Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with removal of svchost.exe *32 (winrscmde) Trojan


  • This topic is locked This topic is locked
6 replies to this topic

#1 bigdraca

bigdraca

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 18 July 2012 - 03:01 PM

Hello,

I've recently discovered that a computer in my household has been infected by a svchost.exe *32 winrscmde Trojan. After reviewing the forums it seems that I need further assistance in the removal of this Trojan.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:00 PM

Posted 18 July 2012 - 03:49 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 bigdraca

bigdraca
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 19 July 2012 - 02:13 PM

Thank you!


17:09:34.0807 5364 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
17:09:35.0297 5364 ============================================================
17:09:35.0297 5364 Current date / time: 2012/07/18 17:09:35.0297
17:09:35.0297 5364 SystemInfo:
17:09:35.0297 5364
17:09:35.0297 5364 OS Version: 6.1.7601 ServicePack: 1.0
17:09:35.0297 5364 Product type: Workstation
17:09:35.0297 5364 ComputerName: VINCE-PC
17:09:35.0297 5364 UserName: Vince
17:09:35.0297 5364 Windows directory: C:\Windows
17:09:35.0297 5364 System windows directory: C:\Windows
17:09:35.0297 5364 Running under WOW64
17:09:35.0297 5364 Processor architecture: Intel x64
17:09:35.0297 5364 Number of processors: 2
17:09:35.0297 5364 Page size: 0x1000
17:09:35.0297 5364 Boot type: Normal boot
17:09:35.0297 5364 ============================================================
17:09:36.0457 5364 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:09:36.0467 5364 ============================================================
17:09:36.0467 5364 \Device\Harddisk0\DR0:
17:09:36.0467 5364 MBR partitions:
17:09:36.0467 5364 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
17:09:36.0467 5364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x38753030
17:09:36.0467 5364 ============================================================
17:09:36.0487 5364 C: <-> \Device\Harddisk0\DR0\Partition1
17:09:36.0487 5364 ============================================================
17:09:36.0487 5364 Initialize success
17:09:36.0487 5364 ============================================================
17:10:12.0982 5476 ============================================================
17:10:12.0982 5476 Scan started
17:10:12.0982 5476 Mode: Manual; TDLFS;
17:10:12.0982 5476 ============================================================
17:10:14.0432 5476 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:10:14.0442 5476 1394ohci - ok
17:10:14.0482 5476 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:10:14.0482 5476 ACPI - ok
17:10:14.0512 5476 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:10:14.0512 5476 AcpiPmi - ok
17:10:14.0622 5476 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:10:14.0632 5476 AdobeARMservice - ok
17:10:14.0772 5476 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:10:14.0782 5476 AdobeFlashPlayerUpdateSvc - ok
17:10:14.0862 5476 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:10:14.0872 5476 adp94xx - ok
17:10:14.0912 5476 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:10:14.0922 5476 adpahci - ok
17:10:14.0942 5476 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:10:14.0942 5476 adpu320 - ok
17:10:15.0072 5476 AdvancedSystemCareService5 (e410da575ff48d976b41670c6d262a82) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
17:10:15.0082 5476 AdvancedSystemCareService5 - ok
17:10:15.0112 5476 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:10:15.0112 5476 AeLookupSvc - ok
17:10:15.0182 5476 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:10:15.0192 5476 AFD - ok
17:10:15.0232 5476 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:10:15.0232 5476 agp440 - ok
17:10:15.0252 5476 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:10:15.0252 5476 ALG - ok
17:10:15.0282 5476 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:10:15.0282 5476 aliide - ok
17:10:15.0292 5476 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:10:15.0292 5476 amdide - ok
17:10:15.0312 5476 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:10:15.0322 5476 AmdK8 - ok
17:10:15.0332 5476 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:10:15.0332 5476 AmdPPM - ok
17:10:15.0382 5476 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:10:15.0382 5476 amdsata - ok
17:10:15.0412 5476 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:10:15.0412 5476 amdsbs - ok
17:10:15.0432 5476 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:10:15.0432 5476 amdxata - ok
17:10:15.0512 5476 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
17:10:15.0512 5476 AppHostSvc - ok
17:10:15.0552 5476 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:10:15.0562 5476 AppID - ok
17:10:15.0582 5476 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:10:15.0592 5476 AppIDSvc - ok
17:10:15.0642 5476 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:10:15.0642 5476 Appinfo - ok
17:10:15.0852 5476 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:10:15.0862 5476 Apple Mobile Device - ok
17:10:15.0922 5476 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:10:15.0922 5476 arc - ok
17:10:15.0952 5476 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:10:15.0952 5476 arcsas - ok
17:10:16.0032 5476 aspnet_state (1838f16e9ce03b993fc500703b711dab) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
17:10:16.0042 5476 aspnet_state - ok
17:10:16.0072 5476 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:10:16.0072 5476 AsyncMac - ok
17:10:16.0112 5476 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:10:16.0112 5476 atapi - ok
17:10:16.0192 5476 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:10:16.0212 5476 AudioEndpointBuilder - ok
17:10:16.0222 5476 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:10:16.0222 5476 AudioSrv - ok
17:10:16.0272 5476 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:10:16.0272 5476 AxInstSV - ok
17:10:16.0332 5476 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:10:16.0332 5476 b06bdrv - ok
17:10:16.0372 5476 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:10:16.0372 5476 b57nd60a - ok
17:10:16.0402 5476 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:10:16.0402 5476 BDESVC - ok
17:10:16.0432 5476 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:10:16.0432 5476 Beep - ok
17:10:16.0492 5476 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:10:16.0502 5476 BITS - ok
17:10:16.0532 5476 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:10:16.0532 5476 blbdrive - ok
17:10:16.0662 5476 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:10:16.0672 5476 Bonjour Service - ok
17:10:16.0712 5476 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:10:16.0722 5476 bowser - ok
17:10:16.0752 5476 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:10:16.0752 5476 BrFiltLo - ok
17:10:16.0772 5476 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:10:16.0772 5476 BrFiltUp - ok
17:10:16.0812 5476 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:10:16.0812 5476 Browser - ok
17:10:16.0852 5476 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:10:16.0852 5476 Brserid - ok
17:10:16.0872 5476 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:10:16.0872 5476 BrSerWdm - ok
17:10:16.0902 5476 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:10:16.0902 5476 BrUsbMdm - ok
17:10:16.0922 5476 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:10:16.0922 5476 BrUsbSer - ok
17:10:16.0942 5476 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:10:16.0942 5476 BTHMODEM - ok
17:10:16.0982 5476 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:10:16.0982 5476 bthserv - ok
17:10:17.0002 5476 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:10:17.0002 5476 cdfs - ok
17:10:17.0042 5476 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:10:17.0042 5476 cdrom - ok
17:10:17.0092 5476 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:10:17.0092 5476 CertPropSvc - ok
17:10:17.0122 5476 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:10:17.0122 5476 circlass - ok
17:10:17.0152 5476 CISVC (ff60401f1c659ca2ed4bae85d3fd14da) C:\Windows\system32\CISVC.EXE
17:10:17.0152 5476 CISVC - ok
17:10:17.0192 5476 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:10:17.0202 5476 CLFS - ok
17:10:17.0272 5476 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:10:17.0272 5476 clr_optimization_v2.0.50727_32 - ok
17:10:17.0302 5476 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:10:17.0302 5476 clr_optimization_v2.0.50727_64 - ok
17:10:17.0372 5476 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:10:17.0382 5476 clr_optimization_v4.0.30319_32 - ok
17:10:17.0442 5476 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:10:17.0442 5476 clr_optimization_v4.0.30319_64 - ok
17:10:17.0482 5476 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:10:17.0482 5476 CmBatt - ok
17:10:17.0512 5476 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:10:17.0512 5476 cmdide - ok
17:10:17.0572 5476 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:10:17.0582 5476 CNG - ok
17:10:17.0592 5476 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:10:17.0592 5476 Compbatt - ok
17:10:17.0622 5476 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:10:17.0622 5476 CompositeBus - ok
17:10:17.0632 5476 COMSysApp - ok
17:10:17.0672 5476 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:10:17.0672 5476 crcdisk - ok
17:10:17.0742 5476 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:10:17.0752 5476 CryptSvc - ok
17:10:17.0942 5476 cvhsvc (344546d11d7e6d9f481e9d3abc6e76cb) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:10:17.0942 5476 cvhsvc - ok
17:10:18.0012 5476 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:10:18.0012 5476 DcomLaunch - ok
17:10:18.0062 5476 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:10:18.0062 5476 defragsvc - ok
17:10:18.0102 5476 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:10:18.0102 5476 DfsC - ok
17:10:18.0172 5476 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:10:18.0172 5476 Dhcp - ok
17:10:18.0202 5476 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:10:18.0202 5476 discache - ok
17:10:18.0232 5476 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:10:18.0232 5476 Disk - ok
17:10:18.0282 5476 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:10:18.0282 5476 Dnscache - ok
17:10:18.0332 5476 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:10:18.0342 5476 dot3svc - ok
17:10:18.0372 5476 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:10:18.0382 5476 DPS - ok
17:10:18.0412 5476 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:10:18.0412 5476 drmkaud - ok
17:10:18.0502 5476 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:10:18.0512 5476 DXGKrnl - ok
17:10:18.0532 5476 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:10:18.0532 5476 EapHost - ok
17:10:18.0722 5476 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:10:18.0762 5476 ebdrv - ok
17:10:18.0852 5476 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:10:18.0852 5476 EFS - ok
17:10:18.0942 5476 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:10:18.0952 5476 ehRecvr - ok
17:10:18.0982 5476 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:10:18.0982 5476 ehSched - ok
17:10:19.0062 5476 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:10:19.0072 5476 elxstor - ok
17:10:19.0092 5476 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:10:19.0092 5476 ErrDev - ok
17:10:19.0142 5476 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:10:19.0152 5476 EventSystem - ok
17:10:19.0172 5476 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:10:19.0182 5476 exfat - ok
17:10:19.0202 5476 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:10:19.0202 5476 fastfat - ok
17:10:19.0282 5476 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:10:19.0282 5476 Fax - ok
17:10:19.0312 5476 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:10:19.0312 5476 fdc - ok
17:10:19.0342 5476 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:10:19.0342 5476 fdPHost - ok
17:10:19.0352 5476 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:10:19.0352 5476 FDResPub - ok
17:10:19.0382 5476 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:10:19.0382 5476 FileInfo - ok
17:10:19.0392 5476 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:10:19.0392 5476 Filetrace - ok
17:10:19.0412 5476 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:10:19.0412 5476 flpydisk - ok
17:10:19.0462 5476 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:10:19.0462 5476 FltMgr - ok
17:10:19.0552 5476 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:10:19.0562 5476 FontCache - ok
17:10:19.0632 5476 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:10:19.0632 5476 FontCache3.0.0.0 - ok
17:10:19.0832 5476 ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
17:10:19.0842 5476 ForceWare Intelligent Application Manager (IAM) - ok
17:10:19.0922 5476 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:10:19.0922 5476 FsDepends - ok
17:10:19.0932 5476 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:10:19.0932 5476 Fs_Rec - ok
17:10:20.0022 5476 ftpsvc (a3523a2726cc32b5d8ffbf8251c0295d) C:\Windows\system32\inetsrv\ftpsvc.dll
17:10:20.0032 5476 ftpsvc - ok
17:10:20.0082 5476 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:10:20.0082 5476 fvevol - ok
17:10:20.0113 5476 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:10:20.0113 5476 gagp30kx - ok
17:10:20.0223 5476 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
17:10:20.0233 5476 GameConsoleService - ok
17:10:20.0263 5476 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:10:20.0263 5476 GEARAspiWDM - ok
17:10:20.0353 5476 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:10:20.0353 5476 gpsvc - ok
17:10:20.0413 5476 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
17:10:20.0413 5476 GREGService - ok
17:10:20.0483 5476 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:10:20.0483 5476 gupdate - ok
17:10:20.0503 5476 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:10:20.0503 5476 gupdatem - ok
17:10:20.0533 5476 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:10:20.0533 5476 hcw85cir - ok
17:10:20.0613 5476 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:10:20.0613 5476 HdAudAddService - ok
17:10:20.0653 5476 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:10:20.0653 5476 HDAudBus - ok
17:10:20.0673 5476 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:10:20.0673 5476 HidBatt - ok
17:10:20.0693 5476 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:10:20.0703 5476 HidBth - ok
17:10:20.0713 5476 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:10:20.0713 5476 HidIr - ok
17:10:20.0743 5476 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:10:20.0743 5476 hidserv - ok
17:10:20.0823 5476 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
17:10:20.0823 5476 HidUsb - ok
17:10:20.0863 5476 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:10:20.0873 5476 hkmsvc - ok
17:10:20.0923 5476 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:10:20.0933 5476 HomeGroupListener - ok
17:10:20.0973 5476 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:10:20.0983 5476 HomeGroupProvider - ok
17:10:21.0023 5476 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:10:21.0023 5476 HpSAMD - ok
17:10:21.0103 5476 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:10:21.0114 5476 HTTP - ok
17:10:21.0144 5476 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:10:21.0144 5476 hwpolicy - ok
17:10:21.0184 5476 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:10:21.0184 5476 i8042prt - ok
17:10:21.0244 5476 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:10:21.0254 5476 iaStorV - ok
17:10:21.0374 5476 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:10:21.0384 5476 idsvc - ok
17:10:21.0404 5476 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:10:21.0404 5476 iirsp - ok
17:10:21.0454 5476 IISADMIN (ab55b8a9b13130f638546881ce4425f8) C:\Windows\system32\inetsrv\inetinfo.exe
17:10:21.0454 5476 IISADMIN - ok
17:10:21.0534 5476 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:10:21.0544 5476 IKEEXT - ok
17:10:21.0714 5476 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
17:10:21.0724 5476 IntcAzAudAddService - ok
17:10:21.0854 5476 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:10:21.0854 5476 intelide - ok
17:10:21.0894 5476 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:10:21.0894 5476 intelppm - ok
17:10:21.0934 5476 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:10:21.0944 5476 IPBusEnum - ok
17:10:21.0974 5476 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:10:21.0974 5476 IpFilterDriver - ok
17:10:22.0004 5476 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:10:22.0004 5476 IPMIDRV - ok
17:10:22.0044 5476 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:10:22.0044 5476 IPNAT - ok
17:10:22.0164 5476 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:10:22.0184 5476 iPod Service - ok
17:10:22.0214 5476 iprip (11fe7637a49b67d9b1f895b2ad4d982f) C:\Windows\System32\iprip.dll
17:10:22.0224 5476 iprip - ok
17:10:22.0244 5476 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:10:22.0244 5476 IRENUM - ok
17:10:22.0284 5476 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:10:22.0284 5476 isapnp - ok
17:10:22.0314 5476 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:10:22.0314 5476 iScsiPrt - ok
17:10:22.0334 5476 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:10:22.0334 5476 kbdclass - ok
17:10:22.0354 5476 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:10:22.0364 5476 kbdhid - ok
17:10:22.0384 5476 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:22.0394 5476 KeyIso - ok
17:10:22.0404 5476 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:10:22.0404 5476 KSecDD - ok
17:10:22.0424 5476 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:10:22.0434 5476 KSecPkg - ok
17:10:22.0454 5476 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:10:22.0454 5476 ksthunk - ok
17:10:22.0534 5476 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:10:22.0544 5476 KtmRm - ok
17:10:22.0594 5476 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:10:22.0594 5476 LanmanServer - ok
17:10:22.0634 5476 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:10:22.0634 5476 LanmanWorkstation - ok
17:10:22.0664 5476 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:10:22.0664 5476 lltdio - ok
17:10:22.0724 5476 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:10:22.0724 5476 lltdsvc - ok
17:10:22.0734 5476 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:10:22.0734 5476 lmhosts - ok
17:10:22.0774 5476 LPDSVC (5dcd36fc4a6ecbf6e7f9b3bf7e0d0f55) C:\Windows\system32\lpdsvc.dll
17:10:22.0774 5476 LPDSVC - ok
17:10:22.0834 5476 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:10:22.0834 5476 LSI_FC - ok
17:10:22.0844 5476 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:10:22.0854 5476 LSI_SAS - ok
17:10:22.0854 5476 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:10:22.0854 5476 LSI_SAS2 - ok
17:10:22.0864 5476 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:10:22.0864 5476 LSI_SCSI - ok
17:10:22.0894 5476 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:10:22.0894 5476 luafv - ok
17:10:22.0914 5476 lxdu_device - ok
17:10:22.0954 5476 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:10:22.0954 5476 Mcx2Svc - ok
17:10:22.0974 5476 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:10:22.0984 5476 megasas - ok
17:10:23.0004 5476 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:10:23.0014 5476 MegaSR - ok
17:10:23.0034 5476 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:10:23.0034 5476 MMCSS - ok
17:10:23.0044 5476 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:10:23.0044 5476 Modem - ok
17:10:23.0074 5476 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:10:23.0074 5476 monitor - ok
17:10:23.0114 5476 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:10:23.0114 5476 mouclass - ok
17:10:23.0124 5476 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:10:23.0124 5476 mouhid - ok
17:10:23.0154 5476 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:10:23.0164 5476 mountmgr - ok
17:10:23.0184 5476 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:10:23.0184 5476 mpio - ok
17:10:23.0204 5476 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:10:23.0204 5476 mpsdrv - ok
17:10:23.0224 5476 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
17:10:23.0224 5476 MQAC - ok
17:10:23.0254 5476 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:10:23.0254 5476 MRxDAV - ok
17:10:23.0284 5476 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:10:23.0284 5476 mrxsmb - ok
17:10:23.0334 5476 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:10:23.0344 5476 mrxsmb10 - ok
17:10:23.0364 5476 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:10:23.0364 5476 mrxsmb20 - ok
17:10:23.0394 5476 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:10:23.0394 5476 msahci - ok
17:10:23.0414 5476 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:10:23.0414 5476 msdsm - ok
17:10:23.0454 5476 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:10:23.0454 5476 MSDTC - ok
17:10:23.0484 5476 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:10:23.0484 5476 Msfs - ok
17:10:23.0494 5476 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:10:23.0494 5476 mshidkmdf - ok
17:10:23.0524 5476 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:10:23.0524 5476 msisadrv - ok
17:10:23.0574 5476 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:10:23.0584 5476 MSiSCSI - ok
17:10:23.0584 5476 msiserver - ok
17:10:23.0634 5476 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:10:23.0634 5476 MSKSSRV - ok
17:10:23.0654 5476 MSMQ (faaeaef99e53561beee58f946ca56f0d) C:\Windows\system32\mqsvc.exe
17:10:23.0664 5476 MSMQ - ok
17:10:23.0694 5476 MSMQTriggers (59ed174fd4314b0218dc91f9bfa6cd3d) C:\Windows\system32\mqtgsvc.exe
17:10:23.0704 5476 MSMQTriggers - ok
17:10:23.0724 5476 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:10:23.0724 5476 MSPCLOCK - ok
17:10:23.0744 5476 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:10:23.0744 5476 MSPQM - ok
17:10:23.0824 5476 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:10:23.0834 5476 MsRPC - ok
17:10:23.0864 5476 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:10:23.0864 5476 mssmbios - ok
17:10:23.0904 5476 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:10:23.0904 5476 MSTEE - ok
17:10:23.0924 5476 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:10:23.0924 5476 MTConfig - ok
17:10:23.0944 5476 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:10:23.0944 5476 Mup - ok
17:10:24.0004 5476 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:10:24.0014 5476 napagent - ok
17:10:24.0064 5476 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:10:24.0064 5476 NativeWifiP - ok
17:10:24.0144 5476 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:10:24.0154 5476 NDIS - ok
17:10:24.0164 5476 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:10:24.0164 5476 NdisCap - ok
17:10:24.0204 5476 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:10:24.0204 5476 NdisTapi - ok
17:10:24.0234 5476 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:10:24.0234 5476 Ndisuio - ok
17:10:24.0274 5476 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:10:24.0274 5476 NdisWan - ok
17:10:24.0304 5476 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:10:24.0304 5476 NDProxy - ok
17:10:24.0424 5476 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:10:24.0434 5476 Nero BackItUp Scheduler 4.0 - ok
17:10:24.0464 5476 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:10:24.0464 5476 NetBIOS - ok
17:10:24.0514 5476 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:10:24.0514 5476 NetBT - ok
17:10:24.0534 5476 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:24.0534 5476 Netlogon - ok
17:10:24.0594 5476 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:10:24.0604 5476 Netman - ok
17:10:24.0664 5476 NetMsmqActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:10:24.0674 5476 NetMsmqActivator - ok
17:10:24.0684 5476 NetPipeActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:10:24.0684 5476 NetPipeActivator - ok
17:10:24.0754 5476 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:10:24.0754 5476 netprofm - ok
17:10:24.0764 5476 NetTcpActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:10:24.0764 5476 NetTcpActivator - ok
17:10:24.0764 5476 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:10:24.0764 5476 NetTcpPortSharing - ok
17:10:24.0784 5476 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:10:24.0784 5476 nfrd960 - ok
17:10:24.0854 5476 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:10:24.0864 5476 NlaSvc - ok
17:10:24.0884 5476 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:10:24.0884 5476 Npfs - ok
17:10:24.0904 5476 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:10:24.0904 5476 nsi - ok
17:10:24.0924 5476 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:10:24.0924 5476 nsiproxy - ok
17:10:25.0024 5476 nSvcIp (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
17:10:25.0024 5476 nSvcIp - ok
17:10:25.0164 5476 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:10:25.0184 5476 Ntfs - ok
17:10:25.0274 5476 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:10:25.0274 5476 Null - ok
17:10:25.0324 5476 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
17:10:25.0334 5476 NVENETFD - ok
17:10:26.0064 5476 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:10:26.0124 5476 nvlddmkm - ok
17:10:26.0284 5476 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
17:10:26.0294 5476 NVNET - ok
17:10:26.0334 5476 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:10:26.0334 5476 nvraid - ok
17:10:26.0364 5476 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:10:26.0364 5476 nvstor - ok
17:10:26.0394 5476 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
17:10:26.0394 5476 nvstor64 - ok
17:10:26.0434 5476 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
17:10:26.0434 5476 nvsvc - ok
17:10:26.0464 5476 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:10:26.0464 5476 nv_agp - ok
17:10:26.0494 5476 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:10:26.0494 5476 ohci1394 - ok
17:10:26.0584 5476 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:10:26.0594 5476 ose - ok
17:10:27.0784 5476 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:10:27.0884 5476 osppsvc - ok
17:10:28.0124 5476 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:10:28.0144 5476 p2pimsvc - ok
17:10:28.0194 5476 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:10:28.0204 5476 p2psvc - ok
17:10:28.0244 5476 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:10:28.0244 5476 Parport - ok
17:10:28.0274 5476 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:10:28.0274 5476 partmgr - ok
17:10:28.0304 5476 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:10:28.0334 5476 PcaSvc - ok
17:10:28.0384 5476 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:10:28.0384 5476 pci - ok
17:10:28.0404 5476 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:10:28.0404 5476 pciide - ok
17:10:28.0434 5476 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:10:28.0434 5476 pcmcia - ok
17:10:28.0454 5476 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:10:28.0454 5476 pcw - ok
17:10:28.0554 5476 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:10:28.0574 5476 PEAUTH - ok
17:10:28.0634 5476 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:10:28.0644 5476 PerfHost - ok
17:10:28.0794 5476 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:10:28.0814 5476 pla - ok
17:10:28.0884 5476 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:10:28.0884 5476 PlugPlay - ok
17:10:28.0914 5476 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:10:28.0914 5476 PNRPAutoReg - ok
17:10:28.0944 5476 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:10:28.0944 5476 PNRPsvc - ok
17:10:29.0074 5476 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:10:29.0084 5476 PolicyAgent - ok
17:10:29.0114 5476 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:10:29.0124 5476 Power - ok
17:10:29.0165 5476 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:10:29.0165 5476 PptpMiniport - ok
17:10:29.0185 5476 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:10:29.0185 5476 Processor - ok
17:10:29.0215 5476 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:10:29.0215 5476 ProfSvc - ok
17:10:29.0235 5476 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:29.0235 5476 ProtectedStorage - ok
17:10:29.0285 5476 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:10:29.0285 5476 Psched - ok
17:10:29.0435 5476 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:10:29.0455 5476 ql2300 - ok
17:10:29.0565 5476 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:10:29.0565 5476 ql40xx - ok
17:10:29.0605 5476 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:10:29.0615 5476 QWAVE - ok
17:10:29.0635 5476 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:10:29.0635 5476 QWAVEdrv - ok
17:10:29.0805 5476 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
17:10:29.0815 5476 RapiMgr - ok
17:10:29.0835 5476 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:10:29.0835 5476 RasAcd - ok
17:10:29.0875 5476 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:10:29.0875 5476 RasAgileVpn - ok
17:10:29.0905 5476 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:10:29.0915 5476 RasAuto - ok
17:10:29.0955 5476 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:10:29.0955 5476 Rasl2tp - ok
17:10:30.0035 5476 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:10:30.0045 5476 RasMan - ok
17:10:30.0095 5476 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:10:30.0095 5476 RasPppoe - ok
17:10:30.0105 5476 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:10:30.0105 5476 RasSstp - ok
17:10:30.0155 5476 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:10:30.0155 5476 rdbss - ok
17:10:30.0165 5476 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:10:30.0165 5476 rdpbus - ok
17:10:30.0175 5476 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:10:30.0175 5476 RDPCDD - ok
17:10:30.0215 5476 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:10:30.0215 5476 RDPENCDD - ok
17:10:30.0235 5476 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:10:30.0235 5476 RDPREFMP - ok
17:10:30.0275 5476 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:10:30.0275 5476 RDPWD - ok
17:10:30.0325 5476 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:10:30.0325 5476 rdyboost - ok
17:10:30.0365 5476 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:10:30.0375 5476 RemoteAccess - ok
17:10:30.0415 5476 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:10:30.0415 5476 RemoteRegistry - ok
17:10:30.0455 5476 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
17:10:30.0455 5476 RMCAST - ok
17:10:30.0475 5476 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:10:30.0475 5476 RpcEptMapper - ok
17:10:30.0505 5476 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:10:30.0505 5476 RpcLocator - ok
17:10:30.0555 5476 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:10:30.0565 5476 RpcSs - ok
17:10:30.0605 5476 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:10:30.0615 5476 rspndr - ok
17:10:30.0635 5476 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:30.0645 5476 SamSs - ok
17:10:30.0685 5476 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:10:30.0685 5476 sbp2port - ok
17:10:30.0725 5476 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:10:30.0735 5476 SCardSvr - ok
17:10:30.0765 5476 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:10:30.0765 5476 scfilter - ok
17:10:30.0875 5476 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:10:30.0895 5476 Schedule - ok
17:10:30.0925 5476 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:10:30.0925 5476 SCPolicySvc - ok
17:10:30.0975 5476 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:10:30.0985 5476 SDRSVC - ok
17:10:31.0055 5476 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:10:31.0055 5476 secdrv - ok
17:10:31.0085 5476 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:10:31.0095 5476 seclogon - ok
17:10:31.0125 5476 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:10:31.0125 5476 SENS - ok
17:10:31.0135 5476 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:10:31.0135 5476 SensrSvc - ok
17:10:31.0165 5476 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:10:31.0165 5476 Serenum - ok
17:10:31.0195 5476 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:10:31.0205 5476 Serial - ok
17:10:31.0225 5476 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:10:31.0225 5476 sermouse - ok
17:10:31.0255 5476 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:10:31.0255 5476 SessionEnv - ok
17:10:31.0265 5476 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:10:31.0265 5476 sffdisk - ok
17:10:31.0275 5476 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:10:31.0275 5476 sffp_mmc - ok
17:10:31.0285 5476 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:10:31.0285 5476 sffp_sd - ok
17:10:31.0325 5476 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:10:31.0325 5476 sfloppy - ok
17:10:31.0405 5476 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:10:31.0415 5476 Sftfs - ok
17:10:31.0535 5476 sftlist (08d2b597cc4e26fde43be9f104476f65) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:10:31.0545 5476 sftlist - ok
17:10:31.0585 5476 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:10:31.0595 5476 Sftplay - ok
17:10:31.0615 5476 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:10:31.0615 5476 Sftredir - ok
17:10:31.0625 5476 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:10:31.0625 5476 Sftvol - ok
17:10:31.0665 5476 sftvsa (0ec561d71a733814cff37712cdee2a74) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:10:31.0665 5476 sftvsa - ok
17:10:31.0725 5476 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:10:31.0725 5476 ShellHWDetection - ok
17:10:31.0765 5476 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
17:10:31.0765 5476 simptcp - ok
17:10:31.0795 5476 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:10:31.0795 5476 SiSRaid2 - ok
17:10:31.0815 5476 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:10:31.0815 5476 SiSRaid4 - ok
17:10:31.0835 5476 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:10:31.0845 5476 Smb - ok
17:10:31.0885 5476 SNMP (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe
17:10:31.0885 5476 SNMP - ok
17:10:31.0915 5476 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:10:31.0915 5476 SNMPTRAP - ok
17:10:31.0925 5476 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:10:31.0925 5476 spldr - ok
17:10:31.0995 5476 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:10:31.0995 5476 Spooler - ok
17:10:32.0256 5476 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:10:32.0286 5476 sppsvc - ok
17:10:32.0376 5476 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:10:32.0386 5476 sppuinotify - ok
17:10:32.0446 5476 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:10:32.0456 5476 srv - ok
17:10:32.0486 5476 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:10:32.0496 5476 srv2 - ok
17:10:32.0516 5476 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:10:32.0516 5476 srvnet - ok
17:10:32.0556 5476 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:10:32.0566 5476 SSDPSRV - ok
17:10:32.0586 5476 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:10:32.0586 5476 SstpSvc - ok
17:10:32.0606 5476 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:10:32.0606 5476 stexstor - ok
17:10:32.0676 5476 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:10:32.0686 5476 stisvc - ok
17:10:32.0716 5476 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:10:32.0716 5476 swenum - ok
17:10:32.0776 5476 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:10:32.0776 5476 swprv - ok
17:10:32.0896 5476 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:10:32.0916 5476 SysMain - ok
17:10:33.0006 5476 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:10:33.0016 5476 TabletInputService - ok
17:10:33.0056 5476 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:10:33.0066 5476 TapiSrv - ok
17:10:33.0096 5476 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:10:33.0096 5476 TBS - ok
17:10:33.0276 5476 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:10:33.0286 5476 Tcpip - ok
17:10:33.0546 5476 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:10:33.0566 5476 TCPIP6 - ok
17:10:33.0676 5476 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:10:33.0676 5476 tcpipreg - ok
17:10:33.0736 5476 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:10:33.0746 5476 TDPIPE - ok
17:10:33.0776 5476 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:10:33.0776 5476 TDTCP - ok
17:10:33.0806 5476 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:10:33.0806 5476 tdx - ok
17:10:33.0836 5476 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:10:33.0836 5476 TermDD - ok
17:10:33.0886 5476 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:10:33.0896 5476 TermService - ok
17:10:33.0916 5476 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:10:33.0916 5476 Themes - ok
17:10:33.0936 5476 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:10:33.0936 5476 THREADORDER - ok
17:10:33.0956 5476 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\Windows\System32\tlntsvr.exe
17:10:33.0956 5476 TlntSvr - ok
17:10:33.0976 5476 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:10:33.0976 5476 TrkWks - ok
17:10:34.0046 5476 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:10:34.0046 5476 TrustedInstaller - ok
17:10:34.0086 5476 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:10:34.0086 5476 tssecsrv - ok
17:10:34.0136 5476 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:10:34.0146 5476 TsUsbFlt - ok
17:10:34.0206 5476 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:10:34.0206 5476 tunnel - ok
17:10:34.0236 5476 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:10:34.0236 5476 uagp35 - ok
17:10:34.0286 5476 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:10:34.0286 5476 udfs - ok
17:10:34.0326 5476 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:10:34.0326 5476 UI0Detect - ok
17:10:34.0356 5476 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:10:34.0356 5476 uliagpkx - ok
17:10:34.0386 5476 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:10:34.0386 5476 umbus - ok
17:10:34.0416 5476 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:10:34.0416 5476 UmPass - ok
17:10:34.0506 5476 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
17:10:34.0506 5476 Updater Service - ok
17:10:34.0556 5476 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:10:34.0556 5476 upnphost - ok
17:10:34.0596 5476 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:10:34.0596 5476 USBAAPL64 - ok
17:10:34.0626 5476 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
17:10:34.0626 5476 usbccgp - ok
17:10:34.0656 5476 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:10:34.0656 5476 usbcir - ok
17:10:34.0686 5476 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:10:34.0686 5476 usbehci - ok
17:10:34.0746 5476 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:10:34.0756 5476 usbhub - ok
17:10:34.0766 5476 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:10:34.0766 5476 usbohci - ok
17:10:34.0786 5476 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:10:34.0786 5476 usbprint - ok
17:10:34.0816 5476 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:10:34.0826 5476 usbscan - ok
17:10:34.0846 5476 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:10:34.0846 5476 USBSTOR - ok
17:10:34.0876 5476 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:10:34.0876 5476 usbuhci - ok
17:10:34.0896 5476 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
17:10:34.0896 5476 usb_rndisx - ok
17:10:34.0906 5476 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:10:34.0916 5476 UxSms - ok
17:10:34.0936 5476 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:10:34.0936 5476 VaultSvc - ok
17:10:34.0986 5476 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:10:34.0986 5476 vdrvroot - ok
17:10:35.0076 5476 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:10:35.0086 5476 vds - ok
17:10:35.0116 5476 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:10:35.0126 5476 vga - ok
17:10:35.0136 5476 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:10:35.0146 5476 VgaSave - ok
17:10:35.0187 5476 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:10:35.0187 5476 vhdmp - ok
17:10:35.0197 5476 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:10:35.0197 5476 viaide - ok
17:10:35.0217 5476 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:10:35.0217 5476 volmgr - ok
17:10:35.0277 5476 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:10:35.0277 5476 volmgrx - ok
17:10:35.0327 5476 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:10:35.0337 5476 volsnap - ok
17:10:35.0367 5476 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:10:35.0367 5476 vsmraid - ok
17:10:35.0477 5476 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:10:35.0487 5476 VSS - ok
17:10:35.0587 5476 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:10:35.0597 5476 vwifibus - ok
17:10:35.0657 5476 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:10:35.0667 5476 W32Time - ok
17:10:35.0787 5476 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
17:10:35.0797 5476 W3SVC - ok
17:10:35.0827 5476 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:10:35.0827 5476 WacomPen - ok
17:10:35.0877 5476 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:10:35.0877 5476 WANARP - ok
17:10:35.0887 5476 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:10:35.0887 5476 Wanarpv6 - ok
17:10:35.0917 5476 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
17:10:35.0927 5476 WAS - ok
17:10:36.0017 5476 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:10:36.0027 5476 WatAdminSvc - ok
17:10:36.0157 5476 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:10:36.0177 5476 wbengine - ok
17:10:36.0287 5476 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:10:36.0297 5476 WbioSrvc - ok
17:10:36.0377 5476 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
17:10:36.0387 5476 WcesComm - ok
17:10:36.0437 5476 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:10:36.0447 5476 wcncsvc - ok
17:10:36.0477 5476 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:10:36.0477 5476 WcsPlugInService - ok
17:10:36.0517 5476 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:10:36.0517 5476 Wd - ok
17:10:36.0567 5476 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:10:36.0567 5476 Wdf01000 - ok
17:10:36.0587 5476 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:10:36.0587 5476 WdiServiceHost - ok
17:10:36.0587 5476 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:10:36.0597 5476 WdiSystemHost - ok
17:10:36.0627 5476 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:10:36.0637 5476 WebClient - ok
17:10:36.0657 5476 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:10:36.0657 5476 Wecsvc - ok
17:10:36.0677 5476 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:10:36.0677 5476 wercplsupport - ok
17:10:36.0707 5476 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:10:36.0707 5476 WerSvc - ok
17:10:36.0747 5476 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:10:36.0747 5476 WfpLwf - ok
17:10:36.0767 5476 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:10:36.0767 5476 WIMMount - ok
17:10:36.0767 5476 WinHttpAutoProxySvc - ok
17:10:36.0837 5476 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:10:36.0837 5476 Winmgmt - ok
17:10:36.0977 5476 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:10:37.0007 5476 WinRM - ok
17:10:37.0177 5476 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:10:37.0177 5476 WinUsb - ok
17:10:37.0247 5476 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:10:37.0267 5476 Wlansvc - ok
17:10:37.0377 5476 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:10:37.0417 5476 wlcrasvc - ok
17:10:37.0597 5476 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:10:37.0617 5476 wlidsvc - ok
17:10:37.0767 5476 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:10:37.0767 5476 WmiAcpi - ok
17:10:37.0827 5476 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:10:37.0837 5476 wmiApSrv - ok
17:10:37.0887 5476 WMPNetworkSvc - ok
17:10:37.0917 5476 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe
17:10:37.0917 5476 WMSVC - ok
17:10:37.0947 5476 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:10:37.0957 5476 WPCSvc - ok
17:10:37.0987 5476 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:10:37.0987 5476 WPDBusEnum - ok
17:10:38.0007 5476 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:10:38.0007 5476 ws2ifsl - ok
17:10:38.0007 5476 WSearch - ok
17:10:38.0177 5476 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:10:38.0207 5476 wuauserv - ok
17:10:38.0317 5476 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:10:38.0317 5476 WudfPf - ok
17:10:38.0357 5476 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:10:38.0367 5476 WUDFRd - ok
17:10:38.0397 5476 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:10:38.0407 5476 wudfsvc - ok
17:10:38.0457 5476 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:10:38.0457 5476 WwanSvc - ok
17:10:38.0497 5476 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:10:38.0537 5476 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:10:38.0537 5476 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:10:38.0587 5476 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:10:38.0587 5476 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:10:38.0627 5476 Boot (0x1200) (7f8a94a5e0df110a601c59fb6a1ae568) \Device\Harddisk0\DR0\Partition0
17:10:38.0627 5476 \Device\Harddisk0\DR0\Partition0 - ok
17:10:38.0637 5476 Boot (0x1200) (f48388f2b46ca433951971c7098e4c40) \Device\Harddisk0\DR0\Partition1
17:10:38.0637 5476 \Device\Harddisk0\DR0\Partition1 - ok
17:10:38.0637 5476 ============================================================
17:10:38.0637 5476 Scan finished
17:10:38.0637 5476 ============================================================
17:10:38.0657 5468 Detected object count: 2
17:10:38.0657 5468 Actual detected object count: 2
17:11:12.0661 5468 \Device\Harddisk0\DR0\# - copied to quarantine
17:11:12.0661 5468 \Device\Harddisk0\DR0 - copied to quarantine
17:11:12.0701 5468 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:11:12.0701 5468 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:11:12.0721 5468 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:11:12.0731 5468 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:11:12.0731 5468 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:11:12.0741 5468 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:11:12.0741 5468 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:11:12.0741 5468 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:11:12.0741 5468 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:11:12.0751 5468 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:11:12.0751 5468 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:11:12.0771 5468 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:11:12.0781 5468 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:11:12.0821 5468 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:11:12.0871 5468 \Device\Harddisk0\DR0 - ok
17:11:13.0111 5468 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:11:13.0111 5468 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:11:13.0111 5468 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

-

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-18 17:13:17
-----------------------------
17:13:17.438 OS Version: Windows x64 6.1.7601 Service Pack 1
17:13:17.438 Number of processors: 2 586 0x603
17:13:17.438 ComputerName: VINCE-PC UserName: Vince
17:13:18.588 Initialize success
17:14:33.371 AVAST engine defs: 12071900
17:15:13.576 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
17:15:13.576 Disk 0 Vendor: Hitachi_ JP2O Size: 476940MB BusType: 3
17:15:13.576 Device \Driver\nvstor64 -> MajorFunction fffffa8004c315e8
17:15:13.586 Disk 0 MBR read successfully
17:15:13.586 Disk 0 MBR scan
17:15:13.596 Disk 0 Windows 7 default MBR code
17:15:13.596 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
17:15:13.606 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
17:15:13.616 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462502 MB offset 29566976
17:15:13.636 Disk 0 scanning C:\Windows\system32\drivers
17:15:22.599 Service scanning
17:15:50.793 Modules scanning
17:15:50.793 Disk 0 trace - called modules:
17:15:50.793 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006ac5610]<<52730298.sys >>UNKNOWN [0xfffffa8004c315e8]<<
17:15:50.793 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f5410]
17:15:50.803 3 CLASSPNP.SYS[fffff880019b943f] -> nt!IofCallDriver -> [0xfffffa8004292c70]
17:15:50.803 5 ACPI.sys[fffff88000ed97a1] -> nt!IofCallDriver -> \Device\00000057[0xfffffa8004286190]
17:15:50.803 \Driver\nvstor64[0xfffffa8004aff340] -> IRP_MJ_CREATE -> 0xfffffa8004c315e8
17:15:52.775 AVAST engine scan C:\Windows
17:15:55.945 AVAST engine scan C:\Windows\system32
17:17:36.070 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:17:38.030 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:18:29.541 AVAST engine scan C:\Windows\system32\drivers
17:18:41.783 AVAST engine scan C:\Users\Vince.Vince-PC
17:20:34.077 Disk 0 MBR has been saved successfully to "C:\Users\Vince.Vince-PC\Desktop\MBR.dat"
17:20:34.077 The log file has been saved successfully to "C:\Users\Vince.Vince-PC\Desktop\aswMBR.txt"


-

(ESET)

C:\Windows\Installer\{94530224-37ae-3d47-2f0e-a65fcb599d85}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{94530224-37ae-3d47-2f0e-a65fcb599d85}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{94530224-37ae-3d47-2f0e-a65fcb599d85}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{94530224-37ae-3d47-2f0e-a65fcb599d85}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:00 PM

Posted 19 July 2012 - 02:16 PM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#5 bigdraca

bigdraca
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 19 July 2012 - 03:04 PM

Thank you very much for your assistance and prompt response!

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:00 PM

Posted 19 July 2012 - 03:05 PM

You're welcome :)

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:00 PM

Posted 20 July 2012 - 11:31 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic461463.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users