Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Dropper + Downloader PKU + sirefef-a


  • Please log in to reply
11 replies to this topic

#1 KaRath

KaRath

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 25 July 2012 - 05:01 AM

Hi, not sure exactly where to post but I figured this would be the best spot. First off I'd like to say a premature thank you for those who help others out on this forum!

Pretty much, I didn't have an Antivirus and managed to get my computer infected. Symptoms were simply website redirection, but I had a feeling it would get nasty if I didn't do anything. I quickly installed Avast and ran scans both for pre-boot and quick scan in normal Windows and Safe Mode without networking. It caught some files (e.g. Stolen Data and approximately 5 different trojans), but upon restart the Avast blocker still showed up every five minutes blocking the Dropper, Downloader PKU, and the Sirefef-A (installers in the local data folder).

After running Search and Destroy, Malware Antibytes as well as TDSS killer, I'm still stuck with two popups every five minutes - the downloader-PKU and the Sirefef-A (the downloader for the Dropper has disappeared).

Definitely trying to restrain usage of passwords here, I'm not sure exactly which logs I should run so I thought it would be better to post first before running possibly irrelevant log programs.

Once again, thank you,
KaRath

EDIT: Forgot to say I'm running stock Windows 7 32 bit

Edited by KaRath, 25 July 2012 - 05:37 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:08 AM

Posted 25 July 2012 - 05:07 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 KaRath

KaRath
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 25 July 2012 - 06:43 AM

Ok firstly the TDSS log... nothing found

20:11:35.0710 1484 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:11:36.0466 1484 ============================================================
20:11:36.0466 1484 Current date / time: 2012/07/25 20:11:36.0466
20:11:36.0466 1484 SystemInfo:
20:11:36.0466 1484
20:11:36.0466 1484 OS Version: 6.1.7600 ServicePack: 0.0
20:11:36.0466 1484 Product type: Workstation
20:11:36.0466 1484 ComputerName: COLIN-PC
20:11:36.0466 1484 UserName: Colin
20:11:36.0466 1484 Windows directory: C:\Windows
20:11:36.0466 1484 System windows directory: C:\Windows
20:11:36.0467 1484 Processor architecture: Intel x86
20:11:36.0467 1484 Number of processors: 8
20:11:36.0467 1484 Page size: 0x1000
20:11:36.0467 1484 Boot type: Normal boot
20:11:36.0467 1484 ============================================================
20:11:38.0791 1484 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:11:38.0834 1484 ============================================================
20:11:38.0835 1484 \Device\Harddisk0\DR0:
20:11:38.0836 1484 MBR partitions:
20:11:38.0836 1484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:11:38.0836 1484 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:11:38.0836 1484 ============================================================
20:11:38.0977 1484 C: <-> \Device\Harddisk0\DR0\Partition1
20:11:38.0978 1484 ============================================================
20:11:38.0978 1484 Initialize success
20:11:38.0978 1484 ============================================================
20:11:44.0169 2848 ============================================================
20:11:44.0169 2848 Scan started
20:11:44.0169 2848 Mode: Manual; SigCheck; TDLFS;
20:11:44.0169 2848 ============================================================
20:11:45.0638 2848 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:11:45.0709 2848 !SASCORE - ok
20:11:49.0013 2848 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
20:11:49.0111 2848 1394ohci - ok
20:11:49.0843 2848 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:11:49.0875 2848 ACPI - ok
20:11:50.0044 2848 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:11:50.0226 2848 AcpiPmi - ok
20:11:50.0611 2848 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:11:50.0620 2848 AdobeARMservice - ok
20:11:51.0440 2848 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:11:51.0475 2848 AdobeFlashPlayerUpdateSvc - ok
20:11:52.0528 2848 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:11:52.0592 2848 adp94xx - ok
20:11:53.0345 2848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:11:53.0443 2848 adpahci - ok
20:11:53.0671 2848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:11:53.0757 2848 adpu320 - ok
20:11:54.0021 2848 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:11:54.0067 2848 AeLookupSvc - ok
20:11:54.0918 2848 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
20:11:55.0620 2848 AFD - ok
20:11:55.0818 2848 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:11:55.0866 2848 agp440 - ok
20:11:56.0109 2848 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:11:56.0122 2848 aic78xx - ok
20:11:56.0425 2848 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:11:56.0507 2848 ALG - ok
20:11:56.0541 2848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:11:56.0549 2848 aliide - ok
20:11:57.0055 2848 AMD External Events Utility (50ebbb86e493bd9ab7ddf914a90eef8e) C:\Windows\system32\atiesrxx.exe
20:11:57.0391 2848 AMD External Events Utility - ok
20:11:57.0627 2848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:11:57.0632 2848 amdagp - ok
20:11:57.0691 2848 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:11:57.0697 2848 amdide - ok
20:11:57.0848 2848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:11:57.0886 2848 AmdK8 - ok
20:12:15.0776 2848 amdkmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
20:12:16.0052 2848 amdkmdag - ok
20:12:18.0447 2848 amdkmdap (ba99833bbde9c4ff389fc8114fb14843) C:\Windows\system32\DRIVERS\atikmpag.sys
20:12:18.0502 2848 amdkmdap - ok
20:12:18.0621 2848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:12:18.0672 2848 AmdPPM - ok
20:12:18.0984 2848 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
20:12:18.0990 2848 amdsata - ok
20:12:19.0473 2848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:12:19.0527 2848 amdsbs - ok
20:12:19.0659 2848 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
20:12:19.0672 2848 amdxata - ok
20:12:19.0891 2848 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:12:20.0218 2848 AppID - ok
20:12:20.0336 2848 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:12:20.0382 2848 AppIDSvc - ok
20:12:20.0483 2848 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
20:12:20.0528 2848 Appinfo - ok
20:12:20.0876 2848 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:12:20.0892 2848 Apple Mobile Device - ok
20:12:21.0031 2848 AppleCharger (e592751036c1d0a74ec3e57302a03745) C:\Windows\system32\DRIVERS\AppleCharger.sys
20:12:21.0067 2848 AppleCharger - ok
20:12:21.0176 2848 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe
20:12:21.0181 2848 AppleChargerSrv - ok
20:12:21.0545 2848 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
20:12:21.0639 2848 AppMgmt - ok
20:12:21.0820 2848 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:12:21.0872 2848 arc - ok
20:12:22.0049 2848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:12:22.0055 2848 arcsas - ok
20:12:22.0480 2848 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:12:22.0520 2848 aspnet_state - ok
20:12:22.0647 2848 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
20:12:22.0658 2848 aswFsBlk - ok
20:12:22.0862 2848 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
20:12:22.0905 2848 aswMonFlt - ok
20:12:23.0003 2848 aswRdr (4a951beba9e49410cde478b6f6abb252) C:\Windows\System32\Drivers\aswrdr2.sys
20:12:23.0008 2848 aswRdr - ok
20:12:24.0400 2848 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
20:12:24.0440 2848 aswSnx - ok
20:12:24.0967 2848 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
20:12:25.0012 2848 aswSP - ok
20:12:25.0149 2848 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
20:12:25.0159 2848 aswTdi - ok
20:12:25.0242 2848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:12:25.0282 2848 AsyncMac - ok
20:12:25.0413 2848 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:12:25.0418 2848 atapi - ok
20:12:25.0705 2848 AtiHDAudioService (6adc42cf4a6ab84975ca63dccfaaf5d8) C:\Windows\system32\drivers\AtihdW73.sys
20:12:25.0743 2848 AtiHDAudioService - ok
20:12:26.0808 2848 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:12:26.0927 2848 AudioEndpointBuilder - ok
20:12:26.0930 2848 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:12:26.0949 2848 Audiosrv - ok
20:12:27.0370 2848 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:12:27.0377 2848 avast! Antivirus - ok
20:12:27.0687 2848 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
20:12:27.0814 2848 AxInstSV - ok
20:12:28.0986 2848 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:12:29.0179 2848 b06bdrv - ok
20:12:29.0751 2848 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:12:29.0779 2848 b57nd60x - ok
20:12:30.0133 2848 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:12:30.0198 2848 BDESVC - ok
20:12:30.0305 2848 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:12:30.0359 2848 Beep - ok
20:12:30.0462 2848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:12:30.0529 2848 blbdrive - ok
20:12:31.0467 2848 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:12:31.0521 2848 Bonjour Service - ok
20:12:31.0719 2848 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
20:12:31.0914 2848 bowser - ok
20:12:31.0943 2848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:12:31.0997 2848 BrFiltLo - ok
20:12:32.0027 2848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:12:32.0037 2848 BrFiltUp - ok
20:12:32.0320 2848 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
20:12:32.0381 2848 Browser - ok
20:12:33.0141 2848 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:12:33.0239 2848 Brserid - ok
20:12:33.0382 2848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:12:33.0426 2848 BrSerWdm - ok
20:12:33.0526 2848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:12:33.0543 2848 BrUsbMdm - ok
20:12:33.0594 2848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:12:33.0643 2848 BrUsbSer - ok
20:12:33.0742 2848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:12:33.0790 2848 BTHMODEM - ok
20:12:33.0916 2848 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:12:33.0937 2848 bthserv - ok
20:12:34.0100 2848 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:12:34.0116 2848 cdfs - ok
20:12:34.0467 2848 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:12:34.0507 2848 cdrom - ok
20:12:34.0870 2848 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:12:34.0914 2848 CertPropSvc - ok
20:12:35.0041 2848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:12:35.0138 2848 circlass - ok
20:12:36.0137 2848 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:12:36.0154 2848 CLFS - ok
20:12:38.0056 2848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:12:38.0696 2848 clr_optimization_v2.0.50727_32 - ok
20:12:42.0829 2848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:12:42.0850 2848 clr_optimization_v4.0.30319_32 - ok
20:12:43.0441 2848 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:12:43.0808 2848 CmBatt - ok
20:12:44.0986 2848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:12:44.0997 2848 cmdide - ok
20:12:46.0926 2848 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
20:12:48.0477 2848 CNG - ok
20:12:50.0578 2848 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:12:50.0589 2848 Compbatt - ok
20:12:50.0830 2848 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:12:50.0847 2848 CompositeBus - ok
20:12:53.0908 2848 COMSysApp - ok
20:12:55.0481 2848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:12:56.0715 2848 crcdisk - ok
20:12:57.0020 2848 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
20:12:57.0057 2848 CryptSvc - ok
20:12:57.0654 2848 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
20:12:57.0714 2848 CSC - ok
20:12:58.0381 2848 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
20:12:58.0509 2848 CscService - ok
20:12:59.0462 2848 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:12:59.0630 2848 DcomLaunch - ok
20:13:00.0051 2848 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:13:00.0086 2848 defragsvc - ok
20:13:00.0409 2848 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
20:13:00.0558 2848 DfsC - ok
20:13:01.0505 2848 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
20:13:01.0758 2848 Dhcp - ok
20:13:01.0841 2848 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:13:01.0871 2848 discache - ok
20:13:02.0092 2848 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:13:02.0570 2848 Disk - ok
20:13:02.0758 2848 Dnscache (d0722e963d3c6145446874241401b209) C:\Windows\System32\dnsrslvr.dll
20:13:02.0821 2848 Dnscache - ok
20:13:03.0159 2848 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
20:13:03.0276 2848 dot3svc - ok
20:13:03.0509 2848 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
20:13:03.0544 2848 DPS - ok
20:13:03.0737 2848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:13:03.0969 2848 drmkaud - ok
20:13:04.0482 2848 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:13:04.0498 2848 dtsoftbus01 - ok
20:13:05.0577 2848 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys
20:13:05.0807 2848 DXGKrnl - ok
20:13:06.0348 2848 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:13:06.0477 2848 E1G60 - ok
20:13:06.0668 2848 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:13:06.0753 2848 EapHost - ok
20:13:12.0031 2848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:13:12.0187 2848 ebdrv - ok
20:13:13.0556 2848 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
20:13:13.0610 2848 EFS - ok
20:13:15.0085 2848 ehRecvr (3a74a6e33685662b125a3269b1f2114f) C:\Windows\ehome\ehRecvr.exe
20:13:15.0205 2848 ehRecvr - ok
20:13:15.0428 2848 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:13:15.0467 2848 ehSched - ok
20:13:16.0501 2848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:13:16.0556 2848 elxstor - ok
20:13:16.0617 2848 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:13:16.0648 2848 ErrDev - ok
20:13:17.0537 2848 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:13:17.0557 2848 EventSystem - ok
20:13:17.0791 2848 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:13:17.0840 2848 exfat - ok
20:13:18.0207 2848 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:13:18.0262 2848 fastfat - ok
20:13:19.0266 2848 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
20:13:19.0337 2848 Fax - ok
20:13:19.0390 2848 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:13:19.0398 2848 fdc - ok
20:13:19.0492 2848 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:13:19.0544 2848 fdPHost - ok
20:13:19.0575 2848 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:13:19.0591 2848 FDResPub - ok
20:13:19.0751 2848 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:13:19.0796 2848 FileInfo - ok
20:13:19.0902 2848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:13:19.0918 2848 Filetrace - ok
20:13:20.0011 2848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:13:20.0092 2848 flpydisk - ok
20:13:20.0511 2848 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:13:20.0519 2848 FltMgr - ok
20:13:21.0979 2848 FontCache (b6512a85815fdc3d560c3705f5bdb93d) C:\Windows\system32\FntCache.dll
20:13:22.0056 2848 FontCache - ok
20:13:22.0313 2848 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:13:22.0318 2848 FontCache3.0.0.0 - ok
20:13:22.0390 2848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:13:22.0396 2848 FsDepends - ok
20:13:22.0486 2848 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:13:22.0509 2848 Fs_Rec - ok
20:13:23.0166 2848 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
20:13:23.0175 2848 fvevol - ok
20:13:23.0450 2848 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:13:23.0516 2848 gagp30kx - ok
20:13:23.0557 2848 gdrv - ok
20:13:23.0660 2848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:13:23.0665 2848 GEARAspiWDM - ok
20:13:23.0796 2848 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
20:13:23.0812 2848 gpsvc - ok
20:13:23.0863 2848 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
20:13:23.0868 2848 hamachi - ok
20:13:24.0007 2848 Hamachi2Svc (f31d7f8a7699575dbb3b3a3ab4aa6216) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
20:13:24.0041 2848 Hamachi2Svc - ok
20:13:24.0153 2848 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:13:24.0265 2848 hcw85cir - ok
20:13:24.0937 2848 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
20:13:25.0055 2848 HdAudAddService - ok
20:13:25.0339 2848 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:13:25.0402 2848 HDAudBus - ok
20:13:25.0455 2848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:13:25.0492 2848 HidBatt - ok
20:13:25.0647 2848 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:13:25.0691 2848 HidBth - ok
20:13:25.0796 2848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:13:25.0831 2848 HidIr - ok
20:13:25.0978 2848 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
20:13:26.0020 2848 hidserv - ok
20:13:26.0172 2848 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:13:26.0222 2848 HidUsb - ok
20:13:26.0405 2848 HiPatchService - ok
20:13:26.0766 2848 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
20:13:26.0822 2848 hkmsvc - ok
20:13:27.0152 2848 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
20:13:27.0216 2848 HomeGroupListener - ok
20:13:27.0644 2848 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
20:13:27.0714 2848 HomeGroupProvider - ok
20:13:27.0825 2848 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:13:27.0862 2848 HpSAMD - ok
20:13:28.0445 2848 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:13:28.0486 2848 HTTP - ok
20:13:28.0506 2848 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:13:28.0512 2848 hwpolicy - ok
20:13:28.0640 2848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:13:28.0664 2848 i8042prt - ok
20:13:28.0681 2848 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
20:13:28.0691 2848 iaStorV - ok
20:13:28.0935 2848 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:13:28.0952 2848 idsvc - ok
20:13:29.0288 2848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:13:29.0300 2848 iirsp - ok
20:13:29.0603 2848 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
20:13:29.0630 2848 IKEEXT - ok
20:13:29.0694 2848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:13:29.0706 2848 intelide - ok
20:13:29.0806 2848 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:13:29.0821 2848 intelppm - ok
20:13:29.0835 2848 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:13:29.0852 2848 IPBusEnum - ok
20:13:29.0945 2848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:13:29.0964 2848 IpFilterDriver - ok
20:13:30.0096 2848 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:13:30.0118 2848 IPMIDRV - ok
20:13:30.0282 2848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:13:30.0356 2848 IPNAT - ok
20:13:30.0625 2848 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
20:13:30.0681 2848 iPod Service - ok
20:13:30.0729 2848 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:13:30.0744 2848 IRENUM - ok
20:13:30.0844 2848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:13:30.0849 2848 isapnp - ok
20:13:30.0867 2848 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:13:30.0875 2848 iScsiPrt - ok
20:13:31.0014 2848 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:13:31.0026 2848 kbdclass - ok
20:13:31.0064 2848 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:13:31.0094 2848 kbdhid - ok
20:13:31.0287 2848 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
20:13:31.0296 2848 KeyIso - ok
20:13:31.0392 2848 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
20:13:31.0398 2848 KSecDD - ok
20:13:31.0402 2848 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
20:13:31.0408 2848 KSecPkg - ok
20:13:31.0517 2848 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:13:31.0544 2848 KtmRm - ok
20:13:31.0928 2848 LanmanServer (bca92cb047a4326925ecef759dbaa233) C:\Windows\system32\srvsvc.dll
20:13:31.0974 2848 LanmanServer - ok
20:13:32.0199 2848 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
20:13:32.0233 2848 LanmanWorkstation - ok
20:13:32.0401 2848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:13:32.0455 2848 lltdio - ok
20:13:32.0791 2848 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:13:32.0819 2848 lltdsvc - ok
20:13:32.0843 2848 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:13:32.0935 2848 lmhosts - ok
20:13:33.0140 2848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:13:33.0185 2848 LSI_FC - ok
20:13:33.0381 2848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:13:33.0394 2848 LSI_SAS - ok
20:13:33.0424 2848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:13:33.0431 2848 LSI_SAS2 - ok
20:13:33.0464 2848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:13:33.0471 2848 LSI_SCSI - ok
20:13:33.0496 2848 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:13:33.0532 2848 luafv - ok
20:13:33.0594 2848 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
20:13:33.0600 2848 MBAMProtector - ok
20:13:34.0860 2848 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:13:34.0896 2848 MBAMService - ok
20:13:35.0075 2848 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
20:13:35.0085 2848 Mcx2Svc - ok
20:13:35.0186 2848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:13:35.0191 2848 megasas - ok
20:13:35.0541 2848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:13:35.0577 2848 MegaSR - ok
20:13:35.0701 2848 MEI (cfcb18986426a2d8e66f1992636221d0) C:\Windows\system32\DRIVERS\HECI.sys
20:13:35.0747 2848 MEI - ok
20:13:35.0876 2848 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:13:35.0893 2848 MMCSS - ok
20:13:36.0024 2848 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:13:36.0080 2848 Modem - ok
20:13:36.0153 2848 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:13:36.0187 2848 monitor - ok
20:13:36.0345 2848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:13:36.0351 2848 mouclass - ok
20:13:36.0386 2848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:13:36.0429 2848 mouhid - ok
20:13:36.0556 2848 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:13:36.0562 2848 mountmgr - ok
20:13:36.0923 2848 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:13:36.0934 2848 MozillaMaintenance - ok
20:13:37.0130 2848 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:13:37.0160 2848 mpio - ok
20:13:37.0264 2848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:13:37.0320 2848 mpsdrv - ok
20:13:37.0507 2848 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:13:37.0527 2848 MRxDAV - ok
20:13:37.0689 2848 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:13:37.0736 2848 mrxsmb - ok
20:13:37.0964 2848 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:13:38.0002 2848 mrxsmb10 - ok
20:13:38.0143 2848 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:13:38.0160 2848 mrxsmb20 - ok
20:13:38.0239 2848 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
20:13:38.0245 2848 msahci - ok
20:13:38.0296 2848 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:13:38.0304 2848 msdsm - ok
20:13:38.0606 2848 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:13:38.0649 2848 MSDTC - ok
20:13:38.0743 2848 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:13:38.0759 2848 Msfs - ok
20:13:38.0830 2848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:13:38.0852 2848 mshidkmdf - ok
20:13:38.0865 2848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:13:38.0876 2848 msisadrv - ok
20:13:39.0110 2848 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:13:39.0140 2848 MSiSCSI - ok
20:13:39.0142 2848 msiserver - ok
20:13:39.0192 2848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:13:39.0246 2848 MSKSSRV - ok
20:13:39.0308 2848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:13:39.0351 2848 MSPCLOCK - ok
20:13:39.0367 2848 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:13:39.0383 2848 MSPQM - ok
20:13:39.0606 2848 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:13:39.0635 2848 MsRPC - ok
20:13:39.0680 2848 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:13:39.0691 2848 mssmbios - ok
20:13:39.0737 2848 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:13:39.0753 2848 MSTEE - ok
20:13:39.0772 2848 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:13:39.0813 2848 MTConfig - ok
20:13:39.0968 2848 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:13:39.0974 2848 Mup - ok
20:13:40.0025 2848 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
20:13:40.0067 2848 napagent - ok
20:13:40.0146 2848 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:13:40.0158 2848 NativeWifiP - ok
20:13:40.0179 2848 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:13:40.0193 2848 NDIS - ok
20:13:40.0205 2848 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:13:40.0221 2848 NdisCap - ok
20:13:40.0240 2848 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:13:40.0256 2848 NdisTapi - ok
20:13:40.0259 2848 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:13:40.0275 2848 Ndisuio - ok
20:13:40.0287 2848 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:13:40.0303 2848 NdisWan - ok
20:13:40.0315 2848 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:13:40.0330 2848 NDProxy - ok
20:13:40.0337 2848 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:13:40.0353 2848 NetBIOS - ok
20:13:40.0364 2848 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
20:13:40.0405 2848 NetBT - ok
20:13:40.0453 2848 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
20:13:40.0461 2848 Netlogon - ok
20:13:40.0521 2848 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:13:40.0563 2848 Netman - ok
20:13:40.0882 2848 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:13:40.0887 2848 NetMsmqActivator - ok
20:13:40.0889 2848 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:13:40.0894 2848 NetPipeActivator - ok
20:13:40.0937 2848 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:13:40.0958 2848 netprofm - ok
20:13:40.0960 2848 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:13:40.0965 2848 NetTcpActivator - ok
20:13:40.0966 2848 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:13:40.0971 2848 NetTcpPortSharing - ok
20:13:41.0087 2848 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:13:41.0093 2848 nfrd960 - ok
20:13:41.0121 2848 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
20:13:41.0161 2848 NlaSvc - ok
20:13:41.0213 2848 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:13:41.0285 2848 Npfs - ok
20:13:41.0361 2848 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:13:41.0378 2848 nsi - ok
20:13:41.0388 2848 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:13:41.0420 2848 nsiproxy - ok
20:13:41.0501 2848 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
20:13:41.0530 2848 Ntfs - ok
20:13:41.0655 2848 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:13:41.0689 2848 Null - ok
20:13:41.0836 2848 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
20:13:41.0858 2848 nvraid - ok
20:13:41.0988 2848 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
20:13:41.0997 2848 nvstor - ok
20:13:42.0025 2848 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:13:42.0032 2848 nv_agp - ok
20:13:42.0036 2848 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:13:42.0043 2848 ohci1394 - ok
20:13:42.0234 2848 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:13:42.0263 2848 p2pimsvc - ok
20:13:42.0289 2848 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:13:42.0315 2848 p2psvc - ok
20:13:42.0346 2848 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:13:42.0354 2848 Parport - ok
20:13:42.0357 2848 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
20:13:42.0362 2848 partmgr - ok
20:13:42.0380 2848 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:13:42.0404 2848 Parvdm - ok
20:13:42.0431 2848 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:13:42.0443 2848 PcaSvc - ok
20:13:42.0451 2848 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:13:42.0458 2848 pci - ok
20:13:42.0473 2848 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:13:42.0479 2848 pciide - ok
20:13:42.0627 2848 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:13:42.0634 2848 pcmcia - ok
20:13:42.0656 2848 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:13:42.0662 2848 pcw - ok
20:13:42.0674 2848 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:13:42.0716 2848 PEAUTH - ok
20:13:42.0810 2848 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
20:13:42.0874 2848 PeerDistSvc - ok
20:13:43.0280 2848 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
20:13:43.0344 2848 pla - ok
20:13:43.0827 2848 PlugPlay (2cc2008f1296968fba162ed9f9afe328) C:\Windows\system32\umpnpmgr.dll
20:13:43.0870 2848 PlugPlay - ok
20:13:44.0015 2848 PnkBstrA (205e1b699fd3f2f9b036eea2ec30c620) C:\Windows\system32\PnkBstrA.exe
20:13:44.0023 2848 PnkBstrA - ok
20:13:44.0085 2848 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:13:44.0094 2848 PNRPAutoReg - ok
20:13:44.0106 2848 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:13:44.0116 2848 PNRPsvc - ok
20:13:44.0164 2848 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
20:13:44.0204 2848 PolicyAgent - ok
20:13:44.0243 2848 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
20:13:44.0262 2848 Power - ok
20:13:44.0340 2848 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:13:44.0378 2848 PptpMiniport - ok
20:13:44.0406 2848 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:13:44.0424 2848 Processor - ok
20:13:44.0462 2848 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
20:13:44.0481 2848 ProfSvc - ok
20:13:44.0525 2848 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
20:13:44.0533 2848 ProtectedStorage - ok
20:13:44.0544 2848 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:13:44.0560 2848 Psched - ok
20:13:44.0610 2848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:13:44.0648 2848 ql2300 - ok
20:13:44.0898 2848 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:13:44.0906 2848 ql40xx - ok
20:13:45.0163 2848 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:13:45.0218 2848 QWAVE - ok
20:13:45.0370 2848 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:13:45.0423 2848 QWAVEdrv - ok
20:13:45.0505 2848 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:13:45.0576 2848 RasAcd - ok
20:13:45.0632 2848 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:13:45.0664 2848 RasAgileVpn - ok
20:13:45.0727 2848 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:13:45.0745 2848 RasAuto - ok
20:13:45.0755 2848 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:13:45.0788 2848 Rasl2tp - ok
20:13:45.0824 2848 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
20:13:45.0844 2848 RasMan - ok
20:13:45.0849 2848 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:13:45.0887 2848 RasPppoe - ok
20:13:45.0892 2848 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:13:45.0939 2848 RasSstp - ok
20:13:45.0950 2848 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:13:45.0968 2848 rdbss - ok
20:13:45.0990 2848 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:13:45.0999 2848 rdpbus - ok
20:13:46.0005 2848 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:13:46.0021 2848 RDPCDD - ok
20:13:46.0043 2848 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
20:13:46.0073 2848 RDPDR - ok
20:13:46.0089 2848 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:13:46.0105 2848 RDPENCDD - ok
20:13:46.0114 2848 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:13:46.0130 2848 RDPREFMP - ok
20:13:46.0139 2848 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
20:13:46.0156 2848 RDPWD - ok
20:13:46.0210 2848 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
20:13:46.0218 2848 rdyboost - ok
20:13:46.0259 2848 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:13:46.0292 2848 RemoteAccess - ok
20:13:46.0346 2848 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:13:46.0364 2848 RemoteRegistry - ok
20:13:46.0431 2848 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:13:46.0484 2848 RpcEptMapper - ok
20:13:46.0548 2848 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:13:46.0580 2848 RpcLocator - ok
20:13:46.0928 2848 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:13:46.0949 2848 RpcSs - ok
20:13:47.0000 2848 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:13:47.0033 2848 rspndr - ok
20:13:47.0104 2848 RTL8167 (6ebdca4806dfead818d0bd1d1ee4a069) C:\Windows\system32\DRIVERS\Rt86win7.sys
20:13:47.0113 2848 RTL8167 - ok
20:13:47.0131 2848 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
20:13:47.0156 2848 s3cap - ok
20:13:47.0197 2848 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
20:13:47.0205 2848 SamSs - ok
20:13:47.0342 2848 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:13:47.0346 2848 SASDIFSV - ok
20:13:47.0364 2848 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:13:47.0369 2848 SASKUTIL - ok
20:13:47.0397 2848 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:13:47.0403 2848 sbp2port - ok
20:13:47.0445 2848 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:13:47.0479 2848 SCardSvr - ok
20:13:47.0499 2848 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:13:47.0532 2848 scfilter - ok
20:13:47.0577 2848 Schedule (3e8b0c453e25613a1f59762a5c42aa75) C:\Windows\system32\schedsvc.dll
20:13:47.0627 2848 Schedule - ok
20:13:47.0660 2848 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:13:47.0676 2848 SCPolicySvc - ok
20:13:47.0690 2848 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
20:13:47.0733 2848 SDRSVC - ok
20:13:47.0819 2848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:13:47.0886 2848 secdrv - ok
20:13:47.0922 2848 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:13:47.0982 2848 seclogon - ok
20:13:48.0165 2848 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
20:13:48.0183 2848 SENS - ok
20:13:48.0237 2848 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:13:48.0284 2848 SensrSvc - ok
20:13:48.0301 2848 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:13:48.0309 2848 Serenum - ok
20:13:48.0334 2848 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:13:48.0342 2848 Serial - ok
20:13:48.0380 2848 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:13:48.0400 2848 sermouse - ok
20:13:48.0427 2848 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
20:13:48.0464 2848 SessionEnv - ok
20:13:48.0500 2848 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:13:48.0523 2848 sffdisk - ok
20:13:48.0543 2848 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:13:48.0570 2848 sffp_mmc - ok
20:13:48.0578 2848 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:13:48.0587 2848 sffp_sd - ok
20:13:48.0589 2848 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:13:48.0607 2848 sfloppy - ok
20:13:48.0686 2848 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
20:13:48.0718 2848 ShellHWDetection - ok
20:13:48.0744 2848 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:13:48.0749 2848 sisagp - ok
20:13:48.0767 2848 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:13:48.0773 2848 SiSRaid2 - ok
20:13:48.0789 2848 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:13:48.0795 2848 SiSRaid4 - ok
20:13:48.0907 2848 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
20:13:48.0913 2848 SkypeUpdate - ok
20:13:48.0954 2848 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:13:48.0990 2848 Smb - ok
20:13:49.0110 2848 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:13:49.0121 2848 SNMPTRAP - ok
20:13:49.0170 2848 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:13:49.0190 2848 spldr - ok
20:13:49.0572 2848 Spooler (49b6dd6ab3715b7a67965f17194e98a9) C:\Windows\System32\spoolsv.exe
20:13:49.0589 2848 Spooler - ok
20:13:49.0686 2848 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
20:13:49.0749 2848 sppsvc - ok
20:13:49.0838 2848 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
20:13:49.0857 2848 sppuinotify - ok
20:13:49.0927 2848 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
20:13:49.0946 2848 srv - ok
20:13:49.0953 2848 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
20:13:49.0971 2848 srv2 - ok
20:13:49.0975 2848 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
20:13:49.0991 2848 srvnet - ok
20:13:50.0002 2848 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:13:50.0021 2848 SSDPSRV - ok
20:13:50.0034 2848 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:13:50.0071 2848 SstpSvc - ok
20:13:50.0197 2848 Steam Client Service - ok
20:13:50.0242 2848 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:13:50.0247 2848 stexstor - ok
20:13:50.0269 2848 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
20:13:50.0305 2848 StiSvc - ok
20:13:50.0330 2848 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:13:50.0335 2848 storflt - ok
20:13:50.0338 2848 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
20:13:50.0344 2848 storvsc - ok
20:13:50.0348 2848 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:13:50.0354 2848 swenum - ok
20:13:50.0693 2848 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:13:50.0744 2848 swprv - ok
20:13:50.0942 2848 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
20:13:50.0967 2848 SysMain - ok
20:13:50.0975 2848 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
20:13:50.0986 2848 TabletInputService - ok
20:13:50.0998 2848 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
20:13:51.0018 2848 TapiSrv - ok
20:13:51.0030 2848 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:13:51.0064 2848 TBS - ok
20:13:51.0200 2848 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
20:13:51.0238 2848 Tcpip - ok
20:13:51.0308 2848 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
20:13:51.0326 2848 TCPIP6 - ok
20:13:51.0364 2848 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:13:51.0400 2848 tcpipreg - ok
20:13:51.0441 2848 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:13:51.0470 2848 TDPIPE - ok
20:13:51.0473 2848 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
20:13:51.0489 2848 TDTCP - ok
20:13:51.0493 2848 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:13:51.0510 2848 tdx - ok
20:13:51.0514 2848 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:13:51.0520 2848 TermDD - ok
20:13:51.0591 2848 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
20:13:51.0634 2848 TermService - ok
20:13:51.0651 2848 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:13:51.0662 2848 Themes - ok
20:13:51.0702 2848 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:13:51.0719 2848 THREADORDER - ok
20:13:51.0731 2848 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:13:51.0786 2848 TrkWks - ok
20:13:51.0964 2848 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
20:13:51.0973 2848 TrustedInstaller - ok
20:13:52.0013 2848 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:13:52.0029 2848 tssecsrv - ok
20:13:52.0221 2848 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:13:52.0269 2848 tunnel - ok
20:13:52.0572 2848 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:13:52.0578 2848 uagp35 - ok
20:13:52.0590 2848 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
20:13:52.0623 2848 udfs - ok
20:13:53.0028 2848 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:13:53.0038 2848 UI0Detect - ok
20:13:53.0230 2848 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:13:53.0275 2848 uliagpkx - ok
20:13:53.0343 2848 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:13:53.0352 2848 umbus - ok
20:13:53.0577 2848 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:13:53.0585 2848 UmPass - ok
20:13:53.0792 2848 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
20:13:53.0838 2848 UmRdpService - ok
20:13:54.0134 2848 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:13:54.0733 2848 upnphost - ok
20:13:54.0912 2848 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
20:13:55.0009 2848 USBAAPL - ok
20:13:55.0294 2848 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
20:13:55.0416 2848 usbaudio - ok
20:13:55.0884 2848 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
20:13:55.0964 2848 usbccgp - ok
20:13:56.0406 2848 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:13:56.0425 2848 usbcir - ok
20:13:56.0590 2848 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
20:13:56.0624 2848 usbehci - ok
20:13:56.0703 2848 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
20:13:56.0730 2848 usbhub - ok
20:13:56.0745 2848 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
20:13:56.0775 2848 usbohci - ok
20:13:56.0810 2848 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:13:56.0819 2848 usbprint - ok
20:13:56.0823 2848 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:13:56.0830 2848 USBSTOR - ok
20:13:56.0833 2848 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
20:13:56.0853 2848 usbuhci - ok
20:13:56.0921 2848 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
20:13:56.0931 2848 usbvideo - ok
20:13:56.0969 2848 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:13:56.0987 2848 UxSms - ok
20:13:57.0038 2848 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
20:13:57.0046 2848 VaultSvc - ok
20:13:57.0056 2848 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:13:57.0061 2848 vdrvroot - ok
20:13:57.0078 2848 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
20:13:57.0113 2848 vds - ok
20:13:57.0139 2848 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:13:57.0148 2848 vga - ok
20:13:57.0151 2848 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:13:57.0180 2848 VgaSave - ok
20:13:57.0567 2848 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:13:57.0621 2848 vhdmp - ok
20:13:57.0719 2848 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:13:57.0777 2848 viaagp - ok
20:13:58.0003 2848 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:13:58.0056 2848 ViaC7 - ok
20:13:58.0081 2848 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:13:58.0087 2848 viaide - ok
20:13:58.0111 2848 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
20:13:58.0118 2848 vmbus - ok
20:13:58.0121 2848 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:13:58.0150 2848 VMBusHID - ok
20:13:58.0173 2848 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:13:58.0179 2848 volmgr - ok
20:13:58.0186 2848 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:13:58.0195 2848 volmgrx - ok
20:13:58.0201 2848 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:13:58.0210 2848 volsnap - ok
20:13:58.0268 2848 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:13:58.0275 2848 vsmraid - ok
20:13:58.0334 2848 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
20:13:58.0354 2848 VSS - ok
20:13:58.0362 2848 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
20:13:58.0394 2848 vwifibus - ok
20:13:58.0417 2848 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:13:58.0437 2848 W32Time - ok
20:13:58.0461 2848 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:13:58.0469 2848 WacomPen - ok
20:13:58.0498 2848 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:13:58.0514 2848 WANARP - ok
20:13:58.0515 2848 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:13:58.0531 2848 Wanarpv6 - ok
20:13:58.0620 2848 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
20:13:58.0658 2848 WatAdminSvc - ok
20:13:58.0810 2848 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
20:13:58.0866 2848 wbengine - ok
20:13:59.0032 2848 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:13:59.0075 2848 WbioSrvc - ok
20:13:59.0452 2848 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
20:13:59.0492 2848 wcncsvc - ok
20:13:59.0513 2848 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:13:59.0562 2848 WcsPlugInService - ok
20:13:59.0637 2848 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:13:59.0643 2848 Wd - ok
20:13:59.0672 2848 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:13:59.0684 2848 Wdf01000 - ok
20:13:59.0693 2848 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:13:59.0726 2848 WdiServiceHost - ok
20:13:59.0728 2848 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:13:59.0739 2848 WdiSystemHost - ok
20:13:59.0767 2848 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
20:13:59.0780 2848 WebClient - ok
20:13:59.0791 2848 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:13:59.0826 2848 Wecsvc - ok
20:13:59.0851 2848 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:13:59.0890 2848 wercplsupport - ok
20:13:59.0919 2848 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:13:59.0938 2848 WerSvc - ok
20:13:59.0949 2848 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:13:59.0965 2848 WfpLwf - ok
20:14:00.0003 2848 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:14:00.0048 2848 WIMMount - ok
20:14:00.0051 2848 WinHttpAutoProxySvc - ok
20:14:00.0512 2848 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:14:01.0191 2848 Winmgmt - ok
20:14:03.0219 2848 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
20:14:03.0627 2848 WinRM - ok
20:14:03.0954 2848 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
20:14:03.0971 2848 WinUsb - ok
20:14:04.0024 2848 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:14:04.0070 2848 Wlansvc - ok
20:14:04.0340 2848 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:14:04.0377 2848 wlidsvc - ok
20:14:05.0296 2848 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:14:05.0329 2848 WmiAcpi - ok
20:14:05.0724 2848 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:14:05.0750 2848 wmiApSrv - ok
20:14:05.0879 2848 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:14:05.0948 2848 WMPNetworkSvc - ok
20:14:06.0074 2848 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:14:06.0094 2848 WPCSvc - ok
20:14:06.0348 2848 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
20:14:06.0369 2848 WPDBusEnum - ok
20:14:06.0749 2848 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:14:06.0785 2848 ws2ifsl - ok
20:14:06.0787 2848 WSearch - ok
20:14:06.0822 2848 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
20:14:06.0838 2848 WudfPf - ok
20:14:06.0867 2848 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:14:06.0904 2848 WUDFRd - ok
20:14:06.0940 2848 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
20:14:06.0959 2848 wudfsvc - ok
20:14:07.0302 2848 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:14:07.0348 2848 WwanSvc - ok
20:14:07.0380 2848 XDva397 - ok
20:14:07.0427 2848 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:14:09.0919 2848 \Device\Harddisk0\DR0 - ok
20:14:09.0957 2848 Boot (0x1200) (5b5dcf7c1a9ec11febe898fc681c8bc1) \Device\Harddisk0\DR0\Partition0
20:14:09.0961 2848 \Device\Harddisk0\DR0\Partition0 - ok
20:14:09.0974 2848 Boot (0x1200) (10198926059d5a5f79cf8f9b34a394c2) \Device\Harddisk0\DR0\Partition1
20:14:09.0977 2848 \Device\Harddisk0\DR0\Partition1 - ok
20:14:09.0977 2848 ============================================================
20:14:09.0977 2848 Scan finished
20:14:09.0977 2848 ============================================================
20:14:09.0987 1056 Detected object count: 0
20:14:09.0987 1056 Actual detected object count: 0
20:15:05.0021 0248 Deinitialize success










Then the aswMBR log -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-25 19:45:56
-----------------------------
19:45:56.413 OS Version: Windows 6.1.7600
19:45:56.413 Number of processors: 8 586 0x2A07
19:45:56.413 ComputerName: COLIN-PC UserName: Colin
19:45:58.768 Initialize success
19:45:58.862 AVAST engine defs: 12072500
19:46:03.963 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:46:03.963 Disk 0 Vendor: ST500DM002-1BC142 JC4B Size: 476940MB BusType: 11
19:46:03.994 Disk 0 MBR read successfully
19:46:03.994 Disk 0 MBR scan
19:46:04.010 Disk 0 Windows 7 default MBR code
19:46:04.041 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:46:04.072 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
19:46:04.072 Disk 0 scanning sectors +976771072
19:46:04.150 Disk 0 scanning C:\Windows\system32\drivers
19:46:17.878 Service scanning
19:46:37.612 Modules scanning
19:46:46.832 Disk 0 trace - called modules:
19:46:46.926 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
19:46:47.425 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862898d0]
19:46:47.425 3 CLASSPNP.SYS[8b38959e] -> nt!IofCallDriver -> [0x85cec918]
19:46:47.425 5 ACPI.sys[8ae263b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85d70908]
19:46:48.049 AVAST engine scan C:\Windows
19:46:56.660 AVAST engine scan C:\Windows\system32
19:49:21.772 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:51:07.589 AVAST engine scan C:\Windows\system32\drivers
19:51:29.697 AVAST engine scan C:\Users\Colin
19:59:04.141 Disk 0 MBR has been saved successfully to "C:\Users\Colin\Documents\MBR.dat"
19:59:04.141 The log file has been saved successfully to "C:\Users\Colin\Documents\aswMBR.txt"



Finally, the ESET scanner log (lol that took a long time XD)

C:\Users\Colin\AppData\Local\{8efd2681-3084-9bf1-549b-0761543213da}\n a variant of Win32/Kryptik.AIVX trojan cleaned by deleting - quarantined
C:\Users\Colin\Desktop\MW3\MW2 SP Fov changer.exe Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
C:\Users\Colin\Downloads\DTLite4454-0315.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\Installer\{8efd2681-3084-9bf1-549b-0761543213da}\U\trzBE60.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8efd2681-3084-9bf1-549b-0761543213da}\U\trzC802.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\System32\services.exe Win32/Sirefef.FC trojan unable to clean
C:\Windows.old\Users\Colin\Desktop\Vegas\Keygen.exe a variant of Win32/Keygen.AR application cleaned by deleting - quarantined
C:\Windows.old\Users\Colin\Downloads\avc-free.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows.old\Users\Colin\Downloads\DTLite4452-0287.exe Win32/OpenCandy application cleaned by deleting - quarantined

Thank you

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:08 AM

Posted 25 July 2012 - 06:46 AM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{8efd2681-3084-9bf1-549b-0761543213da}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 KaRath

KaRath
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 25 July 2012 - 10:08 AM

Sorry for the long delay... the scan went on for what felt likes years T_T''

Systemlook log -
SystemLook 30.07.11 by jpshortstuff
Log created at 22:00 on 25/07/2012 by Colin
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] A302BBFF2A7278C0E239EE5D471D86A9
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows.old\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{8efd2681-3084-9bf1-549b-0761543213da}"
C:\Users\Colin\AppData\Local\{8efd2681-3084-9bf1-549b-0761543213da} d---s-- [23:11 13/07/2009]
C:\Windows\Installer\{8efd2681-3084-9bf1-549b-0761543213da} d--hs-- [23:11 13/07/2009]

-= EOF =-







MBAM log - two false positives IMO (one was picked up by ESET web scanner and deleted but still in my recycling bin due to MBAM picking up something as an error I think)

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.25.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Colin :: COLIN-PC [administrator]

Protection: Enabled

25/07/2012 10:06:49 PM
mbam-log-2012-07-25 (22-06-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 512311
Time elapsed: 2 hour(s), 50 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-2780596892-438719293-708187663-1000\$RVDZSAM\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows.old\Users\Colin\Desktop\Vegas\SonyVegasProCRACK.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.

(end)




Minitoolbox Result -
MiniToolBox by Farbar Version: 23-07-2012
Ran by Colin (administrator) on 26-07-2012 at 01:00:39
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Colin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F4-6D-04-64-23-82
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ed0f:a7a7:3af4:392d%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, 26 July 2012 12:58:27 AM
Lease Expires . . . . . . . . . . : Friday, 27 July 2012 12:58:27 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 267676932
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-2C-31-9B-F4-6D-04-64-23-82
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-FD-D5-AD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::5fd:d5ad(Preferred)
Link-local IPv6 Address . . . . . : fe80::d0ca:38df:8a05:9e48%14(Preferred)
IPv4 Address. . . . . . . . . . . : 5.253.213.173(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Thursday, 26 July 2012 12:58:27 AM
Lease Expires . . . . . . . . . . : Friday, 26 July 2013 1:00:34 AM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 326793700
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-2C-31-9B-F4-6D-04-64-23-82
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{2781E300-BCA5-449D-8DCA-61A02D425EDF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: RTA1046VW.home
Address: 192.168.1.1

Name: google.com
Addresses: 2404:6800:4006:801::1008
74.125.237.38
74.125.237.32
74.125.237.34
74.125.237.35
74.125.237.39
74.125.237.33
74.125.237.40
74.125.237.46
74.125.237.37
74.125.237.36
74.125.237.41


Pinging google.com [74.125.237.38] with 32 bytes of data:
Reply from 74.125.237.38: bytes=32 time=16ms TTL=57
Reply from 74.125.237.38: bytes=32 time=13ms TTL=57

Ping statistics for 74.125.237.38:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 16ms, Average = 14ms
Server: RTA1046VW.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
98.139.183.24
72.30.38.140


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=247ms TTL=50
Reply from 209.191.122.70: bytes=32 time=247ms TTL=50

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 247ms, Maximum = 247ms, Average = 247ms
Server: RTA1046VW.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...f4 6d 04 64 23 82 ......Realtek PCIe GBE Family Controller
14...7a 79 05 fd d5 ad ......Hamachi Network Interface
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.253.213.173 9256
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
5.0.0.0 255.0.0.0 On-link 5.253.213.173 9256
5.253.213.173 255.255.255.255 On-link 5.253.213.173 9256
5.255.255.255 255.255.255.255 On-link 5.253.213.173 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 276
192.168.1.6 255.255.255.255 On-link 192.168.1.6 276
192.168.1.255 255.255.255.255 On-link 192.168.1.6 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 276
224.0.0.0 240.0.0.0 On-link 5.253.213.173 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 276
255.255.255.255 255.255.255.255 On-link 5.253.213.173 9256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
14 276 2620:9b::/96 On-link
14 276 2620:9b::5fd:d5ad/128 On-link
12 276 fe80::/64 On-link
14 276 fe80::/64 On-link
14 276 fe80::d0ca:38df:8a05:9e48/128
On-link
12 276 fe80::ed0f:a7a7:3af4:392d/128
On-link
1 306 ff00::/8 On-link
12 276 ff00::/8 On-link
14 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/26/2012 00:58:33 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/26/2012 00:57:30 AM) (Source: EventSystem) (User: )
Description: 80040206EventSystem.EventSubscription{0ED7099E-F30C-4FA2-A865-2CE68A46B9CE}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer

Error: (07/26/2012 00:51:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/26/2012 00:31:20 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2012 11:31:20 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2012 10:31:22 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (07/25/2012 07:40:29 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/25/2012 07:27:36 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/25/2012 05:24:32 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/24/2012 09:21:02 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.


System errors:
=============
Error: (07/26/2012 00:59:32 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422

Error: (07/26/2012 00:59:32 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/26/2012 00:59:32 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/26/2012 00:58:56 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/26/2012 00:58:53 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/26/2012 00:58:38 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/25/2012 10:31:21 PM) (Source: DCOM) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (07/25/2012 09:58:37 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/25/2012 09:58:37 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/25/2012 09:58:37 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070422


Microsoft Office Sessions:
=========================
Error: (07/26/2012 00:58:33 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (07/26/2012 00:57:30 AM) (Source: EventSystem)(User: )
Description: 80040206EventSystem.EventSubscription{0ED7099E-F30C-4FA2-A865-2CE68A46B9CE}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer

Error: (07/26/2012 00:51:52 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Windows.old\Windows\regedit.exe

Error: (07/26/2012 00:31:20 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (07/25/2012 11:31:20 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (07/25/2012 10:31:22 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x80070005

Error: (07/25/2012 07:40:29 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (07/25/2012 07:27:36 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (07/25/2012 05:24:32 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (07/24/2012 09:21:02 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.873.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70405.2224)
Amnesia: The Dark Descent
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
µTorrent (Version: 3.1.3)
avast! Free Antivirus (Version: 7.0.1456.0)
Battlefield 3™ (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.122.0)
Blacklight: Retribution
Bonjour (Version: 3.0.0.10)
BrickForce 1.4.40 (Version: 1.4.40)
Call of Duty® 4 - Modern Warfare™ (Version: 1.00.0000)
Call of Duty® 4 - Modern Warfare™ (Version: 1.7)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (Version: 1.6)
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (Version: 1.7)
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728)
Counter-Strike
Counter-Strike: Global Offensive Beta
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0315)
Dxtory 2.0.108 (Version: 2.0.108)
e-tax 2012 (Version: 6.0.577)
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Global Agenda
Global Agenda Launcher (Version: 1.0.0)
GOM Player (Version: 2.1.40.5106)
GOMTV Streamer (Version: 1.0.0.26)
Google Chrome (Version: 20.0.1132.57)
Hi-Rez Studios Games (Version: 3.0.0.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 32 (Version: 6.0.320)
LogMeIn Hamachi (Version: 2.1.0.210)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mass Effect™ 3 (Version: 1.03.0.0)
Metro 2033
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 14.0.1 (x86 en-GB) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
Mumble 1.2.3 (Version: 1.2.3)
NVIDIA PhysX (Version: 9.11.1107)
ON_OFF Charge B11.0110.1 (Version: 1.00.0001)
ooVoo (Version: 3.5.1072)
Origin (Version: 8.6.0.357)
osu! (Version: 0.0.0.0)
PackBit Codec version 1.0.0.1Beta (Version: 1.0.0.1Beta)
PunkBuster Services (Version: 0.992)
Realtek Ethernet Controller Driver (Version: 7.46.531.2011)
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] (Version: 1.6.02)
SILENT HILL 3 (Version: 1.00.0000)
Skype™ 5.10 (Version: 5.10.116)
Spybot - Search & Destroy (Version: 1.6.2)
StarCraft II (Version: 1.4.4.22418)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.5.1012)
TeamSpeak 3 Client (Version: 3.0.6)
Universal AntiCheat 3 v1.065
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Vegas Pro 10.0 (Version: 10.0.469)
Ventrilo Client (Version: 3.0.8)
VLC media player 2.0.1 (Version: 2.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.11 (32-bit) (Version: 4.11.0)

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 3062.27 MB
Available physical RAM: 2033.6 MB
Total Pagefile: 6122.82 MB
Available Pagefile: 5018.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.48 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:41.64 GB) NTFS
3 Drive e: (S.T.A.L.K.E.R) (CDROM) (Total:4.01 GB) (Free:0 GB) UDF
4 Drive f: (COD4MW) (CDROM) (Total:6.32 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\COLIN-PC

Administrator Colin Guest


**** End of log ****




FSS log -
Farbar Service Scanner Version: 22-07-2012
Ran by Colin (administrator) on 26-07-2012 at 01:01:28
Running from "C:\Users\Colin\Downloads"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-14 09:53] - [2009-07-14 11:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 09:54] - [2009-07-14 11:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 09:23] - [2009-07-14 11:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-14 09:24] - [2009-07-14 11:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-14 10:15] - [2009-07-14 11:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-14 09:30] - [2009-07-14 11:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



Adaware log



# AdwCleaner v1.703 - Logfile created 07/26/2012 at 01:02:13
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : Colin - COLIN-PC
# Running from : C:\Users\Colin\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\DT Soft

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-GB)

Profile name : default
File : C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\q7iebjvb.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [927 octets] - [26/07/2012 01:02:13]

########## EOF - C:\AdwCleaner[S1].txt - [1054 octets] ##########




Sorry, I have not rescanned my computer as I cannot leave it on overnight and it is reaching way too late T_T'' thank you so much for your patience and help

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:08 AM

Posted 25 July 2012 - 10:13 AM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:services.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Post the new system look log

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Colin\AppData\Local\{8efd2681-3084-9bf1-549b-0761543213da}
C:\Windows\Installer\{8efd2681-3084-9bf1-549b-0761543213da}

delete the folders

Create a restore point before trying this

Download

MpsSvc
BFE
wscsvc
defender
BITS
wuauserv

Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#7 KaRath

KaRath
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 25 July 2012 - 08:19 PM

Hi,

I did the services.bat run, then I did a systemlook while at the same time deleting the folders (not sure if I should have done this...)

SystemLook 30.07.11 by jpshortstuff
Log created at 10:30 on 26/07/2012 by Colin
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows.old\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{8efd2681-3084-9bf1-549b-0761543213da}"
No folders found.

-= EOF =-



Afterwards, made a System Restore point, then tried inserting the registries into the computer and restarting, but as soon as I restarted Windows would BSOD crash on the starting screen - parameter bugcheck=f4 before the computer restarted again.

Went into Startup recovery, restored a system restore checkpoint only for it to turn up to be a checkpoint before the manual one I set (it did not give me an option for which startup point to use). So I used system restore to startup and head towards the manual point I set. Although the restore was successful, the computer once again BSOD'd with the same error, and this time I let the startup repair run without selecting the system restore option, and the computer booted up fine this time, minus the registry enteries from before (I checked the .reg files data and they were not there in regedit).

Question is, what do I do now?


Thank you

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:08 AM

Posted 25 July 2012 - 08:49 PM

Try one more time,lets see

#9 KaRath

KaRath
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 26 July 2012 - 02:40 AM

Ok, this time it worked, ran the windows repair tool, then ran FSS and here is the log-

Farbar Service Scanner Version: 22-07-2012
Ran by Colin (administrator) on 26-07-2012 at 17:37:18
Running from "C:\Users\Colin\Downloads"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-14 09:53] - [2009-07-14 11:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 09:54] - [2009-07-14 11:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 09:23] - [2009-07-14 11:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-14 09:24] - [2009-07-14 11:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-14 10:15] - [2009-07-14 11:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-14 09:30] - [2009-07-14 11:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:08 AM

Posted 26 July 2012 - 02:53 AM

Download

Sharedaccess

Launch it and click YES

Delete this file

C:\windows\system32\services.exe.old

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#11 KaRath

KaRath
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 26 July 2012 - 03:31 AM

All done :)

Thank you very much for the quick and useful help!

Think it's all resolved now, I might run some scans soon just to make sure. Otherwise, thank you so much!

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:08 AM

Posted 26 July 2012 - 04:35 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users