Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple problems: google link redirection and ads and music playing randomly on pc


  • Please log in to reply
20 replies to this topic

#1 ajwright

ajwright

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 June 2012 - 02:55 PM

What sounds like radio commercials have been playing on my computer randomly since this morning. I attempted to search for help using Google Search, any link that I clicked sent me to random websites. Norton and Microsoft Malware Remover have been run and neither have shown any viruses.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:11 PM

Posted 20 June 2012 - 03:13 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Please do not run any other scans unless instructed

#3 ajwright

ajwright
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 June 2012 - 03:55 PM

13:18:46.0974 1536 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
13:18:47.0348 1536 ============================================================
13:18:47.0348 1536 Current date / time: 2012/06/20 13:18:47.0348
13:18:47.0348 1536 SystemInfo:
13:18:47.0348 1536
13:18:47.0348 1536 OS Version: 6.1.7601 ServicePack: 1.0
13:18:47.0348 1536 Product type: Workstation
13:18:47.0348 1536 ComputerName: SCHEDULEGV-PC
13:18:47.0348 1536 UserName: ScheduleGV
13:18:47.0348 1536 Windows directory: C:\Windows
13:18:47.0348 1536 System windows directory: C:\Windows
13:18:47.0348 1536 Running under WOW64
13:18:47.0348 1536 Processor architecture: Intel x64
13:18:47.0348 1536 Number of processors: 2
13:18:47.0348 1536 Page size: 0x1000
13:18:47.0348 1536 Boot type: Normal boot
13:18:47.0348 1536 ============================================================
13:18:47.0941 1536 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:18:47.0957 1536 ============================================================
13:18:47.0957 1536 \Device\Harddisk0\DR0:
13:18:47.0957 1536 MBR partitions:
13:18:47.0957 1536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x3148000
13:18:47.0957 1536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x315C000, BlocksNum 0x37228000
13:18:47.0957 1536 ============================================================
13:18:48.0003 1536 C: <-> \Device\Harddisk0\DR0\Partition1
13:18:48.0003 1536 ============================================================
13:18:48.0003 1536 Initialize success
13:18:48.0003 1536 ============================================================
13:19:11.0669 3260 ============================================================
13:19:11.0669 3260 Scan started
13:19:11.0669 3260 Mode: Manual; TDLFS;
13:19:11.0669 3260 ============================================================
13:19:12.0293 3260 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:19:12.0293 3260 1394ohci - ok
13:19:12.0324 3260 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:19:12.0324 3260 ACPI - ok
13:19:12.0324 3260 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:19:12.0324 3260 AcpiPmi - ok
13:19:12.0355 3260 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:19:12.0355 3260 adp94xx - ok
13:19:12.0371 3260 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:19:12.0371 3260 adpahci - ok
13:19:12.0386 3260 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:19:12.0386 3260 adpu320 - ok
13:19:12.0402 3260 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:19:12.0402 3260 AeLookupSvc - ok
13:19:12.0464 3260 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:19:12.0464 3260 AFD - ok
13:19:12.0480 3260 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:19:12.0480 3260 agp440 - ok
13:19:12.0495 3260 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:19:12.0495 3260 ALG - ok
13:19:12.0511 3260 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:19:12.0511 3260 aliide - ok
13:19:12.0527 3260 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:19:12.0527 3260 amdide - ok
13:19:12.0542 3260 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:19:12.0542 3260 AmdK8 - ok
13:19:12.0558 3260 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:19:12.0558 3260 AmdPPM - ok
13:19:12.0573 3260 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:19:12.0573 3260 amdsata - ok
13:19:12.0589 3260 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:19:12.0605 3260 amdsbs - ok
13:19:12.0605 3260 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:19:12.0605 3260 amdxata - ok
13:19:12.0667 3260 Amsp (e8494519bcb9e3b1b72e5604993a76e3) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
13:19:12.0667 3260 Amsp - ok
13:19:12.0698 3260 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:19:12.0698 3260 AppID - ok
13:19:12.0714 3260 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:19:12.0729 3260 AppIDSvc - ok
13:19:12.0761 3260 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:19:12.0761 3260 Appinfo - ok
13:19:12.0792 3260 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:19:12.0792 3260 AppMgmt - ok
13:19:12.0823 3260 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:19:12.0823 3260 arc - ok
13:19:12.0839 3260 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:19:12.0839 3260 arcsas - ok
13:19:12.0932 3260 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:19:12.0963 3260 aspnet_state - ok
13:19:12.0979 3260 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:19:12.0979 3260 AsyncMac - ok
13:19:12.0995 3260 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:19:12.0995 3260 atapi - ok
13:19:13.0041 3260 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:19:13.0057 3260 AudioEndpointBuilder - ok
13:19:13.0057 3260 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:19:13.0073 3260 AudioSrv - ok
13:19:13.0088 3260 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:19:13.0088 3260 AxInstSV - ok
13:19:13.0119 3260 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:19:13.0135 3260 b06bdrv - ok
13:19:13.0166 3260 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:19:13.0166 3260 b57nd60a - ok
13:19:13.0213 3260 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:19:13.0213 3260 BDESVC - ok
13:19:13.0229 3260 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:19:13.0229 3260 Beep - ok
13:19:13.0260 3260 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:19:13.0275 3260 BITS - ok
13:19:13.0291 3260 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:19:13.0291 3260 blbdrive - ok
13:19:13.0322 3260 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:19:13.0322 3260 bowser - ok
13:19:13.0369 3260 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:19:13.0369 3260 BrFiltLo - ok
13:19:13.0369 3260 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:19:13.0369 3260 BrFiltUp - ok
13:19:13.0447 3260 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:19:13.0447 3260 Browser - ok
13:19:13.0463 3260 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:19:13.0478 3260 Brserid - ok
13:19:13.0478 3260 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:19:13.0478 3260 BrSerWdm - ok
13:19:13.0478 3260 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:19:13.0478 3260 BrUsbMdm - ok
13:19:13.0494 3260 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:19:13.0494 3260 BrUsbSer - ok
13:19:13.0509 3260 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:19:13.0509 3260 BTHMODEM - ok
13:19:13.0541 3260 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:19:13.0541 3260 bthserv - ok
13:19:13.0572 3260 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:19:13.0572 3260 cdfs - ok
13:19:13.0884 3260 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:19:13.0884 3260 cdrom - ok
13:19:13.0962 3260 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:19:13.0962 3260 CertPropSvc - ok
13:19:13.0962 3260 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:19:13.0962 3260 circlass - ok
13:19:13.0993 3260 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:19:14.0009 3260 CLFS - ok
13:19:14.0055 3260 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:14.0055 3260 clr_optimization_v2.0.50727_32 - ok
13:19:14.0102 3260 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:19:14.0102 3260 clr_optimization_v2.0.50727_64 - ok
13:19:14.0165 3260 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:19:14.0211 3260 clr_optimization_v4.0.30319_32 - ok
13:19:14.0243 3260 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:19:14.0243 3260 clr_optimization_v4.0.30319_64 - ok
13:19:14.0289 3260 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:19:14.0289 3260 CmBatt - ok
13:19:14.0289 3260 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:19:14.0289 3260 cmdide - ok
13:19:14.0352 3260 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:19:14.0352 3260 CNG - ok
13:19:14.0414 3260 CnxtHdAudService (5c855932e4df00b1b6f5f6f57e82b6c5) C:\Windows\system32\drivers\CHDRT64.sys
13:19:14.0430 3260 CnxtHdAudService - ok
13:19:14.0508 3260 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:19:14.0508 3260 Compbatt - ok
13:19:14.0523 3260 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:19:14.0523 3260 CompositeBus - ok
13:19:14.0539 3260 COMSysApp - ok
13:19:14.0539 3260 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:19:14.0539 3260 crcdisk - ok
13:19:14.0586 3260 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:19:14.0586 3260 CryptSvc - ok
13:19:14.0633 3260 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:19:14.0648 3260 CSC - ok
13:19:14.0679 3260 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:19:14.0695 3260 CscService - ok
13:19:14.0742 3260 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:19:14.0742 3260 DcomLaunch - ok
13:19:14.0789 3260 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:19:14.0789 3260 defragsvc - ok
13:19:14.0851 3260 DellDigitalDelivery (fc72d309e86e5caecbbbbc37f7be038d) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
13:19:14.0851 3260 DellDigitalDelivery - ok
13:19:14.0898 3260 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:19:14.0913 3260 DfsC - ok
13:19:14.0976 3260 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:19:14.0976 3260 Dhcp - ok
13:19:15.0007 3260 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:19:15.0007 3260 discache - ok
13:19:15.0038 3260 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:19:15.0038 3260 Disk - ok
13:19:15.0069 3260 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
13:19:15.0069 3260 dmvsc - ok
13:19:15.0101 3260 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:19:15.0101 3260 Dnscache - ok
13:19:15.0132 3260 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:19:15.0132 3260 dot3svc - ok
13:19:15.0147 3260 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:19:15.0147 3260 DPS - ok
13:19:15.0179 3260 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:19:15.0179 3260 drmkaud - ok
13:19:15.0210 3260 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:19:15.0225 3260 DXGKrnl - ok
13:19:15.0241 3260 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:19:15.0241 3260 EapHost - ok
13:19:15.0335 3260 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:19:15.0397 3260 ebdrv - ok
13:19:15.0459 3260 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:19:15.0459 3260 EFS - ok
13:19:15.0537 3260 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:19:15.0537 3260 ehRecvr - ok
13:19:15.0553 3260 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:19:15.0553 3260 ehSched - ok
13:19:15.0615 3260 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:19:15.0615 3260 elxstor - ok
13:19:15.0678 3260 EPSON_EB_RPCV4_04 (7c5bfaac8dce7292b0c04ebf892e71f9) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
13:19:15.0678 3260 EPSON_EB_RPCV4_04 - ok
13:19:15.0693 3260 EPSON_PM_RPCV4_04 (d4615670cd49a1679e6067f155c47c68) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
13:19:15.0693 3260 EPSON_PM_RPCV4_04 - ok
13:19:15.0709 3260 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:19:15.0725 3260 ErrDev - ok
13:19:15.0740 3260 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:19:15.0756 3260 EventSystem - ok
13:19:15.0771 3260 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:19:15.0771 3260 exfat - ok
13:19:15.0787 3260 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:19:15.0787 3260 fastfat - ok
13:19:15.0849 3260 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:19:15.0849 3260 Fax - ok
13:19:15.0849 3260 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:19:15.0849 3260 fdc - ok
13:19:15.0881 3260 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:19:15.0881 3260 fdPHost - ok
13:19:15.0896 3260 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:19:15.0896 3260 FDResPub - ok
13:19:15.0912 3260 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:19:15.0912 3260 FileInfo - ok
13:19:15.0927 3260 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:19:15.0927 3260 Filetrace - ok
13:19:15.0943 3260 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:19:15.0943 3260 flpydisk - ok
13:19:15.0959 3260 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:19:15.0959 3260 FltMgr - ok
13:19:16.0005 3260 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:19:16.0021 3260 FontCache - ok
13:19:16.0083 3260 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:19:16.0083 3260 FontCache3.0.0.0 - ok
13:19:16.0130 3260 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:19:16.0130 3260 FsDepends - ok
13:19:16.0161 3260 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:19:16.0161 3260 Fs_Rec - ok
13:19:16.0177 3260 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:19:16.0193 3260 fvevol - ok
13:19:16.0208 3260 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:19:16.0208 3260 gagp30kx - ok
13:19:16.0271 3260 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:19:16.0286 3260 gpsvc - ok
13:19:16.0349 3260 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:19:16.0349 3260 gupdate - ok
13:19:16.0364 3260 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:19:16.0364 3260 gupdatem - ok
13:19:16.0380 3260 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:19:16.0380 3260 gusvc - ok
13:19:16.0395 3260 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:19:16.0395 3260 hcw85cir - ok
13:19:16.0427 3260 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:19:16.0427 3260 HDAudBus - ok
13:19:16.0427 3260 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:19:16.0427 3260 HidBatt - ok
13:19:16.0442 3260 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:19:16.0442 3260 HidBth - ok
13:19:16.0458 3260 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:19:16.0458 3260 HidIr - ok
13:19:16.0473 3260 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:19:16.0489 3260 hidserv - ok
13:19:16.0505 3260 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:19:16.0505 3260 HidUsb - ok
13:19:16.0520 3260 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:19:16.0520 3260 hkmsvc - ok
13:19:16.0536 3260 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:19:16.0551 3260 HomeGroupListener - ok
13:19:16.0567 3260 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:19:16.0567 3260 HomeGroupProvider - ok
13:19:16.0598 3260 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:19:16.0598 3260 HpSAMD - ok
13:19:16.0629 3260 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:19:16.0645 3260 HTTP - ok
13:19:16.0661 3260 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:19:16.0661 3260 hwpolicy - ok
13:19:16.0692 3260 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:19:16.0692 3260 i8042prt - ok
13:19:16.0707 3260 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:19:16.0723 3260 iaStorV - ok
13:19:16.0801 3260 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:19:16.0817 3260 idsvc - ok
13:19:17.0113 3260 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:19:17.0269 3260 igfx - ok
13:19:17.0347 3260 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:19:17.0363 3260 iirsp - ok
13:19:17.0394 3260 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:19:17.0409 3260 IKEEXT - ok
13:19:17.0441 3260 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:19:17.0441 3260 IntcDAud - ok
13:19:17.0456 3260 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:19:17.0456 3260 intelide - ok
13:19:17.0487 3260 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:19:17.0487 3260 intelppm - ok
13:19:17.0519 3260 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:19:17.0519 3260 IPBusEnum - ok
13:19:17.0534 3260 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:19:17.0534 3260 IpFilterDriver - ok
13:19:17.0534 3260 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:19:17.0550 3260 IPMIDRV - ok
13:19:17.0581 3260 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:19:17.0581 3260 IPNAT - ok
13:19:17.0597 3260 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:19:17.0597 3260 IRENUM - ok
13:19:17.0597 3260 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:19:17.0597 3260 isapnp - ok
13:19:17.0628 3260 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:19:17.0628 3260 iScsiPrt - ok
13:19:17.0643 3260 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:19:17.0659 3260 kbdclass - ok
13:19:17.0659 3260 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:19:17.0659 3260 kbdhid - ok
13:19:17.0675 3260 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:19:17.0690 3260 KeyIso - ok
13:19:17.0706 3260 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:19:17.0706 3260 KSecDD - ok
13:19:17.0721 3260 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:19:17.0721 3260 KSecPkg - ok
13:19:17.0768 3260 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:19:17.0768 3260 ksthunk - ok
13:19:17.0799 3260 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:19:17.0799 3260 KtmRm - ok
13:19:17.0831 3260 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:19:17.0846 3260 LanmanServer - ok
13:19:17.0862 3260 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:19:17.0877 3260 LanmanWorkstation - ok
13:19:17.0893 3260 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:19:17.0893 3260 lltdio - ok
13:19:17.0924 3260 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:19:17.0940 3260 lltdsvc - ok
13:19:17.0987 3260 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:19:18.0002 3260 lmhosts - ok
13:19:18.0033 3260 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:19:18.0033 3260 LSI_FC - ok
13:19:18.0049 3260 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:19:18.0065 3260 LSI_SAS - ok
13:19:18.0080 3260 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:19:18.0080 3260 LSI_SAS2 - ok
13:19:18.0096 3260 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:19:18.0096 3260 LSI_SCSI - ok
13:19:18.0111 3260 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:19:18.0111 3260 luafv - ok
13:19:18.0127 3260 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:19:18.0143 3260 Mcx2Svc - ok
13:19:18.0143 3260 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:19:18.0143 3260 megasas - ok
13:19:18.0174 3260 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:19:18.0174 3260 MegaSR - ok
13:19:18.0205 3260 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:19:18.0205 3260 MEIx64 - ok
13:19:18.0221 3260 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:19:18.0221 3260 MMCSS - ok
13:19:18.0236 3260 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:19:18.0236 3260 Modem - ok
13:19:18.0267 3260 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:19:18.0267 3260 monitor - ok
13:19:18.0283 3260 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:19:18.0283 3260 mouclass - ok
13:19:18.0283 3260 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:19:18.0299 3260 mouhid - ok
13:19:18.0314 3260 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:19:18.0314 3260 mountmgr - ok
13:19:18.0330 3260 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
13:19:18.0330 3260 MpFilter - ok
13:19:18.0361 3260 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:19:18.0361 3260 mpio - ok
13:19:18.0377 3260 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:19:18.0377 3260 mpsdrv - ok
13:19:18.0392 3260 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:19:18.0392 3260 MRxDAV - ok
13:19:18.0408 3260 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:19:18.0408 3260 mrxsmb - ok
13:19:18.0439 3260 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:19:18.0439 3260 mrxsmb10 - ok
13:19:18.0455 3260 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:19:18.0455 3260 mrxsmb20 - ok
13:19:18.0470 3260 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:19:18.0470 3260 msahci - ok
13:19:18.0501 3260 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:19:18.0501 3260 msdsm - ok
13:19:18.0517 3260 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:19:18.0533 3260 MSDTC - ok
13:19:18.0548 3260 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:19:18.0548 3260 Msfs - ok
13:19:18.0548 3260 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:19:18.0564 3260 mshidkmdf - ok
13:19:18.0564 3260 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:19:18.0564 3260 msisadrv - ok
13:19:18.0579 3260 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:19:18.0595 3260 MSiSCSI - ok
13:19:18.0595 3260 msiserver - ok
13:19:18.0595 3260 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:19:18.0595 3260 MSKSSRV - ok
13:19:18.0611 3260 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:19:18.0611 3260 MSPCLOCK - ok
13:19:18.0611 3260 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:19:18.0611 3260 MSPQM - ok
13:19:18.0626 3260 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:19:18.0626 3260 MsRPC - ok
13:19:18.0642 3260 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:19:18.0642 3260 mssmbios - ok
13:19:18.0657 3260 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:19:18.0657 3260 MSTEE - ok
13:19:18.0657 3260 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:19:18.0657 3260 MTConfig - ok
13:19:18.0673 3260 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:19:18.0673 3260 Mup - ok
13:19:18.0689 3260 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:19:18.0704 3260 napagent - ok
13:19:18.0735 3260 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:19:18.0735 3260 NativeWifiP - ok
13:19:18.0782 3260 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
13:19:18.0782 3260 NDIS - ok
13:19:18.0813 3260 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:19:18.0813 3260 NdisCap - ok
13:19:18.0845 3260 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:19:18.0845 3260 NdisTapi - ok
13:19:18.0860 3260 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:19:18.0860 3260 Ndisuio - ok
13:19:18.0876 3260 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:19:18.0876 3260 NdisWan - ok
13:19:18.0891 3260 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:19:18.0891 3260 NDProxy - ok
13:19:18.0985 3260 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:19:18.0985 3260 NetBIOS - ok
13:19:19.0001 3260 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:19:19.0016 3260 NetBT - ok
13:19:19.0032 3260 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:19:19.0032 3260 Netlogon - ok
13:19:19.0079 3260 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:19:19.0079 3260 Netman - ok
13:19:19.0157 3260 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:19.0172 3260 NetMsmqActivator - ok
13:19:19.0172 3260 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:19.0172 3260 NetPipeActivator - ok
13:19:19.0203 3260 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:19:19.0203 3260 netprofm - ok
13:19:19.0203 3260 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:19.0219 3260 NetTcpActivator - ok
13:19:19.0219 3260 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:19:19.0219 3260 NetTcpPortSharing - ok
13:19:19.0281 3260 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
13:19:19.0297 3260 netvsc - ok
13:19:19.0328 3260 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:19:19.0328 3260 nfrd960 - ok
13:19:19.0344 3260 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:19:19.0359 3260 NisDrv - ok
13:19:19.0406 3260 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:19:19.0406 3260 NisSrv - ok
13:19:19.0453 3260 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:19:19.0469 3260 NlaSvc - ok
13:19:19.0578 3260 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
13:19:19.0625 3260 NOBU - ok
13:19:19.0703 3260 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:19:19.0703 3260 Npfs - ok
13:19:19.0718 3260 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:19:19.0718 3260 nsi - ok
13:19:19.0734 3260 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:19:19.0734 3260 nsiproxy - ok
13:19:19.0796 3260 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:19:19.0827 3260 Ntfs - ok
13:19:19.0890 3260 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:19:19.0890 3260 Null - ok
13:19:19.0921 3260 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:19:19.0921 3260 nvraid - ok
13:19:19.0937 3260 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:19:19.0937 3260 nvstor - ok
13:19:19.0968 3260 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:19:19.0968 3260 nv_agp - ok
13:19:19.0968 3260 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:19:19.0968 3260 ohci1394 - ok
13:19:20.0046 3260 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:19:20.0061 3260 ose - ok
13:19:20.0233 3260 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:19:20.0327 3260 osppsvc - ok
13:19:20.0405 3260 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:19:20.0420 3260 p2pimsvc - ok
13:19:20.0436 3260 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:19:20.0436 3260 p2psvc - ok
13:19:20.0498 3260 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:19:20.0498 3260 Parport - ok
13:19:20.0514 3260 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:19:20.0514 3260 partmgr - ok
13:19:20.0529 3260 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:19:20.0545 3260 PcaSvc - ok
13:19:20.0561 3260 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:19:20.0576 3260 pci - ok
13:19:20.0592 3260 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:19:20.0592 3260 pciide - ok
13:19:20.0607 3260 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:19:20.0607 3260 pcmcia - ok
13:19:20.0623 3260 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:19:20.0623 3260 pcw - ok
13:19:20.0654 3260 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:19:20.0654 3260 PEAUTH - ok
13:19:20.0717 3260 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:19:20.0732 3260 PeerDistSvc - ok
13:19:20.0779 3260 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:19:20.0779 3260 PerfHost - ok
13:19:20.0873 3260 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:19:20.0904 3260 pla - ok
13:19:20.0935 3260 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:19:20.0951 3260 PlugPlay - ok
13:19:20.0966 3260 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:19:20.0966 3260 PNRPAutoReg - ok
13:19:20.0982 3260 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:19:20.0982 3260 PNRPsvc - ok
13:19:21.0013 3260 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:19:21.0013 3260 PolicyAgent - ok
13:19:21.0044 3260 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
13:19:21.0044 3260 Power - ok
13:19:21.0107 3260 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:19:21.0107 3260 PptpMiniport - ok
13:19:21.0122 3260 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:19:21.0122 3260 Processor - ok
13:19:21.0153 3260 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:19:21.0153 3260 ProfSvc - ok
13:19:21.0169 3260 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:19:21.0169 3260 ProtectedStorage - ok
13:19:21.0185 3260 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:19:21.0200 3260 Psched - ok
13:19:21.0216 3260 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:19:21.0216 3260 PxHlpa64 - ok
13:19:21.0278 3260 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:19:21.0309 3260 ql2300 - ok
13:19:21.0419 3260 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:19:21.0419 3260 ql40xx - ok
13:19:21.0450 3260 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:19:21.0450 3260 QWAVE - ok
13:19:21.0450 3260 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:19:21.0465 3260 QWAVEdrv - ok
13:19:21.0465 3260 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:19:21.0465 3260 RasAcd - ok
13:19:21.0528 3260 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:19:21.0528 3260 RasAgileVpn - ok
13:19:21.0543 3260 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:19:21.0543 3260 RasAuto - ok
13:19:21.0559 3260 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:19:21.0559 3260 Rasl2tp - ok
13:19:21.0590 3260 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:19:21.0590 3260 RasMan - ok
13:19:21.0606 3260 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:19:21.0606 3260 RasPppoe - ok
13:19:21.0621 3260 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:19:21.0621 3260 RasSstp - ok
13:19:21.0653 3260 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:19:21.0653 3260 rdbss - ok
13:19:21.0699 3260 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:19:21.0699 3260 rdpbus - ok
13:19:21.0731 3260 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:19:21.0731 3260 RDPCDD - ok
13:19:21.0746 3260 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:19:21.0762 3260 RDPDR - ok
13:19:21.0777 3260 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:19:21.0777 3260 RDPENCDD - ok
13:19:21.0793 3260 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:19:21.0793 3260 RDPREFMP - ok
13:19:21.0824 3260 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:19:21.0824 3260 RDPWD - ok
13:19:21.0871 3260 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:19:21.0871 3260 rdyboost - ok
13:19:21.0918 3260 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:19:21.0918 3260 RemoteAccess - ok
13:19:21.0949 3260 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:19:21.0949 3260 RemoteRegistry - ok
13:19:22.0074 3260 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
13:19:22.0121 3260 RoxMediaDB12OEM - ok
13:19:22.0136 3260 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
13:19:22.0136 3260 RoxWatch12 - ok
13:19:22.0339 3260 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:19:22.0339 3260 RpcEptMapper - ok
13:19:22.0355 3260 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:19:22.0355 3260 RpcLocator - ok
13:19:22.0386 3260 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:19:22.0401 3260 RpcSs - ok
13:19:22.0448 3260 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:19:22.0448 3260 rspndr - ok
13:19:22.0511 3260 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:19:22.0511 3260 RTL8167 - ok
13:19:22.0526 3260 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:19:22.0526 3260 s3cap - ok
13:19:22.0542 3260 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:19:22.0542 3260 SamSs - ok
13:19:22.0557 3260 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:19:22.0557 3260 sbp2port - ok
13:19:22.0589 3260 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:19:22.0589 3260 SCardSvr - ok
13:19:22.0620 3260 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:19:22.0620 3260 scfilter - ok
13:19:22.0651 3260 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:19:22.0682 3260 Schedule - ok
13:19:22.0698 3260 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:19:22.0698 3260 SCPolicySvc - ok
13:19:22.0713 3260 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:19:22.0713 3260 SDRSVC - ok
13:19:22.0776 3260 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:19:22.0776 3260 secdrv - ok
13:19:22.0791 3260 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:19:22.0791 3260 seclogon - ok
13:19:22.0932 3260 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:19:22.0932 3260 SENS - ok
13:19:22.0963 3260 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:19:22.0963 3260 SensrSvc - ok
13:19:22.0979 3260 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:19:22.0979 3260 Serenum - ok
13:19:22.0994 3260 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:19:22.0994 3260 Serial - ok
13:19:22.0994 3260 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:19:22.0994 3260 sermouse - ok
13:19:23.0025 3260 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:19:23.0025 3260 SessionEnv - ok
13:19:23.0025 3260 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:19:23.0025 3260 sffdisk - ok
13:19:23.0041 3260 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:19:23.0041 3260 sffp_mmc - ok
13:19:23.0041 3260 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:19:23.0057 3260 sffp_sd - ok
13:19:23.0057 3260 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:19:23.0057 3260 sfloppy - ok
13:19:23.0181 3260 SftService (421c30c8e686dc41e64881269982b382) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:19:23.0213 3260 SftService - ok
13:19:23.0291 3260 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:19:23.0306 3260 ShellHWDetection - ok
13:19:23.0353 3260 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:19:23.0353 3260 SiSRaid2 - ok
13:19:23.0369 3260 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:19:23.0369 3260 SiSRaid4 - ok
13:19:23.0384 3260 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:19:23.0384 3260 Smb - ok
13:19:23.0415 3260 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:19:23.0415 3260 SNMPTRAP - ok
13:19:23.0415 3260 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:19:23.0415 3260 spldr - ok
13:19:23.0447 3260 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:19:23.0462 3260 Spooler - ok
13:19:23.0556 3260 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:19:23.0618 3260 sppsvc - ok
13:19:23.0665 3260 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:19:23.0681 3260 sppuinotify - ok
13:19:23.0727 3260 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:19:23.0743 3260 srv - ok
13:19:23.0759 3260 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:19:23.0759 3260 srv2 - ok
13:19:23.0774 3260 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:19:23.0774 3260 srvnet - ok
13:19:23.0805 3260 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:19:23.0821 3260 SSDPSRV - ok
13:19:23.0821 3260 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:19:23.0837 3260 SstpSvc - ok
13:19:23.0852 3260 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:19:23.0852 3260 stexstor - ok
13:19:23.0899 3260 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:19:23.0915 3260 stisvc - ok
13:19:23.0961 3260 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:19:23.0961 3260 stllssvr - ok
13:19:23.0977 3260 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:19:23.0977 3260 StorSvc - ok
13:19:24.0008 3260 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:19:24.0008 3260 storvsc - ok
13:19:24.0024 3260 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:19:24.0024 3260 swenum - ok
13:19:24.0055 3260 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:19:24.0071 3260 swprv - ok
13:19:24.0086 3260 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
13:19:24.0086 3260 SynthVid - ok
13:19:24.0149 3260 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:19:24.0180 3260 SysMain - ok
13:19:24.0227 3260 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:19:24.0242 3260 TabletInputService - ok
13:19:24.0258 3260 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:19:24.0258 3260 TapiSrv - ok
13:19:24.0273 3260 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:19:24.0273 3260 TBS - ok
13:19:24.0367 3260 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:19:24.0398 3260 Tcpip - ok
13:19:24.0507 3260 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:19:24.0523 3260 TCPIP6 - ok
13:19:24.0601 3260 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:19:24.0601 3260 tcpipreg - ok
13:19:24.0617 3260 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:19:24.0617 3260 TDPIPE - ok
13:19:24.0632 3260 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:19:24.0632 3260 TDTCP - ok
13:19:24.0648 3260 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:19:24.0648 3260 tdx - ok
13:19:24.0679 3260 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:19:24.0679 3260 TermDD - ok
13:19:24.0726 3260 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:19:24.0726 3260 TermService - ok
13:19:24.0741 3260 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:19:24.0757 3260 Themes - ok
13:19:24.0773 3260 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:19:24.0773 3260 THREADORDER - ok
13:19:24.0835 3260 TiMiniService (410dfd54dcc212d41afd8d1a1371a578) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
13:19:24.0835 3260 TiMiniService - ok
13:19:24.0866 3260 tmactmon (89dc033f4ee8f171826b1845c2136033) C:\Windows\system32\DRIVERS\tmactmon.sys
13:19:24.0866 3260 tmactmon - ok
13:19:24.0882 3260 tmcomm (6af3002be88c56382cd87aa0884d7d30) C:\Windows\system32\DRIVERS\tmcomm.sys
13:19:24.0882 3260 tmcomm - ok
13:19:24.0897 3260 tmevtmgr (063b2c13f62f873e14c29a223c409ad8) C:\Windows\system32\DRIVERS\tmevtmgr.sys
13:19:24.0897 3260 tmevtmgr - ok
13:19:24.0929 3260 tmtdi (e5021a4a72204c15c52c546f9301baef) C:\Windows\system32\DRIVERS\tmtdi.sys
13:19:24.0929 3260 tmtdi - ok
13:19:24.0960 3260 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:19:24.0960 3260 TrkWks - ok
13:19:24.0991 3260 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:19:25.0007 3260 TrustedInstaller - ok
13:19:25.0022 3260 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:19:25.0022 3260 tssecsrv - ok
13:19:25.0038 3260 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:19:25.0038 3260 TsUsbFlt - ok
13:19:25.0053 3260 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:19:25.0053 3260 TsUsbGD - ok
13:19:25.0085 3260 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:19:25.0085 3260 tunnel - ok
13:19:25.0085 3260 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:19:25.0085 3260 uagp35 - ok
13:19:25.0116 3260 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:19:25.0131 3260 udfs - ok
13:19:25.0147 3260 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:19:25.0163 3260 UI0Detect - ok
13:19:25.0178 3260 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:19:25.0178 3260 uliagpkx - ok
13:19:25.0194 3260 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:19:25.0194 3260 umbus - ok
13:19:25.0194 3260 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:19:25.0194 3260 UmPass - ok
13:19:25.0225 3260 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:19:25.0225 3260 UmRdpService - ok
13:19:25.0241 3260 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:19:25.0241 3260 upnphost - ok
13:19:25.0272 3260 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\drivers\usbccgp.sys
13:19:25.0272 3260 usbccgp - ok
13:19:25.0287 3260 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:19:25.0287 3260 usbcir - ok
13:19:25.0303 3260 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:19:25.0303 3260 usbehci - ok
13:19:25.0334 3260 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:19:25.0334 3260 usbhub - ok
13:19:25.0365 3260 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:19:25.0365 3260 usbohci - ok
13:19:25.0365 3260 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:19:25.0381 3260 usbprint - ok
13:19:25.0381 3260 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:19:25.0381 3260 USBSTOR - ok
13:19:25.0412 3260 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:19:25.0412 3260 usbuhci - ok
13:19:25.0428 3260 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:19:25.0443 3260 UxSms - ok
13:19:25.0459 3260 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:19:25.0459 3260 VaultSvc - ok
13:19:25.0490 3260 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:19:25.0490 3260 vdrvroot - ok
13:19:25.0521 3260 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:19:25.0521 3260 vds - ok
13:19:25.0537 3260 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:19:25.0553 3260 vga - ok
13:19:25.0553 3260 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:19:25.0553 3260 VgaSave - ok
13:19:25.0568 3260 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:19:25.0568 3260 vhdmp - ok
13:19:25.0584 3260 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:19:25.0584 3260 viaide - ok
13:19:25.0599 3260 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:19:25.0599 3260 VMBusHID - ok
13:19:25.0615 3260 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:19:25.0615 3260 volmgr - ok
13:19:25.0631 3260 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:19:25.0646 3260 volmgrx - ok
13:19:25.0662 3260 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:19:25.0662 3260 volsnap - ok
13:19:25.0724 3260 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
13:19:25.0724 3260 vpcbus - ok
13:19:25.0740 3260 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:19:25.0740 3260 vpcnfltr - ok
13:19:25.0802 3260 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
13:19:25.0802 3260 vpcusb - ok
13:19:25.0833 3260 vpcvmm (30d4243726a15a14f5c5e45898d14394) C:\Windows\system32\drivers\vpcvmm.sys
13:19:25.0833 3260 vpcvmm - ok
13:19:25.0849 3260 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:19:25.0865 3260 vsmraid - ok
13:19:25.0927 3260 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:19:25.0958 3260 VSS - ok
13:19:26.0052 3260 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:19:26.0052 3260 vwifibus - ok
13:19:26.0083 3260 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:19:26.0083 3260 W32Time - ok
13:19:26.0099 3260 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:19:26.0099 3260 WacomPen - ok
13:19:26.0114 3260 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:19:26.0114 3260 WANARP - ok
13:19:26.0130 3260 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:19:26.0130 3260 Wanarpv6 - ok
13:19:26.0208 3260 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:19:26.0223 3260 WatAdminSvc - ok
13:19:26.0270 3260 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:19:26.0301 3260 wbengine - ok
13:19:26.0364 3260 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:19:26.0379 3260 WbioSrvc - ok
13:19:26.0395 3260 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:19:26.0411 3260 wcncsvc - ok
13:19:26.0411 3260 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:19:26.0426 3260 WcsPlugInService - ok
13:19:26.0457 3260 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:19:26.0473 3260 Wd - ok
13:19:26.0489 3260 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:19:26.0504 3260 Wdf01000 - ok
13:19:26.0520 3260 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:19:26.0520 3260 WdiServiceHost - ok
13:19:26.0520 3260 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:19:26.0520 3260 WdiSystemHost - ok
13:19:26.0551 3260 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:19:26.0551 3260 WebClient - ok
13:19:26.0567 3260 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:19:26.0567 3260 Wecsvc - ok
13:19:26.0582 3260 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:19:26.0582 3260 wercplsupport - ok
13:19:26.0598 3260 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:19:26.0613 3260 WerSvc - ok
13:19:26.0660 3260 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:19:26.0660 3260 WfpLwf - ok
13:19:26.0707 3260 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
13:19:26.0707 3260 WimFltr - ok
13:19:26.0723 3260 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:19:26.0723 3260 WIMMount - ok
13:19:26.0723 3260 WinHttpAutoProxySvc - ok
13:19:26.0769 3260 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:19:26.0769 3260 Winmgmt - ok
13:19:26.0847 3260 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:19:26.0879 3260 WinRM - ok
13:19:26.0988 3260 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:19:26.0988 3260 WinUsb - ok
13:19:27.0019 3260 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:19:27.0035 3260 Wlansvc - ok
13:19:27.0113 3260 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:19:27.0113 3260 wlcrasvc - ok
13:19:27.0191 3260 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:19:27.0237 3260 wlidsvc - ok
13:19:27.0331 3260 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:19:27.0331 3260 WmiAcpi - ok
13:19:27.0362 3260 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:19:27.0362 3260 wmiApSrv - ok
13:19:27.0378 3260 WMPNetworkSvc - ok
13:19:27.0409 3260 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:19:27.0409 3260 WPCSvc - ok
13:19:27.0425 3260 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:19:27.0425 3260 WPDBusEnum - ok
13:19:27.0440 3260 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:19:27.0456 3260 ws2ifsl - ok
13:19:27.0487 3260 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:19:27.0487 3260 WSDPrintDevice - ok
13:19:27.0503 3260 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
13:19:27.0503 3260 WSDScan - ok
13:19:27.0503 3260 WSearch - ok
13:19:27.0581 3260 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:19:27.0612 3260 wuauserv - ok
13:19:27.0721 3260 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:19:27.0721 3260 WudfPf - ok
13:19:27.0737 3260 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:19:27.0752 3260 WUDFRd - ok
13:19:27.0768 3260 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:19:27.0768 3260 wudfsvc - ok
13:19:27.0799 3260 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:19:27.0799 3260 WwanSvc - ok
13:19:27.0830 3260 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:19:28.0080 3260 \Device\Harddisk0\DR0 - ok
13:19:28.0080 3260 Boot (0x1200) (03a2d8207f9f2994668ce1f957d98e6c) \Device\Harddisk0\DR0\Partition0
13:19:28.0080 3260 \Device\Harddisk0\DR0\Partition0 - ok
13:19:28.0095 3260 Boot (0x1200) (2f669e90edccb38ba1128c57e2281384) \Device\Harddisk0\DR0\Partition1
13:19:28.0111 3260 \Device\Harddisk0\DR0\Partition1 - ok
13:19:28.0111 3260 ============================================================
13:19:28.0111 3260 Scan finished
13:19:28.0111 3260 ============================================================
13:19:28.0111 0384 Detected object count: 0
13:19:28.0111 0384 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-20 13:21:07
-----------------------------
13:21:07.940 OS Version: Windows x64 6.1.7601 Service Pack 1
13:21:07.940 Number of processors: 2 586 0x2A07
13:21:07.940 ComputerName: SCHEDULEGV-PC UserName: ScheduleGV
13:21:09.064 Initialize success
13:22:12.048 AVAST engine defs: 12062001
13:22:16.744 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:22:16.744 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
13:22:16.759 Disk 0 MBR read successfully
13:22:16.759 Disk 0 MBR scan
13:22:16.775 Disk 0 Windows VISTA default MBR code
13:22:16.775 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
13:22:16.775 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 25232 MB offset 81920
13:22:16.806 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 451664 MB offset 51757056
13:22:16.822 Disk 0 scanning C:\Windows\system32\drivers
13:22:25.386 Service scanning
13:22:41.298 Modules scanning
13:22:41.298 Disk 0 trace - called modules:
13:22:41.314 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
13:22:41.829 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be2640]
13:22:41.829 3 CLASSPNP.SYS[fffff880019bf43f] -> nt!IofCallDriver -> [0xfffffa80049f6580]
13:22:41.829 5 ACPI.sys[fffff88000f207a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004724060]
13:22:43.170 AVAST engine scan C:\Windows
13:22:45.401 AVAST engine scan C:\Windows\system32
13:23:53.230 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:23:54.790 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:24:46.504 AVAST engine scan C:\Windows\system32\drivers
13:24:57.642 AVAST engine scan C:\Users\ScheduleGV
13:25:07.782 File: C:\Users\ScheduleGV\AppData\Local\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}\n **INFECTED** Win32:Sirefef-PL [Rtk]
13:25:22.930 AVAST engine scan C:\ProgramData
13:26:18.513 Scan finished successfully
13:26:31.336 Disk 0 MBR has been saved successfully to "C:\Users\ScheduleGV\Documents\MBR.dat"
13:26:31.336 The log file has been saved successfully to "C:\Users\ScheduleGV\Documents\aswMBR.txt"

C:\Users\ScheduleGV\AppData\Local\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Windows\Installer\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\Windows\Installer\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:11 PM

Posted 20 June 2012 - 03:58 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}

Click on LOOK,post the generated log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 ajwright

ajwright
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 June 2012 - 05:21 PM

How many times am I supposed to run MBAM? I have run through it 3 times and it shows the same issue each time and says that it has gotten rid of it each time.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:11 PM

Posted 20 June 2012 - 05:23 PM

Post the log

#7 ajwright

ajwright
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 June 2012 - 05:27 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 15:22 on 20/06/2012 by ScheduleGV
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{fa7502ca-503f-02dc-fdb7-135bb17e3d1b"
No folders found.

-= EOF =-

I got an Error Message from minitoolbar that said "the ordinal1108 could not be located in the dynamic link library WSOCK32.dll

What should I do now?

#8 ajwright

ajwright
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 June 2012 - 05:28 PM

I can not find the log any where on the computer

#9 ajwright

ajwright
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 June 2012 - 05:31 PM

Scratch that, sorry found them:

1st
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ScheduleGV :: SCHEDULEGV-PC [administrator]

Protection: Enabled

6/20/2012 2:02:44 PM
mbam-log-2012-06-20 (14-02-44).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316159
Time elapsed: 23 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

2nd
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ScheduleGV :: SCHEDULEGV-PC [administrator]

Protection: Enabled

6/20/2012 2:30:16 PM
mbam-log-2012-06-20 (14-30-16).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315583
Time elapsed: 25 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

3rd
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ScheduleGV :: SCHEDULEGV-PC [administrator]

Protection: Enabled

6/20/2012 3:01:33 PM
mbam-log-2012-06-20 (15-01-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 82586
Time elapsed: 14 minute(s), 3 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

There is also a 4th log in here but I am not sure why

4th
2012/06/20 14:02:14 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Starting protection
2012/06/20 14:02:16 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Protection started successfully
2012/06/20 14:02:19 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Starting IP protection
2012/06/20 14:02:19 -0700 SCHEDULEGV-PC ScheduleGV ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/20 14:09:05 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Executing scheduled update: Daily
2012/06/20 14:09:05 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Database already up-to-date
2012/06/20 14:29:38 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Starting protection
2012/06/20 14:29:40 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Protection started successfully
2012/06/20 14:29:43 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Starting IP protection
2012/06/20 14:29:43 -0700 SCHEDULEGV-PC ScheduleGV ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/20 14:59:26 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Starting protection
2012/06/20 14:59:28 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Protection started successfully
2012/06/20 14:59:31 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Starting IP protection
2012/06/20 14:59:31 -0700 SCHEDULEGV-PC ScheduleGV ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/20 15:18:34 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Starting protection
2012/06/20 15:18:36 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Protection started successfully
2012/06/20 15:18:39 -0700 SCHEDULEGV-PC ScheduleGV MESSAGE Starting IP protection
2012/06/20 15:18:39 -0700 SCHEDULEGV-PC ScheduleGV ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:11 PM

Posted 20 June 2012 - 05:34 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad

@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
del services.exe.old
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER


Now,Launch system look once again

copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}

Click on LOOK,post the generated log

#11 ajwright

ajwright
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 20 June 2012 - 05:41 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 15:40 on 20/06/2012 by ScheduleGV
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}"
C:\Users\ScheduleGV\AppData\Local\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b} d--hs-- [00:34 28/03/2012]
C:\Windows\Installer\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b} d--hs-- [00:34 28/03/2012]

-= EOF =-

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:11 PM

Posted 20 June 2012 - 07:25 PM

Post the minitoolbox log

#13 ajwright

ajwright
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 21 June 2012 - 10:08 AM

MiniToolBox by Farbar Version: 09-06-2012
Ran by ScheduleGV (administrator) on 21-06-2012 at 08:07:54
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:11 PM

Posted 21 June 2012 - 10:24 AM

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\ScheduleGV\AppData\Local\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}
C:\Windows\Installer\{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}

delete the both the folders

Now ,launch system look again copy this script and paste in the BOX

:folderfind 
{fa7502ca-503f-02dc-fdb7-135bb17e3d1b}

Click on LOOK,post the generated log


MINITOOLBOX log is incomplete,please post the complete log

Edited by narenxp, 21 June 2012 - 10:25 AM.


#15 ajwright

ajwright
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:11 PM

Posted 21 June 2012 - 10:42 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 08:38 on 21/06/2012 by ScheduleGV
Administrator - Elevation successful

========== folderfind ==========

Searching for "{fa7502ca-503f-02dc-fdb7-135bb17e3d1b"
No folders found.

-= EOF =-

Complete minilog
MiniToolBox by Farbar Version: 09-06-2012
Ran by ScheduleGV (administrator) on 21-06-2012 at 08:40:52
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost








































































































































































































149.5.18.173 www.google-analytics.com.
149.5.18.173 ad-emea.doubleclick.net.
149.5.18.173 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ScheduleGV-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : D4-BE-D9-CA-C7-66
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c145:bc6d:4512:61ae%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, June 20, 2012 4:58:39 PM
Lease Expires . . . . . . . . . . : Friday, June 22, 2012 8:04:11 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 248823513
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-04-16-9A-D4-BE-D9-CA-C7-66
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{CD896DDB-FAF6-4DA9-8929-31F7B4E3806B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2001:4860:4007:801::1003
74.125.224.164
74.125.224.165
74.125.224.166
74.125.224.167
74.125.224.168
74.125.224.169
74.125.224.174
74.125.224.160
74.125.224.161
74.125.224.162
74.125.224.163


Pinging google.com [74.125.224.233] with 32 bytes of data:
Reply from 74.125.224.233: bytes=32 time=25ms TTL=56
Reply from 74.125.224.233: bytes=32 time=24ms TTL=56

Ping statistics for 74.125.224.233:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 25ms, Average = 24ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=44ms TTL=55
Reply from 72.30.38.140: bytes=32 time=46ms TTL=55

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 46ms, Average = 45ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...d4 be d9 ca c7 66 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::c145:bc6d:4512:61ae/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be %SystemRoot%\system32\NLAapi.dll

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/20/2012 05:28:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/20/2012 05:00:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2012 04:58:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c
Faulting module name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c
Exception code: 0xc0000005
Fault offset: 0x000a8606
Faulting process id: 0x620
Faulting application start time: 0xsftservice.EXE0
Faulting application path: sftservice.EXE1
Faulting module path: sftservice.EXE2
Report Id: sftservice.EXE3

Error: (06/20/2012 04:34:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2012 04:32:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c
Faulting module name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c
Exception code: 0xc0000005
Fault offset: 0x000a8606
Faulting process id: 0x610
Faulting application start time: 0xsftservice.EXE0
Faulting application path: sftservice.EXE1
Faulting module path: sftservice.EXE2
Report Id: sftservice.EXE3

Error: (06/20/2012 04:20:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964
Faulting module name: jscript9.dll_unloaded, version: 0.0.0.0, time stamp: 0x4fb57f7f
Exception code: 0xc0000005
Fault offset: 0x72126e5a
Faulting process id: 0x980
Faulting application start time: 0xping.exe0
Faulting application path: ping.exe1
Faulting module path: ping.exe2
Report Id: ping.exe3

Error: (06/20/2012 03:18:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2012 03:16:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c
Faulting module name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c
Exception code: 0xc0000005
Fault offset: 0x000a8606
Faulting process id: 0x634
Faulting application start time: 0xsftservice.EXE0
Faulting application path: sftservice.EXE1
Faulting module path: sftservice.EXE2
Report Id: sftservice.EXE3

Error: (06/20/2012 02:59:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2012 02:57:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c
Faulting module name: sftservice.EXE, version: 1.0.82.75, time stamp: 0x4ee0870c
Exception code: 0xc0000005
Fault offset: 0x000a8606
Faulting process id: 0x628
Faulting application start time: 0xsftservice.EXE0
Faulting application path: sftservice.EXE1
Faulting module path: sftservice.EXE2
Report Id: sftservice.EXE3


System errors:
=============
Error: (06/20/2012 04:58:47 PM) (Source: Service Control Manager) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/20/2012 04:58:44 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/20/2012 04:58:41 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/20/2012 04:58:41 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (06/20/2012 04:33:58 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/20/2012 04:32:57 PM) (Source: Service Control Manager) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/20/2012 04:32:53 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (06/20/2012 04:32:50 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (06/20/2012 04:32:50 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (06/20/2012 03:17:39 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (06/20/2012 05:28:47 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/20/2012 05:00:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2012 04:58:46 PM) (Source: Application Error)(User: )
Description: sftservice.EXE1.0.82.754ee0870csftservice.EXE1.0.82.754ee0870cc0000005000a860662001cd4f409e597436C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEdf2e2242-bb33-11e1-9eba-d4bed9cac766

Error: (06/20/2012 04:34:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2012 04:32:57 PM) (Source: Application Error)(User: )
Description: sftservice.EXE1.0.82.754ee0870csftservice.EXE1.0.82.754ee0870cc0000005000a860661001cd4f3d01e5c947C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE4364829b-bb30-11e1-bd4d-d4bed9cac766

Error: (06/20/2012 04:20:53 PM) (Source: Application Error)(User: )
Description: ping.exe6.1.7600.163854a5bc964jscript9.dll_unloaded0.0.0.04fb57f7fc000000572126e5a98001cd4f3a71e9c357C:\Windows\SysWOW64\ping.exejscript9.dll9444d7f5-bb2e-11e1-9eb6-d4bed9cac766

Error: (06/20/2012 03:18:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2012 03:16:35 PM) (Source: Application Error)(User: )
Description: sftservice.EXE1.0.82.754ee0870csftservice.EXE1.0.82.754ee0870cc0000005000a860663401cd4f3256fef237C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE983ce97a-bb25-11e1-9eb6-d4bed9cac766

Error: (06/20/2012 02:59:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2012 02:57:28 PM) (Source: Application Error)(User: )
Description: sftservice.EXE1.0.82.754ee0870csftservice.EXE1.0.82.754ee0870cc0000005000a860662801cd4f2fab4f62fbC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEeca43d96-bb22-11e1-bd6b-d4bed9cac766


=========================== Installed Programs ============================

Accidental Damage Services Agreement (Version: 2.0.0)
Adobe Acrobat X Standard - English, Franšais, Deutsch (Version: 10.1.3)
Banctec Service Agreement (Version: 2.0.0)
Brother MFC-8480DN (Version: 1.00)
CCleaner (Version: 3.17)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Complete Care Business Service Agreement (Version: 2.0.0)
Conexant HD Audio (Version: 8.50.4.0)
Consumer In-Home Service Agreement (Version: 2.0.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software (Version: 9.4.64)
Dell DataSafe Local Backup (Version: 9.4.64)
Dell DataSafe Online (Version: 2.1.19634)
Dell Digital Delivery (Version: 2.1.1000.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Home Systems Service Agreement (Version: 2.0.0)
Dell Support Center (Version: 3.1.5907.39)
DirectX 9 Runtime (Version: 1.00.0000)
EPSON NX330 Series Printer Uninstall
ESET Online Scanner v3
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Intel® Processor Graphics (Version: 8.15.10.2291)
Java Auto Updater (Version: 2.1.5.1)
Java™ 7 Update 1 (64-bit) (Version: 7.0.10)
Java™ 7 Update 1 (Version: 7.0.10)
Junk Mail filter update (Version: 15.4.3502.0922)
KODAK Share Button App (Version: 4.01.0000.0000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PhotoShowExpress (Version: 2.0.063)
QualxServ Service Agreement (Version: 2.0.0)
RBVirtualFolder64Inst (Version: 1.00.0000)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Trend Micro Titanium Internet Security (Version: 3.00)
Trend Micro Titanium Internet Security (Version: 3.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (Version: 01/29/2010 1.4.1.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 4008.64 MB
Available physical RAM: 2758.95 MB
Total Pagefile: 8015.48 MB
Available Pagefile: 6580.98 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.34 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:441.08 GB) (Free:399.8 GB) NTFS

========================= Users: ========================================

User accounts for \\SCHEDULEGV-PC

Administrator Guest ScheduleGV


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users