:40:29.0698 1792 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:40:29.0698 1792 Beep - ok
13:40:29.0701 1792 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:40:29.0701 1792 blbdrive - ok
13:40:29.0713 1792 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:40:29.0715 1792 Bonjour Service - ok
13:40:29.0720 1792 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:40:29.0720 1792 bowser - ok
13:40:29.0723 1792 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:40:29.0723 1792 BrFiltLo - ok
13:40:29.0725 1792 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:40:29.0725 1792 BrFiltUp - ok
13:40:29.0733 1792 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:40:29.0734 1792 Browser - ok
13:40:29.0741 1792 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:40:29.0743 1792 Brserid - ok
13:40:29.0745 1792 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:40:29.0745 1792 BrSerWdm - ok
13:40:29.0747 1792 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:40:29.0747 1792 BrUsbMdm - ok
13:40:29.0750 1792 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:40:29.0750 1792 BrUsbSer - ok
13:40:29.0759 1792 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys
13:40:29.0760 1792 BTATH_A2DP - ok
13:40:29.0763 1792 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys
13:40:29.0763 1792 BTATH_BUS - ok
13:40:29.0771 1792 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys
13:40:29.0772 1792 BTATH_HCRP - ok
13:40:29.0776 1792 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys
13:40:29.0776 1792 BTATH_LWFLT - ok
13:40:29.0783 1792 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys
13:40:29.0784 1792 BTATH_RCP - ok
13:40:29.0793 1792 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys
13:40:29.0795 1792 BtFilter - ok
13:40:29.0798 1792 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:40:29.0799 1792 BthEnum - ok
13:40:29.0803 1792 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:40:29.0803 1792 BTHMODEM - ok
13:40:29.0809 1792 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:40:29.0810 1792 BthPan - ok
13:40:29.0821 1792 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
13:40:29.0823 1792 BTHPORT - ok
13:40:29.0828 1792 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:40:29.0829 1792 bthserv - ok
13:40:29.0832 1792 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
13:40:29.0833 1792 BTHUSB - ok
13:40:29.0837 1792 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:40:29.0838 1792 cdfs - ok
13:40:29.0845 1792 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:40:29.0846 1792 cdrom - ok
13:40:29.0850 1792 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:40:29.0851 1792 CertPropSvc - ok
13:40:29.0853 1792 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:40:29.0853 1792 circlass - ok
13:40:29.0862 1792 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:40:29.0864 1792 CLFS - ok
13:40:29.0870 1792 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:40:29.0870 1792 clr_optimization_v2.0.50727_32 - ok
13:40:29.0877 1792 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:40:29.0878 1792 clr_optimization_v2.0.50727_64 - ok
13:40:29.0888 1792 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:40:29.0888 1792 clr_optimization_v4.0.30319_32 - ok
13:40:29.0898 1792 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:40:29.0899 1792 clr_optimization_v4.0.30319_64 - ok
13:40:29.0901 1792 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:40:29.0901 1792 CmBatt - ok
13:40:29.0904 1792 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:40:29.0904 1792 cmdide - ok
13:40:29.0914 1792 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
13:40:29.0916 1792 CNG - ok
13:40:29.0918 1792 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:40:29.0918 1792 Compbatt - ok
13:40:29.0921 1792 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:40:29.0922 1792 CompositeBus - ok
13:40:29.0923 1792 COMSysApp - ok
13:40:29.0926 1792 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:40:29.0926 1792 crcdisk - ok
13:40:29.0932 1792 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
13:40:29.0932 1792 Creative ALchemy AL6 Licensing Service - ok
13:40:29.0936 1792 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:40:29.0937 1792 Creative Audio Engine Licensing Service - ok
13:40:29.0945 1792 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:40:29.0946 1792 CryptSvc - ok
13:40:29.0956 1792 CTAudSvcService (7daa33aaee034ae62ef631a3f13a027b) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
13:40:29.0957 1792 CTAudSvcService - ok
13:40:29.0969 1792 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:40:29.0972 1792 DcomLaunch - ok
13:40:29.0981 1792 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:40:29.0982 1792 defragsvc - ok
13:40:29.0990 1792 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:40:29.0990 1792 DfsC - ok
13:40:30.0000 1792 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:40:30.0002 1792 Dhcp - ok
13:40:30.0005 1792 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:40:30.0005 1792 discache - ok
13:40:30.0010 1792 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:40:30.0010 1792 Disk - ok
13:40:30.0017 1792 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:40:30.0018 1792 Dnscache - ok
13:40:30.0027 1792 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:40:30.0028 1792 dot3svc - ok
13:40:30.0035 1792 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:40:30.0036 1792 DPS - ok
13:40:30.0038 1792 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:40:30.0039 1792 drmkaud - ok
13:40:30.0053 1792 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:40:30.0056 1792 DXGKrnl - ok
13:40:30.0065 1792 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
13:40:30.0067 1792 e1cexpress - ok
13:40:30.0072 1792 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:40:30.0073 1792 EapHost - ok
13:40:30.0107 1792 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:40:30.0119 1792 ebdrv - ok
13:40:30.0133 1792 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:40:30.0134 1792 EFS - ok
13:40:30.0146 1792 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:40:30.0149 1792 ehRecvr - ok
13:40:30.0151 1792 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:40:30.0152 1792 ehSched - ok
13:40:30.0166 1792 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:40:30.0168 1792 elxstor - ok
13:40:30.0170 1792 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:40:30.0170 1792 ErrDev - ok
13:40:30.0183 1792 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:40:30.0185 1792 EventSystem - ok
13:40:30.0188 1792 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:40:30.0189 1792 exfat - ok
13:40:30.0195 1792 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:40:30.0196 1792 fastfat - ok
13:40:30.0208 1792 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:40:30.0210 1792 Fax - ok
13:40:30.0212 1792 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:40:30.0212 1792 fdc - ok
13:40:30.0215 1792 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:40:30.0215 1792 fdPHost - ok
13:40:30.0218 1792 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:40:30.0218 1792 FDResPub - ok
13:40:30.0220 1792 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:40:30.0221 1792 FileInfo - ok
13:40:30.0222 1792 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:40:30.0223 1792 Filetrace - ok
13:40:30.0225 1792 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:40:30.0226 1792 flpydisk - ok
13:40:30.0234 1792 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:40:30.0236 1792 FltMgr - ok
13:40:30.0251 1792 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:40:30.0256 1792 FontCache - ok
13:40:30.0260 1792 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:40:30.0261 1792 FontCache3.0.0.0 - ok
13:40:30.0265 1792 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:40:30.0266 1792 FsDepends - ok
13:40:30.0268 1792 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:40:30.0269 1792 Fs_Rec - ok
13:40:30.0277 1792 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:40:30.0278 1792 fvevol - ok
13:40:30.0282 1792 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:40:30.0282 1792 gagp30kx - ok
13:40:30.0285 1792 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:40:30.0285 1792 GEARAspiWDM - ok
13:40:30.0298 1792 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:40:30.0301 1792 gpsvc - ok
13:40:30.0308 1792 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:30.0309 1792 gupdate - ok
13:40:30.0311 1792 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:40:30.0311 1792 gupdatem - ok
13:40:30.0314 1792 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:40:30.0314 1792 hcw85cir - ok
13:40:30.0323 1792 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:40:30.0325 1792 HdAudAddService - ok
13:40:30.0331 1792 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:40:30.0332 1792 HDAudBus - ok
13:40:30.0334 1792 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:40:30.0334 1792 HidBatt - ok
13:40:30.0339 1792 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:40:30.0339 1792 HidBth - ok
13:40:30.0342 1792 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:40:30.0342 1792 HidIr - ok
13:40:30.0345 1792 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:40:30.0346 1792 hidserv - ok
13:40:30.0348 1792 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:40:30.0348 1792 HidUsb - ok
13:40:30.0353 1792 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:40:30.0354 1792 hkmsvc - ok
13:40:30.0363 1792 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:40:30.0365 1792 HomeGroupListener - ok
13:40:30.0372 1792 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:40:30.0373 1792 HomeGroupProvider - ok
13:40:30.0378 1792 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:40:30.0378 1792 HpSAMD - ok
13:40:30.0391 1792 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:40:30.0394 1792 HTTP - ok
13:40:30.0396 1792 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:40:30.0396 1792 hwpolicy - ok
13:40:30.0399 1792 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:40:30.0399 1792 i8042prt - ok
13:40:30.0408 1792 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:40:30.0410 1792 iaStorV - ok
13:40:30.0425 1792 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:40:30.0428 1792 idsvc - ok
13:40:30.0432 1792 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:40:30.0432 1792 iirsp - ok
13:40:30.0445 1792 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:40:30.0449 1792 IKEEXT - ok
13:40:30.0479 1792 IntcAzAudAddService (dab7318ccfa8081200d5b7b486793f74) C:\Windows\system32\drivers\RTKVHD64.sys
13:40:30.0489 1792 IntcAzAudAddService - ok
13:40:30.0505 1792 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:40:30.0505 1792 intelide - ok
13:40:30.0509 1792 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:40:30.0509 1792 intelppm - ok
13:40:30.0515 1792 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
13:40:30.0516 1792 Intel® PROSet Monitoring Service - ok
13:40:30.0521 1792 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:40:30.0522 1792 IPBusEnum - ok
13:40:30.0526 1792 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:40:30.0527 1792 IpFilterDriver - ok
13:40:30.0531 1792 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:40:30.0531 1792 IPMIDRV - ok
13:40:30.0536 1792 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:40:30.0537 1792 IPNAT - ok
13:40:30.0552 1792 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
13:40:30.0556 1792 iPod Service - ok
13:40:30.0558 1792 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:40:30.0559 1792 IRENUM - ok
13:40:30.0561 1792 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:40:30.0561 1792 isapnp - ok
13:40:30.0569 1792 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:40:30.0570 1792 iScsiPrt - ok
13:40:30.0576 1792 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
13:40:30.0577 1792 JRAID - ok
13:40:30.0580 1792 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:40:30.0580 1792 kbdclass - ok
13:40:30.0583 1792 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:40:30.0583 1792 kbdhid - ok
13:40:30.0586 1792 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:30.0587 1792 KeyIso - ok
13:40:30.0592 1792 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
13:40:30.0592 1792 KSecDD - ok
13:40:30.0598 1792 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
13:40:30.0599 1792 KSecPkg - ok
13:40:30.0601 1792 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:40:30.0602 1792 ksthunk - ok
13:40:30.0611 1792 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:40:30.0613 1792 KtmRm - ok
13:40:30.0622 1792 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:40:30.0623 1792 LanmanServer - ok
13:40:30.0629 1792 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:40:30.0630 1792 LanmanWorkstation - ok
13:40:30.0635 1792 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:40:30.0635 1792 lltdio - ok
13:40:30.0643 1792 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:40:30.0645 1792 lltdsvc - ok
13:40:30.0647 1792 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:40:30.0647 1792 lmhosts - ok
13:40:30.0654 1792 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:40:30.0655 1792 LSI_FC - ok
13:40:30.0660 1792 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:40:30.0660 1792 LSI_SAS - ok
13:40:30.0664 1792 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:40:30.0664 1792 LSI_SAS2 - ok
13:40:30.0669 1792 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:40:30.0670 1792 LSI_SCSI - ok
13:40:30.0675 1792 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:40:30.0676 1792 luafv - ok
13:40:30.0678 1792 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
13:40:30.0679 1792 MBAMProtector - ok
13:40:30.0691 1792 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:40:30.0693 1792 MBAMService - ok
13:40:30.0697 1792 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:40:30.0698 1792 Mcx2Svc - ok
13:40:30.0701 1792 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:40:30.0701 1792 megasas - ok
13:40:30.0710 1792 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:40:30.0711 1792 MegaSR - ok
13:40:30.0715 1792 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:40:30.0716 1792 MEIx64 - ok
13:40:30.0720 1792 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:40:30.0721 1792 MMCSS - ok
13:40:30.0722 1792 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:40:30.0723 1792 Modem - ok
13:40:30.0725 1792 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:40:30.0725 1792 monitor - ok
13:40:30.0728 1792 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:40:30.0729 1792 mouclass - ok
13:40:30.0732 1792 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:40:30.0732 1792 mouhid - ok
13:40:30.0737 1792 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:40:30.0737 1792 mountmgr - ok
13:40:30.0744 1792 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:40:30.0745 1792 MozillaMaintenance - ok
13:40:30.0752 1792 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:40:30.0753 1792 mpio - ok
13:40:30.0755 1792 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:40:30.0755 1792 mpsdrv - ok
13:40:30.0758 1792 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:40:30.0758 1792 MRxDAV - ok
13:40:30.0765 1792 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:40:30.0766 1792 mrxsmb - ok
13:40:30.0774 1792 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:40:30.0776 1792 mrxsmb10 - ok
13:40:30.0781 1792 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:40:30.0782 1792 mrxsmb20 - ok
13:40:30.0785 1792 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:40:30.0786 1792 msahci - ok
13:40:30.0792 1792 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:40:30.0792 1792 msdsm - ok
13:40:30.0799 1792 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:40:30.0800 1792 MSDTC - ok
13:40:30.0803 1792 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:40:30.0803 1792 Msfs - ok
13:40:30.0805 1792 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:40:30.0806 1792 mshidkmdf - ok
13:40:30.0808 1792 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:40:30.0808 1792 msisadrv - ok
13:40:30.0815 1792 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:40:30.0817 1792 MSiSCSI - ok
13:40:30.0818 1792 msiserver - ok
13:40:30.0821 1792 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:40:30.0821 1792 MSKSSRV - ok
13:40:30.0823 1792 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:40:30.0823 1792 MSPCLOCK - ok
13:40:30.0825 1792 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:40:30.0826 1792 MSPQM - ok
13:40:30.0834 1792 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:40:30.0836 1792 MsRPC - ok
13:40:30.0838 1792 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:40:30.0839 1792 mssmbios - ok
13:40:30.0841 1792 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:40:30.0841 1792 MSTEE - ok
13:40:30.0843 1792 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:40:30.0844 1792 MTConfig - ok
13:40:30.0846 1792 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:40:30.0846 1792 Mup - ok
13:40:30.0856 1792 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys
13:40:30.0857 1792 mv91xx - ok
13:40:30.0868 1792 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:40:30.0870 1792 napagent - ok
13:40:30.0879 1792 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:40:30.0881 1792 NativeWifiP - ok
13:40:30.0895 1792 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:40:30.0899 1792 NDIS - ok
13:40:30.0901 1792 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:40:30.0901 1792 NdisCap - ok
13:40:30.0903 1792 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:40:30.0904 1792 NdisTapi - ok
13:40:30.0906 1792 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:40:30.0906 1792 Ndisuio - ok
13:40:30.0913 1792 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:40:30.0914 1792 NdisWan - ok
13:40:30.0915 1792 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:40:30.0916 1792 NDProxy - ok
13:40:30.0918 1792 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:40:30.0918 1792 NetBIOS - ok
13:40:30.0926 1792 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:40:30.0927 1792 NetBT - ok
13:40:30.0930 1792 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:30.0931 1792 Netlogon - ok
13:40:30.0940 1792 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:40:30.0942 1792 Netman - ok
13:40:30.0952 1792 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:40:30.0955 1792 netprofm - ok
13:40:30.0961 1792 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:40:30.0962 1792 NetTcpPortSharing - ok
13:40:30.0965 1792 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:40:30.0966 1792 nfrd960 - ok
13:40:30.0974 1792 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:40:30.0976 1792 NlaSvc - ok
13:40:30.0979 1792 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:40:30.0980 1792 Npfs - ok
13:40:30.0982 1792 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:40:30.0983 1792 nsi - ok
13:40:30.0985 1792 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:40:30.0985 1792 nsiproxy - ok
13:40:31.0007 1792 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:40:31.0013 1792 Ntfs - ok
13:40:31.0028 1792 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:40:31.0029 1792 Null - ok
13:40:31.0037 1792 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
13:40:31.0038 1792 NVHDA - ok
13:40:31.0169 1792 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:40:31.0218 1792 nvlddmkm - ok
13:40:31.0240 1792 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:40:31.0241 1792 nvraid - ok
13:40:31.0247 1792 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:40:31.0248 1792 nvstor - ok
13:40:31.0262 1792 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
13:40:31.0266 1792 nvsvc - ok
13:40:31.0295 1792 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:40:31.0303 1792 nvUpdatusService - ok
13:40:31.0322 1792 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:40:31.0323 1792 nv_agp - ok
13:40:31.0334 1792 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:40:31.0336 1792 odserv - ok
13:40:31.0340 1792 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:40:31.0340 1792 ohci1394 - ok
13:40:31.0347 1792 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:40:31.0348 1792 ose - ok
13:40:31.0357 1792 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:40:31.0359 1792 p2pimsvc - ok
13:40:31.0368 1792 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:40:31.0370 1792 p2psvc - ok
13:40:31.0375 1792 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:40:31.0376 1792 Parport - ok
13:40:31.0380 1792 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:40:31.0380 1792 partmgr - ok
13:40:31.0385 1792 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:40:31.0387 1792 PcaSvc - ok
13:40:31.0394 1792 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:40:31.0395 1792 pci - ok
13:40:31.0396 1792 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:40:31.0397 1792 pciide - ok
13:40:31.0404 1792 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:40:31.0405 1792 pcmcia - ok
13:40:31.0407 1792 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:40:31.0408 1792 pcw - ok
13:40:31.0415 1792 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:40:31.0417 1792 PEAUTH - ok
13:40:31.0430 1792 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:40:31.0431 1792 PerfHost - ok
13:40:31.0453 1792 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:40:31.0459 1792 pla - ok
13:40:31.0469 1792 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:40:31.0471 1792 PlugPlay - ok
13:40:31.0475 1792 PnkBstrA - ok
13:40:31.0478 1792 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:40:31.0479 1792 PNRPAutoReg - ok
13:40:31.0487 1792 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:40:31.0489 1792 PNRPsvc - ok
13:40:31.0500 1792 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:40:31.0502 1792 PolicyAgent - ok
13:40:31.0510 1792 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:40:31.0511 1792 Power - ok
13:40:31.0519 1792 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:40:31.0519 1792 PptpMiniport - ok
13:40:31.0521 1792 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:40:31.0523 1792 Processor - ok
13:40:31.0531 1792 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:40:31.0533 1792 ProfSvc - ok
13:40:31.0535 1792 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:31.0536 1792 ProtectedStorage - ok
13:40:31.0542 1792 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:40:31.0543 1792 Psched - ok
13:40:31.0563 1792 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:40:31.0568 1792 ql2300 - ok
13:40:31.0584 1792 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:40:31.0585 1792 ql40xx - ok
13:40:31.0594 1792 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:40:31.0595 1792 QWAVE - ok
13:40:31.0598 1792 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:40:31.0598 1792 QWAVEdrv - ok
13:40:31.0600 1792 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:40:31.0601 1792 RasAcd - ok
13:40:31.0604 1792 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:40:31.0604 1792 RasAgileVpn - ok
13:40:31.0609 1792 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:40:31.0610 1792 RasAuto - ok
13:40:31.0615 1792 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:40:31.0616 1792 Rasl2tp - ok
13:40:31.0625 1792 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:40:31.0627 1792 RasMan - ok
13:40:31.0631 1792 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:40:31.0632 1792 RasPppoe - ok
13:40:31.0636 1792 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:40:31.0637 1792 RasSstp - ok
13:40:31.0645 1792 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:40:31.0646 1792 rdbss - ok
13:40:31.0648 1792 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:40:31.0649 1792 rdpbus - ok
13:40:31.0651 1792 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:40:31.0651 1792 RDPCDD - ok
13:40:31.0655 1792 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:40:31.0655 1792 RDPENCDD - ok
13:40:31.0658 1792 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:40:31.0658 1792 RDPREFMP - ok
13:40:31.0667 1792 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:40:31.0667 1792 RDPWD - ok
13:40:31.0676 1792 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:40:31.0677 1792 rdyboost - ok
13:40:31.0682 1792 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:40:31.0683 1792 RemoteAccess - ok
13:40:31.0690 1792 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:40:31.0691 1792 RemoteRegistry - ok
13:40:31.0699 1792 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:40:31.0699 1792 RFCOMM - ok
13:40:31.0703 1792 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:40:31.0704 1792 RpcEptMapper - ok
13:40:31.0706 1792 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:40:31.0707 1792 RpcLocator - ok
13:40:31.0718 1792 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:40:31.0720 1792 RpcSs - ok
13:40:31.0725 1792 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:40:31.0726 1792 rspndr - ok
13:40:31.0728 1792 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:31.0729 1792 SamSs - ok
13:40:31.0734 1792 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:40:31.0734 1792 sbp2port - ok
13:40:31.0741 1792 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:40:31.0743 1792 SCardSvr - ok
13:40:31.0746 1792 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:40:31.0746 1792 scfilter - ok
13:40:31.0763 1792 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:40:31.0767 1792 Schedule - ok
13:40:31.0772 1792 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:40:31.0772 1792 SCPolicySvc - ok
13:40:31.0781 1792 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:40:31.0783 1792 SDRSVC - ok
13:40:31.0789 1792 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:40:31.0789 1792 secdrv - ok
13:40:31.0792 1792 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:40:31.0793 1792 seclogon - ok
13:40:31.0797 1792 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:40:31.0798 1792 SENS - ok
13:40:31.0801 1792 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:40:31.0801 1792 SensrSvc - ok
13:40:31.0804 1792 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:40:31.0804 1792 Serenum - ok
13:40:31.0809 1792 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:40:31.0810 1792 Serial - ok
13:40:31.0813 1792 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:40:31.0813 1792 sermouse - ok
13:40:31.0821 1792 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:40:31.0822 1792 SessionEnv - ok
13:40:31.0824 1792 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:40:31.0824 1792 sffdisk - ok
13:40:31.0826 1792 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:40:31.0827 1792 sffp_mmc - ok
13:40:31.0828 1792 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:40:31.0828 1792 sffp_sd - ok
13:40:31.0831 1792 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:40:31.0831 1792 sfloppy - ok
13:40:31.0841 1792 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:40:31.0843 1792 ShellHWDetection - ok
13:40:31.0847 1792 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:40:31.0847 1792 SiSRaid2 - ok
13:40:31.0851 1792 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:40:31.0852 1792 SiSRaid4 - ok
13:40:31.0856 1792 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:40:31.0857 1792 Smb - ok
13:40:31.0861 1792 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:40:31.0862 1792 SNMPTRAP - ok
13:40:31.0864 1792 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:40:31.0864 1792 spldr - ok
13:40:31.0877 1792 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:40:31.0880 1792 Spooler - ok
13:40:31.0925 1792 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:40:31.0939 1792 sppsvc - ok
13:40:31.0952 1792 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:40:31.0953 1792 sppuinotify - ok
13:40:31.0966 1792 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:40:31.0968 1792 srv - ok
13:40:31.0978 1792 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:40:31.0979 1792 srv2 - ok
13:40:31.0987 1792 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:40:31.0988 1792 srvnet - ok
13:40:31.0995 1792 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:40:31.0997 1792 SSDPSRV - ok
13:40:32.0001 1792 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:40:32.0002 1792 SstpSvc - ok
13:40:32.0005 1792 Steam Client Service - ok
13:40:32.0016 1792 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:40:32.0018 1792 Stereo Service - ok
13:40:32.0020 1792 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:40:32.0021 1792 stexstor - ok
13:40:32.0034 1792 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:40:32.0037 1792 stisvc - ok
13:40:32.0039 1792 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:40:32.0040 1792 swenum - ok
13:40:32.0051 1792 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:40:32.0053 1792 swprv - ok
13:40:32.0078 1792 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:40:32.0084 1792 SysMain - ok
13:40:32.0100 1792 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:40:32.0102 1792 TabletInputService - ok
13:40:32.0112 1792 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:40:32.0114 1792 TapiSrv - ok
13:40:32.0118 1792 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:40:32.0119 1792 TBS - ok
13:40:32.0145 1792 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:40:32.0152 1792 Tcpip - ok
13:40:32.0179 1792 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:40:32.0185 1792 TCPIP6 - ok
13:40:32.0195 1792 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:40:32.0195 1792 tcpipreg - ok
13:40:32.0199 1792 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:40:32.0199 1792 TDPIPE - ok
13:40:32.0202 1792 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:40:32.0202 1792 TDTCP - ok
13:40:32.0208 1792 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:40:32.0209 1792 tdx - ok
13:40:32.0212 1792 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:40:32.0213 1792 TermDD - ok
13:40:32.0225 1792 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:40:32.0228 1792 TermService - ok
13:40:32.0231 1792 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:40:32.0232 1792 Themes - ok
13:40:32.0236 1792 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:40:32.0237 1792 THREADORDER - ok
13:40:32.0243 1792 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:40:32.0244 1792 TrkWks - ok
13:40:32.0250 1792 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:40:32.0251 1792 TrustedInstaller - ok
13:40:32.0255 1792 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:40:32.0256 1792 tssecsrv - ok
13:40:32.0259 1792 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:40:32.0260 1792 TsUsbFlt - ok
13:40:32.0263 1792 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:40:32.0263 1792 TsUsbGD - ok
13:40:32.0269 1792 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:40:32.0270 1792 tunnel - ok
13:40:32.0273 1792 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:40:32.0274 1792 uagp35 - ok
13:40:32.0282 1792 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:40:32.0284 1792 udfs - ok
13:40:32.0289 1792 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:40:32.0290 1792 UI0Detect - ok
13:40:32.0292 1792 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:40:32.0292 1792 uliagpkx - ok
13:40:32.0295 1792 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:40:32.0295 1792 umbus - ok
13:40:32.0297 1792 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:40:32.0298 1792 UmPass - ok
13:40:32.0307 1792 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:40:32.0309 1792 upnphost - ok
13:40:32.0313 1792 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:40:32.0313 1792 USBAAPL64 - ok
13:40:32.0318 1792 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:40:32.0319 1792 usbaudio - ok
13:40:32.0325 1792 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:40:32.0325 1792 usbccgp - ok
13:40:32.0330 1792 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:40:32.0331 1792 usbcir - ok
13:40:32.0334 1792 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:40:32.0335 1792 usbehci - ok
13:40:32.0343 1792 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:40:32.0345 1792 usbhub - ok
13:40:32.0347 1792 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:40:32.0347 1792 usbohci - ok
13:40:32.0350 1792 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:40:32.0350 1792 usbprint - ok
13:40:32.0354 1792 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:40:32.0354 1792 usbscan - ok
13:40:32.0359 1792 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:40:32.0359 1792 USBSTOR - ok
13:40:32.0362 1792 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:40:32.0363 1792 usbuhci - ok
13:40:32.0365 1792 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:40:32.0366 1792 UxSms - ok
13:40:32.0369 1792 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:40:32.0370 1792 VaultSvc - ok
13:40:32.0373 1792 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:40:32.0373 1792 vdrvroot - ok
13:40:32.0383 1792 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:40:32.0386 1792 vds - ok
13:40:32.0389 1792 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:40:32.0390 1792 vga - ok
13:40:32.0392 1792 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:40:32.0393 1792 VgaSave - ok
13:40:32.0400 1792 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:40:32.0401 1792 vhdmp - ok
13:40:32.0403 1792 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:40:32.0404 1792 viaide - ok
13:40:32.0408 1792 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:40:32.0408 1792 volmgr - ok
13:40:32.0417 1792 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:40:32.0418 1792 volmgrx - ok
13:40:32.0426 1792 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:40:32.0427 1792 volsnap - ok
13:40:32.0434 1792 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:40:32.0435 1792 vsmraid - ok
13:40:32.0458 1792 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:40:32.0464 1792 VSS - ok
13:40:32.0479 1792 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:40:32.0479 1792 vwifibus - ok
13:40:32.0490 1792 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:40:32.0492 1792 W32Time - ok
13:40:32.0495 1792 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:40:32.0495 1792 WacomPen - ok
13:40:32.0499 1792 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:40:32.0500 1792 WANARP - ok
13:40:32.0501 1792 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:40:32.0502 1792 Wanarpv6 - ok
13:40:32.0522 1792 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:40:32.0527 1792 WatAdminSvc - ok
13:40:32.0549 1792 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:40:32.0556 1792 wbengine - ok
13:40:32.0573 1792 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:40:32.0575 1792 WbioSrvc - ok
13:40:32.0580 1792 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:40:32.0582 1792 wcncsvc - ok
13:40:32.0586 1792 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:40:32.0587 1792 WcsPlugInService - ok
13:40:32.0592 1792 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:40:32.0592 1792 Wd - ok
13:40:32.0602 1792 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:40:32.0605 1792 Wdf01000 - ok
13:40:32.0609 1792 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:40:32.0610 1792 WdiServiceHost - ok
13:40:32.0612 1792 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:40:32.0613 1792 WdiSystemHost - ok
13:40:32.0622 1792 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:40:32.0624 1792 WebClient - ok
13:40:32.0634 1792 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:40:32.0635 1792 Wecsvc - ok
13:40:32.0640 1792 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:40:32.0641 1792 wercplsupport - ok
13:40:32.0647 1792 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:40:32.0648 1792 WerSvc - ok
13:40:32.0653 1792 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:40:32.0653 1792 WfpLwf - ok
13:40:32.0655 1792 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:40:32.0656 1792 WIMMount - ok
13:40:32.0658 1792 WinHttpAutoProxySvc - ok
13:40:32.0670 1792 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:40:32.0671 1792 Winmgmt - ok
13:40:32.0694 1792 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:40:32.0702 1792 WinRM - ok
13:40:32.0721 1792 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:40:32.0721 1792 WinUsb - ok
13:40:32.0735 1792 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:40:32.0739 1792 Wlansvc - ok
13:40:32.0767 1792 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:40:32.0775 1792 wlidsvc - ok
13:40:32.0790 1792 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:40:32.0791 1792 WmiAcpi - ok
13:40:32.0802 1792 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:40:32.0803 1792 wmiApSrv - ok
13:40:32.0805 1792 WMPNetworkSvc - ok
13:40:32.0808 1792 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:40:32.0809 1792 WPCSvc - ok
13:40:32.0814 1792 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:40:32.0816 1792 WPDBusEnum - ok
13:40:32.0819 1792 WRfiltv (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\WRfiltv.sys
13:40:32.0819 1792 WRfiltv - ok
13:40:32.0821 1792 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:40:32.0821 1792 ws2ifsl - ok
13:40:32.0823 1792 WSearch - ok
13:40:32.0829 1792 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:40:32.0830 1792 WudfPf - ok
13:40:32.0837 1792 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:40:32.0838 1792 WUDFRd - ok
13:40:32.0843 1792 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:40:32.0844 1792 wudfsvc - ok
13:40:32.0852 1792 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:40:32.0854 1792 WwanSvc - ok
13:40:32.0859 1792 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
13:40:32.0879 1792 \Device\Harddisk1\DR1 - ok
13:40:32.0902 1792 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:40:32.0963 1792 \Device\Harddisk0\DR0 - ok
13:40:32.0966 1792 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
13:40:33.0475 1792 \Device\Harddisk3\DR3 - ok
13:40:33.0478 1792 Boot (0x1200) (dbd431fbcfa9194cae61373f8fdf9dfc) \Device\Harddisk1\DR1\Partition0
13:40:33.0479 1792 \Device\Harddisk1\DR1\Partition0 - ok
13:40:33.0480 1792 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk1\DR1\Partition1
13:40:33.0481 1792 \Device\Harddisk1\DR1\Partition1 - ok
13:40:33.0483 1792 Boot (0x1200) (0be4376acaf46327427b61398d45d4a8) \Device\Harddisk1\DR1\Partition2
13:40:33.0484 1792 \Device\Harddisk1\DR1\Partition2 - ok
13:40:33.0485 1792 Boot (0x1200) (e7ce1c0d3ea5d5fb3da18979feee7dce) \Device\Harddisk0\DR0\Partition0
13:40:33.0486 1792 \Device\Harddisk0\DR0\Partition0 - ok
13:40:33.0488 1792 Boot (0x1200) (ca0497aad70b22999e4f0efdbbcb1dce) \Device\Harddisk3\DR3\Partition0
13:40:33.0490 1792 \Device\Harddisk3\DR3\Partition0 - ok
13:40:33.0491 1792 ============================================================
13:40:33.0491 1792 Scan finished
13:40:33.0491 1792 ============================================================
13:40:33.0495 3928 Detected object count: 0
13:40:33.0495 3928 Actual detected object count: 0

aswMBR LOG:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-23 13:42:14
-----------------------------
13:42:14.110 OS Version: Windows x64 6.1.7601 Service Pack 1
13:42:14.110 Number of processors: 4 586 0x2A07
13:42:14.110 ComputerName: PHIL-PC UserName: Phil
13:42:14.123 Initialze error 1
13:43:04.048 AVAST engine defs: 12072301
13:43:12.193 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:43:12.195 Disk 0 Vendor: WDC_WD5000AAKS-00YGA0 12.01C02 Size: 476940MB BusType: 11
13:43:12.196 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\mv91xx1Port3Path0Target1Lun0
13:43:12.197 Disk 1 Vendor: Corsair_ 1.3. Size: 114473MB BusType: 11
13:43:12.200 Disk 1 MBR read successfully
13:43:12.202 Disk 1 MBR scan
13:43:12.204 Disk 1 unknown MBR code
13:43:12.206 Disk 1 Partition 1 00 EE GPT 2097151 MB offset 1
13:43:12.209 Disk 1 scanning C:\Windows\system32\drivers
13:43:12.210 Service scanning
13:43:12.917 Modules scanning
13:43:12.920 Disk 1 trace - called modules:
13:43:12.923 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll mv91xx.sys
13:43:12.927 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80073e1060]
13:43:12.929 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port3Path0Target1Lun0[0xfffffa80071f0050]
13:43:12.932 AVAST engine scan C:\Windows
13:43:12.935 AVAST engine scan C:\Windows\system32
13:43:12.939 AVAST engine scan C:\Windows\system32\drivers
13:43:12.941 AVAST engine scan C:\Users\Phil
13:43:12.944 AVAST engine scan C:\ProgramData
13:43:12.947 Scan finished successfully
13:43:24.617 Disk 1 MBR has been saved successfully to "C:\Users\Phil\Desktop\MBR.dat"
13:43:24.620 The log file has been saved successfully to "C:\Users\Phil\Desktop\aswMBR.txt"


ESET:



C:\Users\Phil\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\713bada7-465f649c a variant of Java/Exploit.CVE-2012-1723.L trojan deleted - quarantined
C:\Windows\Installer\{320c4b11-c205-bceb-b0c0-57e557ee3940}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{320c4b11-c205-bceb-b0c0-57e557ee3940}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
D:\downloads\SoftonicDownloader_for_kaspersky-tdsskiller.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
Operating memory multiple threats

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 PM

Posted 23 July 2012 - 08:47 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{320c4b11-c205-bceb-b0c0-57e557ee3940}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 Crym

Crym
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 24 July 2012 - 01:43 AM

SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 02:08 on 24/07/2012 by Phil
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{320c4b11-c205-bceb-b0c0-57e557ee3940}"
C:\Users\Phil\AppData\Local\{320c4b11-c205-bceb-b0c0-57e557ee3940} d--hs-- [23:22 01/04/2012]
C:\Windows\Installer\{320c4b11-c205-bceb-b0c0-57e557ee3940} d--hs-- [23:22 01/04/2012]

-= EOF =-

MBAM:
Cannot get a clean log... the file comes back every time

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Phil :: PHIL-PC [administrator]

Protection: Enabled

24/07/2012 2:22:43 AM
mbam-log-2012-07-24 (02-22-43).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344875
Time elapsed: 11 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{320c4b11-c205-bceb-b0c0-57e557ee3940}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)


Even though it says deleted successfully on every restart the file is back.


MiniToolBox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Phil (administrator) on 24-07-2012 at 02:35:00
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® 82579V Gigabit Network Connection = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Phil-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
Physical Address. . . . . . . . . : 00-26-83-2D-06-A0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
Physical Address. . . . . . . . . : F4-6D-04-4F-DD-7B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::99c7:27e1:44ce:8058%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : July-24-12 2:21:39 AM
Lease Expires . . . . . . . . . . : July-31-12 2:21:38 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 301231364
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-0A-98-D7-F4-6D-04-4F-DD-7B
DNS Servers . . . . . . . . . . . : 64.71.255.198
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{42F7AA35-DA17-411C-812F-852C0A124A5B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1CC8B99C-B6D5-40C7-951E-41F7DADC1068}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.226.34] with 32 bytes of data:
Reply from 74.125.226.34: bytes=32 time=32ms TTL=57
Reply from 74.125.226.34: bytes=32 time=30ms TTL=57

Ping statistics for 74.125.226.34:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 32ms, Average = 31ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=44ms TTL=54
Reply from 98.139.183.24: bytes=32 time=140ms TTL=54

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 140ms, Average = 92ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
18...00 26 83 2d 06 a0 ......Bluetooth Device (Personal Area Network) #2
14...f4 6d 04 4f dd 7b ......Intel® 82579V Gigabit Network Connection
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.10 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.10 266
192.168.0.10 255.255.255.255 On-link 192.168.0.10 266
192.168.0.255 255.255.255.255 On-link 192.168.0.10 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.10 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.10 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 266 fe80::/64 On-link
14 266 fe80::99c7:27e1:44ce:8058/128
On-link
1 306 ff00::/8 On-link
14 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/24/2012 02:23:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2012 03:18:05 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/22/2012 08:04:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2012 08:03:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/21/2012 07:11:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2012 01:48:32 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crt> with error: The specified server cannot perform the requested operation.
.

Error: (07/21/2012 01:48:32 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crt> with error: The specified server cannot perform the requested operation.
.

Error: (07/21/2012 01:48:32 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crt> with error: This operation returned because the timeout period expired.
.

Error: (07/20/2012 08:01:33 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (07/20/2012 07:27:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/24/2012 02:21:41 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/24/2012 02:21:38 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/24/2012 02:21:38 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/22/2012 08:02:46 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/22/2012 08:02:46 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/22/2012 08:02:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/21/2012 07:09:12 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/21/2012 07:09:12 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/21/2012 07:09:12 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/21/2012 07:09:11 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:07:45 AM on ?21/?07/?2012 was unexpected.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Age of Conan: Unchained
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.4.5.0)
Battlefield 3™ (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.118.0)
Bluetooth Win7 Suite (64) (Version: 7.2.0.40)
Bonjour (Version: 3.0.0.10)
calibre (Version: 0.8.55)
Creative System Information
Curse Client (Version: 5.1.1.370)
D3DX10 (Version: 15.4.2368.0902)
Diablo III (Version: 1.0.3.10235)
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
Google Chrome (Version: 20.0.1132.57)
Google Drive (Version: 1.2.3123.250)
Google Update Helper (Version: 1.3.21.115)
iCloud (Version: 1.1.0.40)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Network Connections 15.6.25.0 (Version: 15.6.25.0)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
JMicron JMB36X Driver (Version: 1.17.58.2)
League of Legends (Version: 1.3)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
marvell 91xx driver (Version: 1.0.0.1051)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
Mumble 1.2.3 (Version: 1.2.3)
Newzbin2 Client 1.0.0.345 (Version: 1.0.0.345)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA 3D Vision Driver 296.10 (Version: 296.10)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9610)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
Origin (Version: 8.5.2.23)
Pando Media Booster (Version: 2.6.0.7)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver (Version: 6.0.1.6235)
Safari (Version: 5.34.57.2)
Sound Blaster World of Warcraft Headset (Version: 1.0)
Steam (Version: 1.0.0.0)
The Elder Scrolls V: Skyrim
The Secret World (Version: 1.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 2.0.1 (Version: 2.0.1)
Warhammer Online - Age of Reckoning (Version: )
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.11 (64-bit) (Version: 4.11.0)
World of Warcraft Beta (Version: 5.0.1.15781)
Z Engine (Version: 2.5.0.30_NA)

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 8168.94 MB
Available physical RAM: 4807.48 MB
Total Pagefile: 16336.07 MB
Available Pagefile: 12567.01 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.73 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.57 GB) (Free:59.58 GB) NTFS
2 Drive d: (Storage) (Fixed) (Total:465.76 GB) (Free:230.36 GB) NTFS
5 Drive g: (Elements) (Fixed) (Total:1863.01 GB) (Free:1458.74 GB) NTFS

========================= Users: ========================================

User accounts for \\PHIL-PC

Administrator Guest Phil
UpdatusUser


**** End of log ****


FSS:

Farbar Service Scanner Version: 22-07-2012
Ran by Phil (administrator) on 24-07-2012 at 02:36:34
Running from "D:\downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

AdwareCleaner


# AdwCleaner v1.703 - Logfile created 07/24/2012 at 02:37:50
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Phil - PHIL-PC
# Running from : D:\downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\22g8opwo.default\prefs.js

C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\22g8opwo.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[R1].txt - [1096 octets] - [24/07/2012 02:37:13]
AdwCleaner[S1].txt - [1087 octets] - [24/07/2012 02:37:50]

########## EOF - C:\AdwCleaner[S1].txt - [1215 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 PM

Posted 24 July 2012 - 01:46 AM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Phil\AppData\Local\{320c4b11-c205-bceb-b0c0-57e557ee3940}
C:\Windows\Installer\{320c4b11-c205-bceb-b0c0-57e557ee3940}

delete the folders

Post the new system look log

Create a restore point before trying this

Download

MpsSvc
BFE
wscsvc
defender
wuauserv
BITS

Launch them ,click YES when you get UAC prompt

restart the PC and post the new FSS log


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair system files
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#7 Crym

Crym
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 24 July 2012 - 02:26 AM

SystemLook:


SystemLook 30.07.11 by jpshortstuff
Log created at 03:07 on 24/07/2012 by Phil
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{320c4b11-c205-bceb-b0c0-57e557ee3940}"
No folders found.

-= EOF =-


FSS:


Farbar Service Scanner Version: 22-07-2012
Ran by Phil (administrator) on 24-07-2012 at 03:16:29
Running from "D:\downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



FSS After Windows Repair:


Farbar Service Scanner Version: 22-07-2012
Ran by Phil (administrator) on 24-07-2012 at 03:25:26
Running from "D:\downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 PM

Posted 24 July 2012 - 02:34 AM

Download

Sharedaccess

Launch it,click YES

Press Windows+ R key and type

regedit and click ok

go to


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

&

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

Right click on them -permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Press Windows+R key and type

services.msc and click ok

start base filtering engine service and then windows firewall service

Post the new FSS log

Edited by narenxp, 24 July 2012 - 02:35 AM.


#9 Crym

Crym
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 24 July 2012 - 03:06 AM

Farbar Service Scanner Version: 22-07-2012
Ran by Phil (administrator) on 24-07-2012 at 04:04:39
Running from "D:\downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Also MBAM is now showing a clean log

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:55 PM

Posted 24 July 2012 - 03:11 AM

Delete this file

C:\windows\system32\services.exe.old

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users