Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Virus


  • Please log in to reply
13 replies to this topic

#1 Ssmartinez55

Ssmartinez55

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2012 - 07:27 AM

Hello All,

I am infected with what was termed to me as a sirefef virus on my PC. I was at the point where my McAfee was finding it and telling me to reboot so that it could remove it which never occurred after countless reboots. The program would tell me to find it and delete it manually but it was never in the location McAfee said it was. Eventually, I couldn't get on the internet at all. A friend's son, who is a IT major at university and has a background in this from working on PC's for a long time, isolated the problem and told me that I have a sirefef virus. I am not able to get on the internet but he has disabled all virus protection because it will only start the cycle up again. He's told me that I am not secure right not either. I am still getting redirected during searches too, it' so annoying. How can I get rid of this thing? Any help would greatly be appreciated!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 PM

Posted 01 July 2012 - 07:37 AM

Can you connect to internet in safemode with networking?

If not ,copy these tools to the infected PC

Download

Farbar Service Scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

#3 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2012 - 07:52 AM

I'm sorry, I misspoke. I am able to get on the internet, I am just not secure. Should I proceed with what you've recommended?

Edited by Ssmartinez55, 01 July 2012 - 07:53 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 PM

Posted 01 July 2012 - 07:59 AM

Go ahead,also run these tools

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#5 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2012 - 09:16 AM

Farbar Service Scanner Log

Farbar Service Scanner Version: 25-06-2012 01
Ran by ssmartinez55 (administrator) on 01-07-2012 at 08:06:33
Running from "C:\Users\ssmartinez55\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

TDSSkiller Log

08:08:05.0944 4204 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
08:08:06.0446 4204 ============================================================
08:08:06.0446 4204 Current date / time: 2012/07/01 08:08:06.0446
08:08:06.0446 4204 SystemInfo:
08:08:06.0446 4204
08:08:06.0447 4204 OS Version: 6.0.6002 ServicePack: 2.0
08:08:06.0447 4204 Product type: Workstation
08:08:06.0447 4204 ComputerName: HOME-PC
08:08:06.0447 4204 UserName: ssmartinez55
08:08:06.0447 4204 Windows directory: C:\Windows
08:08:06.0447 4204 System windows directory: C:\Windows
08:08:06.0447 4204 Running under WOW64
08:08:06.0447 4204 Processor architecture: Intel x64
08:08:06.0447 4204 Number of processors: 2
08:08:06.0447 4204 Page size: 0x1000
08:08:06.0447 4204 Boot type: Normal boot
08:08:06.0447 4204 ============================================================
08:08:07.0625 4204 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:08:07.0629 4204 ============================================================
08:08:07.0630 4204 \Device\Harddisk0\DR0:
08:08:07.0630 4204 MBR partitions:
08:08:07.0630 4204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
08:08:07.0630 4204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
08:08:07.0630 4204 ============================================================
08:08:07.0665 4204 C: <-> \Device\Harddisk0\DR0\Partition1
08:08:07.0688 4204 D: <-> \Device\Harddisk0\DR0\Partition0
08:08:07.0688 4204 ============================================================
08:08:07.0688 4204 Initialize success
08:08:07.0688 4204 ============================================================
08:08:38.0420 3084 ============================================================
08:08:38.0421 3084 Scan started
08:08:38.0421 3084 Mode: Manual; TDLFS;
08:08:38.0421 3084 ============================================================
08:08:39.0930 3084 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
08:08:39.0934 3084 ACPI - ok
08:08:40.0011 3084 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:08:40.0012 3084 AdobeARMservice - ok
08:08:40.0106 3084 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:08:40.0109 3084 AdobeFlashPlayerUpdateSvc - ok
08:08:40.0155 3084 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
08:08:40.0161 3084 adp94xx - ok
08:08:40.0185 3084 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
08:08:40.0189 3084 adpahci - ok
08:08:40.0210 3084 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
08:08:40.0212 3084 adpu160m - ok
08:08:40.0227 3084 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
08:08:40.0230 3084 adpu320 - ok
08:08:40.0268 3084 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
08:08:40.0269 3084 AeLookupSvc - ok
08:08:40.0294 3084 AERTFilters (0d7a11395c0a33d9e7587cdb9866efad) C:\Windows\system32\AERTSr64.exe
08:08:40.0295 3084 AERTFilters - ok
08:08:40.0325 3084 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
08:08:40.0327 3084 AFD - ok
08:08:40.0349 3084 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
08:08:40.0350 3084 agp440 - ok
08:08:40.0386 3084 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
08:08:40.0388 3084 aic78xx - ok
08:08:40.0411 3084 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
08:08:40.0413 3084 ALG - ok
08:08:40.0424 3084 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
08:08:40.0424 3084 aliide - ok
08:08:40.0435 3084 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
08:08:40.0436 3084 amdide - ok
08:08:40.0451 3084 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
08:08:40.0452 3084 AmdK8 - ok
08:08:40.0510 3084 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
08:08:40.0510 3084 Appinfo - ok
08:08:40.0605 3084 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:08:40.0606 3084 Apple Mobile Device - ok
08:08:40.0626 3084 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
08:08:40.0627 3084 arc - ok
08:08:40.0676 3084 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
08:08:40.0677 3084 arcsas - ok
08:08:40.0707 3084 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
08:08:40.0708 3084 AsyncMac - ok
08:08:40.0726 3084 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
08:08:40.0727 3084 atapi - ok
08:08:40.0772 3084 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
08:08:40.0777 3084 AudioEndpointBuilder - ok
08:08:40.0782 3084 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
08:08:40.0786 3084 AudioSrv - ok
08:08:40.0823 3084 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:08:40.0825 3084 BBSvc - ok
08:08:40.0878 3084 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
08:08:40.0885 3084 BITS - ok
08:08:40.0932 3084 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
08:08:40.0933 3084 blbdrive - ok
08:08:41.0013 3084 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:08:41.0016 3084 Bonjour Service - ok
08:08:41.0052 3084 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
08:08:41.0054 3084 bowser - ok
08:08:41.0076 3084 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
08:08:41.0077 3084 BrFiltLo - ok
08:08:41.0095 3084 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
08:08:41.0097 3084 BrFiltUp - ok
08:08:41.0139 3084 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
08:08:41.0141 3084 Browser - ok
08:08:41.0165 3084 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
08:08:41.0168 3084 Brserid - ok
08:08:41.0190 3084 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
08:08:41.0192 3084 BrSerWdm - ok
08:08:41.0207 3084 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
08:08:41.0209 3084 BrUsbMdm - ok
08:08:41.0225 3084 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
08:08:41.0226 3084 BrUsbSer - ok
08:08:41.0243 3084 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
08:08:41.0244 3084 BTHMODEM - ok
08:08:41.0292 3084 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
08:08:41.0293 3084 BVRPMPR5a64 - ok
08:08:41.0327 3084 CAXHWBS2 (6c2dd66a3db32450d661ba89b18b1941) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
08:08:41.0332 3084 CAXHWBS2 - ok
08:08:41.0350 3084 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
08:08:41.0352 3084 cdfs - ok
08:08:41.0380 3084 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
08:08:41.0382 3084 cdrom - ok
08:08:41.0423 3084 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
08:08:41.0424 3084 CertPropSvc - ok
08:08:41.0444 3084 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
08:08:41.0445 3084 circlass - ok
08:08:41.0478 3084 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
08:08:41.0484 3084 CLFS - ok
08:08:41.0720 3084 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:08:41.0721 3084 clr_optimization_v2.0.50727_32 - ok
08:08:41.0956 3084 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:08:41.0958 3084 clr_optimization_v2.0.50727_64 - ok
08:08:42.0224 3084 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:08:42.0226 3084 clr_optimization_v4.0.30319_32 - ok
08:08:42.0278 3084 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:08:42.0279 3084 clr_optimization_v4.0.30319_64 - ok
08:08:42.0298 3084 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
08:08:42.0299 3084 cmdide - ok
08:08:42.0313 3084 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
08:08:42.0315 3084 Compbatt - ok
08:08:42.0320 3084 COMSysApp - ok
08:08:42.0649 3084 cpuz132 - ok
08:08:42.0756 3084 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
08:08:42.0761 3084 crcdisk - ok
08:08:42.0833 3084 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
08:08:42.0834 3084 CryptSvc - ok
08:08:43.0950 3084 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:08:43.0970 3084 cvhsvc - ok
08:08:44.0030 3084 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
08:08:44.0040 3084 DcomLaunch - ok
08:08:44.0340 3084 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
08:08:44.0360 3084 DfsC - ok
08:08:46.0991 3084 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
08:08:47.0068 3084 DFSR - ok
08:08:47.0422 3084 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
08:08:47.0432 3084 Dhcp - ok
08:08:47.0472 3084 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
08:08:47.0472 3084 disk - ok
08:08:47.0502 3084 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
08:08:47.0512 3084 Dnscache - ok
08:08:47.0622 3084 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
08:08:47.0622 3084 DockLoginService - ok
08:08:47.0642 3084 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
08:08:47.0642 3084 dot3svc - ok
08:08:47.0682 3084 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
08:08:47.0682 3084 DPS - ok
08:08:47.0702 3084 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
08:08:47.0702 3084 drmkaud - ok
08:08:47.0742 3084 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
08:08:47.0752 3084 DXGKrnl - ok
08:08:47.0802 3084 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys
08:08:47.0802 3084 e1express - ok
08:08:47.0842 3084 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
08:08:47.0842 3084 E1G60 - ok
08:08:47.0872 3084 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
08:08:47.0872 3084 EapHost - ok
08:08:47.0902 3084 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
08:08:47.0902 3084 Ecache - ok
08:08:47.0952 3084 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
08:08:47.0952 3084 ehRecvr - ok
08:08:47.0972 3084 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
08:08:47.0972 3084 ehSched - ok
08:08:47.0992 3084 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
08:08:47.0992 3084 ehstart - ok
08:08:48.0022 3084 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
08:08:48.0022 3084 elxstor - ok
08:08:48.0062 3084 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
08:08:48.0072 3084 EMDMgmt - ok
08:08:48.0082 3084 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
08:08:48.0082 3084 ErrDev - ok
08:08:48.0132 3084 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
08:08:48.0132 3084 EventSystem - ok
08:08:48.0162 3084 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
08:08:48.0162 3084 exfat - ok
08:08:48.0192 3084 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
08:08:48.0192 3084 fastfat - ok
08:08:48.0232 3084 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
08:08:48.0232 3084 fdc - ok
08:08:48.0252 3084 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
08:08:48.0262 3084 fdPHost - ok
08:08:48.0272 3084 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
08:08:48.0272 3084 FDResPub - ok
08:08:48.0292 3084 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
08:08:48.0292 3084 FileInfo - ok
08:08:48.0312 3084 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
08:08:48.0312 3084 Filetrace - ok
08:08:48.0402 3084 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:08:48.0412 3084 FLEXnet Licensing Service - ok
08:08:48.0432 3084 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:08:48.0432 3084 flpydisk - ok
08:08:48.0472 3084 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
08:08:48.0472 3084 FltMgr - ok
08:08:48.0552 3084 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
08:08:48.0572 3084 FontCache - ok
08:08:48.0642 3084 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:08:48.0642 3084 FontCache3.0.0.0 - ok
08:08:48.0842 3084 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
08:08:48.0852 3084 Fs_Rec - ok
08:08:48.0882 3084 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
08:08:48.0882 3084 gagp30kx - ok
08:08:48.0922 3084 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:08:48.0932 3084 GEARAspiWDM - ok
08:08:48.0982 3084 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
08:08:48.0992 3084 gpsvc - ok
08:08:49.0172 3084 gupdate1ca9cb8b754af85 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:08:49.0182 3084 gupdate1ca9cb8b754af85 - ok
08:08:49.0192 3084 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:08:49.0192 3084 gupdatem - ok
08:08:49.0232 3084 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:08:49.0232 3084 gusvc - ok
08:08:49.0282 3084 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:08:49.0302 3084 HDAudBus - ok
08:08:49.0322 3084 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
08:08:49.0322 3084 HidBth - ok
08:08:49.0332 3084 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
08:08:49.0332 3084 HidIr - ok
08:08:49.0352 3084 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
08:08:49.0352 3084 hidserv - ok
08:08:49.0382 3084 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
08:08:49.0382 3084 HidUsb - ok
08:08:49.0402 3084 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
08:08:49.0402 3084 hkmsvc - ok
08:08:49.0432 3084 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
08:08:49.0432 3084 HpCISSs - ok
08:08:49.0512 3084 HSF_DPV (60f1d0ede7ae2b92b3a8886e825b7147) C:\Windows\system32\DRIVERS\CAX_DPV.sys
08:08:49.0552 3084 HSF_DPV - ok
08:08:49.0692 3084 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
08:08:49.0702 3084 HTTP - ok
08:08:49.0722 3084 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
08:08:49.0722 3084 i2omp - ok
08:08:49.0752 3084 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
08:08:49.0752 3084 i8042prt - ok
08:08:49.0772 3084 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
08:08:49.0772 3084 iaStorV - ok
08:08:49.0932 3084 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:08:49.0932 3084 IDriverT - ok
08:08:50.0806 3084 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:08:50.0811 3084 idsvc - ok
08:08:53.0548 3084 igfx (50f15f9aee2e7692dfe58917e2d40498) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:08:53.0689 3084 igfx - ok
08:08:53.0774 3084 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
08:08:53.0776 3084 iirsp - ok
08:08:53.0824 3084 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
08:08:53.0832 3084 IKEEXT - ok
08:08:53.0967 3084 IntcAzAudAddService (b3fb479a7c0626499eb5989bc087cf8d) C:\Windows\system32\drivers\RTKVHD64.sys
08:08:53.0995 3084 IntcAzAudAddService - ok
08:08:54.0721 3084 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
08:08:54.0722 3084 intelide - ok
08:08:54.0751 3084 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
08:08:54.0752 3084 intelppm - ok
08:08:54.0939 3084 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
08:08:54.0940 3084 IntuitUpdateServiceV4 - ok
08:08:54.0980 3084 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
08:08:54.0983 3084 IPBusEnum - ok
08:08:55.0003 3084 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:08:55.0005 3084 IpFilterDriver - ok
08:08:55.0010 3084 IpInIp - ok
08:08:55.0032 3084 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
08:08:55.0035 3084 IPMIDRV - ok
08:08:55.0054 3084 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
08:08:55.0057 3084 IPNAT - ok
08:08:55.0137 3084 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
08:08:55.0147 3084 iPod Service - ok
08:08:55.0177 3084 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
08:08:55.0178 3084 IRENUM - ok
08:08:55.0243 3084 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
08:08:55.0244 3084 isapnp - ok
08:08:55.0463 3084 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
08:08:55.0467 3084 iScsiPrt - ok
08:08:55.0495 3084 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
08:08:55.0496 3084 iteatapi - ok
08:08:55.0506 3084 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
08:08:55.0507 3084 iteraid - ok
08:08:55.0523 3084 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
08:08:55.0525 3084 kbdclass - ok
08:08:55.0549 3084 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
08:08:55.0550 3084 kbdhid - ok
08:08:55.0565 3084 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:08:55.0566 3084 KeyIso - ok
08:08:55.0601 3084 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
08:08:55.0609 3084 KSecDD - ok
08:08:55.0648 3084 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
08:08:55.0648 3084 ksthunk - ok
08:08:55.0690 3084 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
08:08:55.0696 3084 KtmRm - ok
08:08:55.0806 3084 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
08:08:55.0811 3084 LanmanServer - ok
08:08:55.0855 3084 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
08:08:55.0860 3084 LanmanWorkstation - ok
08:08:55.0886 3084 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
08:08:55.0888 3084 lltdio - ok
08:08:56.0808 3084 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
08:08:56.0815 3084 lltdsvc - ok
08:08:56.0852 3084 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
08:08:56.0854 3084 lmhosts - ok
08:08:56.0907 3084 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
08:08:56.0930 3084 LSI_FC - ok
08:08:58.0045 3084 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
08:08:58.0062 3084 LSI_SAS - ok
08:08:58.0440 3084 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
08:08:58.0443 3084 LSI_SCSI - ok
08:08:58.0462 3084 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
08:08:58.0464 3084 luafv - ok
08:08:58.0555 3084 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
08:08:58.0557 3084 McComponentHostService - ok
08:08:58.0597 3084 McMPFSvc - ok
08:08:58.0628 3084 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
08:08:58.0631 3084 Mcx2Svc - ok
08:08:58.0654 3084 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
08:08:58.0655 3084 mdmxsdk - ok
08:08:58.0672 3084 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
08:08:58.0673 3084 megasas - ok
08:08:58.0698 3084 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
08:08:58.0703 3084 MegaSR - ok
08:08:58.0728 3084 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
08:08:58.0729 3084 MMCSS - ok
08:08:58.0743 3084 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
08:08:58.0744 3084 Modem - ok
08:08:58.0763 3084 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
08:08:58.0764 3084 monitor - ok
08:08:58.0780 3084 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
08:08:58.0781 3084 mouclass - ok
08:08:58.0794 3084 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
08:08:58.0794 3084 mouhid - ok
08:08:58.0809 3084 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
08:08:58.0811 3084 MountMgr - ok
08:08:59.0084 3084 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
08:08:59.0096 3084 MpFilter - ok
08:08:59.0141 3084 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
08:08:59.0143 3084 mpio - ok
08:08:59.0171 3084 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
08:08:59.0172 3084 mpsdrv - ok
08:08:59.0191 3084 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
08:08:59.0193 3084 Mraid35x - ok
08:08:59.0221 3084 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
08:08:59.0223 3084 MRxDAV - ok
08:08:59.0252 3084 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:08:59.0255 3084 mrxsmb - ok
08:08:59.0293 3084 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:08:59.0298 3084 mrxsmb10 - ok
08:08:59.0310 3084 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:08:59.0312 3084 mrxsmb20 - ok
08:08:59.0324 3084 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
08:08:59.0326 3084 msahci - ok
08:08:59.0346 3084 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
08:08:59.0348 3084 msdsm - ok
08:08:59.0371 3084 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
08:08:59.0374 3084 MSDTC - ok
08:08:59.0398 3084 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
08:08:59.0399 3084 Msfs - ok
08:08:59.0422 3084 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
08:08:59.0425 3084 msisadrv - ok
08:08:59.0451 3084 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
08:08:59.0454 3084 MSiSCSI - ok
08:08:59.0459 3084 msiserver - ok
08:08:59.0494 3084 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
08:08:59.0496 3084 MSKSSRV - ok
08:08:59.0561 3084 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:08:59.0561 3084 MsMpSvc - ok
08:08:59.0577 3084 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
08:08:59.0578 3084 MSPCLOCK - ok
08:08:59.0593 3084 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
08:08:59.0594 3084 MSPQM - ok
08:08:59.0629 3084 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
08:08:59.0635 3084 MsRPC - ok
08:08:59.0653 3084 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
08:08:59.0655 3084 mssmbios - ok
08:08:59.0674 3084 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
08:08:59.0676 3084 MSTEE - ok
08:08:59.0703 3084 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
08:08:59.0705 3084 Mup - ok
08:08:59.0746 3084 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
08:08:59.0760 3084 napagent - ok
08:08:59.0802 3084 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
08:08:59.0819 3084 NativeWifiP - ok
08:08:59.0862 3084 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
08:08:59.0870 3084 NDIS - ok
08:08:59.0882 3084 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
08:08:59.0883 3084 NdisTapi - ok
08:08:59.0897 3084 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
08:08:59.0898 3084 Ndisuio - ok
08:08:59.0923 3084 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
08:08:59.0925 3084 NdisWan - ok
08:08:59.0933 3084 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
08:08:59.0934 3084 NDProxy - ok
08:08:59.0949 3084 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
08:08:59.0951 3084 NetBIOS - ok
08:08:59.0983 3084 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
08:08:59.0986 3084 netbt - ok
08:08:59.0999 3084 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:09:00.0000 3084 Netlogon - ok
08:09:00.0058 3084 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
08:09:00.0062 3084 Netman - ok
08:09:00.0087 3084 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
08:09:00.0089 3084 netprofm - ok
08:09:00.0135 3084 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:09:00.0136 3084 NetTcpPortSharing - ok
08:09:00.0250 3084 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
08:09:00.0257 3084 nfrd960 - ok
08:09:00.0292 3084 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:09:00.0294 3084 NisDrv - ok
08:09:00.0386 3084 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
08:09:00.0389 3084 NisSrv - ok
08:09:00.0525 3084 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
08:09:00.0528 3084 NlaSvc - ok
08:09:00.0550 3084 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
08:09:00.0551 3084 Npfs - ok
08:09:00.0566 3084 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
08:09:00.0567 3084 nsi - ok
08:09:00.0589 3084 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
08:09:00.0589 3084 nsiproxy - ok
08:09:01.0692 3084 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
08:09:01.0729 3084 Ntfs - ok
08:09:02.0844 3084 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
08:09:02.0845 3084 Null - ok
08:09:02.0862 3084 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
08:09:02.0866 3084 nvraid - ok
08:09:02.0883 3084 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
08:09:02.0884 3084 nvstor - ok
08:09:02.0898 3084 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
08:09:02.0901 3084 nv_agp - ok
08:09:02.0906 3084 NwlnkFlt - ok
08:09:02.0917 3084 NwlnkFwd - ok
08:09:02.0936 3084 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
08:09:02.0938 3084 ohci1394 - ok
08:09:03.0292 3084 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:09:03.0293 3084 ose - ok
08:09:07.0246 3084 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:09:07.0436 3084 osppsvc - ok
08:09:08.0596 3084 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:09:08.0629 3084 p2pimsvc - ok
08:09:08.0645 3084 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:09:08.0655 3084 p2psvc - ok
08:09:09.0762 3084 PAC7302 (d61b764b27bf05cccadcc5e1e7b73a21) C:\Windows\system32\DRIVERS\PAC7302.SYS
08:09:09.0775 3084 PAC7302 - ok
08:09:09.0809 3084 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
08:09:09.0811 3084 Parport - ok
08:09:09.0834 3084 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
08:09:09.0836 3084 partmgr - ok
08:09:09.0860 3084 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
08:09:09.0863 3084 PcaSvc - ok
08:09:09.0895 3084 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
08:09:09.0899 3084 pci - ok
08:09:09.0924 3084 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
08:09:09.0926 3084 pciide - ok
08:09:10.0083 3084 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
08:09:10.0088 3084 pcmcia - ok
08:09:11.0001 3084 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
08:09:11.0026 3084 PEAUTH - ok
08:09:11.0261 3084 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
08:09:11.0263 3084 PerfHost - ok
08:09:12.0076 3084 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
08:09:12.0121 3084 pla - ok
08:09:12.0183 3084 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
08:09:12.0192 3084 PlugPlay - ok
08:09:12.0253 3084 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:09:12.0267 3084 PNRPAutoReg - ok
08:09:12.0281 3084 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
08:09:12.0291 3084 PNRPsvc - ok
08:09:13.0065 3084 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
08:09:13.0103 3084 PolicyAgent - ok
08:09:13.0541 3084 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
08:09:13.0544 3084 PptpMiniport - ok
08:09:13.0588 3084 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
08:09:13.0589 3084 Processor - ok
08:09:13.0647 3084 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
08:09:13.0652 3084 ProfSvc - ok
08:09:13.0672 3084 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:09:13.0674 3084 ProtectedStorage - ok
08:09:13.0699 3084 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
08:09:13.0709 3084 PSched - ok
08:09:13.0741 3084 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:09:13.0743 3084 PxHlpa64 - ok
08:09:13.0810 3084 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
08:09:13.0836 3084 ql2300 - ok
08:09:13.0853 3084 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
08:09:13.0855 3084 ql40xx - ok
08:09:13.0902 3084 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
08:09:13.0908 3084 QWAVE - ok
08:09:13.0990 3084 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
08:09:14.0097 3084 QWAVEdrv - ok
08:09:15.0066 3084 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
08:09:15.0206 3084 R300 - ok
08:09:16.0110 3084 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
08:09:16.0110 3084 RasAcd - ok
08:09:16.0140 3084 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
08:09:16.0150 3084 RasAuto - ok
08:09:16.0170 3084 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:09:16.0170 3084 Rasl2tp - ok
08:09:16.0190 3084 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
08:09:16.0200 3084 RasMan - ok
08:09:16.0230 3084 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
08:09:16.0230 3084 RasPppoe - ok
08:09:16.0250 3084 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
08:09:16.0260 3084 RasSstp - ok
08:09:16.0290 3084 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
08:09:16.0300 3084 rdbss - ok
08:09:16.0310 3084 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:09:16.0310 3084 RDPCDD - ok
08:09:16.0360 3084 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
08:09:16.0370 3084 rdpdr - ok
08:09:16.0370 3084 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
08:09:16.0380 3084 RDPENCDD - ok
08:09:16.0450 3084 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
08:09:16.0460 3084 RDPWD - ok
08:09:16.0500 3084 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
08:09:16.0500 3084 RemoteAccess - ok
08:09:16.0530 3084 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
08:09:16.0540 3084 RemoteRegistry - ok
08:09:16.0560 3084 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
08:09:16.0560 3084 RpcLocator - ok
08:09:16.0600 3084 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
08:09:16.0610 3084 RpcSs - ok
08:09:16.0630 3084 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
08:09:16.0630 3084 rspndr - ok
08:09:16.0660 3084 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
08:09:16.0660 3084 SamSs - ok
08:09:16.0690 3084 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
08:09:16.0690 3084 sbp2port - ok
08:09:16.0720 3084 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
08:09:16.0720 3084 SCardSvr - ok
08:09:16.0830 3084 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
08:09:16.0860 3084 Schedule - ok
08:09:16.0910 3084 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
08:09:16.0910 3084 SCPolicySvc - ok
08:09:16.0940 3084 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
08:09:16.0950 3084 SDRSVC - ok
08:09:17.0200 3084 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:09:17.0210 3084 SeaPort - ok
08:09:17.0551 3084 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:09:17.0567 3084 secdrv - ok
08:09:17.0595 3084 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
08:09:17.0598 3084 seclogon - ok
08:09:17.0618 3084 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
08:09:17.0621 3084 SENS - ok
08:09:17.0639 3084 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
08:09:17.0641 3084 Serenum - ok
08:09:17.0661 3084 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
08:09:17.0664 3084 Serial - ok
08:09:17.0681 3084 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
08:09:17.0683 3084 sermouse - ok
08:09:18.0016 3084 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
08:09:18.0029 3084 SessionEnv - ok
08:09:18.0071 3084 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
08:09:18.0084 3084 sffdisk - ok
08:09:18.0118 3084 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
08:09:18.0148 3084 sffp_mmc - ok
08:09:18.0179 3084 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
08:09:18.0181 3084 sffp_sd - ok
08:09:18.0197 3084 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
08:09:18.0199 3084 sfloppy - ok
08:09:20.0263 3084 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
08:09:20.0336 3084 Sftfs - ok
08:09:20.0701 3084 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:09:20.0704 3084 sftlist - ok
08:09:20.0991 3084 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
08:09:21.0007 3084 Sftplay - ok
08:09:21.0024 3084 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
08:09:21.0026 3084 Sftredir - ok
08:09:21.0289 3084 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
08:09:21.0326 3084 Sftvol - ok
08:09:21.0679 3084 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:09:21.0680 3084 sftvsa - ok
08:09:21.0953 3084 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
08:09:21.0969 3084 ShellHWDetection - ok
08:09:22.0182 3084 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
08:09:22.0189 3084 SiSRaid2 - ok
08:09:22.0212 3084 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
08:09:22.0214 3084 SiSRaid4 - ok
08:09:22.0485 3084 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
08:09:22.0536 3084 slsvc - ok
08:09:22.0626 3084 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
08:09:22.0629 3084 SLUINotify - ok
08:09:22.0671 3084 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
08:09:22.0674 3084 Smb - ok
08:09:22.0696 3084 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
08:09:22.0699 3084 SNMPTRAP - ok
08:09:22.0712 3084 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
08:09:22.0714 3084 spldr - ok
08:09:22.0746 3084 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
08:09:22.0752 3084 Spooler - ok
08:09:22.0794 3084 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
08:09:22.0801 3084 srv - ok
08:09:22.0832 3084 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
08:09:22.0836 3084 srv2 - ok
08:09:22.0858 3084 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
08:09:22.0861 3084 srvnet - ok
08:09:22.0885 3084 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
08:09:22.0891 3084 SSDPSRV - ok
08:09:22.0917 3084 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
08:09:22.0921 3084 SstpSvc - ok
08:09:22.0984 3084 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
08:09:22.0996 3084 stisvc - ok
08:09:23.0058 3084 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
08:09:23.0059 3084 stllssvr - ok
08:09:23.0086 3084 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
08:09:23.0087 3084 swenum - ok
08:09:23.0130 3084 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
08:09:23.0139 3084 swprv - ok
08:09:23.0164 3084 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
08:09:23.0165 3084 Symc8xx - ok
08:09:23.0184 3084 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
08:09:23.0186 3084 Sym_hi - ok
08:09:23.0201 3084 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
08:09:23.0203 3084 Sym_u3 - ok
08:09:23.0258 3084 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
08:09:23.0270 3084 SysMain - ok
08:09:23.0298 3084 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
08:09:23.0301 3084 TabletInputService - ok
08:09:23.0334 3084 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
08:09:23.0337 3084 TapiSrv - ok
08:09:23.0353 3084 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
08:09:23.0354 3084 TBS - ok
08:09:23.0414 3084 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys
08:09:23.0421 3084 Tcpip - ok
08:09:23.0434 3084 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys
08:09:23.0445 3084 Tcpip6 - ok
08:09:23.0477 3084 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys
08:09:23.0478 3084 tcpipreg - ok
08:09:23.0501 3084 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
08:09:23.0502 3084 TDPIPE - ok
08:09:23.0526 3084 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
08:09:23.0527 3084 TDTCP - ok
08:09:23.0553 3084 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
08:09:23.0554 3084 tdx - ok
08:09:23.0581 3084 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
08:09:23.0582 3084 TermDD - ok
08:09:23.0620 3084 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
08:09:23.0628 3084 TermService - ok
08:09:23.0663 3084 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
08:09:23.0665 3084 Themes - ok
08:09:23.0691 3084 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
08:09:23.0692 3084 THREADORDER - ok
08:09:23.0725 3084 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
08:09:23.0727 3084 TrkWks - ok
08:09:23.0756 3084 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
08:09:23.0758 3084 TrustedInstaller - ok
08:09:23.0797 3084 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:09:23.0798 3084 tssecsrv - ok
08:09:23.0817 3084 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
08:09:23.0818 3084 tunmp - ok
08:09:23.0836 3084 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
08:09:23.0837 3084 tunnel - ok
08:09:23.0858 3084 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
08:09:23.0860 3084 uagp35 - ok
08:09:23.0899 3084 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
08:09:23.0903 3084 udfs - ok
08:09:23.0916 3084 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
08:09:23.0922 3084 UI0Detect - ok
08:09:23.0953 3084 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
08:09:23.0955 3084 uliagpkx - ok
08:09:23.0983 3084 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
08:09:23.0987 3084 uliahci - ok
08:09:24.0009 3084 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
08:09:24.0011 3084 UlSata - ok
08:09:24.0029 3084 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
08:09:24.0032 3084 ulsata2 - ok
08:09:24.0045 3084 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
08:09:24.0046 3084 umbus - ok
08:09:24.0074 3084 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
08:09:24.0079 3084 upnphost - ok
08:09:24.0118 3084 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:09:24.0120 3084 USBAAPL64 - ok
08:09:24.0147 3084 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
08:09:24.0149 3084 usbccgp - ok
08:09:24.0176 3084 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
08:09:24.0177 3084 usbcir - ok
08:09:24.0222 3084 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
08:09:24.0223 3084 usbehci - ok
08:09:24.0244 3084 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
08:09:24.0248 3084 usbhub - ok
08:09:24.0265 3084 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
08:09:24.0267 3084 usbohci - ok
08:09:24.0291 3084 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
08:09:24.0293 3084 usbprint - ok
08:09:24.0308 3084 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
08:09:24.0310 3084 usbscan - ok
08:09:24.0359 3084 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:09:24.0361 3084 USBSTOR - ok
08:09:24.0391 3084 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
08:09:24.0393 3084 usbuhci - ok
08:09:24.0416 3084 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
08:09:24.0419 3084 UxSms - ok
08:09:24.0455 3084 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
08:09:24.0462 3084 vds - ok
08:09:24.0475 3084 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
08:09:24.0476 3084 vga - ok
08:09:24.0493 3084 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
08:09:24.0494 3084 VgaSave - ok
08:09:24.0517 3084 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
08:09:24.0518 3084 viaide - ok
08:09:24.0535 3084 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
08:09:24.0536 3084 volmgr - ok
08:09:24.0576 3084 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
08:09:24.0581 3084 volmgrx - ok
08:09:24.0597 3084 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
08:09:24.0600 3084 volsnap - ok
08:09:24.0615 3084 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
08:09:24.0618 3084 vsmraid - ok
08:09:24.0685 3084 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
08:09:24.0696 3084 VSS - ok
08:09:24.0722 3084 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
08:09:24.0727 3084 W32Time - ok
08:09:24.0767 3084 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
08:09:24.0768 3084 WacomPen - ok
08:09:24.0786 3084 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
08:09:24.0788 3084 Wanarp - ok
08:09:24.0794 3084 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
08:09:24.0795 3084 Wanarpv6 - ok
08:09:24.0833 3084 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
08:09:24.0842 3084 wcncsvc - ok
08:09:24.0865 3084 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
08:09:24.0867 3084 WcsPlugInService - ok
08:09:24.0889 3084 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
08:09:24.0893 3084 Wd - ok
08:09:24.0935 3084 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
08:09:24.0947 3084 Wdf01000 - ok
08:09:24.0963 3084 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
08:09:24.0965 3084 WdiServiceHost - ok
08:09:24.0969 3084 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
08:09:24.0971 3084 WdiSystemHost - ok
08:09:25.0016 3084 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
08:09:25.0025 3084 WebClient - ok
08:09:25.0074 3084 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
08:09:25.0079 3084 Wecsvc - ok
08:09:25.0094 3084 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
08:09:25.0097 3084 wercplsupport - ok
08:09:25.0113 3084 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
08:09:25.0116 3084 WerSvc - ok
08:09:25.0186 3084 winachsf (a53cde6beea165fe9b430476eede3c54) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
08:09:25.0195 3084 winachsf - ok
08:09:25.0206 3084 WinHttpAutoProxySvc - ok
08:09:25.0566 3084 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
08:09:25.0568 3084 Winmgmt - ok
08:09:25.0656 3084 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
08:09:25.0693 3084 WinRM - ok
08:09:25.0784 3084 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
08:09:25.0794 3084 Wlansvc - ok
08:09:26.0104 3084 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:09:26.0142 3084 wlidsvc - ok
08:09:26.0225 3084 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
08:09:26.0226 3084 WmiAcpi - ok
08:09:26.0288 3084 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
08:09:26.0292 3084 wmiApSrv - ok
08:09:26.0330 3084 WMPNetworkSvc - ok
08:09:26.0358 3084 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
08:09:26.0362 3084 WPCSvc - ok
08:09:26.0391 3084 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
08:09:26.0394 3084 WPDBusEnum - ok
08:09:26.0424 3084 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
08:09:26.0426 3084 WpdUsb - ok
08:09:26.0521 3084 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:09:26.0529 3084 WPFFontCache_v0400 - ok
08:09:26.0548 3084 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
08:09:26.0550 3084 ws2ifsl - ok
08:09:26.0554 3084 WSearch - ok
08:09:26.0686 3084 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:09:26.0707 3084 wuauserv - ok
08:09:26.0782 3084 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:09:26.0785 3084 WUDFRd - ok
08:09:26.0808 3084 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
08:09:26.0813 3084 wudfsvc - ok
08:09:26.0840 3084 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
08:09:26.0842 3084 XAudio - ok
08:09:26.0873 3084 XAudioService (963c27034bba4ac52a13f7a3c657c708) C:\Windows\system32\DRIVERS\xaudio64.exe
08:09:26.0880 3084 XAudioService - ok
08:09:26.0965 3084 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:09:26.0971 3084 YahooAUService - ok
08:09:26.0998 3084 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
08:09:27.0271 3084 \Device\Harddisk0\DR0 - ok
08:09:27.0302 3084 Boot (0x1200) (2bd43f59bd1fa455adf4cc796604d954) \Device\Harddisk0\DR0\Partition0
08:09:27.0305 3084 \Device\Harddisk0\DR0\Partition0 - ok
08:09:27.0308 3084 Boot (0x1200) (32c325547acdbc4f5cb3e5a96cad24a1) \Device\Harddisk0\DR0\Partition1
08:09:27.0310 3084 \Device\Harddisk0\DR0\Partition1 - ok
08:09:27.0312 3084 ============================================================
08:09:27.0312 3084 Scan finished
08:09:27.0312 3084 ============================================================
08:09:27.0323 0296 Detected object count: 0
08:09:27.0323 0296 Actual detected object count: 0

File Check:
========
C:\Windows\System32\nsisvc.dll
[2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-10-20 18:26] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 08:16] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 07:37] - [2012-03-30 07:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 17:59] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-10-20 18:26] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-10-20 18:26] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe
[2009-10-20 18:27] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-10-20 18:26] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-10-20 18:26] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-10-20 18:27] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-10-20 18:26] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 22:26] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll
[2008-01-20 21:47] - [2008-01-20 21:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-10-20 18:27] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 08:12:33
-----------------------------
08:12:33.607 OS Version: Windows x64 6.0.6002 Service Pack 2
08:12:33.607 Number of processors: 2 586 0x1706
08:12:33.607 ComputerName: HOME-PC UserName:
08:12:35.900 Initialize success
08:14:11.168 AVAST engine defs: 12070100
08:14:50.768 The log file has been saved successfully to "C:\Users\ssmartinez55\Downloads\aswMBR.txt"

ESET taking a little while. Will post that log when available. It's been running almost an hour and is only at 33% in progress.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 PM

Posted 01 July 2012 - 09:46 AM

ASWMBR log is incomplete.Run it again

#7 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2012 - 11:23 AM

Ok - will do now. Here is the ESET log.


C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined

#8 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2012 - 11:54 AM

Ok - here is the new ASWMBR log. :-)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 11:26:51
-----------------------------
11:26:51.217 OS Version: Windows x64 6.0.6002 Service Pack 2
11:26:51.217 Number of processors: 2 586 0x1706
11:26:51.217 ComputerName: HOME-PC UserName:
11:26:54.168 Initialize success
11:26:58.521 AVAST engine defs: 12070100
11:27:17.101 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:27:17.101 Disk 0 Vendor: ST3500620AS DE13 Size: 476940MB BusType: 3
11:27:17.117 Disk 0 MBR read successfully
11:27:17.117 Disk 0 MBR scan
11:27:17.163 Disk 0 Windows VISTA default MBR code
11:27:17.163 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:27:17.179 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:27:17.195 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
11:27:17.241 Disk 0 scanning C:\Windows\system32\drivers
11:27:28.957 Service scanning
11:27:50.609 Modules scanning
11:27:50.609 Disk 0 trace - called modules:
11:27:50.640 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
11:27:51.155 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005bd8280]
11:27:51.155 3 CLASSPNP.SYS[fffffa6000dc8c33] -> nt!IofCallDriver -> [0xfffffa8004865930]
11:27:51.155 5 acpi.sys[fffffa60008fefde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800486e060]
11:27:53.511 AVAST engine scan C:\Windows
11:28:13.182 AVAST engine scan C:\Windows\system32
11:30:49.089 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:30:52.911 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:33:13.208 AVAST engine scan C:\Windows\system32\drivers
11:33:41.601 AVAST engine scan C:\Users\ssmartinez55
11:44:57.930 AVAST engine scan C:\ProgramData
11:47:28.067 Scan finished successfully
11:50:05.507 Disk 0 MBR has been saved successfully to "C:\Users\ssmartinez55\Desktop\MBR.dat"
11:50:05.515 The log file has been saved successfully to "C:\Users\ssmartinez55\Desktop\aswMBR.txt"

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 PM

Posted 01 July 2012 - 12:07 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{32cdf5bc-c246-7a32-fdc7-b857729bdc18}

Click on LOOK,post the generated log


Download

avenger

Extract and launch it,click ok

Copy this script in the BOX

Files to delete:
C:\Windows\assembly\GAC_32\Desktop.ini 
C:\Windows\assembly\GAC_64\Desktop.ini

Click on execute,click YES if it asks for reboot

Post the new aswmbr log after reboot

#10 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2012 - 04:12 PM

Systemlook Log

SystemLook 30.07.11 by jpshortstuff
Log created at 12:42 on 01/07/2012 by ssmartinez55
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 381952 bytes [23:26 20/10/2009] [07:10 11/04/2009] B8844F93D2C5F1DCDB179AAA9AF134B7
C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [23:26 20/10/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [23:26 20/10/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [23:26 20/10/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

========== folderfind ==========

Searching for "{32cdf5bc-c246-7a32-fdc7-b857729bdc18}"
C:\Users\ssmartinez55\AppData\Local\{32cdf5bc-c246-7a32-fdc7-b857729bdc18} d--hs-- [04:05 11/01/2012]
C:\Windows\Installer\{32cdf5bc-c246-7a32-fdc7-b857729bdc18} d--hs-- [04:05 11/01/2012]

-= EOF =-

Now downloading Avenger

#11 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2012 - 05:03 PM

Here is the new aswmbr log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 16:21:18
-----------------------------
16:21:18.353 OS Version: Windows x64 6.0.6002 Service Pack 2
16:21:18.353 Number of processors: 2 586 0x1706
16:21:18.353 ComputerName: HOME-PC UserName:
16:21:20.459 Initialize success
16:21:31.051 AVAST engine defs: 12070100
16:21:36.261 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:21:36.261 Disk 0 Vendor: ST3500620AS DE13 Size: 476940MB BusType: 3
16:21:36.277 Disk 0 MBR read successfully
16:21:36.277 Disk 0 MBR scan
16:21:36.293 Disk 0 Windows VISTA default MBR code
16:21:36.293 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:21:36.308 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
16:21:36.324 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
16:21:36.449 Disk 0 scanning C:\Windows\system32\drivers
16:21:49.459 Service scanning
16:22:12.469 Modules scanning
16:22:12.469 Disk 0 trace - called modules:
16:22:12.516 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
16:22:12.516 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005939790]
16:22:12.516 3 CLASSPNP.SYS[fffffa6000dd1c33] -> nt!IofCallDriver -> [0xfffffa8004895520]
16:22:12.531 5 acpi.sys[fffffa60008fdfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004885940]
16:22:14.684 AVAST engine scan C:\Windows
16:22:31.985 AVAST engine scan C:\Windows\system32
16:25:29.762 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:25:33.256 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:28:20.190 AVAST engine scan C:\Windows\system32\drivers
16:29:30.999 AVAST engine scan C:\Users\ssmartinez55
16:43:32.748 AVAST engine scan C:\ProgramData
16:48:13.938 Scan finished successfully
17:01:39.729 Disk 0 MBR has been saved successfully to "C:\Users\ssmartinez55\Desktop\MBR.dat"
17:01:39.744 The log file has been saved successfully to "C:\Users\ssmartinez55\Desktop\aswMBR_2.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 16:21:18
-----------------------------
16:21:18.353 OS Version: Windows x64 6.0.6002 Service Pack 2
16:21:18.353 Number of processors: 2 586 0x1706
16:21:18.353 ComputerName: HOME-PC UserName:
16:21:20.459 Initialize success
16:21:31.051 AVAST engine defs: 12070100
16:21:36.261 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:21:36.261 Disk 0 Vendor: ST3500620AS DE13 Size: 476940MB BusType: 3
16:21:36.277 Disk 0 MBR read successfully
16:21:36.277 Disk 0 MBR scan
16:21:36.293 Disk 0 Windows VISTA default MBR code
16:21:36.293 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:21:36.308 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
16:21:36.324 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920
16:21:36.449 Disk 0 scanning C:\Windows\system32\drivers
16:21:49.459 Service scanning
16:22:12.469 Modules scanning
16:22:12.469 Disk 0 trace - called modules:
16:22:12.516 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys
16:22:12.516 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005939790]
16:22:12.516 3 CLASSPNP.SYS[fffffa6000dd1c33] -> nt!IofCallDriver -> [0xfffffa8004895520]
16:22:12.531 5 acpi.sys[fffffa60008fdfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004885940]
16:22:14.684 AVAST engine scan C:\Windows
16:22:31.985 AVAST engine scan C:\Windows\system32
16:25:29.762 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:25:33.256 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:28:20.190 AVAST engine scan C:\Windows\system32\drivers
16:29:30.999 AVAST engine scan C:\Users\ssmartinez55
16:43:32.748 AVAST engine scan C:\ProgramData
16:48:13.938 Scan finished successfully
17:01:39.729 Disk 0 MBR has been saved successfully to "C:\Users\ssmartinez55\Desktop\MBR.dat"
17:01:39.744 The log file has been saved successfully to "C:\Users\ssmartinez55\Desktop\aswMBR_2.txt"
17:02:51.970 Disk 0 MBR has been saved successfully to "C:\Users\ssmartinez55\Desktop\MBR.dat"
17:02:51.985 The log file has been saved successfully to "C:\Users\ssmartinez55\Desktop\aswMBR_2.txt"

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 PM

Posted 01 July 2012 - 05:18 PM

We need advanced tools to remove this one

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#13 Ssmartinez55

Ssmartinez55
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 01 July 2012 - 08:32 PM

Thank you so much for your help!

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:22 PM

Posted 01 July 2012 - 08:33 PM

You're welcome :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users