Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan: Win64/Sirefef


  • Please log in to reply
15 replies to this topic

#1 Cbstamm

Cbstamm

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 05 July 2012 - 04:43 PM

Hello,

Yesterday, I was using my Windows 7 PC on the Internet and noticed a few strange things. First, searches on google would bring back an odd certificate error message. Second, started getting some random pop-up windows with various advertisements. Last, Microsoft Security Essentials (MSE) was not active and I could not make it so.

I tried a few of my standard things - SuperAntiSpyware and Malwarebytes. SuperAntiSpyware only found tracking cookies. Malwarebytes did eliminate a few things. However, after a few reboots MSE was still not running. I decided to uninstall and reinstall MSE. That's when interesting things started to happen. The next scan found Trojan: Win64/Sirefef (and various variants at different times .W, .AA, .AB, .AN, .P). For awhile, MSE kept forcing reboots as it was trying to clean the files but then they would pop back up on reboot. I think I managed to get control back from MSE, but I am at a loss on how to proceed. I did some searches on Sirefef and realized I need some help. Please let me know what information to provide.

Thank You!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 05 July 2012 - 05:25 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Cbstamm

Cbstamm
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 05 July 2012 - 07:14 PM

Results of scans are below.

***************
***************

TDSSkiller
----------

18:39:33.0055 0828 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
18:39:33.0382 0828 ============================================================
18:39:33.0398 0828 Current date / time: 2012/07/05 18:39:33.0382
18:39:33.0398 0828 SystemInfo:
18:39:33.0398 0828
18:39:33.0398 0828 OS Version: 6.1.7601 ServicePack: 1.0
18:39:33.0398 0828 Product type: Workstation
18:39:33.0398 0828 ComputerName: PC
18:39:33.0398 0828 UserName: Christine
18:39:33.0398 0828 Windows directory: C:\Windows
18:39:33.0398 0828 System windows directory: C:\Windows
18:39:33.0398 0828 Running under WOW64
18:39:33.0398 0828 Processor architecture: Intel x64
18:39:33.0398 0828 Number of processors: 2
18:39:33.0398 0828 Page size: 0x1000
18:39:33.0398 0828 Boot type: Normal boot
18:39:33.0398 0828 ============================================================
18:39:35.0145 0828 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:39:35.0161 0828 ============================================================
18:39:35.0161 0828 \Device\Harddisk0\DR0:
18:39:35.0161 0828 MBR partitions:
18:39:35.0161 0828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2539000
18:39:35.0161 0828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x254D000, BlocksNum 0x22EE1000
18:39:35.0161 0828 ============================================================
18:39:35.0192 0828 C: <-> \Device\Harddisk0\DR0\Partition1
18:39:35.0192 0828 ============================================================
18:39:35.0192 0828 Initialize success
18:39:35.0192 0828 ============================================================
18:39:48.0998 3704 ============================================================
18:39:48.0998 3704 Scan started
18:39:48.0998 3704 Mode: Manual;
18:39:48.0998 3704 ============================================================
18:39:50.0386 3704 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:39:50.0402 3704 !SASCORE - ok
18:39:50.0574 3704 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:39:50.0589 3704 1394ohci - ok
18:39:50.0620 3704 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:39:50.0620 3704 ACPI - ok
18:39:50.0667 3704 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:39:50.0667 3704 AcpiPmi - ok
18:39:50.0776 3704 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:39:50.0776 3704 AdobeARMservice - ok
18:39:50.0917 3704 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:39:50.0932 3704 AdobeFlashPlayerUpdateSvc - ok
18:39:50.0979 3704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:39:50.0995 3704 adp94xx - ok
18:39:51.0026 3704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:39:51.0042 3704 adpahci - ok
18:39:51.0057 3704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:39:51.0073 3704 adpu320 - ok
18:39:51.0088 3704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:39:51.0104 3704 AeLookupSvc - ok
18:39:51.0182 3704 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:39:51.0182 3704 AFD - ok
18:39:51.0229 3704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:39:51.0229 3704 agp440 - ok
18:39:51.0244 3704 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:39:51.0244 3704 ALG - ok
18:39:51.0260 3704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:39:51.0260 3704 aliide - ok
18:39:51.0338 3704 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
18:39:51.0354 3704 Amazon Download Agent - ok
18:39:51.0400 3704 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
18:39:51.0416 3704 AMD External Events Utility - ok
18:39:51.0432 3704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:39:51.0432 3704 amdide - ok
18:39:51.0463 3704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:39:51.0463 3704 AmdK8 - ok
18:39:52.0118 3704 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
18:39:52.0258 3704 amdkmdag - ok
18:39:52.0399 3704 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
18:39:52.0399 3704 amdkmdap - ok
18:39:52.0430 3704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:39:52.0430 3704 AmdPPM - ok
18:39:52.0461 3704 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:39:52.0477 3704 amdsata - ok
18:39:52.0508 3704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:39:52.0508 3704 amdsbs - ok
18:39:52.0539 3704 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:39:52.0539 3704 amdxata - ok
18:39:52.0570 3704 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:39:52.0586 3704 AppID - ok
18:39:52.0602 3704 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:39:52.0602 3704 AppIDSvc - ok
18:39:52.0648 3704 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:39:52.0648 3704 Appinfo - ok
18:39:52.0726 3704 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:39:52.0726 3704 Apple Mobile Device - ok
18:39:52.0773 3704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:39:52.0773 3704 arc - ok
18:39:52.0804 3704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:39:52.0804 3704 arcsas - ok
18:39:52.0836 3704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:39:52.0836 3704 AsyncMac - ok
18:39:52.0836 3704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:39:52.0851 3704 atapi - ok
18:39:52.0867 3704 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
18:39:52.0882 3704 AtiHdmiService - ok
18:39:53.0491 3704 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
18:39:53.0553 3704 atikmdag - ok
18:39:53.0694 3704 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:39:53.0694 3704 AtiPcie - ok
18:39:53.0803 3704 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:39:53.0818 3704 AudioEndpointBuilder - ok
18:39:53.0850 3704 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:39:53.0850 3704 AudioSrv - ok
18:39:53.0896 3704 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:39:53.0912 3704 AxInstSV - ok
18:39:53.0990 3704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:39:54.0006 3704 b06bdrv - ok
18:39:54.0037 3704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:39:54.0052 3704 b57nd60a - ok
18:39:54.0162 3704 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
18:39:54.0177 3704 BBSvc - ok
18:39:54.0208 3704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:39:54.0224 3704 BDESVC - ok
18:39:54.0240 3704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:39:54.0240 3704 Beep - ok
18:39:54.0333 3704 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:39:54.0364 3704 BITS - ok
18:39:54.0380 3704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:39:54.0380 3704 blbdrive - ok
18:39:54.0458 3704 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:39:54.0474 3704 Bonjour Service - ok
18:39:54.0520 3704 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:39:54.0520 3704 bowser - ok
18:39:54.0536 3704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:39:54.0536 3704 BrFiltLo - ok
18:39:54.0552 3704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:39:54.0552 3704 BrFiltUp - ok
18:39:54.0583 3704 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:39:54.0598 3704 Browser - ok
18:39:54.0630 3704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:39:54.0645 3704 Brserid - ok
18:39:54.0661 3704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:39:54.0661 3704 BrSerWdm - ok
18:39:54.0676 3704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:39:54.0676 3704 BrUsbMdm - ok
18:39:54.0692 3704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:39:54.0692 3704 BrUsbSer - ok
18:39:54.0708 3704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:39:54.0708 3704 BTHMODEM - ok
18:39:54.0770 3704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:39:54.0786 3704 bthserv - ok
18:39:54.0801 3704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:39:54.0817 3704 cdfs - ok
18:39:54.0864 3704 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:39:54.0879 3704 cdrom - ok
18:39:54.0926 3704 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:39:54.0926 3704 CertPropSvc - ok
18:39:54.0942 3704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:39:54.0957 3704 circlass - ok
18:39:54.0988 3704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:39:54.0988 3704 CLFS - ok
18:39:55.0051 3704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:39:55.0066 3704 clr_optimization_v2.0.50727_32 - ok
18:39:55.0113 3704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:39:55.0129 3704 clr_optimization_v2.0.50727_64 - ok
18:39:55.0191 3704 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:39:55.0238 3704 clr_optimization_v4.0.30319_32 - ok
18:39:55.0254 3704 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:39:55.0269 3704 clr_optimization_v4.0.30319_64 - ok
18:39:55.0300 3704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:39:55.0300 3704 CmBatt - ok
18:39:55.0316 3704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:39:55.0316 3704 cmdide - ok
18:39:55.0378 3704 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:39:55.0378 3704 CNG - ok
18:39:55.0456 3704 CnxtHdAudService (871569efa92fac0366825f515a245710) C:\Windows\system32\drivers\CHDRT64.sys
18:39:55.0472 3704 CnxtHdAudService - ok
18:39:55.0488 3704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:39:55.0503 3704 Compbatt - ok
18:39:55.0534 3704 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:39:55.0534 3704 CompositeBus - ok
18:39:55.0550 3704 COMSysApp - ok
18:39:55.0566 3704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:39:55.0566 3704 crcdisk - ok
18:39:55.0612 3704 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:39:55.0628 3704 CryptSvc - ok
18:39:55.0690 3704 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:39:55.0690 3704 DcomLaunch - ok
18:39:55.0737 3704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:39:55.0768 3704 defragsvc - ok
18:39:55.0831 3704 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:39:55.0831 3704 DfsC - ok
18:39:55.0893 3704 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:39:55.0909 3704 Dhcp - ok
18:39:55.0940 3704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:39:55.0940 3704 discache - ok
18:39:55.0987 3704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:39:55.0987 3704 Disk - ok
18:39:56.0018 3704 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:39:56.0049 3704 Dnscache - ok
18:39:56.0112 3704 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
18:39:56.0127 3704 DockLoginService - ok
18:39:56.0174 3704 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:39:56.0174 3704 dot3svc - ok
18:39:56.0236 3704 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:39:56.0236 3704 Dot4 - ok
18:39:56.0283 3704 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
18:39:56.0283 3704 Dot4Print - ok
18:39:56.0314 3704 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:39:56.0314 3704 dot4usb - ok
18:39:56.0330 3704 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:39:56.0346 3704 DPS - ok
18:39:56.0361 3704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:39:56.0361 3704 drmkaud - ok
18:39:56.0470 3704 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:39:56.0486 3704 DXGKrnl - ok
18:39:56.0502 3704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:39:56.0517 3704 EapHost - ok
18:39:56.0767 3704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:39:56.0860 3704 ebdrv - ok
18:39:56.0970 3704 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:39:56.0970 3704 EFS - ok
18:39:57.0063 3704 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:39:57.0063 3704 ehRecvr - ok
18:39:57.0079 3704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:39:57.0094 3704 ehSched - ok
18:39:57.0172 3704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:39:57.0188 3704 elxstor - ok
18:39:57.0219 3704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:39:57.0219 3704 ErrDev - ok
18:39:57.0266 3704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:39:57.0282 3704 EventSystem - ok
18:39:57.0297 3704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:39:57.0313 3704 exfat - ok
18:39:57.0328 3704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:39:57.0344 3704 fastfat - ok
18:39:57.0438 3704 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:39:57.0453 3704 Fax - ok
18:39:57.0469 3704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:39:57.0469 3704 fdc - ok
18:39:57.0500 3704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:39:57.0500 3704 fdPHost - ok
18:39:57.0516 3704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:39:57.0516 3704 FDResPub - ok
18:39:57.0531 3704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:39:57.0531 3704 FileInfo - ok
18:39:57.0562 3704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:39:57.0562 3704 Filetrace - ok
18:39:57.0578 3704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:39:57.0578 3704 flpydisk - ok
18:39:57.0625 3704 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:39:57.0625 3704 FltMgr - ok
18:39:57.0765 3704 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:39:57.0812 3704 FontCache - ok
18:39:57.0859 3704 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:39:57.0859 3704 FontCache3.0.0.0 - ok
18:39:57.0906 3704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:39:57.0906 3704 FsDepends - ok
18:39:57.0952 3704 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:39:57.0952 3704 Fs_Rec - ok
18:39:57.0999 3704 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:39:58.0015 3704 fvevol - ok
18:39:58.0046 3704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:39:58.0046 3704 gagp30kx - ok
18:39:58.0093 3704 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:39:58.0093 3704 GEARAspiWDM - ok
18:39:58.0155 3704 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
18:39:58.0155 3704 GoToAssist - ok
18:39:58.0233 3704 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:39:58.0264 3704 gpsvc - ok
18:39:58.0280 3704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:39:58.0280 3704 hcw85cir - ok
18:39:58.0327 3704 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:39:58.0342 3704 HDAudBus - ok
18:39:58.0342 3704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:39:58.0358 3704 HidBatt - ok
18:39:58.0374 3704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:39:58.0374 3704 HidBth - ok
18:39:58.0389 3704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:39:58.0389 3704 HidIr - ok
18:39:58.0420 3704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:39:58.0420 3704 hidserv - ok
18:39:58.0436 3704 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:39:58.0452 3704 HidUsb - ok
18:39:58.0483 3704 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:39:58.0498 3704 hkmsvc - ok
18:39:58.0545 3704 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:39:58.0545 3704 HomeGroupListener - ok
18:39:58.0576 3704 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:39:58.0592 3704 HomeGroupProvider - ok
18:39:58.0748 3704 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:39:58.0764 3704 hpqcxs08 - ok
18:39:58.0795 3704 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:39:58.0795 3704 hpqddsvc - ok
18:39:58.0810 3704 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:39:58.0810 3704 HpSAMD - ok
18:39:58.0904 3704 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:39:58.0920 3704 HTTP - ok
18:39:58.0951 3704 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:39:58.0951 3704 hwpolicy - ok
18:39:58.0998 3704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:39:59.0013 3704 i8042prt - ok
18:39:59.0044 3704 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:39:59.0060 3704 iaStorV - ok
18:39:59.0169 3704 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:39:59.0200 3704 idsvc - ok
18:39:59.0232 3704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:39:59.0247 3704 iirsp - ok
18:39:59.0341 3704 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:39:59.0356 3704 IKEEXT - ok
18:39:59.0403 3704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:39:59.0403 3704 intelide - ok
18:39:59.0434 3704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:39:59.0434 3704 intelppm - ok
18:39:59.0466 3704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:39:59.0481 3704 IPBusEnum - ok
18:39:59.0512 3704 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:59.0528 3704 IpFilterDriver - ok
18:39:59.0559 3704 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:39:59.0559 3704 IPMIDRV - ok
18:39:59.0590 3704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:39:59.0590 3704 IPNAT - ok
18:39:59.0762 3704 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
18:39:59.0793 3704 iPod Service - ok
18:39:59.0809 3704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:39:59.0809 3704 IRENUM - ok
18:39:59.0824 3704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:39:59.0824 3704 isapnp - ok
18:39:59.0887 3704 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:39:59.0902 3704 iScsiPrt - ok
18:39:59.0949 3704 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
18:39:59.0949 3704 k57nd60a - ok
18:39:59.0980 3704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:39:59.0980 3704 kbdclass - ok
18:40:00.0012 3704 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:40:00.0027 3704 kbdhid - ok
18:40:00.0058 3704 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:40:00.0058 3704 KeyIso - ok
18:40:00.0090 3704 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:40:00.0090 3704 KSecDD - ok
18:40:00.0121 3704 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:40:00.0121 3704 KSecPkg - ok
18:40:00.0136 3704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:40:00.0152 3704 ksthunk - ok
18:40:00.0199 3704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:40:00.0199 3704 KtmRm - ok
18:40:00.0246 3704 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:40:00.0246 3704 LanmanServer - ok
18:40:00.0292 3704 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:40:00.0292 3704 LanmanWorkstation - ok
18:40:00.0340 3704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:40:00.0340 3704 lltdio - ok
18:40:00.0371 3704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:40:00.0387 3704 lltdsvc - ok
18:40:00.0403 3704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:40:00.0403 3704 lmhosts - ok
18:40:00.0434 3704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:40:00.0449 3704 LSI_FC - ok
18:40:00.0465 3704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:40:00.0481 3704 LSI_SAS - ok
18:40:00.0496 3704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:40:00.0496 3704 LSI_SAS2 - ok
18:40:00.0527 3704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:40:00.0543 3704 LSI_SCSI - ok
18:40:00.0574 3704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:40:00.0574 3704 luafv - ok
18:40:00.0621 3704 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
18:40:00.0621 3704 MBAMProtector - ok
18:40:00.0746 3704 MBAMService (de199f3aa9c541a349af95a5c72a71af) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:40:00.0777 3704 MBAMService - ok
18:40:00.0824 3704 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:40:00.0824 3704 Mcx2Svc - ok
18:40:00.0839 3704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:40:00.0839 3704 megasas - ok
18:40:00.0871 3704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:40:00.0886 3704 MegaSR - ok
18:40:00.0980 3704 Microsoft SharePoint Workspace Audit Service - ok
18:40:01.0011 3704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:40:01.0027 3704 MMCSS - ok
18:40:01.0042 3704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:40:01.0042 3704 Modem - ok
18:40:01.0089 3704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:40:01.0089 3704 monitor - ok
18:40:01.0120 3704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:40:01.0120 3704 mouclass - ok
18:40:01.0151 3704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:40:01.0151 3704 mouhid - ok
18:40:01.0198 3704 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:40:01.0198 3704 mountmgr - ok
18:40:01.0261 3704 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:40:01.0261 3704 MpFilter - ok
18:40:01.0307 3704 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:40:01.0323 3704 mpio - ok
18:40:01.0339 3704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:40:01.0339 3704 mpsdrv - ok
18:40:01.0385 3704 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:40:01.0401 3704 MRxDAV - ok
18:40:01.0432 3704 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:40:01.0448 3704 mrxsmb - ok
18:40:01.0495 3704 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:40:01.0510 3704 mrxsmb10 - ok
18:40:01.0526 3704 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:40:01.0541 3704 mrxsmb20 - ok
18:40:01.0557 3704 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:40:01.0557 3704 msahci - ok
18:40:01.0573 3704 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:40:01.0588 3704 msdsm - ok
18:40:01.0619 3704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:40:01.0619 3704 MSDTC - ok
18:40:01.0666 3704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:40:01.0666 3704 Msfs - ok
18:40:01.0682 3704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:40:01.0682 3704 mshidkmdf - ok
18:40:01.0697 3704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:40:01.0697 3704 msisadrv - ok
18:40:01.0729 3704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:40:01.0775 3704 MSiSCSI - ok
18:40:01.0775 3704 msiserver - ok
18:40:01.0822 3704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:40:01.0822 3704 MSKSSRV - ok
18:40:01.0916 3704 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:40:01.0916 3704 MsMpSvc - ok
18:40:01.0931 3704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:40:01.0947 3704 MSPCLOCK - ok
18:40:01.0947 3704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:40:01.0947 3704 MSPQM - ok
18:40:02.0009 3704 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:40:02.0009 3704 MsRPC - ok
18:40:02.0041 3704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:40:02.0041 3704 mssmbios - ok
18:40:02.0041 3704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:40:02.0056 3704 MSTEE - ok
18:40:02.0056 3704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:40:02.0072 3704 MTConfig - ok
18:40:02.0087 3704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:40:02.0087 3704 Mup - ok
18:40:02.0150 3704 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:40:02.0165 3704 napagent - ok
18:40:02.0212 3704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:40:02.0212 3704 NativeWifiP - ok
18:40:02.0306 3704 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:40:02.0337 3704 NDIS - ok
18:40:02.0337 3704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:40:02.0337 3704 NdisCap - ok
18:40:02.0368 3704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:40:02.0368 3704 NdisTapi - ok
18:40:02.0399 3704 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:40:02.0415 3704 Ndisuio - ok
18:40:02.0446 3704 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:40:02.0462 3704 NdisWan - ok
18:40:02.0493 3704 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:40:02.0509 3704 NDProxy - ok
18:40:02.0571 3704 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
18:40:02.0587 3704 Net Driver HPZ12 - ok
18:40:02.0618 3704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:40:02.0618 3704 NetBIOS - ok
18:40:02.0665 3704 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:40:02.0665 3704 NetBT - ok
18:40:02.0711 3704 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:40:02.0711 3704 Netlogon - ok
18:40:02.0758 3704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:40:02.0805 3704 Netman - ok
18:40:02.0852 3704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:40:02.0867 3704 netprofm - ok
18:40:02.0930 3704 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:40:02.0945 3704 NetTcpPortSharing - ok
18:40:02.0977 3704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:40:02.0992 3704 nfrd960 - ok
18:40:03.0023 3704 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:40:03.0039 3704 NisDrv - ok
18:40:03.0117 3704 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:40:03.0133 3704 NisSrv - ok
18:40:03.0179 3704 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:40:03.0195 3704 NlaSvc - ok
18:40:03.0211 3704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:40:03.0211 3704 Npfs - ok
18:40:03.0226 3704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:40:03.0226 3704 nsi - ok
18:40:03.0242 3704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:40:03.0242 3704 nsiproxy - ok
18:40:03.0382 3704 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:40:03.0413 3704 Ntfs - ok
18:40:03.0507 3704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:40:03.0507 3704 Null - ok
18:40:03.0554 3704 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:40:03.0569 3704 nvraid - ok
18:40:03.0585 3704 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:40:03.0601 3704 nvstor - ok
18:40:03.0632 3704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:40:03.0632 3704 nv_agp - ok
18:40:03.0679 3704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:40:03.0694 3704 ohci1394 - ok
18:40:03.0788 3704 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:40:03.0819 3704 ose - ok
18:40:04.0225 3704 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:40:04.0287 3704 osppsvc - ok
18:40:04.0396 3704 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:40:04.0412 3704 p2pimsvc - ok
18:40:04.0459 3704 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:40:04.0474 3704 p2psvc - ok
18:40:04.0505 3704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:40:04.0521 3704 Parport - ok
18:40:04.0552 3704 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:40:04.0568 3704 partmgr - ok
18:40:04.0599 3704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:40:04.0599 3704 PcaSvc - ok
18:40:04.0693 3704 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
18:40:04.0786 3704 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
18:40:04.0833 3704 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:40:04.0833 3704 pci - ok
18:40:04.0864 3704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:40:04.0864 3704 pciide - ok
18:40:04.0895 3704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:40:04.0895 3704 pcmcia - ok
18:40:04.0927 3704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:40:04.0927 3704 pcw - ok
18:40:04.0958 3704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:40:04.0973 3704 PEAUTH - ok
18:40:05.0036 3704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:40:05.0036 3704 PerfHost - ok
18:40:05.0176 3704 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:40:05.0207 3704 pla - ok
18:40:05.0285 3704 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:40:05.0317 3704 PlugPlay - ok
18:40:05.0395 3704 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
18:40:05.0395 3704 Pml Driver HPZ12 - ok
18:40:05.0426 3704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:40:05.0441 3704 PNRPAutoReg - ok
18:40:05.0473 3704 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:40:05.0473 3704 PNRPsvc - ok
18:40:05.0519 3704 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:40:05.0535 3704 PolicyAgent - ok
18:40:05.0566 3704 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:40:05.0582 3704 Power - ok
18:40:05.0644 3704 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:40:05.0660 3704 PptpMiniport - ok
18:40:05.0691 3704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:40:05.0691 3704 Processor - ok
18:40:05.0753 3704 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:40:05.0800 3704 ProfSvc - ok
18:40:05.0831 3704 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:40:05.0831 3704 ProtectedStorage - ok
18:40:05.0894 3704 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:40:05.0894 3704 Psched - ok
18:40:05.0941 3704 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:40:05.0941 3704 PxHlpa64 - ok
18:40:06.0081 3704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:40:06.0097 3704 ql2300 - ok
18:40:06.0206 3704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:40:06.0206 3704 ql40xx - ok
18:40:06.0253 3704 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:40:06.0253 3704 QWAVE - ok
18:40:06.0268 3704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:40:06.0268 3704 QWAVEdrv - ok
18:40:06.0424 3704 RapportCerberus_32029 (68b15a9a2a35d7afa3bda1fb9edb84d0) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys
18:40:06.0424 3704 RapportCerberus_32029 - ok
18:40:06.0549 3704 RapportEI64 (9f59cc485c023e2d41789ad31d5ccc2c) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
18:40:06.0549 3704 RapportEI64 - ok
18:40:06.0580 3704 RapportKE64 (9aa4a536cee7a09b2e03d4d423a9f718) C:\Windows\system32\Drivers\RapportKE64.sys
18:40:06.0580 3704 RapportKE64 - ok
18:40:06.0674 3704 RapportMgmtService (f05d972bc3e532210a9a35d35ba2e889) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
18:40:06.0705 3704 RapportMgmtService - ok
18:40:06.0736 3704 RapportPG64 (e6baeb47476ab92878bf613f538211de) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
18:40:06.0736 3704 RapportPG64 - ok
18:40:06.0767 3704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:40:06.0767 3704 RasAcd - ok
18:40:06.0799 3704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:40:06.0799 3704 RasAgileVpn - ok
18:40:06.0830 3704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:40:06.0830 3704 RasAuto - ok
18:40:06.0908 3704 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:40:06.0908 3704 Rasl2tp - ok
18:40:06.0970 3704 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:40:06.0986 3704 RasMan - ok
18:40:07.0017 3704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:40:07.0017 3704 RasPppoe - ok
18:40:07.0048 3704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:40:07.0048 3704 RasSstp - ok
18:40:07.0079 3704 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:40:07.0095 3704 rdbss - ok
18:40:07.0111 3704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:40:07.0111 3704 rdpbus - ok
18:40:07.0126 3704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:40:07.0126 3704 RDPCDD - ok
18:40:07.0142 3704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:40:07.0142 3704 RDPENCDD - ok
18:40:07.0157 3704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:40:07.0157 3704 RDPREFMP - ok
18:40:07.0204 3704 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:40:07.0204 3704 RDPWD - ok
18:40:07.0251 3704 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:40:07.0267 3704 rdyboost - ok
18:40:07.0313 3704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:40:07.0313 3704 RemoteAccess - ok
18:40:07.0345 3704 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:40:07.0360 3704 RemoteRegistry - ok
18:40:07.0376 3704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:40:07.0376 3704 RpcEptMapper - ok
18:40:07.0391 3704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:40:07.0391 3704 RpcLocator - ok
18:40:07.0454 3704 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:40:07.0469 3704 RpcSs - ok
18:40:07.0469 3704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:40:07.0485 3704 rspndr - ok
18:40:07.0516 3704 RSUSBSTOR (652bb6db6397757e45dcd513692cee0e) C:\Windows\system32\Drivers\RtsUStor.sys
18:40:07.0532 3704 RSUSBSTOR - ok
18:40:07.0563 3704 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:40:07.0563 3704 SamSs - ok
18:40:07.0641 3704 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:40:07.0641 3704 SASDIFSV - ok
18:40:07.0657 3704 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:40:07.0657 3704 SASKUTIL - ok
18:40:07.0688 3704 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:40:07.0688 3704 sbp2port - ok
18:40:07.0750 3704 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:40:07.0750 3704 SCardSvr - ok
18:40:07.0797 3704 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:40:07.0797 3704 scfilter - ok
18:40:07.0891 3704 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:40:07.0922 3704 Schedule - ok
18:40:07.0953 3704 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:40:07.0969 3704 SCPolicySvc - ok
18:40:08.0000 3704 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:40:08.0047 3704 SDRSVC - ok
18:40:08.0187 3704 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
18:40:08.0203 3704 SeaPort - ok
18:40:08.0265 3704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:40:08.0265 3704 secdrv - ok
18:40:08.0296 3704 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:40:08.0296 3704 seclogon - ok
18:40:08.0327 3704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:40:08.0327 3704 SENS - ok
18:40:08.0343 3704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:40:08.0343 3704 SensrSvc - ok
18:40:08.0359 3704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:40:08.0359 3704 Serenum - ok
18:40:08.0390 3704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:40:08.0390 3704 Serial - ok
18:40:08.0421 3704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:40:08.0421 3704 sermouse - ok
18:40:08.0468 3704 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:40:08.0483 3704 SessionEnv - ok
18:40:08.0515 3704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:40:08.0515 3704 sffdisk - ok
18:40:08.0530 3704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:40:08.0530 3704 sffp_mmc - ok
18:40:08.0546 3704 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:40:08.0546 3704 sffp_sd - ok
18:40:08.0561 3704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:40:08.0561 3704 sfloppy - ok
18:40:08.0624 3704 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:40:08.0639 3704 ShellHWDetection - ok
18:40:08.0655 3704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:40:08.0655 3704 SiSRaid2 - ok
18:40:08.0671 3704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:40:08.0671 3704 SiSRaid4 - ok
18:40:08.0702 3704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:40:08.0702 3704 Smb - ok
18:40:08.0749 3704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:40:08.0764 3704 SNMPTRAP - ok
18:40:08.0842 3704 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
18:40:08.0858 3704 Sony SCSI Helper Service - ok
18:40:08.0873 3704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:40:08.0889 3704 spldr - ok
18:40:08.0936 3704 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:40:08.0936 3704 Spooler - ok
18:40:09.0217 3704 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:40:09.0263 3704 sppsvc - ok
18:40:09.0357 3704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:40:09.0373 3704 sppuinotify - ok
18:40:09.0451 3704 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:40:09.0466 3704 srv - ok
18:40:09.0513 3704 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:40:09.0529 3704 srv2 - ok
18:40:09.0560 3704 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:40:09.0560 3704 srvnet - ok
18:40:09.0591 3704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:40:09.0607 3704 SSDPSRV - ok
18:40:09.0622 3704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:40:09.0622 3704 SstpSvc - ok
18:40:09.0653 3704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:40:09.0653 3704 stexstor - ok
18:40:09.0731 3704 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:40:09.0747 3704 stisvc - ok
18:40:09.0778 3704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:40:09.0794 3704 swenum - ok
18:40:09.0825 3704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:40:09.0841 3704 swprv - ok
18:40:09.0997 3704 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:40:10.0028 3704 SysMain - ok
18:40:10.0121 3704 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:40:10.0137 3704 TabletInputService - ok
18:40:10.0184 3704 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:40:10.0199 3704 TapiSrv - ok
18:40:10.0231 3704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:40:10.0231 3704 TBS - ok
18:40:10.0402 3704 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:40:10.0433 3704 Tcpip - ok
18:40:10.0605 3704 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:40:10.0621 3704 TCPIP6 - ok
18:40:10.0683 3704 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:40:10.0683 3704 tcpipreg - ok
18:40:10.0761 3704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:40:10.0761 3704 TDPIPE - ok
18:40:10.0792 3704 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:40:10.0792 3704 TDTCP - ok
18:40:10.0839 3704 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:40:10.0855 3704 tdx - ok
18:40:10.0886 3704 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:40:10.0886 3704 TermDD - ok
18:40:10.0933 3704 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:40:10.0948 3704 TermService - ok
18:40:10.0964 3704 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:40:10.0964 3704 Themes - ok
18:40:10.0995 3704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:40:10.0995 3704 THREADORDER - ok
18:40:11.0011 3704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:40:11.0026 3704 TrkWks - ok
18:40:11.0057 3704 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:40:11.0073 3704 TrustedInstaller - ok
18:40:11.0120 3704 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:40:11.0120 3704 tssecsrv - ok
18:40:11.0167 3704 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:40:11.0167 3704 TsUsbFlt - ok
18:40:11.0229 3704 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:40:11.0245 3704 tunnel - ok
18:40:11.0276 3704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:40:11.0276 3704 uagp35 - ok
18:40:11.0323 3704 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:40:11.0338 3704 udfs - ok
18:40:11.0369 3704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:40:11.0369 3704 UI0Detect - ok
18:40:11.0401 3704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:40:11.0401 3704 uliagpkx - ok
18:40:11.0447 3704 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:40:11.0447 3704 umbus - ok
18:40:11.0479 3704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:40:11.0479 3704 UmPass - ok
18:40:11.0510 3704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:40:11.0525 3704 upnphost - ok
18:40:11.0572 3704 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:40:11.0572 3704 USBAAPL64 - ok
18:40:11.0603 3704 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:40:11.0603 3704 usbccgp - ok
18:40:11.0681 3704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:40:11.0697 3704 usbcir - ok
18:40:11.0744 3704 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:40:11.0744 3704 usbehci - ok
18:40:11.0791 3704 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:40:11.0806 3704 usbhub - ok
18:40:11.0822 3704 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:40:11.0822 3704 usbohci - ok
18:40:11.0869 3704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:40:11.0869 3704 usbprint - ok
18:40:11.0900 3704 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:40:11.0900 3704 usbscan - ok
18:40:11.0931 3704 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:40:11.0931 3704 USBSTOR - ok
18:40:11.0978 3704 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:40:11.0978 3704 usbuhci - ok
18:40:11.0993 3704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:40:11.0993 3704 UxSms - ok
18:40:12.0025 3704 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:40:12.0025 3704 VaultSvc - ok
18:40:12.0071 3704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:40:12.0071 3704 vdrvroot - ok
18:40:12.0118 3704 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:40:12.0181 3704 vds - ok
18:40:12.0212 3704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:40:12.0212 3704 vga - ok
18:40:12.0227 3704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:40:12.0227 3704 VgaSave - ok
18:40:12.0274 3704 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:40:12.0290 3704 vhdmp - ok
18:40:12.0368 3704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:40:12.0368 3704 viaide - ok
18:40:12.0383 3704 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:40:12.0399 3704 volmgr - ok
18:40:12.0446 3704 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:40:12.0461 3704 volmgrx - ok
18:40:12.0493 3704 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:40:12.0493 3704 volsnap - ok
18:40:12.0524 3704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:40:12.0539 3704 vsmraid - ok
18:40:12.0664 3704 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:40:12.0680 3704 VSS - ok
18:40:12.0789 3704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:40:12.0789 3704 vwifibus - ok
18:40:12.0867 3704 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:40:12.0883 3704 W32Time - ok
18:40:12.0914 3704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:40:12.0914 3704 WacomPen - ok
18:40:12.0945 3704 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:40:12.0945 3704 WANARP - ok
18:40:12.0961 3704 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:40:12.0961 3704 Wanarpv6 - ok
18:40:13.0085 3704 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:40:13.0132 3704 WatAdminSvc - ok
18:40:13.0257 3704 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:40:13.0273 3704 wbengine - ok
18:40:13.0382 3704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:40:13.0382 3704 WbioSrvc - ok
18:40:13.0444 3704 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:40:13.0460 3704 wcncsvc - ok
18:40:13.0475 3704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:40:13.0491 3704 WcsPlugInService - ok
18:40:13.0522 3704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:40:13.0522 3704 Wd - ok
18:40:13.0569 3704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:40:13.0585 3704 Wdf01000 - ok
18:40:13.0600 3704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:40:13.0616 3704 WdiServiceHost - ok
18:40:13.0616 3704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:40:13.0616 3704 WdiSystemHost - ok
18:40:13.0663 3704 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:40:13.0678 3704 WebClient - ok
18:40:13.0709 3704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:40:13.0709 3704 Wecsvc - ok
18:40:13.0741 3704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:40:13.0756 3704 wercplsupport - ok
18:40:13.0772 3704 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:40:13.0787 3704 WerSvc - ok
18:40:13.0803 3704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:40:13.0803 3704 WfpLwf - ok
18:40:13.0850 3704 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
18:40:13.0865 3704 WimFltr - ok
18:40:13.0881 3704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:40:13.0897 3704 WIMMount - ok
18:40:13.0912 3704 WinHttpAutoProxySvc - ok
18:40:13.0990 3704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:40:14.0006 3704 Winmgmt - ok
18:40:14.0177 3704 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:40:14.0209 3704 WinRM - ok
18:40:14.0349 3704 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:40:14.0349 3704 WinUsb - ok
18:40:14.0443 3704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:40:14.0474 3704 Wlansvc - ok
18:40:14.0708 3704 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:40:14.0786 3704 wlidsvc - ok
18:40:14.0879 3704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:40:14.0879 3704 WmiAcpi - ok
18:40:14.0942 3704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:40:14.0942 3704 wmiApSrv - ok
18:40:14.0973 3704 WMPNetworkSvc - ok
18:40:15.0004 3704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:40:15.0004 3704 WPCSvc - ok
18:40:15.0051 3704 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:40:15.0051 3704 WPDBusEnum - ok
18:40:15.0082 3704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:40:15.0082 3704 ws2ifsl - ok
18:40:15.0098 3704 WSearch - ok
18:40:15.0301 3704 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:40:15.0332 3704 wuauserv - ok
18:40:15.0441 3704 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:40:15.0441 3704 WudfPf - ok
18:40:15.0488 3704 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:40:15.0488 3704 WUDFRd - ok
18:40:15.0535 3704 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:40:15.0535 3704 wudfsvc - ok
18:40:15.0566 3704 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:40:15.0581 3704 WwanSvc - ok
18:40:15.0613 3704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:40:15.0878 3704 \Device\Harddisk0\DR0 - ok
18:40:15.0878 3704 Boot (0x1200) (6342789280591a525c8be1c471f24c7b) \Device\Harddisk0\DR0\Partition0
18:40:15.0893 3704 \Device\Harddisk0\DR0\Partition0 - ok
18:40:15.0909 3704 Boot (0x1200) (753eb0e16e5281b7432a9f5755a6b78c) \Device\Harddisk0\DR0\Partition1
18:40:15.0925 3704 \Device\Harddisk0\DR0\Partition1 - ok
18:40:15.0925 3704 ============================================================
18:40:15.0925 3704 Scan finished
18:40:15.0925 3704 ============================================================
18:40:15.0940 3772 Detected object count: 0
18:40:15.0940 3772 Actual detected object count: 0
18:40:32.0051 1968 Deinitialize success





***************************
***************************

aswMBR
------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 18:41:03
-----------------------------
18:41:03.299 OS Version: Windows x64 6.1.7601 Service Pack 1
18:41:03.299 Number of processors: 2 586 0x6B02
18:41:03.299 ComputerName: PC UserName:
18:41:04.407 Initialize success
18:42:08.915 AVAST engine defs: 12070501
18:42:32.721 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:42:32.721 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 11
18:42:32.752 Disk 0 MBR read successfully
18:42:32.752 Disk 0 MBR scan
18:42:32.783 Disk 0 Windows 7 default MBR code
18:42:32.799 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:42:32.830 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19058 MB offset 81920
18:42:32.846 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 286146 MB offset 39112704
18:42:32.877 Disk 0 scanning C:\Windows\system32\drivers
18:42:49.023 Service scanning
18:43:18.632 Modules scanning
18:43:18.648 Disk 0 trace - called modules:
18:43:18.679 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:43:18.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030fd060]
18:43:18.694 3 CLASSPNP.SYS[fffff8800199b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800306d060]
18:43:20.036 AVAST engine scan C:\Windows
18:43:22.376 AVAST engine scan C:\Windows\system32
18:45:36.356 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:45:38.961 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:47:43.800 AVAST engine scan C:\Windows\system32\drivers
18:47:59.801 AVAST engine scan C:\Users\Christine
18:52:15.499 Disk 0 MBR has been saved successfully to "C:\Users\Christine\Documents\Christine\MBR.dat"
18:52:15.513 The log file has been saved successfully to "C:\Users\Christine\Documents\Christine\aswMBR.txt"


*****************
*****************

ESET
----

C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\12SAYI6O\7516fd43adaa5e0b8a65a672c39845d2[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F341GNNS\18[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFM4HJ6T\99[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SD5AR6NG\14[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SD5AR6NG\18[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SD5AR6NG\7516fd43adaa5e0b8a65a672c39845d2[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SD5AR6NG\82[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TWYAO8D6\94[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TWYAO8D6\main[1].htm JS/Kryptik.LB trojan cleaned by deleting - quarantined
C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V5T4EMGX\18[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Christine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W815LFFT\99[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Windows\Installer\{bf38acb9-b71c-8611-8c83-094a23c00ca7}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Windows\Installer\{bf38acb9-b71c-8611-8c83-094a23c00ca7}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{bf38acb9-b71c-8611-8c83-094a23c00ca7}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{bf38acb9-b71c-8611-8c83-094a23c00ca7}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory multiple threats

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 05 July 2012 - 07:18 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{bf38acb9-b71c-8611-8c83-094a23c00ca7}

Click on LOOK,post the generated log

#5 Cbstamm

Cbstamm
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 05 July 2012 - 07:34 PM

Results below:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:32 on 05/07/2012 by Christine
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Temp1234\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{bf38acb9-b71c-8611-8c83-094a23c00ca7}"
C:\Users\Christine\AppData\Local\{bf38acb9-b71c-8611-8c83-094a23c00ca7} d--hs-- [03:40 11/01/2012]
C:\Windows\Installer\{bf38acb9-b71c-8611-8c83-094a23c00ca7} d--hs-- [03:40 11/01/2012]

-= EOF =-

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 05 July 2012 - 07:53 PM

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Christine\AppData\Local\{bf38acb9-b71c-8611-8c83-094a23c00ca7}
C:\Windows\Installer\{bf38acb9-b71c-8611-8c83-094a23c00ca7}


delete both the folders

Post the new system look log

#7 Cbstamm

Cbstamm
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 05 July 2012 - 08:17 PM

I was able to delete the Users subfolder, but not the Windows subfolder. I get a message "Folfer In Use" stating "The action can't be completed because the folder or a file in it is open in another program. Close the folder and try again."



SystemLook 30.07.11 by jpshortstuff
Log created at 21:15 on 05/07/2012 by Christine
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Temp1234\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Temp1234\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{bf38acb9-b71c-8611-8c83-094a23c00ca7}"
C:\Windows\Installer\{bf38acb9-b71c-8611-8c83-094a23c00ca7} d--hs-- [03:40 11/01/2012]

-= EOF =-

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 05 July 2012 - 08:41 PM

Restart the PC and delete the folder

Boot the PC into safemode with networking

Download

avenger

Extract and launch it,click ok

Copy this script in the BOX

Files to delete:
C:\Windows\assembly\GAC_32\Desktop.ini 
C:\Windows\assembly\GAC_64\Desktop.ini

Click on execute,click YES if it asks for reboot

Post the new aswmbr log after reboot

Edited by narenxp, 05 July 2012 - 08:41 PM.


#9 Cbstamm

Cbstamm
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 05 July 2012 - 09:05 PM

Completed steps. Log below.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 21:57:24
-----------------------------
21:57:24.429 OS Version: Windows x64 6.1.7601 Service Pack 1
21:57:24.429 Number of processors: 2 586 0x6B02
21:57:24.429 ComputerName: PC UserName:
21:57:25.318 Initialize success
21:57:36.878 AVAST engine defs: 12070501
21:57:46.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:57:46.456 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 11
21:57:46.488 Disk 0 MBR read successfully
21:57:46.488 Disk 0 MBR scan
21:57:46.503 Disk 0 Windows 7 default MBR code
21:57:46.503 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:57:46.519 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19058 MB offset 81920
21:57:46.534 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 286146 MB offset 39112704
21:57:46.566 Disk 0 scanning C:\Windows\system32\drivers
21:57:58.923 Service scanning
21:58:28.596 Modules scanning
21:58:28.612 Disk 0 trace - called modules:
21:58:28.627 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:58:28.643 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003111700]
21:58:28.643 3 CLASSPNP.SYS[fffff8800165a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80030b1060]
21:58:29.719 AVAST engine scan C:\Windows
21:58:31.950 AVAST engine scan C:\Windows\system32
22:00:42.729 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:00:44.975 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:03:05.689 AVAST engine scan C:\Windows\system32\drivers
22:03:18.449 AVAST engine scan C:\Users\Christine
22:04:56.808 Disk 0 MBR has been saved successfully to "C:\Users\Christine\Documents\Christine\MBR.dat"
22:04:56.839 The log file has been saved successfully to "C:\Users\Christine\Documents\Christine\07052012_2_aswMBR.txt"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 05 July 2012 - 09:15 PM

Can you post the avenger log

c:\avenger.txt

#11 Cbstamm

Cbstamm
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 05 July 2012 - 09:22 PM

I do not see this file in the c drive. Should I try the avenger step again?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 05 July 2012 - 09:23 PM

yes :thumbup2:

#13 Cbstamm

Cbstamm
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 05 July 2012 - 10:01 PM

I tried a few more times and keep getting the same result. I am not seeing a log file for avenger.



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 22:54:18
-----------------------------
22:54:18.693 OS Version: Windows x64 6.1.7601 Service Pack 1
22:54:18.693 Number of processors: 2 586 0x6B02
22:54:18.709 ComputerName: PC UserName:
22:54:19.727 Initialize success
22:54:31.129 AVAST engine defs: 12070501
22:54:43.219 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:54:43.234 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 11
22:54:43.250 Disk 0 MBR read successfully
22:54:43.250 Disk 0 MBR scan
22:54:43.265 Disk 0 Windows 7 default MBR code
22:54:43.265 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:54:43.281 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19058 MB offset 81920
22:54:43.297 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 286146 MB offset 39112704
22:54:43.328 Disk 0 scanning C:\Windows\system32\drivers
22:54:54.560 Service scanning
22:55:23.937 Modules scanning
22:55:23.952 Disk 0 trace - called modules:
22:55:23.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:55:24.483 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800310d060]
22:55:24.498 3 CLASSPNP.SYS[fffff8800197543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800306c5f0]
22:55:25.575 AVAST engine scan C:\Windows
22:55:27.899 AVAST engine scan C:\Windows\system32
22:57:37.427 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:57:39.626 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
22:59:47.378 AVAST engine scan C:\Windows\system32\drivers
23:00:08.999 AVAST engine scan C:\Users\Christine
23:01:00.697 Disk 0 MBR has been saved successfully to "C:\Users\Christine\Documents\Christine\MBR.dat"
23:01:00.713 The log file has been saved successfully to "C:\Users\Christine\Documents\Christine\07052012_4_aswMBR.txt"

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:47 AM

Posted 05 July 2012 - 10:03 PM

We need to use advanced tools here

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Edited by narenxp, 05 July 2012 - 10:03 PM.


#15 Cbstamm

Cbstamm
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 06 July 2012 - 05:02 AM

Thank You - will work on the instructions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users