Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Trojan Infection Involving System Files


  • Please log in to reply
13 replies to this topic

#1 barnaciousc

barnaciousc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 31 July 2012 - 06:48 PM

Hello chaps, I'm new on this forum and I hope you guys can help me out.
I am running windows 7 and have received a couple of infection warnings from avg 10 that services.exe had been infected with Trojan horse Patched_c.LYU, I had also been receiving popups and webpage redirections so I ran a virus scan and found:

C:\Windows\System32\services.exe";"Trojan horse Patched_c.LYU";"Object is white-listed (critical/system file that should not be removed)

As avg could not remove the infection, I did some research and as I did not have a means to use avg boot cd at the time, I tried restoring services.exe using the "sfc scannow" command in cmd. This seemed to work as i have not had further messages concerning services.exe.
I then noticed from further scans that when using firefox or other browsers the virus scan would flag up infections in the browsers exe as follows:

"C:\Program Files\Mozilla Firefox\firefox.exe (5616):\memory_00420000";"Found Luhe.Sirefef.A";"Object is inaccessible"
"C:\Program Files\Mozilla Firefox\firefox.exe (5616)";"Found Luhe.Sirefef.A";"


Plus virus scans are flaging explorer.exe as having an infection as fellows:

"C:\Windows\explorer.exe (3484)";"Trojan horse Generic_r.BAT";"Deleted"
"C:\Windows\explorer.exe (3484):\memory_08f00000";"Found Luhe.Sirefef.A";"Infected"
"C:\Windows\explorer.exe (3484):\memory_08ea0000";"Trojan horse Generic_r.BAT";"Infected"

I have subsequently run the avg rescue cd which failed to find the infection.
I appreciate any help or advice you can give.
Thanks.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 31 July 2012 - 07:10 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 barnaciousc

barnaciousc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 01 August 2012 - 02:53 PM

TDSSkiller log

01:36:22.0175 7836 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
01:36:22.0465 7836 ============================================================
01:36:22.0466 7836 Current date / time: 2012/08/01 01:36:22.0465
01:36:22.0466 7836 SystemInfo:
01:36:22.0466 7836
01:36:22.0466 7836 OS Version: 6.1.7600 ServicePack: 0.0
01:36:22.0466 7836 Product type: Workstation
01:36:22.0467 7836 ComputerName: BARNEYS-LAPTOP
01:36:22.0467 7836 UserName: Barney
01:36:22.0467 7836 Windows directory: C:\windows
01:36:22.0468 7836 System windows directory: C:\windows
01:36:22.0468 7836 Processor architecture: Intel x86
01:36:22.0468 7836 Number of processors: 2
01:36:22.0468 7836 Page size: 0x1000
01:36:22.0468 7836 Boot type: Normal boot
01:36:22.0468 7836 ============================================================
01:36:23.0938 7836 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:36:23.0947 7836 ============================================================
01:36:23.0947 7836 \Device\Harddisk0\DR0:
01:36:23.0948 7836 MBR partitions:
01:36:23.0948 7836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
01:36:23.0948 7836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0xAA00000
01:36:23.0967 7836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD233000, BlocksNum 0xFF92000
01:36:23.0967 7836 ============================================================
01:36:24.0058 7836 C: <-> \Device\Harddisk0\DR0\Partition1
01:36:24.0179 7836 D: <-> \Device\Harddisk0\DR0\Partition2
01:36:24.0180 7836 ============================================================
01:36:24.0180 7836 Initialize success
01:36:24.0180 7836 ============================================================
01:37:10.0533 7604 ============================================================
01:37:10.0533 7604 Scan started
01:37:10.0533 7604 Mode: Manual; TDLFS;
01:37:10.0534 7604 ============================================================
01:37:11.0564 7604 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
01:37:11.0569 7604 1394ohci - ok
01:37:11.0679 7604 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
01:37:11.0686 7604 ACPI - ok
01:37:11.0720 7604 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
01:37:11.0722 7604 AcpiPmi - ok
01:37:11.0842 7604 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
01:37:11.0852 7604 adp94xx - ok
01:37:11.0944 7604 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
01:37:11.0952 7604 adpahci - ok
01:37:12.0017 7604 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
01:37:12.0021 7604 adpu320 - ok
01:37:12.0083 7604 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
01:37:12.0086 7604 AeLookupSvc - ok
01:37:12.0228 7604 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
01:37:12.0234 7604 AFD - ok
01:37:12.0277 7604 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
01:37:12.0280 7604 agp440 - ok
01:37:12.0338 7604 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
01:37:12.0341 7604 aic78xx - ok
01:37:12.0402 7604 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
01:37:12.0402 7604 ALG - ok
01:37:12.0449 7604 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
01:37:12.0449 7604 aliide - ok
01:37:12.0496 7604 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
01:37:12.0496 7604 amdagp - ok
01:37:12.0511 7604 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
01:37:12.0527 7604 amdide - ok
01:37:12.0574 7604 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
01:37:12.0574 7604 AmdK8 - ok
01:37:12.0605 7604 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
01:37:12.0605 7604 AmdPPM - ok
01:37:12.0652 7604 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
01:37:12.0652 7604 amdsata - ok
01:37:12.0730 7604 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
01:37:12.0730 7604 amdsbs - ok
01:37:12.0761 7604 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
01:37:12.0777 7604 amdxata - ok
01:37:12.0823 7604 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
01:37:12.0823 7604 AppID - ok
01:37:12.0855 7604 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
01:37:12.0870 7604 AppIDSvc - ok
01:37:12.0917 7604 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\windows\System32\appinfo.dll
01:37:12.0917 7604 Appinfo - ok
01:37:13.0083 7604 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:37:13.0089 7604 Apple Mobile Device - ok
01:37:13.0158 7604 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
01:37:13.0162 7604 arc - ok
01:37:13.0208 7604 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
01:37:13.0212 7604 arcsas - ok
01:37:13.0255 7604 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
01:37:13.0257 7604 AsyncMac - ok
01:37:13.0301 7604 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
01:37:13.0305 7604 atapi - ok
01:37:13.0469 7604 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
01:37:13.0479 7604 AudioEndpointBuilder - ok
01:37:13.0503 7604 Audiosrv (510c873bfa135aa829f4180352772734) C:\windows\System32\Audiosrv.dll
01:37:13.0517 7604 Audiosrv - ok
01:37:15.0339 7604 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
01:37:15.0427 7604 AVGIDSAgent - ok
01:37:15.0751 7604 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
01:37:15.0751 7604 AVGIDSDriver - ok
01:37:15.0829 7604 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
01:37:15.0829 7604 AVGIDSEH - ok
01:37:15.0861 7604 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
01:37:15.0861 7604 AVGIDSFilter - ok
01:37:15.0907 7604 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\windows\system32\DRIVERS\AVGIDSShim.Sys
01:37:15.0907 7604 AVGIDSShim - ok
01:37:16.0001 7604 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\windows\system32\DRIVERS\avgldx86.sys
01:37:16.0001 7604 Avgldx86 - ok
01:37:16.0073 7604 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\windows\system32\DRIVERS\avgmfx86.sys
01:37:16.0075 7604 Avgmfx86 - ok
01:37:16.0101 7604 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\windows\system32\DRIVERS\avgrkx86.sys
01:37:16.0103 7604 Avgrkx86 - ok
01:37:16.0213 7604 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\windows\system32\DRIVERS\avgtdix.sys
01:37:16.0221 7604 Avgtdix - ok
01:37:16.0396 7604 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG10\avgwdsvc.exe
01:37:16.0403 7604 avgwd - ok
01:37:16.0472 7604 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\windows\System32\AxInstSV.dll
01:37:16.0476 7604 AxInstSV - ok
01:37:16.0615 7604 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
01:37:16.0621 7604 b06bdrv - ok
01:37:16.0693 7604 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
01:37:16.0697 7604 b57nd60x - ok
01:37:16.0922 7604 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
01:37:16.0930 7604 BBSvc - ok
01:37:17.0021 7604 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
01:37:17.0026 7604 BBUpdate - ok
01:37:17.0680 7604 BCM43XX (f4d388dc3ff004aee886762d5cec7783) C:\windows\system32\DRIVERS\bcmwl6.sys
01:37:17.0720 7604 BCM43XX - ok
01:37:18.0012 7604 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
01:37:18.0015 7604 BDESVC - ok
01:37:18.0524 7604 BecHelperService (553e94ae71d233c14a8c8b4af9286ed0) C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
01:37:18.0556 7604 BecHelperService - ok
01:37:18.0837 7604 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
01:37:18.0837 7604 Beep - ok
01:37:18.0883 7604 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
01:37:18.0883 7604 blbdrive - ok
01:37:19.0086 7604 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
01:37:19.0086 7604 Bonjour Service - ok
01:37:19.0149 7604 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
01:37:19.0149 7604 bowser - ok
01:37:19.0197 7604 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
01:37:19.0201 7604 BrFiltLo - ok
01:37:19.0246 7604 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
01:37:19.0247 7604 BrFiltUp - ok
01:37:19.0312 7604 Browser (598e1280e7ff3744f4b8329366cc5635) C:\windows\System32\browser.dll
01:37:19.0315 7604 Browser - ok
01:37:19.0402 7604 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
01:37:19.0409 7604 Brserid - ok
01:37:19.0445 7604 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
01:37:19.0449 7604 BrSerWdm - ok
01:37:19.0468 7604 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
01:37:19.0473 7604 BrUsbMdm - ok
01:37:19.0496 7604 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
01:37:19.0498 7604 BrUsbSer - ok
01:37:19.0570 7604 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
01:37:19.0572 7604 BthEnum - ok
01:37:19.0625 7604 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
01:37:19.0628 7604 BTHMODEM - ok
01:37:19.0692 7604 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
01:37:19.0695 7604 BthPan - ok
01:37:19.0824 7604 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
01:37:19.0832 7604 BTHPORT - ok
01:37:19.0891 7604 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
01:37:19.0894 7604 bthserv - ok
01:37:19.0944 7604 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
01:37:19.0946 7604 BTHUSB - ok
01:37:20.0068 7604 btwampfl (7061fe1715e5aded120fe4c608609357) C:\windows\system32\drivers\btwampfl.sys
01:37:20.0076 7604 btwampfl - ok
01:37:20.0117 7604 btwaudio (a95b2fb3ca7b555b5cb306153f48ced8) C:\windows\system32\drivers\btwaudio.sys
01:37:20.0120 7604 btwaudio - ok
01:37:20.0174 7604 btwavdt (1f9cd885f1c548be93962ccabdb632e4) C:\windows\system32\drivers\btwavdt.sys
01:37:20.0177 7604 btwavdt - ok
01:37:20.0459 7604 btwdins (9634e2b260aa445ef6b83731ac6ee5ac) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
01:37:20.0459 7604 btwdins - ok
01:37:20.0506 7604 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys
01:37:20.0506 7604 btwl2cap - ok
01:37:20.0553 7604 btwrchid (a2d6c7b7b62a6c42dcb01204a6bd6fc2) C:\windows\system32\DRIVERS\btwrchid.sys
01:37:20.0553 7604 btwrchid - ok
01:37:20.0615 7604 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
01:37:20.0615 7604 cdfs - ok
01:37:20.0693 7604 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
01:37:20.0693 7604 cdrom - ok
01:37:20.0760 7604 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
01:37:20.0771 7604 CertPropSvc - ok
01:37:20.0807 7604 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
01:37:20.0810 7604 circlass - ok
01:37:20.0888 7604 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
01:37:20.0895 7604 CLFS - ok
01:37:21.0024 7604 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:37:21.0031 7604 clr_optimization_v2.0.50727_32 - ok
01:37:21.0153 7604 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:37:21.0158 7604 clr_optimization_v4.0.30319_32 - ok
01:37:21.0200 7604 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
01:37:21.0203 7604 CmBatt - ok
01:37:21.0235 7604 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
01:37:21.0238 7604 cmdide - ok
01:37:21.0376 7604 CNG (db5e008b3744dd60c8498cbbf2a1cfa6) C:\windows\system32\Drivers\cng.sys
01:37:21.0388 7604 CNG - ok
01:37:21.0423 7604 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
01:37:21.0426 7604 Compbatt - ok
01:37:21.0474 7604 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
01:37:21.0477 7604 CompositeBus - ok
01:37:21.0498 7604 COMSysApp - ok
01:37:21.0528 7604 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
01:37:21.0530 7604 crcdisk - ok
01:37:21.0671 7604 CryptOSD (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys
01:37:21.0678 7604 CryptOSD - ok
01:37:21.0750 7604 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\windows\system32\cryptsvc.dll
01:37:21.0758 7604 CryptSvc - ok
01:37:22.0075 7604 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:37:22.0091 7604 cvhsvc - ok
01:37:22.0231 7604 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
01:37:22.0247 7604 DcomLaunch - ok
01:37:22.0350 7604 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
01:37:22.0360 7604 defragsvc - ok
01:37:22.0468 7604 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
01:37:22.0472 7604 DfsC - ok
01:37:22.0612 7604 Dhcp (c56495fbd770712367cad35e5de72da6) C:\windows\system32\dhcpcore.dll
01:37:22.0620 7604 Dhcp - ok
01:37:22.0685 7604 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
01:37:22.0687 7604 discache - ok
01:37:22.0744 7604 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
01:37:22.0747 7604 Disk - ok
01:37:22.0819 7604 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\windows\System32\dnsrslvr.dll
01:37:22.0824 7604 Dnscache - ok
01:37:22.0901 7604 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\windows\System32\dot3svc.dll
01:37:22.0909 7604 dot3svc - ok
01:37:22.0964 7604 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\windows\system32\dps.dll
01:37:22.0969 7604 DPS - ok
01:37:23.0021 7604 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
01:37:23.0025 7604 drmkaud - ok
01:37:23.0230 7604 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
01:37:23.0245 7604 DXGKrnl - ok
01:37:23.0313 7604 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
01:37:23.0320 7604 EapHost - ok
01:37:24.0061 7604 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
01:37:24.0097 7604 ebdrv - ok
01:37:24.0366 7604 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\System32\lsass.exe
01:37:24.0379 7604 EFS - ok
01:37:24.0580 7604 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
01:37:24.0590 7604 elxstor - ok
01:37:24.0623 7604 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
01:37:24.0626 7604 ErrDev - ok
01:37:24.0771 7604 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
01:37:24.0780 7604 EventSystem - ok
01:37:24.0847 7604 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
01:37:24.0852 7604 exfat - ok
01:37:24.0906 7604 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
01:37:24.0922 7604 fastfat - ok
01:37:25.0078 7604 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\windows\system32\fxssvc.exe
01:37:25.0109 7604 Fax - ok
01:37:25.0156 7604 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
01:37:25.0172 7604 fdc - ok
01:37:25.0218 7604 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
01:37:25.0218 7604 fdPHost - ok
01:37:25.0250 7604 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
01:37:25.0265 7604 FDResPub - ok
01:37:25.0296 7604 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
01:37:25.0296 7604 FileInfo - ok
01:37:25.0328 7604 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
01:37:25.0328 7604 Filetrace - ok
01:37:25.0374 7604 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
01:37:25.0390 7604 flpydisk - ok
01:37:25.0487 7604 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
01:37:25.0499 7604 FltMgr - ok
01:37:25.0731 7604 FontCache (7fe4995528a7529a761875151ee3d512) C:\windows\system32\FntCache.dll
01:37:25.0749 7604 FontCache - ok
01:37:25.0870 7604 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:37:25.0880 7604 FontCache3.0.0.0 - ok
01:37:25.0948 7604 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
01:37:25.0956 7604 FsDepends - ok
01:37:26.0040 7604 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
01:37:26.0049 7604 fssfltr - ok
01:37:26.0338 7604 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
01:37:26.0360 7604 fsssvc - ok
01:37:26.0405 7604 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\windows\system32\drivers\Fs_Rec.sys
01:37:26.0414 7604 Fs_Rec - ok
01:37:26.0511 7604 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
01:37:26.0526 7604 fvevol - ok
01:37:26.0589 7604 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
01:37:26.0589 7604 gagp30kx - ok
01:37:26.0636 7604 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
01:37:26.0636 7604 GEARAspiWDM - ok
01:37:26.0823 7604 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\windows\System32\gpsvc.dll
01:37:26.0854 7604 gpsvc - ok
01:37:26.0885 7604 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
01:37:26.0901 7604 hcw85cir - ok
01:37:27.0021 7604 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
01:37:27.0036 7604 HdAudAddService - ok
01:37:27.0091 7604 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
01:37:27.0103 7604 HDAudBus - ok
01:37:27.0136 7604 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
01:37:27.0144 7604 HidBatt - ok
01:37:27.0240 7604 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
01:37:27.0246 7604 HidBth - ok
01:37:27.0286 7604 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
01:37:27.0292 7604 HidIr - ok
01:37:27.0350 7604 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
01:37:27.0355 7604 hidserv - ok
01:37:27.0429 7604 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
01:37:27.0435 7604 HidUsb - ok
01:37:27.0478 7604 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\windows\system32\kmsvc.dll
01:37:27.0485 7604 hkmsvc - ok
01:37:27.0552 7604 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\windows\system32\ListSvc.dll
01:37:27.0567 7604 HomeGroupListener - ok
01:37:27.0654 7604 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\windows\system32\provsvc.dll
01:37:27.0666 7604 HomeGroupProvider - ok
01:37:27.0721 7604 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
01:37:27.0730 7604 HpSAMD - ok
01:37:27.0879 7604 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
01:37:27.0898 7604 HTTP - ok
01:37:27.0939 7604 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
01:37:27.0946 7604 hwpolicy - ok
01:37:28.0007 7604 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
01:37:28.0007 7604 i8042prt - ok
01:37:28.0147 7604 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
01:37:28.0163 7604 iaStor - ok
01:37:28.0303 7604 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
01:37:28.0319 7604 iaStorV - ok
01:37:28.0622 7604 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:37:28.0644 7604 idsvc - ok
01:37:29.0831 7604 igfx (99469637d568076ea5664daa8463c2e3) C:\windows\system32\DRIVERS\igdkmd32.sys
01:37:30.0003 7604 igfx - ok
01:37:30.0307 7604 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
01:37:30.0322 7604 iirsp - ok
01:37:30.0519 7604 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\windows\System32\ikeext.dll
01:37:30.0543 7604 IKEEXT - ok
01:37:31.0297 7604 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\windows\system32\drivers\RTKVHDA.sys
01:37:31.0406 7604 IntcAzAudAddService - ok
01:37:31.0702 7604 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
01:37:31.0710 7604 intelide - ok
01:37:31.0757 7604 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
01:37:31.0766 7604 intelppm - ok
01:37:31.0830 7604 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
01:37:31.0840 7604 IPBusEnum - ok
01:37:31.0871 7604 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
01:37:31.0876 7604 IpFilterDriver - ok
01:37:31.0911 7604 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
01:37:31.0917 7604 IPMIDRV - ok
01:37:31.0959 7604 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
01:37:31.0966 7604 IPNAT - ok
01:37:32.0248 7604 iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe
01:37:32.0269 7604 iPod Service - ok
01:37:32.0309 7604 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
01:37:32.0320 7604 IRENUM - ok
01:37:32.0377 7604 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
01:37:32.0386 7604 isapnp - ok
01:37:32.0459 7604 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
01:37:32.0471 7604 iScsiPrt - ok
01:37:32.0519 7604 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
01:37:32.0523 7604 kbdclass - ok
01:37:32.0568 7604 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
01:37:32.0577 7604 kbdhid - ok
01:37:32.0632 7604 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
01:37:32.0640 7604 KeyIso - ok
01:37:32.0705 7604 KSecDD (52fc17c8589f11747d01d3cf592673d0) C:\windows\system32\Drivers\ksecdd.sys
01:37:32.0705 7604 KSecDD - ok
01:37:32.0783 7604 KSecPkg (3e5474b03568cfab834da3c38e8c9efa) C:\windows\system32\Drivers\ksecpkg.sys
01:37:32.0798 7604 KSecPkg - ok
01:37:32.0923 7604 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
01:37:32.0939 7604 KtmRm - ok
01:37:33.0048 7604 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\windows\system32\srvsvc.dll
01:37:33.0063 7604 LanmanServer - ok
01:37:33.0126 7604 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\windows\System32\wkssvc.dll
01:37:33.0141 7604 LanmanWorkstation - ok
01:37:33.0219 7604 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
01:37:33.0236 7604 lltdio - ok
01:37:33.0316 7604 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
01:37:33.0328 7604 lltdsvc - ok
01:37:33.0362 7604 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
01:37:33.0368 7604 lmhosts - ok
01:37:33.0425 7604 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
01:37:33.0433 7604 LSI_FC - ok
01:37:33.0471 7604 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
01:37:33.0478 7604 LSI_SAS - ok
01:37:33.0505 7604 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
01:37:33.0512 7604 LSI_SAS2 - ok
01:37:33.0544 7604 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
01:37:33.0550 7604 LSI_SCSI - ok
01:37:33.0616 7604 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
01:37:33.0634 7604 luafv - ok
01:37:33.0682 7604 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\windows\system32\drivers\massfilter.sys
01:37:33.0688 7604 massfilter - ok
01:37:33.0749 7604 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\windows\system32\drivers\mdvrmng.sys
01:37:33.0757 7604 mdvrmng - ok
01:37:33.0806 7604 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
01:37:33.0816 7604 megasas - ok
01:37:33.0917 7604 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
01:37:33.0927 7604 MegaSR - ok
01:37:33.0987 7604 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
01:37:33.0994 7604 MMCSS - ok
01:37:34.0033 7604 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
01:37:34.0039 7604 Modem - ok
01:37:34.0085 7604 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
01:37:34.0095 7604 monitor - ok
01:37:34.0139 7604 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
01:37:34.0142 7604 mouclass - ok
01:37:34.0186 7604 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
01:37:34.0189 7604 mouhid - ok
01:37:34.0230 7604 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
01:37:34.0246 7604 mountmgr - ok
01:37:34.0324 7604 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
01:37:34.0339 7604 mpio - ok
01:37:34.0386 7604 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
01:37:34.0402 7604 mpsdrv - ok
01:37:34.0449 7604 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
01:37:34.0449 7604 MRxDAV - ok
01:37:34.0511 7604 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
01:37:34.0527 7604 mrxsmb - ok
01:37:34.0605 7604 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
01:37:34.0620 7604 mrxsmb10 - ok
01:37:34.0667 7604 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
01:37:34.0667 7604 mrxsmb20 - ok
01:37:34.0714 7604 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
01:37:34.0729 7604 msahci - ok
01:37:34.0776 7604 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
01:37:34.0796 7604 msdsm - ok
01:37:34.0869 7604 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
01:37:34.0879 7604 MSDTC - ok
01:37:34.0909 7604 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
01:37:34.0916 7604 Msfs - ok
01:37:34.0935 7604 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
01:37:34.0942 7604 mshidkmdf - ok
01:37:34.0976 7604 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
01:37:34.0986 7604 msisadrv - ok
01:37:35.0058 7604 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
01:37:35.0070 7604 MSiSCSI - ok
01:37:35.0087 7604 msiserver - ok
01:37:35.0140 7604 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
01:37:35.0145 7604 MSKSSRV - ok
01:37:35.0163 7604 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
01:37:35.0169 7604 MSPCLOCK - ok
01:37:35.0191 7604 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
01:37:35.0199 7604 MSPQM - ok
01:37:35.0279 7604 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
01:37:35.0291 7604 MsRPC - ok
01:37:35.0333 7604 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
01:37:35.0342 7604 mssmbios - ok
01:37:35.0387 7604 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
01:37:35.0398 7604 MSTEE - ok
01:37:35.0418 7604 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
01:37:35.0427 7604 MTConfig - ok
01:37:35.0465 7604 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
01:37:35.0471 7604 Mup - ok
01:37:35.0591 7604 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\windows\system32\qagentRT.dll
01:37:35.0608 7604 napagent - ok
01:37:35.0713 7604 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
01:37:35.0727 7604 NativeWifiP - ok
01:37:35.0930 7604 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
01:37:35.0946 7604 NDIS - ok
01:37:35.0993 7604 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
01:37:35.0993 7604 NdisCap - ok
01:37:36.0039 7604 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
01:37:36.0055 7604 NdisTapi - ok
01:37:36.0102 7604 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
01:37:36.0117 7604 Ndisuio - ok
01:37:36.0164 7604 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
01:37:36.0180 7604 NdisWan - ok
01:37:36.0242 7604 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
01:37:36.0258 7604 NDProxy - ok
01:37:36.0320 7604 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
01:37:36.0320 7604 NetBIOS - ok
01:37:36.0402 7604 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
01:37:36.0417 7604 NetBT - ok
01:37:36.0453 7604 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
01:37:36.0459 7604 Netlogon - ok
01:37:36.0576 7604 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
01:37:36.0588 7604 Netman - ok
01:37:36.0691 7604 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
01:37:36.0707 7604 netprofm - ok
01:37:36.0836 7604 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:37:36.0849 7604 NetTcpPortSharing - ok
01:37:36.0914 7604 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
01:37:36.0920 7604 nfrd960 - ok
01:37:37.0030 7604 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\windows\System32\nlasvc.dll
01:37:37.0045 7604 NlaSvc - ok
01:37:37.0073 7604 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
01:37:37.0081 7604 Npfs - ok
01:37:37.0113 7604 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
01:37:37.0120 7604 nsi - ok
01:37:37.0144 7604 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
01:37:37.0153 7604 nsiproxy - ok
01:37:37.0519 7604 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
01:37:37.0566 7604 Ntfs - ok
01:37:37.0597 7604 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
01:37:37.0612 7604 Null - ok
01:37:37.0675 7604 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
01:37:37.0690 7604 nvraid - ok
01:37:37.0753 7604 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
01:37:37.0768 7604 nvstor - ok
01:37:37.0815 7604 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
01:37:37.0831 7604 nv_agp - ok
01:37:37.0878 7604 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
01:37:37.0878 7604 ohci1394 - ok
01:37:38.0037 7604 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:37:38.0047 7604 ose - ok
01:37:39.0157 7604 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:37:39.0310 7604 osppsvc - ok
01:37:39.0630 7604 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
01:37:39.0648 7604 p2pimsvc - ok
01:37:39.0754 7604 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
01:37:39.0775 7604 p2psvc - ok
01:37:39.0859 7604 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
01:37:39.0866 7604 Parport - ok
01:37:39.0934 7604 partmgr (66d3415c159741ade7038a277efff99f) C:\windows\system32\drivers\partmgr.sys
01:37:39.0941 7604 partmgr - ok
01:37:39.0968 7604 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
01:37:39.0977 7604 Parvdm - ok
01:37:40.0045 7604 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
01:37:40.0053 7604 PcaSvc - ok
01:37:40.0104 7604 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
01:37:40.0111 7604 pci - ok
01:37:40.0139 7604 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
01:37:40.0145 7604 pciide - ok
01:37:40.0213 7604 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
01:37:40.0228 7604 pcmcia - ok
01:37:40.0267 7604 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
01:37:40.0274 7604 pcw - ok
01:37:40.0433 7604 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
01:37:40.0454 7604 PEAUTH - ok
01:37:40.0882 7604 pla (9c1bff7910c89a1d12e57343475840cb) C:\windows\system32\pla.dll
01:37:40.0933 7604 pla - ok
01:37:41.0241 7604 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\windows\system32\umpnpmgr.dll
01:37:41.0264 7604 PlugPlay - ok
01:37:41.0316 7604 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
01:37:41.0325 7604 PNRPAutoReg - ok
01:37:41.0416 7604 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
01:37:41.0429 7604 PNRPsvc - ok
01:37:41.0548 7604 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\windows\System32\ipsecsvc.dll
01:37:41.0566 7604 PolicyAgent - ok
01:37:41.0643 7604 Power (dbff83f709a91049621c1d35dd45c92c) C:\windows\system32\umpo.dll
01:37:41.0654 7604 Power - ok
01:37:41.0758 7604 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
01:37:41.0771 7604 PptpMiniport - ok
01:37:41.0830 7604 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
01:37:41.0836 7604 Processor - ok
01:37:41.0909 7604 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\windows\system32\profsvc.dll
01:37:41.0935 7604 ProfSvc - ok
01:37:41.0975 7604 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
01:37:41.0983 7604 ProtectedStorage - ok
01:37:42.0060 7604 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
01:37:42.0070 7604 Psched - ok
01:37:42.0459 7604 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
01:37:42.0519 7604 ql2300 - ok
01:37:42.0854 7604 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
01:37:42.0864 7604 ql40xx - ok
01:37:42.0958 7604 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
01:37:42.0969 7604 QWAVE - ok
01:37:43.0012 7604 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
01:37:43.0018 7604 QWAVEdrv - ok
01:37:43.0036 7604 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
01:37:43.0040 7604 RasAcd - ok
01:37:43.0092 7604 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
01:37:43.0097 7604 RasAgileVpn - ok
01:37:43.0152 7604 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
01:37:43.0162 7604 RasAuto - ok
01:37:43.0203 7604 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
01:37:43.0209 7604 Rasl2tp - ok
01:37:43.0336 7604 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\windows\System32\rasmans.dll
01:37:43.0351 7604 RasMan - ok
01:37:43.0412 7604 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
01:37:43.0422 7604 RasPppoe - ok
01:37:43.0480 7604 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
01:37:43.0488 7604 RasSstp - ok
01:37:43.0571 7604 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
01:37:43.0581 7604 rdbss - ok
01:37:43.0614 7604 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
01:37:43.0621 7604 rdpbus - ok
01:37:43.0647 7604 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
01:37:43.0655 7604 RDPCDD - ok
01:37:43.0709 7604 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
01:37:43.0716 7604 RDPENCDD - ok
01:37:43.0748 7604 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
01:37:43.0757 7604 RDPREFMP - ok
01:37:43.0835 7604 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\windows\system32\drivers\RDPWD.sys
01:37:43.0847 7604 RDPWD - ok
01:37:43.0945 7604 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
01:37:43.0962 7604 rdyboost - ok
01:37:44.0028 7604 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
01:37:44.0040 7604 RemoteAccess - ok
01:37:44.0095 7604 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
01:37:44.0105 7604 RemoteRegistry - ok
01:37:44.0173 7604 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
01:37:44.0180 7604 RFCOMM - ok
01:37:44.0227 7604 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
01:37:44.0234 7604 RpcEptMapper - ok
01:37:44.0277 7604 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
01:37:44.0284 7604 RpcLocator - ok
01:37:44.0394 7604 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\windows\system32\rpcss.dll
01:37:44.0407 7604 RpcSs - ok
01:37:44.0465 7604 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
01:37:44.0472 7604 rspndr - ok
01:37:44.0532 7604 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
01:37:44.0543 7604 RTL8167 - ok
01:37:44.0589 7604 rtport (41ce6b172542a9a227e34a45881e1d2a) C:\windows\system32\drivers\rtport.sys
01:37:44.0597 7604 rtport - ok
01:37:44.0659 7604 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
01:37:44.0670 7604 SABI - ok
01:37:44.0708 7604 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
01:37:44.0714 7604 SamSs - ok
01:37:44.0761 7604 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
01:37:44.0769 7604 sbp2port - ok
01:37:44.0835 7604 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
01:37:44.0848 7604 SCardSvr - ok
01:37:44.0885 7604 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
01:37:44.0892 7604 scfilter - ok
01:37:45.0118 7604 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\windows\system32\schedsvc.dll
01:37:45.0139 7604 Schedule - ok
01:37:45.0192 7604 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\windows\System32\certprop.dll
01:37:45.0195 7604 SCPolicySvc - ok
01:37:45.0267 7604 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\windows\System32\SDRSVC.dll
01:37:45.0279 7604 SDRSVC - ok
01:37:45.0334 7604 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
01:37:45.0341 7604 secdrv - ok
01:37:45.0370 7604 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
01:37:45.0379 7604 seclogon - ok
01:37:45.0442 7604 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
01:37:45.0449 7604 SENS - ok
01:37:45.0514 7604 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
01:37:45.0520 7604 Serenum - ok
01:37:45.0588 7604 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
01:37:45.0595 7604 Serial - ok
01:37:45.0616 7604 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
01:37:45.0622 7604 sermouse - ok
01:37:45.0705 7604 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\windows\system32\sessenv.dll
01:37:45.0713 7604 SessionEnv - ok
01:37:45.0736 7604 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
01:37:45.0743 7604 sffdisk - ok
01:37:45.0771 7604 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
01:37:45.0778 7604 sffp_mmc - ok
01:37:45.0799 7604 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
01:37:45.0807 7604 sffp_sd - ok
01:37:45.0822 7604 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
01:37:45.0831 7604 sfloppy - ok
01:37:46.0034 7604 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\windows\system32\DRIVERS\Sftfslh.sys
01:37:46.0052 7604 Sftfs - ok
01:37:46.0280 7604 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
01:37:46.0308 7604 sftlist - ok
01:37:46.0421 7604 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\windows\system32\DRIVERS\Sftplaylh.sys
01:37:46.0433 7604 Sftplay - ok
01:37:46.0487 7604 Sftredir (518bac0179f94304f422696b47c0ec12) C:\windows\system32\DRIVERS\Sftredirlh.sys
01:37:46.0496 7604 Sftredir - ok
01:37:46.0538 7604 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\windows\system32\DRIVERS\Sftvollh.sys
01:37:46.0547 7604 Sftvol - ok
01:37:46.0635 7604 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
01:37:46.0643 7604 sftvsa - ok
01:37:46.0781 7604 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\windows\System32\shsvcs.dll
01:37:46.0792 7604 ShellHWDetection - ok
01:37:46.0839 7604 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
01:37:46.0845 7604 sisagp - ok
01:37:46.0888 7604 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
01:37:46.0894 7604 SiSRaid2 - ok
01:37:46.0925 7604 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
01:37:46.0933 7604 SiSRaid4 - ok
01:37:47.0001 7604 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
01:37:47.0009 7604 Smb - ok
01:37:47.0074 7604 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
01:37:47.0084 7604 SNMPTRAP - ok
01:37:47.0123 7604 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
01:37:47.0129 7604 spldr - ok
01:37:47.0244 7604 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\windows\System32\spoolsv.exe
01:37:47.0260 7604 Spooler - ok
01:37:48.0012 7604 sppsvc (4c287f9069fedbd791178876ee9de536) C:\windows\system32\sppsvc.exe
01:37:48.0119 7604 sppsvc - ok
01:37:48.0378 7604 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\windows\system32\sppuinotify.dll
01:37:48.0392 7604 sppuinotify - ok
01:37:48.0535 7604 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
01:37:48.0551 7604 srv - ok
01:37:48.0655 7604 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
01:37:48.0668 7604 srv2 - ok
01:37:48.0720 7604 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
01:37:48.0728 7604 srvnet - ok
01:37:48.0801 7604 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
01:37:48.0812 7604 SSDPSRV - ok
01:37:48.0862 7604 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
01:37:48.0872 7604 SstpSvc - ok
01:37:48.0963 7604 Steam Client Service - ok
01:37:49.0046 7604 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
01:37:49.0053 7604 stexstor - ok
01:37:49.0217 7604 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\windows\System32\wiaservc.dll
01:37:49.0234 7604 StiSvc - ok
01:37:49.0256 7604 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
01:37:49.0264 7604 swenum - ok
01:37:49.0373 7604 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
01:37:49.0387 7604 swprv - ok
01:37:49.0506 7604 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
01:37:49.0519 7604 SynTP - ok
01:37:49.0816 7604 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\windows\system32\sysmain.dll
01:37:49.0866 7604 SysMain - ok
01:37:49.0917 7604 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\windows\System32\TabSvc.dll
01:37:49.0926 7604 TabletInputService - ok
01:37:51.0319 7604 TabletServicePen (1ff41723b6cf6ef0d2456691b75131bb) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
01:37:51.0470 7604 TabletServicePen - ok
01:37:51.0786 7604 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\windows\System32\tapisrv.dll
01:37:51.0802 7604 TapiSrv - ok
01:37:51.0856 7604 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
01:37:51.0871 7604 TBS - ok
01:37:52.0294 7604 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\drivers\tcpip.sys
01:37:52.0313 7604 Tcpip - ok
01:37:52.0350 7604 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\windows\system32\DRIVERS\tcpip.sys
01:37:52.0366 7604 TCPIP6 - ok
01:37:52.0423 7604 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
01:37:52.0430 7604 tcpipreg - ok
01:37:52.0468 7604 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
01:37:52.0474 7604 TDPIPE - ok
01:37:52.0524 7604 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\windows\system32\drivers\tdtcp.sys
01:37:52.0530 7604 TDTCP - ok
01:37:52.0584 7604 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
01:37:52.0588 7604 tdx - ok
01:37:52.0621 7604 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
01:37:52.0627 7604 TermDD - ok
01:37:52.0796 7604 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\windows\System32\termsrv.dll
01:37:52.0818 7604 TermService - ok
01:37:52.0863 7604 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
01:37:52.0878 7604 Themes - ok
01:37:52.0940 7604 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
01:37:52.0949 7604 THREADORDER - ok
01:37:53.0181 7604 TouchServicePen (c17ea46c3326a951dc3b8e883d661e0c) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
01:37:53.0194 7604 TouchServicePen - ok
01:37:53.0248 7604 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
01:37:53.0258 7604 TrkWks - ok
01:37:53.0373 7604 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\windows\servicing\TrustedInstaller.exe
01:37:53.0380 7604 TrustedInstaller - ok
01:37:53.0458 7604 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
01:37:53.0465 7604 tssecsrv - ok
01:37:53.0536 7604 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
01:37:53.0550 7604 tunnel - ok
01:37:53.0599 7604 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
01:37:53.0607 7604 uagp35 - ok
01:37:53.0701 7604 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
01:37:53.0714 7604 udfs - ok
01:37:53.0789 7604 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
01:37:53.0801 7604 UI0Detect - ok
01:37:53.0847 7604 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
01:37:53.0855 7604 uliagpkx - ok
01:37:53.0910 7604 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
01:37:53.0917 7604 umbus - ok
01:37:53.0944 7604 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
01:37:53.0951 7604 UmPass - ok
01:37:54.0076 7604 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
01:37:54.0097 7604 upnphost - ok
01:37:54.0148 7604 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
01:37:54.0155 7604 usbccgp - ok
01:37:54.0217 7604 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
01:37:54.0224 7604 usbcir - ok
01:37:54.0291 7604 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\drivers\usbehci.sys
01:37:54.0299 7604 usbehci - ok
01:37:54.0377 7604 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
01:37:54.0395 7604 usbhub - ok
01:37:54.0447 7604 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
01:37:54.0454 7604 usbohci - ok
01:37:54.0505 7604 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
01:37:54.0511 7604 usbprint - ok
01:37:54.0561 7604 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
01:37:54.0569 7604 USBSTOR - ok
01:37:54.0619 7604 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
01:37:54.0626 7604 usbuhci - ok
01:37:54.0712 7604 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
01:37:54.0722 7604 usbvideo - ok
01:37:54.0764 7604 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
01:37:54.0773 7604 UxSms - ok
01:37:54.0819 7604 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\windows\system32\lsass.exe
01:37:54.0824 7604 VaultSvc - ok
01:37:54.0892 7604 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
01:37:54.0900 7604 vdrvroot - ok
01:37:55.0055 7604 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\windows\System32\vds.exe
01:37:55.0079 7604 vds - ok
01:37:55.0131 7604 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
01:37:55.0138 7604 vga - ok
01:37:55.0172 7604 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
01:37:55.0178 7604 VgaSave - ok
01:37:55.0243 7604 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
01:37:55.0255 7604 vhdmp - ok
01:37:55.0310 7604 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
01:37:55.0318 7604 viaagp - ok
01:37:55.0358 7604 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
01:37:55.0365 7604 ViaC7 - ok
01:37:55.0397 7604 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
01:37:55.0404 7604 viaide - ok
01:37:55.0450 7604 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
01:37:55.0458 7604 volmgr - ok
01:37:55.0545 7604 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
01:37:55.0559 7604 volmgrx - ok
01:37:55.0640 7604 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
01:37:55.0655 7604 volsnap - ok
01:37:55.0736 7604 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
01:37:55.0747 7604 vsmraid - ok
01:37:56.0047 7604 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\windows\system32\vssvc.exe
01:37:56.0080 7604 VSS - ok
01:37:56.0110 7604 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
01:37:56.0119 7604 vwifibus - ok
01:37:56.0167 7604 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
01:37:56.0173 7604 vwififlt - ok
01:37:56.0215 7604 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
01:37:56.0222 7604 vwifimp - ok
01:37:56.0333 7604 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
01:37:56.0349 7604 W32Time - ok
01:37:56.0415 7604 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\windows\system32\DRIVERS\wacmoumonitor.sys
01:37:56.0422 7604 wacmoumonitor - ok
01:37:56.0463 7604 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\windows\system32\DRIVERS\wacommousefilter.sys
01:37:56.0472 7604 wacommousefilter - ok
01:37:56.0505 7604 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
01:37:56.0512 7604 WacomPen - ok
01:37:56.0552 7604 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\windows\system32\DRIVERS\wacomvhid.sys
01:37:56.0560 7604 wacomvhid - ok
01:37:56.0624 7604 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
01:37:56.0632 7604 WANARP - ok
01:37:56.0645 7604 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
01:37:56.0649 7604 Wanarpv6 - ok
01:37:56.0970 7604 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\windows\system32\wbengine.exe
01:37:57.0013 7604 wbengine - ok
01:37:57.0075 7604 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
01:37:57.0087 7604 WbioSrvc - ok
01:37:57.0195 7604 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\windows\System32\wcncsvc.dll
01:37:57.0217 7604 wcncsvc - ok
01:37:57.0274 7604 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
01:37:57.0287 7604 WcsPlugInService - ok
01:37:57.0375 7604 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
01:37:57.0384 7604 Wd - ok
01:37:57.0525 7604 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
01:37:57.0543 7604 Wdf01000 - ok
01:37:57.0590 7604 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
01:37:57.0603 7604 WdiServiceHost - ok
01:37:57.0619 7604 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
01:37:57.0635 7604 WdiSystemHost - ok
01:37:57.0727 7604 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\windows\System32\webclnt.dll
01:37:57.0746 7604 WebClient - ok
01:37:57.0824 7604 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
01:37:57.0843 7604 Wecsvc - ok
01:37:57.0892 7604 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
01:37:57.0904 7604 wercplsupport - ok
01:37:57.0959 7604 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
01:37:57.0971 7604 WerSvc - ok
01:37:58.0012 7604 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
01:37:58.0019 7604 WfpLwf - ok
01:37:58.0050 7604 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
01:37:58.0057 7604 WIMMount - ok
01:37:58.0077 7604 WinHttpAutoProxySvc - ok
01:37:58.0199 7604 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
01:37:58.0205 7604 Winmgmt - ok
01:37:58.0539 7604 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\windows\system32\WsmSvc.dll
01:37:58.0589 7604 WinRM - ok
01:37:58.0732 7604 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
01:37:58.0741 7604 WinUsb - ok
01:37:58.0975 7604 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
01:37:59.0013 7604 Wlansvc - ok
01:37:59.0529 7604 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:37:59.0586 7604 wlidsvc - ok
01:37:59.0865 7604 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
01:37:59.0878 7604 WmiAcpi - ok
01:37:59.0999 7604 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
01:38:00.0006 7604 wmiApSrv - ok
01:38:00.0393 7604 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
01:38:00.0415 7604 WMPNetworkSvc - ok
01:38:00.0497 7604 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
01:38:00.0512 7604 WPCSvc - ok
01:38:00.0599 7604 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\windows\system32\wpdbusenum.dll
01:38:00.0612 7604 WPDBusEnum - ok
01:38:00.0694 7604 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
01:38:00.0702 7604 ws2ifsl - ok
01:38:00.0716 7604 WSearch - ok
01:38:00.0776 7604 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
01:38:00.0785 7604 WudfPf - ok
01:38:00.0858 7604 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
01:38:00.0866 7604 WUDFRd - ok
01:38:00.0936 7604 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\windows\System32\WUDFSvc.dll
01:38:00.0949 7604 wudfsvc - ok
01:38:01.0045 7604 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
01:38:01.0063 7604 WwanSvc - ok
01:38:01.0193 7604 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
01:38:01.0210 7604 yukonw7 - ok
01:38:01.0297 7604 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
01:38:01.0305 7604 ZTEusbmdm6k - ok
01:38:01.0365 7604 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbnmea.sys
01:38:01.0373 7604 ZTEusbnmea - ok
01:38:01.0420 7604 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbser6k.sys
01:38:01.0428 7604 ZTEusbser6k - ok
01:38:01.0519 7604 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
01:38:02.0793 7604 \Device\Harddisk0\DR0 - ok
01:38:02.0805 7604 Boot (0x1200) (397af1304f88ed1e0cec4254fa39777f) \Device\Harddisk0\DR0\Partition0
01:38:02.0816 7604 \Device\Harddisk0\DR0\Partition0 - ok
01:38:02.0845 7604 Boot (0x1200) (46e6f9d50fde53eeb7da85df6357b7ac) \Device\Harddisk0\DR0\Partition1
01:38:02.0852 7604 \Device\Harddisk0\DR0\Partition1 - ok
01:38:02.0886 7604 Boot (0x1200) (8edd8f53896068b1deaff98794d7e2d6) \Device\Harddisk0\DR0\Partition2
01:38:02.0894 7604 \Device\Harddisk0\DR0\Partition2 - ok
01:38:02.0895 7604 ============================================================
01:38:02.0895 7604 Scan finished
01:38:02.0896 7604 ============================================================
01:38:02.0938 7484 Detected object count: 0
01:38:02.0939 7484 Actual detected object count: 0
01:38:58.0493 6736 Deinitialize success


aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-01 12:17:29
-----------------------------
12:17:29.594 OS Version: Windows 6.1.7600
12:17:29.594 Number of processors: 2 586 0x1C0A
12:17:29.599 ComputerName: BARNEYS-LAPTOP UserName: Barney
12:17:32.900 Initialize success
12:17:55.411 AVAST engine defs: 12073102
12:18:05.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:18:05.691 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
12:18:05.722 Disk 0 MBR read successfully
12:18:05.738 Disk 0 MBR scan
12:18:05.738 Disk 0 unknown MBR code
12:18:05.754 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
12:18:05.785 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
12:18:05.816 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 87040 MB offset 42149888
12:18:05.832 Disk 0 Partition - 00 0F Extended LBA 130853 MB offset 220407808
12:18:05.878 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 130852 MB offset 220409856
12:18:05.894 Disk 0 scanning sectors +488394752
12:18:06.019 Disk 0 scanning C:\windows\system32\drivers
12:18:45.128 Service scanning
12:19:43.748 Modules scanning
12:20:19.539 Disk 0 trace - called modules:
12:20:19.589 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
12:20:19.599 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8557e5b8]
12:20:19.619 3 CLASSPNP.SYS[887a359e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b40028]
12:20:22.449 AVAST engine scan C:\windows
12:20:36.979 AVAST engine scan C:\windows\system32
12:27:44.253 File: C:\windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:29:59.240 AVAST engine scan C:\windows\system32\drivers
12:30:46.992 AVAST engine scan C:\Users\Barney
12:37:30.051 File: C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\n **INFECTED** Win32:Sirefef-AEP [Rtk]
12:37:30.192 File: C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\U\00000004.@ **INFECTED** Win32:Malware-gen
12:37:30.457 File: C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\U\000000cb.@ **INFECTED** Win32:Malware-gen
12:37:30.626 File: C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\U\80000000.@ **INFECTED** Win64:Sirefef-A [Trj]
12:37:30.756 File: C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\U\80000032.@ **INFECTED** Win32:Downloader-PKU [Trj]
12:46:40.089 AVAST engine scan C:\ProgramData
12:49:31.478 Scan finished successfully
12:50:07.801 Disk 0 MBR has been saved successfully to "C:\Users\Barney\Desktop\MBR.dat"
12:50:07.811 The log file has been saved successfully to "C:\Users\Barney\Desktop\aswMBR.txt"



Note: during this scan avg flagged up Sharkappinstaller.exe which then I proceeded to move this file to avg's virus vault.

ESET online scanner log

C:\Program Files\MSIHQ USB Bootable Tool and BIOS Helper\USBMSIHQ.exe probably a variant of Win32/Agent.LZHTOYU trojan cleaned by deleting - quarantined
C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\n Win32/Sirefef.EV trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\U\00000004.@ Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\U\000000cb.@ Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Users\Barney\Downloads\MSIHQ Tool 1.19R9 Installer\MSIHQUT.exe probably a variant of Win32/Agent.LZHTOYU trojan cleaned by deleting - quarantined
C:\Windows\Installer\{204b039a-347c-d85b-58a9-778fde6a5225}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\Windows\Installer\{204b039a-347c-d85b-58a9-778fde6a5225}\U\00000004.@ Win32/Conedex.D trojan cleaned by deleting - quarantined
C:\Windows\Installer\{204b039a-347c-d85b-58a9-778fde6a5225}\U\000000cb.@ Win32/Conedex.E trojan cleaned by deleting - quarantined
C:\Windows\Installer\{204b039a-347c-d85b-58a9-778fde6a5225}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{204b039a-347c-d85b-58a9-778fde6a5225}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd6e67f4728598.0000 Win32/Sirefef.FC trojan deleted - quarantined
Operating memory multiple threats



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 01 August 2012 - 03:23 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{204b039a-347c-d85b-58a9-778fde6a5225}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 barnaciousc

barnaciousc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 01 August 2012 - 06:15 PM

systemlook log

SystemLook 30.07.11 by jpshortstuff
Log created at 21:29 on 01/08/2012 by Barney
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe --a---- 259072 bytes [23:11 13/07/2009] [01:14 14/07/2009] 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

========== folderfind ==========

Searching for "{204b039a-347c-d85b-58a9-778fde6a5225}"
C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225} d--hs-- [22:20 11/01/2012]
C:\Windows\Installer\{204b039a-347c-d85b-58a9-778fde6a5225} d--hs-- [22:20 11/01/2012]

-= EOF =-


MBAM log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Barney :: BARNEYS-LAPTOP [administrator]

01/08/2012 21:42:00
mbam-log-2012-08-01 (21-42-00).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 320735
Time elapsed: 1 hour(s), 47 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\n. -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Windows\Installer\{204b039a-347c-d85b-58a9-778fde6a5225}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)


mini toolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Barney (administrator) on 02-08-2012 at 00:00:20
Microsoft Windows 7 Starter (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom 802.11n Network Adapter = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller = Local Area Connection (Hardware not present)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Barneys-laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : E8-39-DF-1F-91-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : E8-39-DF-28-0E-47
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::816:12e9:a07d:b84b%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.28(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 01 August 2012 23:37:21
Lease Expires . . . . . . . . . . : 02 August 2012 23:37:22
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 317209055
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-7B-50-F2-00-24-54-38-9B-5A
DNS Servers . . . . . . . . . . . : 208.67.222.222
208.67.220.220
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{AE3C071A-5C5D-4911-957A-8BBCB27754D6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C7731E60-1F8E-4298-BD60-21C9AE0D160A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: google.com
Addresses: 2a00:1450:4009:803::1004
173.194.34.98
173.194.34.97
173.194.34.101
173.194.34.100
173.194.34.99
173.194.34.110
173.194.34.102
173.194.34.105
173.194.34.96
173.194.34.103
173.194.34.104


Pinging google.com [173.194.34.105] with 32 bytes of data:
Reply from 173.194.34.105: bytes=32 time=43ms TTL=56
Reply from 173.194.34.105: bytes=32 time=44ms TTL=56

Ping statistics for 173.194.34.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 43ms, Maximum = 44ms, Average = 43ms
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=251ms TTL=46
Reply from 98.139.183.24: bytes=32 time=155ms TTL=45

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 155ms, Maximum = 251ms, Average = 203ms
Server: resolver1.opendns.com
Address: 208.67.222.222

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...e8 39 df 1f 91 49 ......Bluetooth Device (Personal Area Network)
12...e8 39 df 28 0e 47 ......Broadcom 802.11n Network Adapter
1...........................Software Loopback Interface 1
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.28 40
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.28 296
192.168.1.28 255.255.255.255 On-link 192.168.1.28 296
192.168.1.255 255.255.255.255 On-link 192.168.1.28 296
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.28 296
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.28 296
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 296 fe80::/64 On-link
12 296 fe80::816:12e9:a07d:b84b/128
On-link
1 306 ff00::/8 On-link
12 296 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()
Catalog9 35 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/01/2012 11:47:47 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/01/2012 11:47:47 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/01/2012 11:35:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x10e0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/01/2012 11:33:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x16d0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/01/2012 11:32:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xff0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/01/2012 11:31:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x608
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/01/2012 11:30:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xb18
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/01/2012 11:28:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xfe4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/01/2012 11:27:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xd58
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/01/2012 11:26:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xbcc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (08/01/2012 11:37:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/01/2012 11:37:20 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/01/2012 11:37:19 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/01/2012 11:37:19 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (08/01/2012 11:37:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/01/2012 11:35:43 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}

Error: (08/01/2012 11:35:22 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/01/2012 06:17:42 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/01/2012 11:01:56 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/01/2012 01:55:53 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


Microsoft Office Sessions:
=========================
Error: (08/01/2012 11:47:47 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/01/2012 11:47:47 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (08/01/2012 11:35:06 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050000000010e001cd7035e638ccf9C:\windows\System32\svchost.exeunknown23fc7248-dc29-11e1-ba10-e839df1f9149

Error: (08/01/2012 11:33:51 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050000000016d001cd7035b93cb4ffC:\windows\System32\svchost.exeunknownf754e42c-dc28-11e1-ba10-e839df1f9149

Error: (08/01/2012 11:32:35 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000ff001cd70358c923255C:\windows\System32\svchost.exeunknownca5450ff-dc28-11e1-ba10-e839df1f9149

Error: (08/01/2012 11:31:20 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000050000000060801cd70355f81fd32C:\windows\System32\svchost.exeunknown9da6afad-dc28-11e1-ba10-e839df1f9149

Error: (08/01/2012 11:30:05 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000b1801cd703532effa1dC:\windows\System32\svchost.exeunknown70b10752-dc28-11e1-ba10-e839df1f9149

Error: (08/01/2012 11:28:48 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000fe401cd703504b4707eC:\windows\System32\svchost.exeunknown42e185ae-dc28-11e1-ba10-e839df1f9149

Error: (08/01/2012 11:27:32 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000d5801cd7034d7730963C:\windows\System32\svchost.exeunknown1536d5c3-dc28-11e1-ba10-e839df1f9149

Error: (08/01/2012 11:26:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000500000000bcc01cd7034aa2425caC:\windows\System32\svchost.exeunknowne7f62330-dc27-11e1-ba10-e839df1f9149


=========================== Installed Programs ============================

1.0.2 (Version: 1.0.2)
3Connect (Version: 3.0.0)
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.1 (Version: 9.1.0)
AnyPC Client (Version: 1.0.0.25)
Apple Application Support (Version: 1.5.0)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (Version: 1.2.0.19709)
Atheros Client Installation Program (Version: 1.0.2.1119)
AVG 2011 (Version: 10.0.1424)
AVG 2011 (Version: 10.0.2437)
AviSynth 2.5
Bamboo (Version: 5.2.5-5)
Bamboo Dock (Version: 4.0)
Bamboo Dock (Version: 4.0.0)
BatteryLifeExtender (Version: 1.0.1)
Bing Bar (Version: 7.1.361.0)
Bonjour (Version: 2.0.4.0)
Broadcom 802.11 Network Adapter (Version: 5.60.48.44)
ChargeableUSB (Version: 1.0.0.0)
CyberLink YouCam (Version: 2.0.3911)
EAGLE 5.9.0 (Version: 5.9.0)
Easy Content Share (Version: 1.0.0.13)
Easy Display Manager (Version: 3.1)
Easy Network Manager (Version: 4.3.1)
Easy Resolution Manager (Version: 1.0.0)
Easy SpeedUp Manager (Version: 2.1.0.10)
Easy Video Splitter 1.28
EasyBatteryManager (Version: 4.0.0.4)
EasyFileShare (Version: 1.0.2)
ESET Online Scanner v3
Fast Booting SW (Version: 1.6.0.0)
Free Download Manager 3.0
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 20.0.1132.57)
HammerSnipe PowerTool
HiJackThis (Version: 1.0.0)
Inkscape 0.48.2 (Version: 0.48.2)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2108)
Intel® Matrix Storage Manager
iTunes (Version: 10.2.1.1)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 14.0.8089.726)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Marvell Miniport Driver (Version: 11.22.3.3)
Media Player Classic - Home Cinema v1.5.2.3456 (Version: 1.5.2.3456)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Home and Business 2010 - English (Version: 14.0.5123.5005)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mozilla Firefox 8.0.1 (x86 en-US) (Version: 8.0.1)
Mp3tag v2.51 (Version: v2.51)
MSIHQ USB Bootable Tool and BIOS Helper 1.19R9 2011
MSVCRT (Version: 14.0.1468.721)
MusicBrainz Picard (Version: 0.16)
OpenAL
OpenTTD 1.1.2 (Version: 1.1.2)
Osmos
Power Supply Designer II
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 6.0.1.6083)
REALTEK PCIE Wireless LAN Software (Version: 0136.10.0325)
Samsung Recovery Solution 4 (Version: 4.0.0.6)
Samsung Support Center (Version: 1.1.3)
Samsung Update Plus (Version: 2.0)
SamsungMovie (Version: 1.0.0)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.155)
Solar 2
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
TempoPerfect Metronome Software
Tina 8 - Industrial (C:\Program Files\DesignSoft\Tina 8 - Industrial) (Version: 8.00.000)
Tina 8 - Industrial (Version: 8.00.000)
Tone Stack Calculator (Version: 1.3.0.41)
Tunatic
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
User Guide (Version: 1.0)
Videora Xbox 360 Converter 6 (Version: 6)
VLC media player 1.1.11 (Version: 1.1.11)
WarZone Client v1.0.49
WebTablet FB Plugin (Version: 2.0.0.1)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
WIDCOMM Bluetooth Software (Version: 6.3.0.4500)
Win7codecs (Version: 3.3.6)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
WinRAR archiver
Xvid Video Codec (Version: 1.3.2)
ZTE_1.2059.0.8

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 2037.3 MB
Available physical RAM: 1051.87 MB
Total Pagefile: 4074.59 MB
Available Pagefile: 2885.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:85 GB) (Free:11.78 GB) NTFS
2 Drive d: () (Fixed) (Total:127.79 GB) (Free:66.64 GB) NTFS

========================= Users: ========================================

User accounts for \\BARNEYS-LAPTOP

Administrator Barney Guest


**** End of log ****


FSS log

Farbar Service Scanner Version: 26-07-2012
Ran by Barney (administrator) on 02-08-2012 at 00:06:29
Running from "C:\Users\Barney\Downloads"
Microsoft Windows 7 Starter (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2012-05-27 19:03] - [2012-03-30 11:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\windows\system32\dnsrslvr.dll
[2011-04-14 14:48] - [2011-03-03 06:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\windows\system32\mpssvc.dll
[2009-07-14 00:53] - [2009-07-14 02:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\windows\system32\bfe.dll
[2009-07-14 00:54] - [2009-07-14 02:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll
[2009-07-14 00:23] - [2009-07-14 02:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\windows\system32\vssvc.exe
[2009-07-14 00:24] - [2009-07-14 02:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\windows\system32\wscsvc.dll
[2011-02-12 12:12] - [2010-12-21 06:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll
[2009-07-14 00:30] - [2009-07-14 02:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2012-06-15 21:06] - [2012-04-24 05:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


adware cleaner log

# AdwCleaner v1.800 - Logfile created 08/02/2012 at 00:09:12
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Starter (32 bits)
# User : Barney - BARNEYS-LAPTOP
# Running from : C:\Users\Barney\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Barney\AppData\Local\APN
Folder Deleted : C:\Users\Barney\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Barney\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Barney\AppData\Roaming\Mozilla\Firefox\Profiles\vgilqg2u.default\extensions\toolbar@ask.com
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Barney\AppData\Roaming\Mozilla\Firefox\Profiles\vgilqg2u.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v8.0.1 (en-US)

Profile name : default
File : C:\Users\Barney\AppData\Roaming\Mozilla\Firefox\Profiles\vgilqg2u.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Barney\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4361 octets] - [02/08/2012 00:09:12]

########## EOF - C:\AdwCleaner[S1].txt - [4489 octets] ##########



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 01 August 2012 - 06:32 PM

Please post malwarebytes clean log

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Barney\AppData\Local\{204b039a-347c-d85b-58a9-778fde6a5225}
C:\Windows\Installer\{204b039a-347c-d85b-58a9-778fde6a5225}

delete the folders


Download

MpsSvc
BFE
wscsvc
defender
wuauserv
BITS
Sharedaccess

Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

#7 barnaciousc

barnaciousc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 01 August 2012 - 07:42 PM

Malwarebytes clean log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Barney :: BARNEYS-LAPTOP [administrator]

01/08/2012 23:47:02
mbam-log-2012-08-01 (23-47-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184467
Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


FSS log after these steps have been taken

Farbar Service Scanner Version: 26-07-2012
Ran by Barney (administrator) on 02-08-2012 at 01:40:33
Running from "C:\Users\Barney\Downloads"
Microsoft Windows 7 Starter (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2012-05-27 19:03] - [2012-03-30 11:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\windows\system32\dnsrslvr.dll
[2011-04-14 14:48] - [2011-03-03 06:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\windows\system32\mpssvc.dll
[2009-07-14 00:53] - [2009-07-14 02:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\windows\system32\bfe.dll
[2009-07-14 00:54] - [2009-07-14 02:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll
[2009-07-14 00:23] - [2009-07-14 02:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\windows\system32\vssvc.exe
[2009-07-14 00:24] - [2009-07-14 02:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\windows\system32\wscsvc.dll
[2011-02-12 12:12] - [2010-12-21 06:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll
[2009-07-14 00:30] - [2009-07-14 02:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2012-06-15 21:06] - [2012-04-24 05:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 01 August 2012 - 07:45 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:folderfind
{204b039a-347c-d85b-58a9-778fde6a5225}

Click on LOOK,post the generated log

#9 barnaciousc

barnaciousc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 01 August 2012 - 07:50 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 01:48 on 02/08/2012 by Barney
Administrator - Elevation successful

========== folderfind ==========

Searching for "{204b039a-347c-d85b-58a9-778fde6a5225}"
No folders found.

-= EOF =-



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 01 August 2012 - 08:50 PM

Any current issues?

#11 barnaciousc

barnaciousc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 02 August 2012 - 04:04 AM

the redirections have stopped, and the pc seems to be running as it was. will keep an eye out for anything.
thank you very much for your help, i will certainly be recommending this forum to others.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 02 August 2012 - 09:29 AM

Grt :thumbup2:

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 barnaciousc

barnaciousc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:16 AM

Posted 02 August 2012 - 10:11 AM

cheers mate, you too :)

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 02 August 2012 - 01:04 PM

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users