Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef on Windows Vista x64 SP2


  • Please log in to reply
18 replies to this topic

#1 Aleph

Aleph

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 October 2012 - 06:23 AM

Hello everyone! I'm new here and just joined because MSE found a Sirefef Trojan/Rootkit on my Laptop. I'm pretty shocked I caught this bugger considering I'm very tedious about what sites I visit (Web of Trust helps). So I noticed I had 4 infections, two from 4 days ago, and two found today. I'm not sure which Sirefef they were since I deleted them from Quarantine and can't find any logs on them,all I noticed is they were located in my Recycle Bin. What I find strange is I haven't found any of the usual signs that I've been infected, like scareware, my Firewall SEEMS to be up (I was trying to redownload msn messenger because it wouldn't let me log on [about what tipped me off that something was wrong with my system] It gave me an error that my firewall was off and couldn't install, but on the settings menu of Windows Firewall it says it's on, same goes for MSE.) Any program that required a user/pass to log in (which I had on "Remember me.") was cleared as if I unchecked them, but I didn't. Sorry for the wall of text but I'm horribly worried at the moment, I've purchased some things online recently in between the days I was infected and am dreading that my debit card becomes compromised :unsure: . I ran a quick scan with MSE after rebooting earlier and it did not detect it, I am now doing a full system scan to see if it can find it again, can MSE now remove Sirefef? Thanks for any help on my matter, I hope someones on at this time, can't sleep with this in the back of my mind.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:34 AM

Posted 23 October 2012 - 06:36 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Aleph

Aleph
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 October 2012 - 06:42 AM

TDSS Log

04:40:28.0157 4916 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
04:40:28.0807 4916 ============================================================
04:40:28.0807 4916 Current date / time: 2012/10/23 04:40:28.0807
04:40:28.0807 4916 SystemInfo:
04:40:28.0807 4916
04:40:28.0807 4916 OS Version: 6.0.6002 ServicePack: 2.0
04:40:28.0807 4916 Product type: Workstation
04:40:28.0807 4916 ComputerName: PC-13357
04:40:28.0808 4916 UserName: Adam
04:40:28.0808 4916 Windows directory: C:\Windows
04:40:28.0808 4916 System windows directory: C:\Windows
04:40:28.0808 4916 Running under WOW64
04:40:28.0808 4916 Processor architecture: Intel x64
04:40:28.0808 4916 Number of processors: 2
04:40:28.0808 4916 Page size: 0x1000
04:40:28.0808 4916 Boot type: Normal boot
04:40:28.0808 4916 ============================================================
04:40:31.0015 4916 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:40:31.0021 4916 ============================================================
04:40:31.0021 4916 \Device\Harddisk0\DR0:
04:40:31.0021 4916 MBR partitions:
04:40:31.0021 4916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23B9C800
04:40:31.0021 4916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23B9D000, BlocksNum 0x1890000
04:40:31.0021 4916 ============================================================
04:40:31.0028 4916 C: <-> \Device\Harddisk0\DR0\Partition1
04:40:31.0168 4916 D: <-> \Device\Harddisk0\DR0\Partition2
04:40:31.0168 4916 ============================================================
04:40:31.0168 4916 Initialize success
04:40:31.0168 4916 ============================================================
04:41:05.0058 4192 ============================================================
04:41:05.0058 4192 Scan started
04:41:05.0058 4192 Mode: Manual; TDLFS;
04:41:05.0058 4192 ============================================================
04:41:05.0450 4192 ================ Scan system memory ========================
04:41:05.0450 4192 System memory - ok
04:41:05.0451 4192 ================ Scan services =============================
04:41:05.0626 4192 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
04:41:05.0631 4192 ACPI - ok
04:41:05.0668 4192 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
04:41:05.0670 4192 adfs - ok
04:41:05.0706 4192 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
04:41:05.0713 4192 adp94xx - ok
04:41:05.0723 4192 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
04:41:05.0728 4192 adpahci - ok
04:41:05.0742 4192 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
04:41:05.0744 4192 adpu160m - ok
04:41:05.0755 4192 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
04:41:05.0758 4192 adpu320 - ok
04:41:05.0837 4192 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
04:41:05.0850 4192 AdvancedSystemCareService5 - ok
04:41:05.0876 4192 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
04:41:05.0877 4192 AeLookupSvc - ok
04:41:05.0919 4192 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
04:41:05.0925 4192 AFD - ok
04:41:05.0967 4192 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
04:41:05.0969 4192 agp440 - ok
04:41:06.0004 4192 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
04:41:06.0006 4192 aic78xx - ok
04:41:06.0030 4192 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
04:41:06.0032 4192 ALG - ok
04:41:06.0065 4192 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys
04:41:06.0067 4192 aliide - ok
04:41:06.0073 4192 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys
04:41:06.0074 4192 amdide - ok
04:41:06.0101 4192 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
04:41:06.0102 4192 AmdK8 - ok
04:41:06.0136 4192 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
04:41:06.0137 4192 Appinfo - ok
04:41:06.0200 4192 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:41:06.0202 4192 Apple Mobile Device - ok
04:41:06.0244 4192 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
04:41:06.0246 4192 arc - ok
04:41:06.0254 4192 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
04:41:06.0256 4192 arcsas - ok
04:41:06.0273 4192 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
04:41:06.0274 4192 AsyncMac - ok
04:41:06.0310 4192 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
04:41:06.0311 4192 atapi - ok
04:41:06.0393 4192 [ 96ABF88241F90FF647E55C934C55C2F1 ] athr C:\Windows\system32\DRIVERS\athrx.sys
04:41:06.0429 4192 athr - ok
04:41:06.0499 4192 [ 788914C42AD8318F1DD7A565EAFFB049 ] athrusb C:\Windows\system32\DRIVERS\athrxusb.sys
04:41:06.0515 4192 athrusb - ok
04:41:06.0556 4192 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:41:06.0562 4192 AudioEndpointBuilder - ok
04:41:06.0575 4192 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
04:41:06.0578 4192 AudioSrv - ok
04:41:06.0620 4192 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
04:41:06.0627 4192 BFE - ok
04:41:06.0685 4192 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
04:41:06.0702 4192 BITS - ok
04:41:06.0740 4192 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
04:41:06.0741 4192 blbdrive - ok
04:41:06.0812 4192 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
04:41:06.0819 4192 Bonjour Service - ok
04:41:06.0846 4192 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
04:41:06.0848 4192 bowser - ok
04:41:06.0883 4192 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
04:41:06.0884 4192 BrFiltLo - ok
04:41:06.0904 4192 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
04:41:06.0905 4192 BrFiltUp - ok
04:41:06.0941 4192 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
04:41:06.0943 4192 Browser - ok
04:41:06.0980 4192 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
04:41:06.0982 4192 Brserid - ok
04:41:07.0011 4192 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
04:41:07.0012 4192 BrSerWdm - ok
04:41:07.0052 4192 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
04:41:07.0054 4192 BrUsbMdm - ok
04:41:07.0069 4192 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
04:41:07.0071 4192 BrUsbSer - ok
04:41:07.0098 4192 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
04:41:07.0100 4192 BTHMODEM - ok
04:41:07.0133 4192 [ 942BD3CB0933FEBD194B42D4E489C246 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
04:41:07.0138 4192 CAXHWAZL - ok
04:41:07.0154 4192 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
04:41:07.0156 4192 cdfs - ok
04:41:07.0187 4192 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
04:41:07.0188 4192 cdrom - ok
04:41:07.0203 4192 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
04:41:07.0205 4192 CertPropSvc - ok
04:41:07.0243 4192 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
04:41:07.0245 4192 circlass - ok
04:41:07.0292 4192 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
04:41:07.0299 4192 CLFS - ok
04:41:07.0347 4192 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:41:07.0349 4192 clr_optimization_v2.0.50727_32 - ok
04:41:07.0413 4192 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:41:07.0415 4192 clr_optimization_v2.0.50727_64 - ok
04:41:07.0482 4192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:41:07.0485 4192 clr_optimization_v4.0.30319_32 - ok
04:41:07.0521 4192 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:41:07.0523 4192 clr_optimization_v4.0.30319_64 - ok
04:41:07.0529 4192 clwvd - ok
04:41:07.0560 4192 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
04:41:07.0561 4192 CmBatt - ok
04:41:07.0577 4192 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys
04:41:07.0578 4192 cmdide - ok
04:41:07.0607 4192 [ 09699DC18521BCD82A7B39B187BA4C91 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
04:41:07.0612 4192 CnxtHdAudService - ok
04:41:07.0668 4192 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
04:41:07.0672 4192 Com4QLBEx - ok
04:41:07.0678 4192 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
04:41:07.0679 4192 Compbatt - ok
04:41:07.0685 4192 COMSysApp - ok
04:41:07.0706 4192 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
04:41:07.0707 4192 crcdisk - ok
04:41:07.0748 4192 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
04:41:07.0751 4192 CryptSvc - ok
04:41:07.0804 4192 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
04:41:07.0816 4192 DcomLaunch - ok
04:41:07.0847 4192 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
04:41:07.0849 4192 DfsC - ok
04:41:07.0965 4192 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
04:41:08.0026 4192 DFSR - ok
04:41:08.0069 4192 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
04:41:08.0081 4192 Dhcp - ok
04:41:08.0114 4192 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
04:41:08.0116 4192 disk - ok
04:41:08.0141 4192 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
04:41:08.0144 4192 Dnscache - ok
04:41:08.0174 4192 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
04:41:08.0179 4192 dot3svc - ok
04:41:08.0205 4192 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
04:41:08.0208 4192 DPS - ok
04:41:08.0236 4192 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
04:41:08.0238 4192 drmkaud - ok
04:41:08.0242 4192 dump_wmimmc - ok
04:41:08.0305 4192 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
04:41:08.0319 4192 DXGKrnl - ok
04:41:08.0354 4192 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
04:41:08.0356 4192 E1G60 - ok
04:41:08.0404 4192 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
04:41:08.0407 4192 EapHost - ok
04:41:08.0454 4192 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
04:41:08.0457 4192 Ecache - ok
04:41:08.0509 4192 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
04:41:08.0516 4192 ehRecvr - ok
04:41:08.0553 4192 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
04:41:08.0556 4192 ehSched - ok
04:41:08.0565 4192 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
04:41:08.0566 4192 ehstart - ok
04:41:08.0589 4192 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
04:41:08.0596 4192 elxstor - ok
04:41:08.0626 4192 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
04:41:08.0632 4192 EMDMgmt - ok
04:41:08.0657 4192 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
04:41:08.0658 4192 ErrDev - ok
04:41:08.0714 4192 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
04:41:08.0720 4192 EventSystem - ok
04:41:08.0752 4192 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
04:41:08.0755 4192 exfat - ok
04:41:08.0794 4192 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
04:41:08.0799 4192 fastfat - ok
04:41:08.0838 4192 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
04:41:08.0840 4192 fdc - ok
04:41:08.0877 4192 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
04:41:08.0879 4192 fdPHost - ok
04:41:08.0891 4192 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
04:41:08.0893 4192 FDResPub - ok
04:41:08.0919 4192 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
04:41:08.0920 4192 FileInfo - ok
04:41:08.0952 4192 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
04:41:08.0954 4192 Filetrace - ok
04:41:09.0004 4192 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
04:41:09.0006 4192 flpydisk - ok
04:41:09.0041 4192 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
04:41:09.0046 4192 FltMgr - ok
04:41:09.0094 4192 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
04:41:09.0111 4192 FontCache - ok
04:41:09.0158 4192 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:41:09.0159 4192 FontCache3.0.0.0 - ok
04:41:09.0191 4192 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
04:41:09.0192 4192 Fs_Rec - ok
04:41:09.0244 4192 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
04:41:09.0245 4192 gagp30kx - ok
04:41:09.0322 4192 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
04:41:09.0392 4192 GameConsoleService - ok
04:41:09.0421 4192 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:41:09.0422 4192 GEARAspiWDM - ok
04:41:09.0462 4192 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
04:41:09.0473 4192 gpsvc - ok
04:41:09.0519 4192 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:41:09.0522 4192 gupdate - ok
04:41:09.0531 4192 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:41:09.0532 4192 gupdatem - ok
04:41:09.0562 4192 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
04:41:09.0563 4192 hamachi - ok
04:41:09.0606 4192 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:41:09.0611 4192 HdAudAddService - ok
04:41:09.0663 4192 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
04:41:09.0676 4192 HDAudBus - ok
04:41:09.0703 4192 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
04:41:09.0704 4192 HidBth - ok
04:41:09.0726 4192 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
04:41:09.0728 4192 HidIr - ok
04:41:09.0770 4192 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
04:41:09.0771 4192 hidserv - ok
04:41:09.0811 4192 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
04:41:09.0813 4192 HidUsb - ok
04:41:09.0851 4192 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
04:41:09.0854 4192 hkmsvc - ok
04:41:09.0892 4192 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
04:41:09.0894 4192 HP Health Check Service - ok
04:41:09.0928 4192 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
04:41:09.0930 4192 HpCISSs - ok
04:41:09.0959 4192 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
04:41:09.0960 4192 HpqKbFiltr - ok
04:41:09.0982 4192 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
04:41:09.0986 4192 hpqwmiex - ok
04:41:10.0040 4192 [ DDA869537AE9CE501954CB7793134D96 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
04:41:10.0107 4192 HSF_DPV - ok
04:41:10.0138 4192 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
04:41:10.0148 4192 HTTP - ok
04:41:10.0175 4192 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
04:41:10.0177 4192 i2omp - ok
04:41:10.0196 4192 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
04:41:10.0198 4192 i8042prt - ok
04:41:10.0220 4192 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
04:41:10.0225 4192 iaStorV - ok
04:41:10.0279 4192 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
04:41:10.0281 4192 IDriverT - ok
04:41:10.0362 4192 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:41:10.0378 4192 idsvc - ok
04:41:10.0652 4192 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
04:41:10.0860 4192 igfx - ok
04:41:10.0876 4192 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
04:41:10.0877 4192 iirsp - ok
04:41:10.0916 4192 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
04:41:10.0923 4192 IKEEXT - ok
04:41:10.0951 4192 [ BD37227C07179B1040A8896B9C0C146B ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
04:41:10.0953 4192 IntcHdmiAddService - ok
04:41:10.0968 4192 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys
04:41:10.0970 4192 intelide - ok
04:41:10.0988 4192 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
04:41:10.0989 4192 intelppm - ok
04:41:11.0015 4192 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
04:41:11.0017 4192 IPBusEnum - ok
04:41:11.0055 4192 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:41:11.0057 4192 IpFilterDriver - ok
04:41:11.0083 4192 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
04:41:11.0088 4192 iphlpsvc - ok
04:41:11.0093 4192 IpInIp - ok
04:41:11.0119 4192 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
04:41:11.0121 4192 IPMIDRV - ok
04:41:11.0138 4192 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
04:41:11.0140 4192 IPNAT - ok
04:41:11.0204 4192 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
04:41:11.0215 4192 iPod Service - ok
04:41:11.0254 4192 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
04:41:11.0255 4192 IRENUM - ok
04:41:11.0281 4192 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
04:41:11.0283 4192 isapnp - ok
04:41:11.0321 4192 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
04:41:11.0324 4192 iScsiPrt - ok
04:41:11.0335 4192 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
04:41:11.0336 4192 iteatapi - ok
04:41:11.0342 4192 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
04:41:11.0343 4192 iteraid - ok
04:41:11.0357 4192 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
04:41:11.0358 4192 kbdclass - ok
04:41:11.0383 4192 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
04:41:11.0384 4192 kbdhid - ok
04:41:11.0415 4192 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
04:41:11.0416 4192 KeyIso - ok
04:41:11.0451 4192 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
04:41:11.0453 4192 KMWDFILTER - ok
04:41:11.0499 4192 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
04:41:11.0507 4192 KSecDD - ok
04:41:11.0533 4192 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
04:41:11.0535 4192 ksthunk - ok
04:41:11.0568 4192 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
04:41:11.0576 4192 KtmRm - ok
04:41:11.0612 4192 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
04:41:11.0616 4192 LanmanServer - ok
04:41:11.0645 4192 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:41:11.0650 4192 LanmanWorkstation - ok
04:41:11.0695 4192 [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
04:41:11.0696 4192 LightScribeService - ok
04:41:11.0712 4192 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
04:41:11.0713 4192 lltdio - ok
04:41:11.0760 4192 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
04:41:11.0768 4192 lltdsvc - ok
04:41:11.0795 4192 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
04:41:11.0799 4192 lmhosts - ok
04:41:11.0826 4192 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
04:41:11.0829 4192 LSI_FC - ok
04:41:11.0839 4192 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
04:41:11.0842 4192 LSI_SAS - ok
04:41:11.0856 4192 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
04:41:11.0858 4192 LSI_SCSI - ok
04:41:11.0865 4192 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
04:41:11.0871 4192 luafv - ok
04:41:11.0904 4192 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys
04:41:11.0906 4192 ManyCam - ok
04:41:11.0965 4192 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
04:41:11.0993 4192 mcdbus - ok
04:41:12.0023 4192 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
04:41:12.0026 4192 Mcx2Svc - ok
04:41:12.0066 4192 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
04:41:12.0067 4192 mdmxsdk - ok
04:41:12.0082 4192 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
04:41:12.0083 4192 megasas - ok
04:41:12.0109 4192 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
04:41:12.0115 4192 MegaSR - ok
04:41:12.0136 4192 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
04:41:12.0139 4192 MMCSS - ok
04:41:12.0152 4192 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
04:41:12.0154 4192 Modem - ok
04:41:12.0182 4192 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
04:41:12.0183 4192 monitor - ok
04:41:12.0216 4192 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
04:41:12.0217 4192 mouclass - ok
04:41:12.0235 4192 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
04:41:12.0236 4192 mouhid - ok
04:41:12.0255 4192 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
04:41:12.0257 4192 MountMgr - ok
04:41:12.0305 4192 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
04:41:12.0308 4192 MozillaMaintenance - ok
04:41:12.0343 4192 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
04:41:12.0347 4192 MpFilter - ok
04:41:12.0366 4192 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
04:41:12.0368 4192 mpio - ok
04:41:12.0467 4192 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsle5e5f3e9 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BECF9297-21F8-4A89-8E3D-DDEF904D9D0D}\MpKsle5e5f3e9.sys
04:41:12.0468 4192 MpKsle5e5f3e9 - ok
04:41:12.0478 4192 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
04:41:12.0480 4192 mpsdrv - ok
04:41:12.0520 4192 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
04:41:12.0531 4192 MpsSvc - ok
04:41:12.0554 4192 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
04:41:12.0555 4192 Mraid35x - ok
04:41:12.0587 4192 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
04:41:12.0590 4192 MRxDAV - ok
04:41:12.0616 4192 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
04:41:12.0618 4192 mrxsmb - ok
04:41:12.0650 4192 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:41:12.0655 4192 mrxsmb10 - ok
04:41:12.0667 4192 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:41:12.0670 4192 mrxsmb20 - ok
04:41:12.0698 4192 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
04:41:12.0699 4192 msahci - ok
04:41:12.0724 4192 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
04:41:12.0727 4192 msdsm - ok
04:41:12.0751 4192 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
04:41:12.0755 4192 MSDTC - ok
04:41:12.0785 4192 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
04:41:12.0786 4192 Msfs - ok
04:41:12.0824 4192 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
04:41:12.0826 4192 msisadrv - ok
04:41:12.0871 4192 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
04:41:12.0874 4192 MSiSCSI - ok
04:41:12.0880 4192 msiserver - ok
04:41:12.0912 4192 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
04:41:12.0913 4192 MSKSSRV - ok
04:41:12.0968 4192 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
04:41:12.0968 4192 MsMpSvc - ok
04:41:13.0007 4192 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
04:41:13.0008 4192 MSPCLOCK - ok
04:41:13.0040 4192 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
04:41:13.0042 4192 MSPQM - ok
04:41:13.0088 4192 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
04:41:13.0094 4192 MsRPC - ok
04:41:13.0122 4192 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
04:41:13.0124 4192 mssmbios - ok
04:41:13.0152 4192 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
04:41:13.0153 4192 MSTEE - ok
04:41:13.0179 4192 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
04:41:13.0196 4192 Mup - ok
04:41:13.0239 4192 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
04:41:13.0248 4192 napagent - ok
04:41:13.0278 4192 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
04:41:13.0281 4192 NativeWifiP - ok
04:41:13.0319 4192 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
04:41:13.0331 4192 NDIS - ok
04:41:13.0353 4192 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
04:41:13.0354 4192 NdisTapi - ok
04:41:13.0369 4192 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
04:41:13.0370 4192 Ndisuio - ok
04:41:13.0408 4192 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
04:41:13.0411 4192 NdisWan - ok
04:41:13.0423 4192 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
04:41:13.0425 4192 NDProxy - ok
04:41:13.0437 4192 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
04:41:13.0438 4192 NetBIOS - ok
04:41:13.0473 4192 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
04:41:13.0477 4192 netbt - ok
04:41:13.0486 4192 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
04:41:13.0488 4192 Netlogon - ok
04:41:13.0517 4192 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
04:41:13.0525 4192 Netman - ok
04:41:13.0545 4192 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
04:41:13.0550 4192 netprofm - ok
04:41:13.0585 4192 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:41:13.0587 4192 NetTcpPortSharing - ok
04:41:13.0703 4192 [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys
04:41:13.0750 4192 NETw3v64 - ok
04:41:13.0785 4192 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
04:41:13.0786 4192 nfrd960 - ok
04:41:13.0842 4192 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:41:13.0844 4192 NisDrv - ok
04:41:13.0883 4192 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
04:41:13.0888 4192 NisSrv - ok
04:41:13.0922 4192 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
04:41:13.0926 4192 NlaSvc - ok
04:41:13.0948 4192 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
04:41:13.0950 4192 Npfs - ok
04:41:13.0955 4192 npggsvc - ok
04:41:13.0964 4192 NPPTNT2 - ok
04:41:13.0985 4192 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
04:41:13.0987 4192 nsi - ok
04:41:14.0013 4192 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
04:41:14.0014 4192 nsiproxy - ok
04:41:14.0084 4192 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
04:41:14.0108 4192 Ntfs - ok
04:41:14.0128 4192 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
04:41:14.0129 4192 Null - ok
04:41:14.0161 4192 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
04:41:14.0163 4192 nvraid - ok
04:41:14.0189 4192 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
04:41:14.0190 4192 nvstor - ok
04:41:14.0220 4192 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
04:41:14.0223 4192 nv_agp - ok
04:41:14.0232 4192 NwlnkFlt - ok
04:41:14.0237 4192 NwlnkFwd - ok
04:41:14.0297 4192 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:41:14.0304 4192 odserv - ok
04:41:14.0328 4192 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
04:41:14.0331 4192 ohci1394 - ok
04:41:14.0374 4192 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:41:14.0377 4192 ose - ok
04:41:14.0434 4192 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
04:41:14.0449 4192 p2pimsvc - ok
04:41:14.0517 4192 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
04:41:14.0525 4192 p2psvc - ok
04:41:14.0557 4192 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
04:41:14.0560 4192 Parport - ok
04:41:14.0593 4192 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
04:41:14.0595 4192 partmgr - ok
04:41:14.0626 4192 [ 18B6869E23937175144E6F1D3CB85FC2 ] PCASp50a64 C:\Windows\system32\Drivers\PCASp50a64.sys
04:41:14.0640 4192 PCASp50a64 - ok
04:41:14.0667 4192 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
04:41:14.0670 4192 PcaSvc - ok
04:41:14.0704 4192 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
04:41:14.0707 4192 pci - ok
04:41:14.0728 4192 [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide C:\Windows\system32\drivers\pciide.sys
04:41:14.0730 4192 pciide - ok
04:41:14.0766 4192 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
04:41:14.0770 4192 pcmcia - ok
04:41:14.0806 4192 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
04:41:14.0817 4192 PEAUTH - ok
04:41:14.0890 4192 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
04:41:14.0891 4192 PerfHost - ok
04:41:14.0957 4192 [ 1008964FF95D631C8860DD7EF226B082 ] PfFilter C:\Program Files (x86)\IObit\Password Folder\pffilter.sys
04:41:14.0958 4192 PfFilter - ok
04:41:15.0015 4192 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
04:41:15.0037 4192 pla - ok
04:41:15.0082 4192 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
04:41:15.0089 4192 PlugPlay - ok
04:41:15.0123 4192 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
04:41:15.0130 4192 PNRPAutoReg - ok
04:41:15.0144 4192 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
04:41:15.0153 4192 PNRPsvc - ok
04:41:15.0182 4192 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
04:41:15.0191 4192 PolicyAgent - ok
04:41:15.0228 4192 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
04:41:15.0230 4192 PptpMiniport - ok
04:41:15.0273 4192 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
04:41:15.0274 4192 Processor - ok
04:41:15.0323 4192 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
04:41:15.0328 4192 ProfSvc - ok
04:41:15.0359 4192 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
04:41:15.0360 4192 ProtectedStorage - ok
04:41:15.0394 4192 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
04:41:15.0397 4192 PSched - ok
04:41:15.0448 4192 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
04:41:15.0467 4192 ql2300 - ok
04:41:15.0500 4192 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
04:41:15.0502 4192 ql40xx - ok
04:41:15.0529 4192 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
04:41:15.0535 4192 QWAVE - ok
04:41:15.0555 4192 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
04:41:15.0557 4192 QWAVEdrv - ok
04:41:15.0608 4192 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
04:41:15.0612 4192 RapiMgr - ok
04:41:15.0634 4192 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
04:41:15.0636 4192 RasAcd - ok
04:41:15.0672 4192 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
04:41:15.0676 4192 RasAuto - ok
04:41:15.0724 4192 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
04:41:15.0727 4192 Rasl2tp - ok
04:41:15.0754 4192 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
04:41:15.0761 4192 RasMan - ok
04:41:15.0787 4192 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
04:41:15.0789 4192 RasPppoe - ok
04:41:15.0825 4192 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
04:41:15.0827 4192 RasSstp - ok
04:41:15.0869 4192 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
04:41:15.0874 4192 rdbss - ok
04:41:15.0903 4192 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
04:41:15.0904 4192 RDPCDD - ok
04:41:15.0946 4192 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
04:41:15.0953 4192 rdpdr - ok
04:41:15.0959 4192 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
04:41:15.0961 4192 RDPENCDD - ok
04:41:16.0011 4192 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
04:41:16.0015 4192 RDPWD - ok
04:41:16.0063 4192 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
04:41:16.0069 4192 Recovery Service for Windows - ok
04:41:16.0110 4192 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
04:41:16.0113 4192 RemoteAccess - ok
04:41:16.0151 4192 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
04:41:16.0156 4192 RemoteRegistry - ok
04:41:16.0232 4192 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
04:41:16.0236 4192 RichVideo - ok
04:41:16.0257 4192 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
04:41:16.0259 4192 RpcLocator - ok
04:41:16.0303 4192 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
04:41:16.0310 4192 RpcSs - ok
04:41:16.0328 4192 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
04:41:16.0330 4192 rspndr - ok
04:41:16.0360 4192 [ 170A66DFAAA22358E08D6F4B38C8F3DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
04:41:16.0364 4192 RTL8169 - ok
04:41:16.0395 4192 [ 4AD8464FECE8EBE276D4A7D75E418452 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
04:41:16.0397 4192 RTSTOR - ok
04:41:16.0425 4192 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
04:41:16.0427 4192 SamSs - ok
04:41:16.0452 4192 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
04:41:16.0455 4192 sbp2port - ok
04:41:16.0492 4192 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
04:41:16.0497 4192 SCardSvr - ok
04:41:16.0545 4192 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
04:41:16.0559 4192 Schedule - ok
04:41:16.0595 4192 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
04:41:16.0596 4192 SCPolicySvc - ok
04:41:16.0639 4192 [ 490B0B68BB938D5C628EC4A67277BE75 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
04:41:16.0640 4192 ScreamBAudioSvc - ok
04:41:16.0686 4192 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
04:41:16.0688 4192 sdbus - ok
04:41:16.0726 4192 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
04:41:16.0729 4192 SDRSVC - ok
04:41:16.0750 4192 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
04:41:16.0752 4192 secdrv - ok
04:41:16.0764 4192 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
04:41:16.0766 4192 seclogon - ok
04:41:16.0787 4192 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
04:41:16.0791 4192 SENS - ok
04:41:16.0825 4192 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
04:41:16.0827 4192 Serenum - ok
04:41:16.0845 4192 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
04:41:16.0847 4192 Serial - ok
04:41:16.0898 4192 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
04:41:16.0899 4192 sermouse - ok
04:41:16.0950 4192 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
04:41:16.0954 4192 SessionEnv - ok
04:41:17.0005 4192 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
04:41:17.0006 4192 sffdisk - ok
04:41:17.0020 4192 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
04:41:17.0022 4192 sffp_mmc - ok
04:41:17.0032 4192 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
04:41:17.0033 4192 sffp_sd - ok
04:41:17.0048 4192 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
04:41:17.0049 4192 sfloppy - ok
04:41:17.0118 4192 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
04:41:17.0125 4192 SharedAccess - ok
04:41:17.0182 4192 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:41:17.0188 4192 ShellHWDetection - ok
04:41:17.0207 4192 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
04:41:17.0209 4192 SiSRaid2 - ok
04:41:17.0236 4192 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
04:41:17.0238 4192 SiSRaid4 - ok
04:41:17.0281 4192 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
04:41:17.0283 4192 SkypeUpdate - ok
04:41:17.0373 4192 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
04:41:17.0411 4192 slsvc - ok
04:41:17.0449 4192 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
04:41:17.0452 4192 SLUINotify - ok
04:41:17.0487 4192 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
04:41:17.0489 4192 Smb - ok
04:41:17.0510 4192 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
04:41:17.0513 4192 SNMPTRAP - ok
04:41:17.0546 4192 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
04:41:17.0547 4192 spldr - ok
04:41:17.0590 4192 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
04:41:17.0598 4192 Spooler - ok
04:41:17.0639 4192 [ 4B3F898DC1378CED2F35D04E5B0CE0DF ] sptd C:\Windows\System32\Drivers\sptd.sys
04:41:17.0639 4192 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4B3F898DC1378CED2F35D04E5B0CE0DF
04:41:17.0641 4192 sptd ( LockedFile.Multi.Generic ) - warning
04:41:17.0642 4192 sptd - detected LockedFile.Multi.Generic (1)
04:41:17.0674 4192 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
04:41:17.0682 4192 srv - ok
04:41:17.0724 4192 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
04:41:17.0728 4192 srv2 - ok
04:41:17.0745 4192 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
04:41:17.0748 4192 srvnet - ok
04:41:17.0772 4192 [ 1612881760C9DF7FBB09B6CF1D3BA0DF ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
04:41:17.0775 4192 sscdbus - ok
04:41:17.0817 4192 [ D7803A687E85189EA2B525CC22093521 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
04:41:17.0819 4192 sscdmdfl - ok
04:41:17.0873 4192 [ 06DB3D5EB2444083C7F5AF7874765505 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
04:41:17.0876 4192 sscdmdm - ok
04:41:17.0916 4192 [ 23EBB395609D9CDB8B1074A12254119B ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys
04:41:17.0918 4192 sscdserd - ok
04:41:17.0966 4192 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
04:41:17.0970 4192 SSDPSRV - ok
04:41:17.0988 4192 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
04:41:17.0993 4192 SstpSvc - ok
04:41:18.0034 4192 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
04:41:18.0036 4192 StillCam - ok
04:41:18.0062 4192 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
04:41:18.0073 4192 stisvc - ok
04:41:18.0101 4192 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
04:41:18.0103 4192 swenum - ok
04:41:18.0151 4192 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
04:41:18.0161 4192 swprv - ok
04:41:18.0174 4192 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
04:41:18.0176 4192 Symc8xx - ok
04:41:18.0194 4192 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
04:41:18.0196 4192 Sym_hi - ok
04:41:18.0213 4192 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
04:41:18.0215 4192 Sym_u3 - ok
04:41:18.0247 4192 [ E33B57C4AA60288E9971277D88CE9B67 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
04:41:18.0254 4192 SynTP - ok
04:41:18.0297 4192 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
04:41:18.0312 4192 SysMain - ok
04:41:18.0335 4192 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:41:18.0338 4192 TabletInputService - ok
04:41:18.0377 4192 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
04:41:18.0379 4192 taphss - ok
04:41:18.0420 4192 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
04:41:18.0426 4192 TapiSrv - ok
04:41:18.0436 4192 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
04:41:18.0439 4192 TBS - ok
04:41:18.0493 4192 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
04:41:18.0514 4192 Tcpip - ok
04:41:18.0537 4192 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
04:41:18.0549 4192 Tcpip6 - ok
04:41:18.0569 4192 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
04:41:18.0571 4192 tcpipreg - ok
04:41:18.0605 4192 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
04:41:18.0606 4192 TDPIPE - ok
04:41:18.0622 4192 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
04:41:18.0624 4192 TDTCP - ok
04:41:18.0655 4192 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
04:41:18.0657 4192 tdx - ok
04:41:18.0747 4192 [ 839E88DB24D2D8F05B72E12B175951CA ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
04:41:18.0778 4192 TeamViewer6 - ok
04:41:18.0813 4192 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
04:41:18.0815 4192 TermDD - ok
04:41:18.0857 4192 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
04:41:18.0867 4192 TermService - ok
04:41:18.0882 4192 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
04:41:18.0886 4192 Themes - ok
04:41:18.0914 4192 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
04:41:18.0915 4192 THREADORDER - ok
04:41:18.0937 4192 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
04:41:18.0941 4192 TrkWks - ok
04:41:18.0988 4192 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:41:18.0989 4192 TrustedInstaller - ok
04:41:19.0040 4192 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
04:41:19.0041 4192 tssecsrv - ok
04:41:19.0068 4192 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
04:41:19.0070 4192 tunmp - ok
04:41:19.0105 4192 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
04:41:19.0106 4192 tunnel - ok
04:41:19.0145 4192 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
04:41:19.0147 4192 uagp35 - ok
04:41:19.0189 4192 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
04:41:19.0196 4192 udfs - ok
04:41:19.0227 4192 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
04:41:19.0230 4192 UI0Detect - ok
04:41:19.0269 4192 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
04:41:19.0271 4192 uliagpkx - ok
04:41:19.0324 4192 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
04:41:19.0329 4192 uliahci - ok
04:41:19.0350 4192 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
04:41:19.0352 4192 UlSata - ok
04:41:19.0360 4192 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
04:41:19.0364 4192 ulsata2 - ok
04:41:19.0381 4192 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
04:41:19.0382 4192 umbus - ok
04:41:19.0418 4192 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
04:41:19.0427 4192 upnphost - ok
04:41:19.0471 4192 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
04:41:19.0473 4192 USBAAPL64 - ok
04:41:19.0510 4192 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
04:41:19.0512 4192 usbaudio - ok
04:41:19.0536 4192 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
04:41:19.0538 4192 usbccgp - ok
04:41:19.0565 4192 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
04:41:19.0567 4192 usbcir - ok
04:41:19.0590 4192 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
04:41:19.0591 4192 usbehci - ok
04:41:19.0619 4192 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
04:41:19.0624 4192 usbhub - ok
04:41:19.0647 4192 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
04:41:19.0649 4192 usbohci - ok
04:41:19.0686 4192 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
04:41:19.0687 4192 usbprint - ok
04:41:19.0738 4192 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
04:41:19.0739 4192 usbscan - ok
04:41:19.0777 4192 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:41:19.0779 4192 USBSTOR - ok
04:41:19.0827 4192 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
04:41:19.0830 4192 usbuhci - ok
04:41:19.0878 4192 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
04:41:19.0881 4192 usbvideo - ok
04:41:19.0913 4192 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
04:41:19.0916 4192 UxSms - ok
04:41:19.0964 4192 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
04:41:19.0973 4192 vds - ok
04:41:20.0017 4192 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
04:41:20.0018 4192 vga - ok
04:41:20.0045 4192 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
04:41:20.0047 4192 VgaSave - ok
04:41:20.0079 4192 [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide C:\Windows\system32\drivers\viaide.sys
04:41:20.0081 4192 viaide - ok
04:41:20.0109 4192 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
04:41:20.0111 4192 volmgr - ok
04:41:20.0142 4192 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
04:41:20.0149 4192 volmgrx - ok
04:41:20.0184 4192 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
04:41:20.0188 4192 volsnap - ok
04:41:20.0210 4192 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
04:41:20.0213 4192 vsmraid - ok
04:41:20.0293 4192 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
04:41:20.0314 4192 VSS - ok
04:41:20.0404 4192 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
04:41:20.0412 4192 W32Time - ok
04:41:20.0433 4192 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
04:41:20.0435 4192 WacomPen - ok
04:41:20.0457 4192 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
04:41:20.0460 4192 Wanarp - ok
04:41:20.0468 4192 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
04:41:20.0469 4192 Wanarpv6 - ok
04:41:20.0493 4192 [ ECEB715BECE47E101DDEC06B11126066 ] wanatw C:\Windows\system32\DRIVERS\wanatw64.sys
04:41:20.0495 4192 wanatw - ok
04:41:20.0532 4192 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
04:41:20.0539 4192 WcesComm - ok
04:41:20.0583 4192 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
04:41:20.0593 4192 wcncsvc - ok
04:41:20.0617 4192 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:41:20.0620 4192 WcsPlugInService - ok
04:41:20.0646 4192 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
04:41:20.0647 4192 Wd - ok
04:41:20.0686 4192 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
04:41:20.0700 4192 Wdf01000 - ok
04:41:20.0718 4192 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
04:41:20.0722 4192 WdiServiceHost - ok
04:41:20.0727 4192 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
04:41:20.0729 4192 WdiSystemHost - ok
04:41:20.0763 4192 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
04:41:20.0769 4192 WebClient - ok
04:41:20.0804 4192 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
04:41:20.0809 4192 Wecsvc - ok
04:41:20.0837 4192 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
04:41:20.0841 4192 wercplsupport - ok
04:41:20.0867 4192 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
04:41:20.0871 4192 WerSvc - ok
04:41:20.0946 4192 [ 590812DD01A4FE83C6E92FDB701E59A6 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
04:41:20.0957 4192 winachsf - ok
04:41:20.0992 4192 WinDefend - ok
04:41:20.0999 4192 WinHttpAutoProxySvc - ok
04:41:21.0059 4192 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
04:41:21.0062 4192 Winmgmt - ok
04:41:21.0136 4192 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys
04:41:21.0149 4192 WinRing0_1_2_0 - ok
04:41:21.0239 4192 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
04:41:21.0268 4192 WinRM - ok
04:41:21.0318 4192 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
04:41:21.0319 4192 winusb - ok
04:41:21.0369 4192 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
04:41:21.0381 4192 Wlansvc - ok
04:41:21.0410 4192 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
04:41:21.0411 4192 WmiAcpi - ok
04:41:21.0455 4192 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
04:41:21.0458 4192 wmiApSrv - ok
04:41:21.0490 4192 WMPNetworkSvc - ok
04:41:21.0515 4192 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
04:41:21.0520 4192 WPCSvc - ok
04:41:21.0538 4192 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
04:41:21.0542 4192 WPDBusEnum - ok
04:41:21.0574 4192 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
04:41:21.0576 4192 WpdUsb - ok
04:41:21.0698 4192 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
04:41:21.0714 4192 WPFFontCache_v0400 - ok
04:41:21.0737 4192 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
04:41:21.0740 4192 ws2ifsl - ok
04:41:21.0780 4192 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
04:41:21.0784 4192 wscsvc - ok
04:41:21.0791 4192 WSearch - ok
04:41:21.0936 4192 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
04:41:21.0992 4192 wuauserv - ok
04:41:22.0030 4192 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
04:41:22.0032 4192 WUDFRd - ok
04:41:22.0081 4192 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
04:41:22.0085 4192 wudfsvc - ok
04:41:22.0261 4192 X6va001 - ok
04:41:22.0269 4192 X6va002 - ok
04:41:22.0278 4192 X6va003 - ok
04:41:22.0368 4192 [ F22E443518BC599D12888DAF292A56D8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
04:41:22.0370 4192 XAudio - ok
04:41:22.0393 4192 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
04:41:22.0399 4192 XAudioService - ok
04:41:22.0473 4192 [ DA1C23F65EF1894AB5B6FF79D81F544A ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
04:41:22.0486 4192 xnacc - ok
04:41:22.0535 4192 [ 47AEA795C67B7440E60D1F7542CB3D38 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
04:41:22.0537 4192 xusb21 - ok
04:41:22.0614 4192 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
04:41:22.0623 4192 YahooAUService - ok
04:41:22.0668 4192 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
04:41:22.0672 4192 yukonx64 - ok
04:41:22.0693 4192 ================ Scan global ===============================
04:41:22.0746 4192 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
04:41:22.0786 4192 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
04:41:22.0805 4192 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
04:41:22.0840 4192 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
04:41:22.0848 4192 [Global] - ok
04:41:22.0848 4192 ================ Scan MBR ==================================
04:41:22.0858 4192 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0
04:41:23.0231 4192 \Device\Harddisk0\DR0 - ok
04:41:23.0231 4192 ================ Scan VBR ==================================
04:41:23.0235 4192 [ 975C894EDD0AA863996712BA5223A018 ] \Device\Harddisk0\DR0\Partition1
04:41:23.0236 4192 \Device\Harddisk0\DR0\Partition1 - ok
04:41:23.0245 4192 [ 98E1A58F1ADEF27341D9EA42E0864D86 ] \Device\Harddisk0\DR0\Partition2
04:41:23.0246 4192 \Device\Harddisk0\DR0\Partition2 - ok
04:41:23.0247 4192 ============================================================
04:41:23.0247 4192 Scan finished
04:41:23.0247 4192 ============================================================
04:41:23.0259 5076 Detected object count: 1
04:41:23.0260 5076 Actual detected object count: 1

#4 Aleph

Aleph
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 October 2012 - 07:04 AM

aswMBR is still scanning, MSE found a Sirefef.P just now, but only that one. Should I let TDSSKiller delete that file that it found? Actually, should I let all those programs delete the things they find? Or only post the log?

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:34 AM

Posted 23 October 2012 - 07:07 AM

Just post the logs.Remove the threats detected by ESET scanner alone.

#6 Aleph

Aleph
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 October 2012 - 07:50 AM

aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-23 04:44:01
-----------------------------
04:44:01.313 OS Version: Windows x64 6.0.6002 Service Pack 2
04:44:01.314 Number of processors: 2 586 0x170A
04:44:01.314 ComputerName: PC-13357 UserName: Adam
04:44:02.876 Initialize success
04:44:49.176 AVAST engine defs: 12102300
04:44:52.661 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
04:44:52.664 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OCA0G Size: 305245MB BusType: 3
04:44:52.682 Disk 0 MBR read successfully
04:44:52.685 Disk 0 MBR scan
04:44:52.690 Disk 0 unknown MBR code
04:44:52.694 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 292665 MB offset 2048
04:44:52.744 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12576 MB offset 599379968
04:44:52.802 Disk 0 scanning C:\Windows\system32\drivers
04:45:18.285 Service scanning
04:45:36.376 Service MpKsle5e5f3e9 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BECF9297-21F8-4A89-8E3D-DDEF904D9D0D}\MpKsle5e5f3e9.sys **LOCKED** 32
04:46:00.810 Modules scanning
04:46:00.818 Disk 0 trace - called modules:
04:46:00.844 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80040e12c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
04:46:00.852 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005c3e280]
04:46:00.858 3 CLASSPNP.SYS[fffffa60007d2c33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c3a590]
04:46:00.863 \Driver\atapi[0xfffffa8004c04060] -> IRP_MJ_CREATE -> 0xfffffa80040e12c0
04:46:02.214 AVAST engine scan C:\Windows
04:46:06.626 AVAST engine scan C:\Windows\system32
04:52:10.501 AVAST engine scan C:\Windows\system32\drivers
04:52:45.786 AVAST engine scan C:\Users\Adam
05:36:18.131 AVAST engine scan C:\ProgramData
05:48:07.140 Scan finished successfully
05:49:34.588 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
05:49:34.685 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"

#7 Aleph

Aleph
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 October 2012 - 02:42 PM

And finally ESET found

C:\Users\Adam\AppData\Local\Temp\013a80f8358d.exe Win32/Sirefef.EV trojan cleaned by deleting - quarantined

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:34 AM

Posted 23 October 2012 - 07:54 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#9 Aleph

Aleph
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 October 2012 - 10:44 PM

Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.23.10

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Adam :: PC-13357 [administrator]

Protection: Enabled

10/23/2012 6:38:38 PM
mbam-log-2012-10-23 (18-38-38).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 550708
Time elapsed: 2 hour(s), 3 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 Aleph

Aleph
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 October 2012 - 10:48 PM

Mini Toolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Adam (administrator) on 23-10-2012 at 20:46:02
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "searchap.untd.com,127.0.0.1,localhost,*microsoft.com,*windowsupdate.com,*wustat.windows.com,*test-speed.com,liveupdate.symantecliveupdate.com,*symantec.com,*.nai.com,*.networkassociates.com,cf.netzero.net,qs.netzero.net,*.quicken.com,*.pogo.com,localhost,127.0.0.1"

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)
Atheros AR5009 802.11a/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="ethernet_9" nexthop=5.0.0.1
set interface interface="ethernet_9" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : PC-13357
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5009 802.11a/g/n WiFi Adapter
Physical Address. . . . . . . . . : 00-26-5E-66-8A-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1F-16-E1-2E-3C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4808:cf2c:4053:9e5e%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, October 23, 2012 3:40:57 AM
Lease Expires . . . . . . . . . . : Tuesday, October 23, 2012 9:41:31 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 167780118
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-02-0E-92-00-26-5E-66-8A-50
DNS Servers . . . . . . . . . . . : 68.190.192.35
71.9.127.107
24.205.224.36
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{BE45115E-29E5-4C35-B0AD-BAF8B31BCF6A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0E98E87D-2B9E-4EE9-91B4-C640D7D3740C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:40f:2ea0:3f57:fff8(Preferred)
Link-local IPv6 Address . . . . . : fe80::40f:2ea0:3f57:fff8%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vip01rvsdca.rvsd.ca.charter.com
Address: 68.190.192.35

Name: google.com
Addresses: 2001:4860:4007:801::1001
74.125.224.198
74.125.224.200
74.125.224.192
74.125.224.199
74.125.224.193
74.125.224.197
74.125.224.196
74.125.224.195
74.125.224.206
74.125.224.194
74.125.224.201



Pinging google.com [74.125.224.225] with 32 bytes of data:

Reply from 74.125.224.225: bytes=32 time=16ms TTL=55

Reply from 74.125.224.225: bytes=32 time=20ms TTL=55



Ping statistics for 74.125.224.225:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 20ms, Average = 18ms

Server: vip01rvsdca.rvsd.ca.charter.com
Address: 68.190.192.35

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:

Reply from 72.30.38.140: bytes=32 time=41ms TTL=52

Reply from 72.30.38.140: bytes=32 time=41ms TTL=50



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 41ms, Maximum = 41ms, Average = 41ms

Server: vip01rvsdca.rvsd.ca.charter.com
Address: 68.190.192.35

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=14ms TTL=128

Reply from 127.0.0.1: bytes=32 time=4ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 4ms, Maximum = 14ms, Average = 9ms

===========================================================================
Interface List
13 ...00 26 5e 66 8a 50 ...... Atheros AR5009 802.11a/g/n WiFi Adapter
10 ...00 1f 16 e1 2e 3c ...... Realtek PCIe FE Family Controller
1 ........................... Software Loopback Interface 1
20 ...00 00 00 00 00 00 00 e0 isatap.{BE45115E-29E5-4C35-B0AD-BAF8B31BCF6A}
21 ...00 00 00 00 00 00 00 e0 isatap.{0E98E87D-2B9E-4EE9-91B4-C640D7D3740C}
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.7 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.7 276
192.168.0.7 255.255.255.255 On-link 192.168.0.7 276
192.168.0.255 255.255.255.255 On-link 192.168.0.7 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.7 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.7 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:4137:9e76:40f:2ea0:3f57:fff8/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
11 266 fe80::40f:2ea0:3f57:fff8/128
On-link
10 276 fe80::4808:cf2c:4053:9e5e/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/23/2012 05:51:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/23/2012 05:51:11 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/23/2012 05:51:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/23/2012 03:32:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/23/2012 02:52:19 AM) (Source: MsiInstaller) (User: PC-13357)PC-13357
Description: Product: Windows Live ID Sign-in Assistant -- Error 1920. Service 'Windows Live ID Sign-in Assistant' (wlidsvc) failed to start. Verify that you have sufficient privileges to start system services.

Error: (10/23/2012 02:52:18 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x800706b5

Error: (10/23/2012 02:52:13 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x800706b5

Error: (10/23/2012 02:52:07 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x800706b5

Error: (10/23/2012 02:52:02 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x800706b5

Error: (10/23/2012 02:51:56 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x800706b5


System errors:
=============
Error: (10/23/2012 02:45:10 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (10/23/2012 02:45:10 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (10/23/2012 02:37:29 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (10/23/2012 02:37:29 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (10/23/2012 02:31:47 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (10/23/2012 02:31:47 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (10/23/2012 02:07:20 AM) (Source: Service Control Manager) (User: )
Description: Windows Search%%1053

Error: (10/23/2012 02:07:20 AM) (Source: Service Control Manager) (User: )
Description: 30000Windows Search

Error: (10/23/2012 02:07:20 AM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/21/2012 06:39:48 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.139.255.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

4Media MP4 to MP3 Converter 6 (Version: 6.0.2.0415)
Apple Mobile Device Support (Version: 5.2.0.6)
Bonjour (Version: 3.0.0.10)
Conexant HD Audio (Version: 4.58.0.0)
HDAUDIO Soft Data Fax Modem with SmartCP
Hex Workshop v6.7 (Version: 6.7.0.5247)
HP Officejet 4620 series Basic Device Software (Version: 26.0.784.0)
HP Officejet 4620 series Product Improvement Study (Version: 26.0.784.0)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.6.3.25)
Java™ 7 Update 1 (64-bit) (Version: 7.0.10)
magicJack (Version: 2.0.5703.3988)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
MPC-HC 1.6.2.4902 (64-bit) (Version: 1.6.2.4902)
Paint.NET v3.5.10 (Version: 3.60.0)
Pale Moon 15.2-x64 (x64 en-US) (Version: 15.2-x64)
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Synaptics Pointing Device Driver (Version: 11.1.3.0)
TeamSpeak 3 Client
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live MIME IFilter (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 79%
Total physical RAM: 3998.26 MB
Available physical RAM: 826.4 MB
Total Pagefile: 8173.78 MB
Available Pagefile: 4506.21 MB
Total Virtual: 4095.88 MB
Available Virtual: 3995.63 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:285.81 GB) (Free:18.35 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:12.28 GB) (Free:1.96 GB) NTFS
4 Drive f: (A-GA) (CDROM) (Total:3.93 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\PC-13357

Adam Administrator Guest

========================= Restore Points ==================================

08-10-2012 06:47:02 PC Decrapifier Restore Point
08-10-2012 20:14:58 Scheduled Checkpoint
09-10-2012 19:39:16 Windows Update
10-10-2012 08:18:02 Windows Update
13-10-2012 21:28:25 Windows Update
15-10-2012 06:17:19 Scheduled Checkpoint
15-10-2012 23:28:35 Scheduled Checkpoint
16-10-2012 23:00:13 Scheduled Checkpoint
17-10-2012 23:26:26 Windows Update
19-10-2012 05:11:23 Scheduled Checkpoint
21-10-2012 00:41:35 Scheduled Checkpoint
21-10-2012 05:40:25 Windows Update
21-10-2012 22:42:54 Scheduled Checkpoint
22-10-2012 20:23:20 Scheduled Checkpoint
23-10-2012 08:52:38 Installed DirectX
23-10-2012 08:53:33 Installed DirectX
23-10-2012 09:06:57 Windows Live Essentials
23-10-2012 09:15:22 Windows Live Essentials
23-10-2012 09:15:45 Installed DirectX
23-10-2012 09:16:48 Installed DirectX
23-10-2012 09:31:26 Windows Live Essentials
23-10-2012 09:31:55 Installed DirectX
23-10-2012 09:32:49 Installed DirectX
23-10-2012 09:37:11 Windows Live Essentials
23-10-2012 09:37:33 Installed DirectX
23-10-2012 09:38:22 Installed DirectX
23-10-2012 09:44:42 Windows Live Essentials
23-10-2012 09:45:12 Installed DirectX
23-10-2012 09:49:01 Installed DirectX

**** End of log ****

#11 Aleph

Aleph
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 October 2012 - 10:50 PM

Farbar Service Scanner

Farbar Service Scanner Version: 19-10-2012
Ran by Adam (administrator) on 23-10-2012 at 20:49:12
Running from "C:\Users\Adam\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2010-02-12 15:41] - [2009-04-11 00:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-26 04:02] - [2012-01-03 07:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-25 11:37] - [2012-03-30 05:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 20:32] - [2011-03-02 09:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2010-02-12 15:42] - [2009-04-11 00:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2010-02-12 15:41] - [2009-04-11 00:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2010-02-12 15:42] - [2009-04-11 00:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2010-02-12 15:40] - [2009-04-11 00:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2010-02-12 15:41] - [2009-04-11 00:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2010-02-12 15:42] - [2009-04-11 00:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2010-02-12 15:42] - [2009-04-11 00:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-10 01:16] - [2012-06-01 17:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-02-12 15:42] - [2009-04-11 00:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#12 Aleph

Aleph
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 October 2012 - 11:00 PM

Adware Cleaner (It made me restart for the log file)

# AdwCleaner v2.005 - Logfile created 10/23/2012 at 20:52:01
# Updated 14/10/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Adam - PC-13357
# Boot Mode : Normal
# Running from : C:\Users\Adam\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Deleted on reboot : C:\Program Files (x86)\Viewpoint
Deleted on reboot : C:\ProgramData\Viewpoint
Deleted on reboot : C:\Users\Adam\AppData\LocalLow\boost_interprocess
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\yab8h027.default\searchplugins\daemon-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://my.netzero.net/s/search?r=minisearch --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Page] = hxxp://my.netzero.net/s/search?r=minisearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://my.netzero.net/s/search?r=minisearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://my.netzero.net/s/search?r=minisearch --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://my.netzero.net/s/search?r=minisearch --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\yab8h027.default\prefs.js

C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\yab8h027.default\user.js ... Deleted !

Deleted : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Deleted : user_pref("surfcanyon.last_checked_ts", "1266945955305");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.62] : icon_url = "hxxp://www.daemon-search.com/favicon.ico",
Deleted [l.65] : keyword = "my.daemon-search.com",
Deleted [l.68] : search_url = "hxxp://www.daemon-search.com/search?q={searchTerms}",

*************************

AdwCleaner[S2].txt - [4421 octets] - [23/10/2012 20:52:01]

########## EOF - C:\AdwCleaner[S2].txt - [4481 octets] ##########

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:34 AM

Posted 23 October 2012 - 11:20 PM

Junkware tool log?

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#14 Aleph

Aleph
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 October 2012 - 11:33 PM

Junkware, sorry, it was taking awhile.

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.5 (10.23.2012)
OS: Windows ™ Vista Home Premium x64
Ran by Adam on Tue 10/23/2012 at 21:04:52.78
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired

Removed the following from [prefs.js] :

user_pref("extensions.fasterfox.addit.defaultAddons", "{ \"software\": {\"1\": {\"id\": \"1\",\"title\": \"Foxlingo\",\"type\": \"XPI\",\"url\": \"https://addons.mozilla.org/en-US/firefox/downloads/latest/2444/addon-2444-latest.xpi?src=external-addonfox\",\"xpi euid\": \"ef62e1ce-d2a4-4cdd-b7ec-92b120366b66\",\"xpi prefs\": \"foxlingo.fulllogo=false\",\"category\": \"Language\",\"is default\": \"1\",\"name\": \"FoxLingo\",\"description\": \"Web page and text translator, dictionary, grammar checker, text-to-speech, etc.\"},\"4\": {\"id\": \"4\",\"title\": \"SimilarWeb\",\"type\": \"XPI\",\"url\": \"https://addons.mozilla.org/eu/firefox/downloads/latest/10548/addon-10548-latest.xpi?src=external-addonfox\",\"xpi euid\": \"FirefoxAddon@similarWeb.com\",\"xpi prefs\": \"extensions.similarweb.isStatusbarBtnHidden=true,extensions.similarweb.enableSimilarProducts=false,similarweb.subid='Yo'\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"SimilarWeb\",\"description\": \"Instant access to the best sites related to the one you are browsing\"},\"7\": {\"id\": \"7\",\"title\": \"Billeo\",\"type\": \"XPI\",\"url\": \"https://addons.mozilla.org/en-US/firefox/downloads/file/92979/billeo-2.1.1.0-fx-win.xpi?confirmed=1&src=external-addonfox\",\"xpi euid\": \"4be68a18-deba-49e0-9e09-ee7796f3b62a\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"Billeo\",\"description\": \"Flags your search results where discounts and promotions are available\"},\"8\": {\"id\": \"8\",\"title\": \"PriceTrace\",\"type\": \"XPI\",\"url\": \"https://addons.mozilla.org/en-US/firefox/downloads/latest/13805/addon-13805-latest.xpi?src=external-addonfox\",\"xpi euid\": \"72938f90-8d8a-11de-8a39-0800200c9a66\",\"xpi prefs\": \"pricetrace.location='button',extensions.addonfox.collapseToolbar.pricetrace-toolbar=true\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"PriceTrace\",\"description\": \"Do price comparison between online stores like Amazon, Newegg, Walmart, etc.\"},\"11\": {\"id\": \"11\",\"title\": \"KwiClick\",\"type\": \"XPI\",\"url\": \"https://addons.mozilla.org/en-US/firefox/downloads/latest/5655/addon-5655-latest.xpi?src=external-addonfox\",\"xpi euid\": \"vinceturk@gmail.com\",\"xpi prefs\": \"extensions.kwiclick.channel.campaign='AddonFox',extensions.kwiclick.channel.content='AddonFox',extensions.kwiclick.channel.id='AddonFox',extensions.kwiclick.channel.cse='009607407620987551725:_9mmkwmj_40',extensions.kwiclick.channel.medium='cpa',extensions.kwiclick.channel.source='AddonFox',extensions.kwiclick.channel.set=true\",\"category\": \"Customization\",\"is default\": \"1\",\"name\": \"KwiClick\",\"description\": \"Delivers search results in a small popup window for any selected text\"},\"13\": {\"id\": \"13\",\"title\": \"PriceGong\",\"type\": \"XPI\",\"url\": \"http://www.radialsearch.com/downloads/pricegong.xpi\",\"xpi euid\": \"8A9386B4-E958-4c4c-ADF4-8F26DB3E4829\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"PriceGong\",\"description\": \"Compare prices for you when you shop online on e-commerce sites.\"},\"15\": {\"id\": \"15\",\"title\": \"Surf Canyon\",\"type\": \"XPI\",\"url\": \"https://addons.mozilla.org/en-US/firefox/downloads/latest/6549/addon-6549-latest.xpi?src=external-addonfox\",\"xpi euid\": \"75623d5d-4683-402a-b610-ac4bab767c86\",\"xpi prefs\": \"surfcanyon.inst_id=XPI_PREF_FUNCTION:random#16,surfcanyon.inst_timestamp=XPI_PREF_FUNCTION:time,surfcanyon.partner_code='AFA'\",\"category\": \"Customization\",\"is default\": \"1\",\"name\": \"SurfCanyon\",\"description\": \"Improve relevancy by up to 40% on Google, Bing, Yahoo! and Craigslist\"},\"16\": {\"id\": \"16\",\"title\": \"Kikin\",\"type\": \"EXE\",\"url\": \"http://www.kikin.com/download/linkular/2_8_4/kikin_installer_2.8.4_linkular.exe\",\"exe args\": \"/S\",\"category\": \"General\",\"is default\": \"1\",\"name\": \"Kikin\",\"terms\": \"http://kikin.com/terms\",\"description\": \"Get posts, tweets, friend updates, and videos from popular sites while browsing\"},\"18\": {\"id\": \"18\",\"title\": \"SpeedUpMyPC\",\"type\": \"EXE\",\"url\": \"http://www.radialsearch.com/downloads/speedupmypc.exe\",\"exe args\": \"/VERYSILENT /LANG=English\",\"category\": \"Customization\",\"is default\": \"1\",\"name\": \"SpeedUpMyPC\",\"description\": \"Performance scan which gives a complete diagnosis of your PC\"},\"23\": {\"id\": \"23\",\"title\": \"Preton\",\"type\": \"EXE\",\"url\": \"http://www.preton.com/Downloads/HomeStandard/Link/PretonSaverHomeEdition64.exe\",\"exe args\": \"/s /v/qn\",\"category\": \"Customization\",\"is default\": \"1\",\"name\": \"Preton64\",\"description\": \"Lower your home printing costs without compromising on quality\"},\"24\": {\"id\": \"24\",\"title\": \"WhiteSmoke\",\"type\": \"EXE\",\"url\": \"http://get.whitesmoke.com/silentinstalls/writer-zugo-silent.9024.exe\",\"category\": \"Language\",\"is default\": \"1\",\"name\": \"WhiteSmokeUS\",\"description\": \"English grammar checker, dictionary, and translator (with homepage & search)\"}}}");


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Tue 10/23/2012 at 21:26:47.15
End of Report

#15 Aleph

Aleph
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 23 October 2012 - 11:35 PM

RKill

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/23/2012 09:34:14 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Adam\Desktop\rkill\rkill-10-23-2012-09-34-17.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 10/23/2012 09:34:29 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users