Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Friend visited one of those free movie sites...now my PC is infected :(


  • Please log in to reply
17 replies to this topic

#1 jojokintel

jojokintel

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 29 July 2012 - 05:44 PM

First indication that I had a problem was that my AVG said I had a trojan. It was called "Trojan Horse Patched_c.lxt"

It was whitelisted...appearing in services.msc. Also FF was redirecting like crazy. IE wasn't though.

I did a virus scan with AVG and it displayed the following.

Trojan Horse Patched_c.lxt
Trojan Horse backdoor.generic15.axla
Trojan Horse generic28.anic
Trojan Horse dropper.generic6.anla

I ran combofix but it froze during the "deleting folders" part. ***Yes, I know I wasn't supposed to run this until being told to do so, but I read about it on a random thread on another site before seeing that on this forum*** I restarted and did an AVG scan...nothing showed up. Then I re-ran Combofix and it went all the way through. The viruses are gone but now after 20 minutes or so I get the BLUE SCREEN OF DEATH :( Anything I can do at this point because I'm seriously considering re-installing windows...

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:15 AM

Posted 29 July 2012 - 06:07 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 jojokintel

jojokintel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 29 July 2012 - 06:33 PM

Thanks for your very quick reply. ESET appears to have found some more trojans. Here are the logs..

16:13:46.0029 5784 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:13:46.0377 5784 ============================================================
16:13:46.0377 5784 Current date / time: 2012/07/29 16:13:46.0377
16:13:46.0377 5784 SystemInfo:
16:13:46.0377 5784
16:13:46.0377 5784 OS Version: 6.1.7601 ServicePack: 1.0
16:13:46.0377 5784 Product type: Workstation
16:13:46.0377 5784 ComputerName: V3-CONVOY-PC
16:13:46.0377 5784 UserName: Seth
16:13:46.0377 5784 Windows directory: C:\Windows
16:13:46.0377 5784 System windows directory: C:\Windows
16:13:46.0377 5784 Running under WOW64
16:13:46.0377 5784 Processor architecture: Intel x64
16:13:46.0377 5784 Number of processors: 8
16:13:46.0377 5784 Page size: 0x1000
16:13:46.0377 5784 Boot type: Normal boot
16:13:46.0377 5784 ============================================================
16:13:46.0628 5784 Drive \Device\Harddisk0\DR0 - Size: 0x1DCFE00000 (119.25 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:46.0628 5784 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:46.0630 5784 ============================================================
16:13:46.0630 5784 \Device\Harddisk0\DR0:
16:13:46.0630 5784 MBR partitions:
16:13:46.0630 5784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:13:46.0630 5784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE4C000
16:13:46.0630 5784 \Device\Harddisk1\DR1:
16:13:46.0631 5784 MBR partitions:
16:13:46.0631 5784 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:13:46.0631 5784 ============================================================
16:13:46.0632 5784 C: <-> \Device\Harddisk0\DR0\Partition1
16:13:46.0659 5784 D: <-> \Device\Harddisk1\DR1\Partition0
16:13:46.0659 5784 ============================================================
16:13:46.0659 5784 Initialize success
16:13:46.0659 5784 ============================================================
16:14:07.0050 5920 ============================================================
16:14:07.0050 5920 Scan started
16:14:07.0050 5920 Mode: Manual; TDLFS;
16:14:07.0050 5920 ============================================================
16:14:07.0125 5920 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
16:14:07.0126 5920 !SASCORE - ok
16:14:07.0166 5920 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
16:14:07.0167 5920 1394ohci - ok
16:14:07.0178 5920 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:14:07.0179 5920 ACPI - ok
16:14:07.0181 5920 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:14:07.0182 5920 AcpiPmi - ok
16:14:07.0187 5920 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:14:07.0187 5920 AdobeARMservice - ok
16:14:07.0218 5920 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:14:07.0220 5920 AdobeFlashPlayerUpdateSvc - ok
16:14:07.0236 5920 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:14:07.0238 5920 adp94xx - ok
16:14:07.0250 5920 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:14:07.0252 5920 adpahci - ok
16:14:07.0259 5920 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:14:07.0260 5920 adpu320 - ok
16:14:07.0264 5920 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:14:07.0264 5920 AeLookupSvc - ok
16:14:07.0281 5920 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:14:07.0283 5920 AFD - ok
16:14:07.0286 5920 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:14:07.0287 5920 agp440 - ok
16:14:07.0290 5920 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:14:07.0291 5920 ALG - ok
16:14:07.0292 5920 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:14:07.0293 5920 aliide - ok
16:14:07.0294 5920 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:14:07.0294 5920 amdide - ok
16:14:07.0297 5920 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:14:07.0297 5920 AmdK8 - ok
16:14:07.0299 5920 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:14:07.0300 5920 AmdPPM - ok
16:14:07.0305 5920 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:14:07.0306 5920 amdsata - ok
16:14:07.0311 5920 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:14:07.0312 5920 amdsbs - ok
16:14:07.0314 5920 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:14:07.0314 5920 amdxata - ok
16:14:07.0316 5920 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:14:07.0316 5920 AppID - ok
16:14:07.0319 5920 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:14:07.0320 5920 AppIDSvc - ok
16:14:07.0322 5920 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:14:07.0322 5920 Appinfo - ok
16:14:07.0327 5920 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:14:07.0328 5920 Apple Mobile Device - ok
16:14:07.0336 5920 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:14:07.0337 5920 AppMgmt - ok
16:14:07.0339 5920 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:14:07.0340 5920 arc - ok
16:14:07.0344 5920 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:14:07.0345 5920 arcsas - ok
16:14:07.0346 5920 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:14:07.0347 5920 AsyncMac - ok
16:14:07.0349 5920 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:14:07.0349 5920 atapi - ok
16:14:07.0370 5920 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:14:07.0372 5920 AudioEndpointBuilder - ok
16:14:07.0375 5920 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:14:07.0378 5920 AudioSrv - ok
16:14:07.0464 5920 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
16:14:07.0481 5920 AVGIDSAgent - ok
16:14:07.0493 5920 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
16:14:07.0494 5920 AVGIDSDriver - ok
16:14:07.0496 5920 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
16:14:07.0496 5920 AVGIDSFilter - ok
16:14:07.0498 5920 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
16:14:07.0498 5920 AVGIDSHA - ok
16:14:07.0509 5920 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
16:14:07.0510 5920 Avgldx64 - ok
16:14:07.0512 5920 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
16:14:07.0513 5920 Avgmfx64 - ok
16:14:07.0516 5920 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
16:14:07.0516 5920 Avgrkx64 - ok
16:14:07.0529 5920 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
16:14:07.0530 5920 Avgtdia - ok
16:14:07.0539 5920 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:14:07.0540 5920 avgwd - ok
16:14:07.0546 5920 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:14:07.0546 5920 AxInstSV - ok
16:14:07.0563 5920 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:14:07.0565 5920 b06bdrv - ok
16:14:07.0572 5920 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:14:07.0573 5920 b57nd60a - ok
16:14:07.0578 5920 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:14:07.0579 5920 BDESVC - ok
16:14:07.0580 5920 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:14:07.0580 5920 Beep - ok
16:14:07.0606 5920 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:14:07.0609 5920 BFE - ok
16:14:07.0637 5920 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:14:07.0640 5920 BITS - ok
16:14:07.0642 5920 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:14:07.0642 5920 blbdrive - ok
16:14:07.0659 5920 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:14:07.0660 5920 Bonjour Service - ok
16:14:07.0665 5920 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:14:07.0665 5920 bowser - ok
16:14:07.0667 5920 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:14:07.0667 5920 BrFiltLo - ok
16:14:07.0669 5920 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:14:07.0669 5920 BrFiltUp - ok
16:14:07.0674 5920 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:14:07.0675 5920 BridgeMP - ok
16:14:07.0680 5920 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:14:07.0681 5920 Browser - ok
16:14:07.0690 5920 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:14:07.0691 5920 Brserid - ok
16:14:07.0694 5920 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:14:07.0695 5920 BrSerWdm - ok
16:14:07.0697 5920 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:14:07.0697 5920 BrUsbMdm - ok
16:14:07.0699 5920 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:14:07.0699 5920 BrUsbSer - ok
16:14:07.0703 5920 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:14:07.0704 5920 BTHMODEM - ok
16:14:07.0708 5920 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:14:07.0709 5920 bthserv - ok
16:14:07.0713 5920 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:14:07.0714 5920 cdfs - ok
16:14:07.0720 5920 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:14:07.0721 5920 cdrom - ok
16:14:07.0726 5920 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:07.0727 5920 CertPropSvc - ok
16:14:07.0729 5920 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:14:07.0730 5920 circlass - ok
16:14:07.0742 5920 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:14:07.0743 5920 CLFS - ok
16:14:07.0749 5920 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:14:07.0751 5920 clr_optimization_v2.0.50727_32 - ok
16:14:07.0757 5920 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:14:07.0759 5920 clr_optimization_v2.0.50727_64 - ok
16:14:07.0768 5920 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:14:07.0772 5920 clr_optimization_v4.0.30319_32 - ok
16:14:07.0780 5920 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:14:07.0782 5920 clr_optimization_v4.0.30319_64 - ok
16:14:07.0785 5920 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:14:07.0785 5920 CmBatt - ok
16:14:07.0786 5920 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:14:07.0787 5920 cmdide - ok
16:14:07.0802 5920 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
16:14:07.0803 5920 CNG - ok
16:14:07.0806 5920 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:14:07.0806 5920 Compbatt - ok
16:14:07.0808 5920 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:14:07.0809 5920 CompositeBus - ok
16:14:07.0810 5920 COMSysApp - ok
16:14:07.0813 5920 cpuz135 (ccb09eb78e047c931708149992c2e435) C:\Windows\system32\drivers\cpuz135_x64.sys
16:14:07.0813 5920 cpuz135 - ok
16:14:07.0815 5920 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:14:07.0816 5920 crcdisk - ok
16:14:07.0823 5920 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:14:07.0824 5920 CryptSvc - ok
16:14:07.0840 5920 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:14:07.0842 5920 CSC - ok
16:14:07.0862 5920 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:14:07.0865 5920 CscService - ok
16:14:07.0883 5920 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:07.0885 5920 DcomLaunch - ok
16:14:07.0895 5920 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:14:07.0896 5920 defragsvc - ok
16:14:07.0901 5920 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:14:07.0901 5920 DfsC - ok
16:14:07.0912 5920 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:14:07.0913 5920 Dhcp - ok
16:14:07.0915 5920 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:14:07.0916 5920 discache - ok
16:14:07.0920 5920 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:14:07.0920 5920 Disk - ok
16:14:07.0924 5920 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
16:14:07.0925 5920 dmvsc - ok
16:14:07.0931 5920 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:14:07.0932 5920 Dnscache - ok
16:14:07.0941 5920 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:14:07.0942 5920 dot3svc - ok
16:14:07.0948 5920 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:14:07.0949 5920 DPS - ok
16:14:07.0951 5920 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:14:07.0951 5920 drmkaud - ok
16:14:07.0983 5920 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:14:07.0986 5920 DXGKrnl - ok
16:14:07.0991 5920 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:14:07.0992 5920 EapHost - ok
16:14:08.0058 5920 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:14:08.0071 5920 ebdrv - ok
16:14:08.0087 5920 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:14:08.0088 5920 EFS - ok
16:14:08.0109 5920 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:14:08.0112 5920 ehRecvr - ok
16:14:08.0117 5920 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:14:08.0118 5920 ehSched - ok
16:14:08.0121 5920 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:14:08.0122 5920 ElbyCDIO - ok
16:14:08.0139 5920 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:14:08.0141 5920 elxstor - ok
16:14:08.0143 5920 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:14:08.0144 5920 ErrDev - ok
16:14:08.0158 5920 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:14:08.0160 5920 EventSystem - ok
16:14:08.0162 5920 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:14:08.0164 5920 exfat - ok
16:14:08.0166 5920 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:14:08.0168 5920 fastfat - ok
16:14:08.0188 5920 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:14:08.0191 5920 Fax - ok
16:14:08.0192 5920 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:14:08.0193 5920 fdc - ok
16:14:08.0195 5920 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:14:08.0195 5920 fdPHost - ok
16:14:08.0198 5920 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:14:08.0198 5920 FDResPub - ok
16:14:08.0200 5920 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:14:08.0200 5920 FileInfo - ok
16:14:08.0201 5920 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:14:08.0202 5920 Filetrace - ok
16:14:08.0203 5920 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:14:08.0204 5920 flpydisk - ok
16:14:08.0208 5920 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:14:08.0209 5920 FltMgr - ok
16:14:08.0247 5920 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:14:08.0251 5920 FontCache - ok
16:14:08.0255 5920 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:14:08.0256 5920 FontCache3.0.0.0 - ok
16:14:08.0258 5920 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:14:08.0258 5920 FsDepends - ok
16:14:08.0260 5920 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:14:08.0260 5920 Fs_Rec - ok
16:14:08.0264 5920 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:14:08.0265 5920 fvevol - ok
16:14:08.0266 5920 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:14:08.0267 5920 gagp30kx - ok
16:14:08.0270 5920 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:14:08.0270 5920 GEARAspiWDM - ok
16:14:08.0293 5920 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:14:08.0296 5920 gpsvc - ok
16:14:08.0298 5920 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:14:08.0299 5920 hcw85cir - ok
16:14:08.0312 5920 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:14:08.0314 5920 HdAudAddService - ok
16:14:08.0319 5920 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:14:08.0319 5920 HDAudBus - ok
16:14:08.0321 5920 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:14:08.0322 5920 HidBatt - ok
16:14:08.0326 5920 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:14:08.0327 5920 HidBth - ok
16:14:08.0329 5920 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:14:08.0330 5920 HidIr - ok
16:14:08.0332 5920 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:14:08.0333 5920 hidserv - ok
16:14:08.0335 5920 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:14:08.0336 5920 HidUsb - ok
16:14:08.0340 5920 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:14:08.0341 5920 hkmsvc - ok
16:14:08.0349 5920 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:14:08.0350 5920 HomeGroupListener - ok
16:14:08.0357 5920 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:14:08.0358 5920 HomeGroupProvider - ok
16:14:08.0362 5920 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:14:08.0363 5920 HpSAMD - ok
16:14:08.0384 5920 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:14:08.0387 5920 HTTP - ok
16:14:08.0389 5920 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:14:08.0389 5920 hwpolicy - ok
16:14:08.0394 5920 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:14:08.0394 5920 i8042prt - ok
16:14:08.0413 5920 iaStor (8ec121830cf0f376bd08051c27981b4e) C:\Windows\system32\DRIVERS\iaStor.sys
16:14:08.0415 5920 iaStor - ok
16:14:08.0429 5920 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:14:08.0430 5920 iaStorV - ok
16:14:08.0458 5920 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:14:08.0461 5920 idsvc - ok
16:14:08.0466 5920 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:14:08.0466 5920 iirsp - ok
16:14:08.0491 5920 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:14:08.0494 5920 IKEEXT - ok
16:14:08.0557 5920 IntcAzAudAddService (03076f51af9f78a272cccde03e9340ce) C:\Windows\system32\drivers\RTKVHD64.sys
16:14:08.0566 5920 IntcAzAudAddService - ok
16:14:08.0571 5920 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:14:08.0572 5920 intelide - ok
16:14:08.0575 5920 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:14:08.0575 5920 intelppm - ok
16:14:08.0580 5920 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:14:08.0581 5920 IPBusEnum - ok
16:14:08.0584 5920 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:14:08.0585 5920 IpFilterDriver - ok
16:14:08.0608 5920 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:14:08.0610 5920 iphlpsvc - ok
16:14:08.0614 5920 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:14:08.0615 5920 IPMIDRV - ok
16:14:08.0619 5920 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:14:08.0620 5920 IPNAT - ok
16:14:08.0652 5920 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
16:14:08.0655 5920 iPod Service - ok
16:14:08.0657 5920 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:14:08.0658 5920 IRENUM - ok
16:14:08.0659 5920 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:14:08.0660 5920 isapnp - ok
16:14:08.0670 5920 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:14:08.0671 5920 iScsiPrt - ok
16:14:08.0674 5920 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:14:08.0674 5920 kbdclass - ok
16:14:08.0676 5920 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:14:08.0677 5920 kbdhid - ok
16:14:08.0679 5920 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:08.0679 5920 KeyIso - ok
16:14:08.0683 5920 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
16:14:08.0684 5920 KSecDD - ok
16:14:08.0690 5920 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
16:14:08.0690 5920 KSecPkg - ok
16:14:08.0692 5920 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:14:08.0693 5920 ksthunk - ok
16:14:08.0706 5920 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:14:08.0708 5920 KtmRm - ok
16:14:08.0717 5920 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:14:08.0718 5920 LanmanServer - ok
16:14:08.0723 5920 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:14:08.0725 5920 LanmanWorkstation - ok
16:14:08.0787 5920 Lavasoft Ad-Aware Service (55afd4a9d5ed4ad40d5215ccdf4d65f3) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
16:14:08.0794 5920 Lavasoft Ad-Aware Service - ok
16:14:08.0797 5920 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
16:14:08.0797 5920 Lavasoft Kernexplorer - ok
16:14:08.0804 5920 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
16:14:08.0804 5920 Lbd - ok
16:14:08.0808 5920 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:14:08.0808 5920 lltdio - ok
16:14:08.0818 5920 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:14:08.0820 5920 lltdsvc - ok
16:14:08.0822 5920 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:14:08.0822 5920 lmhosts - ok
16:14:08.0828 5920 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:14:08.0828 5920 LSI_FC - ok
16:14:08.0833 5920 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:14:08.0834 5920 LSI_SAS - ok
16:14:08.0837 5920 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:14:08.0838 5920 LSI_SAS2 - ok
16:14:08.0843 5920 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:14:08.0843 5920 LSI_SCSI - ok
16:14:08.0848 5920 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:14:08.0849 5920 luafv - ok
16:14:08.0851 5920 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
16:14:08.0851 5920 MBfilt - ok
16:14:08.0855 5920 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:14:08.0856 5920 Mcx2Svc - ok
16:14:08.0859 5920 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:14:08.0860 5920 megasas - ok
16:14:08.0869 5920 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:14:08.0870 5920 MegaSR - ok
16:14:08.0874 5920 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:14:08.0875 5920 MEIx64 - ok
16:14:08.0878 5920 Microsoft SharePoint Workspace Audit Service - ok
16:14:08.0882 5920 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:08.0883 5920 MMCSS - ok
16:14:08.0885 5920 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:14:08.0886 5920 Modem - ok
16:14:08.0888 5920 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:14:08.0889 5920 monitor - ok
16:14:08.0891 5920 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:14:08.0892 5920 mouclass - ok
16:14:08.0894 5920 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:14:08.0894 5920 mouhid - ok
16:14:08.0898 5920 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:14:08.0899 5920 mountmgr - ok
16:14:08.0904 5920 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:14:08.0905 5920 MozillaMaintenance - ok
16:14:08.0911 5920 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:14:08.0912 5920 mpio - ok
16:14:08.0916 5920 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:14:08.0916 5920 mpsdrv - ok
16:14:08.0941 5920 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:14:08.0943 5920 MpsSvc - ok
16:14:08.0949 5920 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:14:08.0950 5920 MRxDAV - ok
16:14:08.0956 5920 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:14:08.0956 5920 mrxsmb - ok
16:14:08.0966 5920 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:14:08.0967 5920 mrxsmb10 - ok
16:14:08.0972 5920 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:14:08.0973 5920 mrxsmb20 - ok
16:14:08.0975 5920 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:14:08.0975 5920 msahci - ok
16:14:08.0980 5920 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:14:08.0981 5920 msdsm - ok
16:14:08.0986 5920 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:14:08.0988 5920 MSDTC - ok
16:14:08.0991 5920 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:14:08.0992 5920 Msfs - ok
16:14:08.0993 5920 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:14:08.0993 5920 mshidkmdf - ok
16:14:08.0995 5920 MSICDSetup - ok
16:14:08.0997 5920 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:14:08.0997 5920 msisadrv - ok
16:14:09.0003 5920 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:14:09.0004 5920 MSiSCSI - ok
16:14:09.0006 5920 msiserver - ok
16:14:09.0008 5920 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:14:09.0009 5920 MSKSSRV - ok
16:14:09.0011 5920 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:14:09.0011 5920 MSPCLOCK - ok
16:14:09.0013 5920 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:14:09.0013 5920 MSPQM - ok
16:14:09.0025 5920 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:14:09.0026 5920 MsRPC - ok
16:14:09.0029 5920 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:14:09.0030 5920 mssmbios - ok
16:14:09.0031 5920 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:14:09.0032 5920 MSTEE - ok
16:14:09.0033 5920 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:14:09.0034 5920 MTConfig - ok
16:14:09.0037 5920 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:14:09.0038 5920 Mup - ok
16:14:09.0053 5920 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:14:09.0055 5920 napagent - ok
16:14:09.0066 5920 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:14:09.0068 5920 NativeWifiP - ok
16:14:09.0095 5920 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:14:09.0098 5920 NDIS - ok
16:14:09.0101 5920 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:14:09.0102 5920 NdisCap - ok
16:14:09.0104 5920 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:14:09.0105 5920 NdisTapi - ok
16:14:09.0107 5920 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:14:09.0108 5920 Ndisuio - ok
16:14:09.0114 5920 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:14:09.0115 5920 NdisWan - ok
16:14:09.0117 5920 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:14:09.0118 5920 NDProxy - ok
16:14:09.0121 5920 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:14:09.0121 5920 NetBIOS - ok
16:14:09.0127 5920 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:14:09.0128 5920 NetBT - ok
16:14:09.0129 5920 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:09.0130 5920 Netlogon - ok
16:14:09.0141 5920 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:14:09.0143 5920 Netman - ok
16:14:09.0159 5920 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:14:09.0161 5920 netprofm - ok
16:14:09.0168 5920 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:14:09.0169 5920 NetTcpPortSharing - ok
16:14:09.0171 5920 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:14:09.0172 5920 nfrd960 - ok
16:14:09.0182 5920 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:14:09.0184 5920 NlaSvc - ok
16:14:09.0186 5920 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:14:09.0186 5920 Npfs - ok
16:14:09.0190 5920 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:14:09.0190 5920 nsi - ok
16:14:09.0192 5920 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:14:09.0192 5920 nsiproxy - ok
16:14:09.0242 5920 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:14:09.0247 5920 Ntfs - ok
16:14:09.0250 5920 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:14:09.0251 5920 Null - ok
16:14:09.0254 5920 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:14:09.0255 5920 nusb3hub - ok
16:14:09.0262 5920 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:14:09.0263 5920 nusb3xhc - ok
16:14:09.0272 5920 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
16:14:09.0273 5920 NVHDA - ok
16:14:09.0382 5920 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:14:09.0423 5920 nvlddmkm - ok
16:14:09.0433 5920 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:14:09.0434 5920 nvraid - ok
16:14:09.0440 5920 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:14:09.0441 5920 nvstor - ok
16:14:09.0473 5920 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
16:14:09.0476 5920 nvsvc - ok
16:14:09.0550 5920 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:14:09.0558 5920 nvUpdatusService - ok
16:14:09.0565 5920 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:14:09.0566 5920 nv_agp - ok
16:14:09.0570 5920 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:14:09.0570 5920 ohci1394 - ok
16:14:09.0573 5920 OpenVPNService (d8a0164a79d4bfd6083945c5431e41e7) C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
16:14:09.0574 5920 OpenVPNService - ok
16:14:09.0583 5920 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:14:09.0583 5920 ose64 - ok
16:14:09.0664 5920 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:14:09.0687 5920 osppsvc - ok
16:14:09.0702 5920 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:09.0704 5920 p2pimsvc - ok
16:14:09.0719 5920 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:14:09.0721 5920 p2psvc - ok
16:14:09.0726 5920 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:14:09.0727 5920 Parport - ok
16:14:09.0730 5920 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:14:09.0731 5920 partmgr - ok
16:14:09.0738 5920 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:14:09.0739 5920 PcaSvc - ok
16:14:09.0746 5920 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:14:09.0747 5920 pci - ok
16:14:09.0749 5920 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:14:09.0749 5920 pciide - ok
16:14:09.0757 5920 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:14:09.0758 5920 pcmcia - ok
16:14:09.0761 5920 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:14:09.0762 5920 pcw - ok
16:14:09.0781 5920 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:14:09.0783 5920 PEAUTH - ok
16:14:09.0822 5920 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:14:09.0827 5920 PeerDistSvc - ok
16:14:09.0851 5920 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:14:09.0852 5920 PerfHost - ok
16:14:09.0901 5920 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:14:09.0907 5920 pla - ok
16:14:09.0923 5920 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:14:09.0924 5920 PlugPlay - ok
16:14:09.0927 5920 PnkBstrA - ok
16:14:09.0929 5920 PnkBstrB - ok
16:14:09.0932 5920 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:14:09.0933 5920 PNRPAutoReg - ok
16:14:09.0936 5920 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:09.0938 5920 PNRPsvc - ok
16:14:09.0953 5920 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:14:09.0956 5920 PolicyAgent - ok
16:14:09.0963 5920 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:14:09.0965 5920 Power - ok
16:14:09.0969 5920 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:14:09.0970 5920 PptpMiniport - ok
16:14:09.0973 5920 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:14:09.0974 5920 Processor - ok
16:14:09.0981 5920 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:14:09.0983 5920 ProfSvc - ok
16:14:09.0985 5920 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:09.0985 5920 ProtectedStorage - ok
16:14:09.0991 5920 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:14:09.0991 5920 Psched - ok
16:14:10.0035 5920 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:14:10.0041 5920 ql2300 - ok
16:14:10.0048 5920 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:14:10.0049 5920 ql40xx - ok
16:14:10.0058 5920 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:14:10.0060 5920 QWAVE - ok
16:14:10.0063 5920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:14:10.0064 5920 QWAVEdrv - ok
16:14:10.0065 5920 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:14:10.0066 5920 RasAcd - ok
16:14:10.0070 5920 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:14:10.0070 5920 RasAgileVpn - ok
16:14:10.0075 5920 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:14:10.0076 5920 RasAuto - ok
16:14:10.0082 5920 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:14:10.0083 5920 Rasl2tp - ok
16:14:10.0095 5920 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:14:10.0097 5920 RasMan - ok
16:14:10.0101 5920 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:14:10.0102 5920 RasPppoe - ok
16:14:10.0105 5920 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:14:10.0106 5920 RasSstp - ok
16:14:10.0116 5920 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:14:10.0118 5920 rdbss - ok
16:14:10.0119 5920 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:14:10.0120 5920 rdpbus - ok
16:14:10.0122 5920 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:14:10.0122 5920 RDPCDD - ok
16:14:10.0129 5920 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:14:10.0130 5920 RDPDR - ok
16:14:10.0132 5920 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:14:10.0132 5920 RDPENCDD - ok
16:14:10.0134 5920 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:14:10.0135 5920 RDPREFMP - ok
16:14:10.0143 5920 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:14:10.0145 5920 RDPWD - ok
16:14:10.0150 5920 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:14:10.0151 5920 rdyboost - ok
16:14:10.0155 5920 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:14:10.0157 5920 RemoteAccess - ok
16:14:10.0163 5920 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:14:10.0165 5920 RemoteRegistry - ok
16:14:10.0168 5920 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:14:10.0169 5920 RpcEptMapper - ok
16:14:10.0171 5920 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:14:10.0172 5920 RpcLocator - ok
16:14:10.0189 5920 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:10.0191 5920 RpcSs - ok
16:14:10.0194 5920 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:14:10.0195 5920 rspndr - ok
16:14:10.0209 5920 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:14:10.0211 5920 RTL8167 - ok
16:14:10.0212 5920 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:14:10.0213 5920 s3cap - ok
16:14:10.0214 5920 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:10.0215 5920 SamSs - ok
16:14:10.0218 5920 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:14:10.0218 5920 SASDIFSV - ok
16:14:10.0219 5920 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:14:10.0219 5920 SASKUTIL - ok
16:14:10.0222 5920 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:14:10.0223 5920 sbp2port - ok
16:14:10.0230 5920 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:14:10.0232 5920 SCardSvr - ok
16:14:10.0234 5920 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:14:10.0234 5920 scfilter - ok
16:14:10.0271 5920 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:14:10.0275 5920 Schedule - ok
16:14:10.0279 5920 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:10.0279 5920 SCPolicySvc - ok
16:14:10.0285 5920 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:14:10.0287 5920 SDRSVC - ok
16:14:10.0289 5920 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:14:10.0290 5920 secdrv - ok
16:14:10.0292 5920 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:14:10.0293 5920 seclogon - ok
16:14:10.0296 5920 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:14:10.0297 5920 SENS - ok
16:14:10.0300 5920 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:14:10.0301 5920 SensrSvc - ok
16:14:10.0303 5920 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:14:10.0303 5920 Serenum - ok
16:14:10.0307 5920 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:14:10.0308 5920 Serial - ok
16:14:10.0309 5920 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:14:10.0310 5920 sermouse - ok
16:14:10.0317 5920 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:14:10.0318 5920 SessionEnv - ok
16:14:10.0320 5920 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:14:10.0321 5920 sffdisk - ok
16:14:10.0322 5920 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:14:10.0322 5920 sffp_mmc - ok
16:14:10.0324 5920 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:14:10.0324 5920 sffp_sd - ok
16:14:10.0326 5920 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:14:10.0326 5920 sfloppy - ok
16:14:10.0338 5920 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:14:10.0340 5920 SharedAccess - ok
16:14:10.0352 5920 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:14:10.0354 5920 ShellHWDetection - ok
16:14:10.0356 5920 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:14:10.0357 5920 SiSRaid2 - ok
16:14:10.0359 5920 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:14:10.0360 5920 SiSRaid4 - ok
16:14:10.0417 5920 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:14:10.0426 5920 Skype C2C Service - ok
16:14:10.0434 5920 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:14:10.0435 5920 SkypeUpdate - ok
16:14:10.0440 5920 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:14:10.0441 5920 Smb - ok
16:14:10.0444 5920 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:14:10.0445 5920 SNMPTRAP - ok
16:14:10.0447 5920 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:14:10.0447 5920 spldr - ok
16:14:10.0466 5920 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:14:10.0468 5920 Spooler - ok
16:14:10.0532 5920 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:14:10.0548 5920 sppsvc - ok
16:14:10.0552 5920 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:14:10.0553 5920 sppuinotify - ok
16:14:10.0568 5920 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:14:10.0570 5920 srv - ok
16:14:10.0583 5920 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:14:10.0584 5920 srv2 - ok
16:14:10.0595 5920 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:14:10.0596 5920 srvnet - ok
16:14:10.0603 5920 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:14:10.0604 5920 SSDPSRV - ok
16:14:10.0608 5920 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:14:10.0609 5920 SstpSvc - ok
16:14:10.0623 5920 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:14:10.0624 5920 Stereo Service - ok
16:14:10.0627 5920 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:14:10.0627 5920 stexstor - ok
16:14:10.0647 5920 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:14:10.0650 5920 stisvc - ok
16:14:10.0653 5920 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:14:10.0653 5920 storflt - ok
16:14:10.0655 5920 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:14:10.0657 5920 StorSvc - ok
16:14:10.0660 5920 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:14:10.0660 5920 storvsc - ok
16:14:10.0662 5920 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:14:10.0662 5920 swenum - ok
16:14:10.0680 5920 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:14:10.0683 5920 swprv - ok
16:14:10.0733 5920 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:14:10.0739 5920 SysMain - ok
16:14:10.0746 5920 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:14:10.0747 5920 TabletInputService - ok
16:14:10.0750 5920 tap0901 (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys
16:14:10.0750 5920 tap0901 - ok
16:14:10.0762 5920 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:14:10.0763 5920 TapiSrv - ok
16:14:10.0767 5920 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:14:10.0768 5920 TBS - ok
16:14:10.0819 5920 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:14:10.0825 5920 Tcpip - ok
16:14:10.0838 5920 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:14:10.0844 5920 TCPIP6 - ok
16:14:10.0850 5920 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:14:10.0850 5920 tcpipreg - ok
16:14:10.0853 5920 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:14:10.0854 5920 TDPIPE - ok
16:14:10.0856 5920 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:14:10.0856 5920 TDTCP - ok
16:14:10.0861 5920 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:14:10.0862 5920 tdx - ok
16:14:10.0865 5920 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:14:10.0866 5920 TermDD - ok
16:14:10.0888 5920 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:14:10.0891 5920 TermService - ok
16:14:10.0894 5920 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:14:10.0895 5920 Themes - ok
16:14:10.0898 5920 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:10.0899 5920 THREADORDER - ok
16:14:10.0905 5920 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:14:10.0906 5920 TrkWks - ok
16:14:10.0914 5920 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:14:10.0915 5920 TrustedInstaller - ok
16:14:10.0918 5920 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:14:10.0919 5920 tssecsrv - ok
16:14:10.0922 5920 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:14:10.0923 5920 TsUsbFlt - ok
16:14:10.0925 5920 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:14:10.0926 5920 TsUsbGD - ok
16:14:10.0932 5920 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:14:10.0933 5920 tunnel - ok
16:14:10.0936 5920 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:14:10.0937 5920 uagp35 - ok
16:14:10.0948 5920 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:14:10.0949 5920 udfs - ok
16:14:10.0954 5920 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:14:10.0955 5920 UI0Detect - ok
16:14:10.0958 5920 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:14:10.0959 5920 uliagpkx - ok
16:14:10.0962 5920 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:14:10.0963 5920 umbus - ok
16:14:10.0964 5920 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:14:10.0965 5920 UmPass - ok
16:14:10.0972 5920 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:14:10.0974 5920 UmRdpService - ok
16:14:10.0987 5920 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:14:10.0989 5920 upnphost - ok
16:14:10.0992 5920 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:14:10.0993 5920 USBAAPL64 - ok
16:14:10.0997 5920 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
16:14:10.0998 5920 usbccgp - ok
16:14:11.0003 5920 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:14:11.0004 5920 usbcir - ok
16:14:11.0007 5920 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:14:11.0007 5920 usbehci - ok
16:14:11.0020 5920 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:14:11.0021 5920 usbhub - ok
16:14:11.0024 5920 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:14:11.0025 5920 usbohci - ok
16:14:11.0027 5920 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:14:11.0027 5920 usbprint - ok
16:14:11.0030 5920 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:14:11.0031 5920 usbscan - ok
16:14:11.0035 5920 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:14:11.0036 5920 USBSTOR - ok
16:14:11.0038 5920 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:14:11.0039 5920 usbuhci - ok
16:14:11.0046 5920 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:14:11.0047 5920 usbvideo - ok
16:14:11.0050 5920 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:14:11.0051 5920 UxSms - ok
16:14:11.0053 5920 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:11.0054 5920 VaultSvc - ok
16:14:11.0057 5920 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
16:14:11.0057 5920 VClone - ok
16:14:11.0060 5920 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:14:11.0060 5920 vdrvroot - ok
16:14:11.0079 5920 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:14:11.0081 5920 vds - ok
16:14:11.0084 5920 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:14:11.0085 5920 vga - ok
16:14:11.0087 5920 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:14:11.0088 5920 VgaSave - ok
16:14:11.0095 5920 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:14:11.0097 5920 vhdmp - ok
16:14:11.0099 5920 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:14:11.0099 5920 viaide - ok
16:14:11.0106 5920 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:14:11.0107 5920 vmbus - ok
16:14:11.0110 5920 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:14:11.0110 5920 VMBusHID - ok
16:14:11.0114 5920 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:14:11.0114 5920 volmgr - ok
16:14:11.0126 5920 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:14:11.0127 5920 volmgrx - ok
16:14:11.0138 5920 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:14:11.0139 5920 volsnap - ok
16:14:11.0146 5920 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:14:11.0147 5920 vsmraid - ok
16:14:11.0197 5920 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:14:11.0203 5920 VSS - ok
16:14:11.0207 5920 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:14:11.0207 5920 vwifibus - ok
16:14:11.0211 5920 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:14:11.0215 5920 W32Time - ok
16:14:11.0218 5920 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:14:11.0218 5920 WacomPen - ok
16:14:11.0223 5920 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:11.0223 5920 WANARP - ok
16:14:11.0224 5920 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:11.0225 5920 Wanarpv6 - ok
16:14:11.0265 5920 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:14:11.0269 5920 WatAdminSvc - ok
16:14:11.0315 5920 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:14:11.0321 5920 wbengine - ok
16:14:11.0327 5920 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:14:11.0329 5920 WbioSrvc - ok
16:14:11.0336 5920 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:14:11.0339 5920 wcncsvc - ok
16:14:11.0343 5920 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:14:11.0344 5920 WcsPlugInService - ok
16:14:11.0346 5920 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:14:11.0347 5920 Wd - ok
16:14:11.0367 5920 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:14:11.0369 5920 Wdf01000 - ok
16:14:11.0374 5920 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:11.0375 5920 WdiServiceHost - ok
16:14:11.0376 5920 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:11.0377 5920 WdiSystemHost - ok
16:14:11.0387 5920 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:14:11.0389 5920 WebClient - ok
16:14:11.0398 5920 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:14:11.0400 5920 Wecsvc - ok
16:14:11.0404 5920 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:14:11.0405 5920 wercplsupport - ok
16:14:11.0410 5920 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:14:11.0411 5920 WerSvc - ok
16:14:11.0414 5920 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:14:11.0414 5920 WfpLwf - ok
16:14:11.0416 5920 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:14:11.0417 5920 WIMMount - ok
16:14:11.0419 5920 WinDefend - ok
16:14:11.0421 5920 WinHttpAutoProxySvc - ok
16:14:11.0434 5920 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:14:11.0435 5920 Winmgmt - ok
16:14:11.0486 5920 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:14:11.0493 5920 WinRM - ok
16:14:11.0500 5920 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:14:11.0501 5920 WinUsb - ok
16:14:11.0530 5920 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:14:11.0533 5920 Wlansvc - ok
16:14:11.0593 5920 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:14:11.0600 5920 wlidsvc - ok
16:14:11.0604 5920 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:14:11.0604 5920 WmiAcpi - ok
16:14:11.0615 5920 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:14:11.0616 5920 wmiApSrv - ok
16:14:11.0617 5920 WMPNetworkSvc - ok
16:14:11.0620 5920 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:14:11.0621 5920 WPCSvc - ok
16:14:11.0626 5920 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:14:11.0627 5920 WPDBusEnum - ok
16:14:11.0630 5920 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:14:11.0630 5920 ws2ifsl - ok
16:14:11.0635 5920 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:14:11.0636 5920 wscsvc - ok
16:14:11.0637 5920 WSearch - ok
16:14:11.0698 5920 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:14:11.0707 5920 wuauserv - ok
16:14:11.0714 5920 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:14:11.0714 5920 WudfPf - ok
16:14:11.0721 5920 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:14:11.0722 5920 WUDFRd - ok
16:14:11.0726 5920 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:14:11.0727 5920 wudfsvc - ok
16:14:11.0735 5920 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:14:11.0737 5920 WwanSvc - ok
16:14:11.0741 5920 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:14:11.0766 5920 \Device\Harddisk0\DR0 - ok
16:14:11.0767 5920 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:14:11.0810 5920 \Device\Harddisk1\DR1 - ok
16:14:11.0810 5920 Boot (0x1200) (2b2ac2c528601efdedb30bde62a7da2f) \Device\Harddisk0\DR0\Partition0
16:14:11.0811 5920 \Device\Harddisk0\DR0\Partition0 - ok
16:14:11.0812 5920 Boot (0x1200) (61b4c1e8e3e3263ada1e144663366c00) \Device\Harddisk0\DR0\Partition1
16:14:11.0813 5920 \Device\Harddisk0\DR0\Partition1 - ok
16:14:11.0814 5920 Boot (0x1200) (40a5a72ba84d81add1e2c341d492b31a) \Device\Harddisk1\DR1\Partition0
16:14:11.0815 5920 \Device\Harddisk1\DR1\Partition0 - ok
16:14:11.0815 5920 ============================================================
16:14:11.0815 5920 Scan finished
16:14:11.0815 5920 ============================================================
16:14:11.0818 5912 Detected object count: 0
16:14:11.0818 5912 Actual detected object count: 0
16:15:34.0389 5780 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 16:15:36
-----------------------------
16:15:36.201 OS Version: Windows x64 6.1.7601 Service Pack 1
16:15:36.201 Number of processors: 8 586 0x2A07
16:15:36.202 ComputerName: V3-CONVOY-PC UserName: Seth
16:15:36.296 Initialize success
16:16:35.647 AVAST engine defs: 12072901
16:16:52.887 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
16:16:52.887 Disk 0 Vendor: Intel___ 1.0. Size: 122110MB BusType: 8
16:16:52.888 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
16:16:52.889 Disk 1 Vendor: ST310005 JC45 Size: 953869MB BusType: 8
16:16:52.891 Disk 0 MBR read successfully
16:16:52.892 Disk 0 MBR scan
16:16:52.894 Disk 0 Windows 7 default MBR code
16:16:52.895 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:16:52.897 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122008 MB offset 206848
16:16:52.900 Disk 0 scanning C:\Windows\system32\drivers
16:16:54.517 Service scanning
16:17:00.267 Modules scanning
16:17:00.270 Disk 0 trace - called modules:
16:17:00.274 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:17:00.275 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80097ce790]
16:17:00.277 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa80072e6050]
16:17:00.392 AVAST engine scan C:\Windows
16:17:01.000 AVAST engine scan C:\Windows\system32
16:17:42.786 AVAST engine scan C:\Windows\system32\drivers
16:17:44.785 AVAST engine scan C:\Users\Seth
16:18:24.881 AVAST engine scan C:\ProgramData
16:18:40.740 Scan finished successfully
16:18:55.794 Disk 0 MBR has been saved successfully to "C:\Users\Seth\Desktop\MBR.dat"
16:18:55.796 The log file has been saved successfully to "C:\Users\Seth\Desktop\aswMBR.txt"

C:\Qoobox\Quarantine\C\Windows\Installer\{b635963b-5648-a3f6-5284-f1fa0172b94c}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{b635963b-5648-a3f6-5284-f1fa0172b94c}\U\000000cb.@.vir Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{b635963b-5648-a3f6-5284-f1fa0172b94c}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.A.Gen trojan deleted - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:15 AM

Posted 29 July 2012 - 06:49 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{b635963b-5648-a3f6-5284-f1fa0172b94c}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 jojokintel

jojokintel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 29 July 2012 - 07:29 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:01 on 29/07/2012 by Seth
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\erdnt\cache64\services.exe --a---- 328704 bytes [21:45 25/07/2012] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{b635963b-5648-a3f6-5284-f1fa0172b94c}"
C:\Qoobox\Quarantine\C\Windows\Installer\{b635963b-5648-a3f6-5284-f1fa0172b94c} d------ [19:46 24/07/2012]
C:\Windows\Installer\{b635963b-5648-a3f6-5284-f1fa0172b94c} d------ [06:47 11/01/2012]

-= EOF =-




**MBAM came up clean on the first full scan.**




MiniToolBox by Farbar Version: 23-07-2012
Ran by Seth (administrator) on 29-07-2012 at 17:23:37
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled metric=100 nud=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : V3-Convoy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-ED-08-D7-DC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 6C-62-6D-44-9D-71
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f851:76e7:7a87:2096%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 29, 2012 5:14:34 PM
Lease Expires . . . . . . . . . . : Monday, July 30, 2012 5:14:34 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 241984109
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-3F-A8-11-6C-62-6D-44-9D-71
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{ED08D7DC-2BBE-4CA2-811E-DCD228F7F03E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c40:21f8:b357:a9cc(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c40:21f8:b357:a9cc%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{A12313E6-3ABF-4FDF-99D8-8256C63847E9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com
Addresses: 2607:f8b0:4007:800::1001
74.125.224.228
74.125.224.238
74.125.224.230
74.125.224.233
74.125.224.231
74.125.224.225
74.125.224.226
74.125.224.227
74.125.224.232
74.125.224.229
74.125.224.224


Pinging google.com [74.125.224.238] with 32 bytes of data:
Reply from 74.125.224.238: bytes=32 time=18ms TTL=54
Reply from 74.125.224.238: bytes=32 time=15ms TTL=54

Ping statistics for 74.125.224.238:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 18ms, Average = 16ms
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=66ms TTL=50
Reply from 209.191.122.70: bytes=32 time=62ms TTL=50

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 66ms, Average = 64ms
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 ff ed 08 d7 dc ......TAP-Win32 Adapter V9
11...6c 62 6d 44 9d 71 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 200
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 356
192.168.1.4 255.255.255.255 On-link 192.168.1.4 356
192.168.1.255 255.255.255.255 On-link 192.168.1.4 356
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 356
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 356
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:1c40:21f8:b357:a9cc/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::1c40:21f8:b357:a9cc/128
On-link
11 276 fe80::f851:76e7:7a87:2096/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/29/2012 05:16:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2012 05:06:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2012 04:17:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/29/2012 04:17:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/29/2012 04:17:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/29/2012 04:16:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/29/2012 04:14:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2012 03:05:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2012 11:15:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2012 11:12:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: bf3.exe, version: 1.3.0.0, time stamp: 0x4fa421a5
Faulting module name: nvwgf2um.dll, version: 8.17.12.9610, time stamp: 0x4f4e503c
Exception code: 0xc0000005
Fault offset: 0x000e0260
Faulting process id: 0x1764
Faulting application start time: 0xbf3.exe0
Faulting application path: bf3.exe1
Faulting module path: bf3.exe2
Report Id: bf3.exe3


System errors:
=============
Error: (07/29/2012 05:16:33 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/29/2012 05:16:33 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/29/2012 05:14:29 PM) (Source: Service Control Manager) (User: )
Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
%%1053

Error: (07/29/2012 05:14:29 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.

Error: (07/29/2012 05:07:03 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/29/2012 05:07:03 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/29/2012 05:04:59 PM) (Source: Service Control Manager) (User: )
Description: The Lavasoft Ad-Aware Service service failed to start due to the following error:
%%1053

Error: (07/29/2012 05:04:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Lavasoft Ad-Aware Service service to connect.

Error: (07/29/2012 04:14:41 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/29/2012 04:14:41 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (07/29/2012 05:16:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2012 05:06:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2012 04:17:37 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Seth\Desktop\esetsmartinstaller_enu.exe

Error: (07/29/2012 04:17:33 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Seth\Desktop\esetsmartinstaller_enu.exe

Error: (07/29/2012 04:17:33 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Seth\Desktop\esetsmartinstaller_enu.exe

Error: (07/29/2012 04:16:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Seth\Desktop\esetsmartinstaller_enu.exe

Error: (07/29/2012 04:14:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2012 03:05:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2012 11:15:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2012 11:12:24 PM) (Source: Application Error)(User: )
Description: bf3.exe1.3.0.04fa421a5nvwgf2um.dll8.17.12.96104f4e503cc0000005000e0260176401cd6d50db55c85eC:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exeC:\Windows\system32\nvwgf2um.dll5ca78227-d944-11e1-8123-6c626d449d71


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Ad-Aware (Version: 9.6.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.228)
Adobe Media Player (Version: 1.8)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
Battlefield 3™ (Version: 1.3.0.0)
Battlefield: Bad Company™ 2 (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.122.0)
Bonjour (Version: 3.0.0.10)
CPUID CPU-Z 1.59
CPUID HWMonitor 1.17
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox (Version: 1.4.7)
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
FileZilla Client 3.5.3 (Version: 3.5.3)
Google Talk Plugin (Version: 3.3.2.8436)
HiJackThis (Version: 1.0.0)
HMA! Pro VPN 2.6.9 (Version: 2.6.9)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Rapid Storage Technology (Version: 10.5.0.1007)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA 3D Vision Driver 296.10 (Version: 296.10)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9610)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
Origin (Version: 8.6.0.357)
PunkBuster Services (Version: 0.991)
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6282)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
Skype Click to Call (Version: 6.0.10297)
Skype™ 5.10 (Version: 5.10.115)
Spotify (Version: 0.8.4.93.gd9f49c35)
SpywareBlaster 4.6 (Version: 4.6.0)
SUPERAntiSpyware (Version: 5.0.1142)
System Requirements Lab CYRI (Version: 4.5.1.0)
Trillian
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
VirtualCloneDrive
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.1.11 (Version: 1.1.11)
Vuze (Version: 4.7)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinHTTrack Website Copier 3.44-1 (x64) (Version: 3.44.1)
YTD YouTube Downloader & Converter 3.6

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 8160.06 MB
Available physical RAM: 5865.98 MB
Total Pagefile: 16318.32 MB
Available Pagefile: 13473.03 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.82 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:119.15 GB) (Free:23.89 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:926.02 GB) NTFS

========================= Users: ========================================

User accounts for \\V3-CONVOY-PC

Administrator Guest Seth
UpdatusUser


**** End of log ****






Farbar Service Scanner Version: 26-07-2012
Ran by Seth (administrator) on 29-07-2012 at 17:25:27
Running from "C:\Users\Seth\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




# AdwCleaner v1.703 - Logfile created 07/29/2012 at 17:26:17
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Seth - V3-CONVOY-PC
# Running from : C:\Users\Seth\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Freeze.com

***** [Registre - GUID] *****

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Seth\AppData\Roaming\Mozilla\Firefox\Profiles\tvbqo4rp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Seth\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

*************************

AdwCleaner[S1].txt - [1052 octets] - [29/07/2012 17:26:17]

########## EOF - C:\AdwCleaner[S1].txt - [1180 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:15 AM

Posted 29 July 2012 - 08:50 PM

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Windows\Installer\{b635963b-5648-a3f6-5284-f1fa0172b94c}

delete the folder

Let me know if you still have crashes

Press Windows+R key and type

combofix /uninstall and click ok

This should uninstall combofix

Edited by narenxp, 29 July 2012 - 08:51 PM.


#7 jojokintel

jojokintel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 29 July 2012 - 10:30 PM

Hey it still seems messed up. It froze up (no bluescreen but I didn't wait very long) and then on restart same thing where it asks for bootmedia...

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:15 AM

Posted 30 July 2012 - 06:11 AM

Go to

C:\windows\minidump folder

Please upload the minidump file and post the link here

Also uninstall

Adaware and AVG 2012 and install microsoft security essentials

http://windows.microsoft.com/en-US/windows/products/security-essentials

Edited by narenxp, 30 July 2012 - 06:13 AM.


#9 jojokintel

jojokintel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 30 July 2012 - 01:07 PM

https://dl.dropbox.com/u/54168768/012312-7690-01.dmp

MSE scan came up with this:

Posted Image

Edited by jojokintel, 30 July 2012 - 03:03 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:15 AM

Posted 30 July 2012 - 07:36 PM

Did you uninstall combofix?

At what location does MSSE detect sirefef?

Remove them and let me know if you still get the pop

#11 jojokintel

jojokintel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 30 July 2012 - 10:01 PM

I'm not sure where they were located. I couldn't find where to see that on MSE.

When I tried to delete combofix yesterday it said it wasn't there, probably because I did a system restore after running it the first time (before I ever posted here on bleepingcomputer). Also it doesn't show up in the program list so I think that must be it. Time to reinstall windows lol?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:15 AM

Posted 30 July 2012 - 10:04 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:folderfind
{b635963b-5648-a3f6-5284-f1fa0172b94c}

Click on LOOK,post the generated log

#13 jojokintel

jojokintel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 31 July 2012 - 12:29 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:28 on 30/07/2012 by Seth
Administrator - Elevation successful

========== folderfind ==========

Searching for "{b635963b-5648-a3f6-5284-f1fa0172b94c}"
C:\Qoobox\Quarantine\C\Windows\Installer\{b635963b-5648-a3f6-5284-f1fa0172b94c} d------ [19:46 24/07/2012]

-= EOF =-

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:15 AM

Posted 31 July 2012 - 06:43 AM

C:\Qoobox\Quarantine\C\Windows\Installer\{b635963b-5648-a3f6-5284-f1fa0172b94c} d------ [19:46 24/07/2012]


Let me know if you're able to delete the c:\Qoobox folder.If you're able to delete it,run a scan with MSSE again

#15 jojokintel

jojokintel
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 31 July 2012 - 12:51 PM

I was able to delete it. The scan came up with no threats.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users