Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef virus


  • Please log in to reply
15 replies to this topic

#1 Dex1138

Dex1138

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 19 August 2012 - 08:56 AM

Not sure how I got this, I don't recall installing anything lately or visiting any out of the way websites but here it is!

I was websurfing and started getting notified that pages I was going had bad security certs and then I started getting redirected altogether.
MSE identified it as sirefef and claims it cleaned it but no such luck.

Within a few minutes of booting, I get an error saying "You are about to be logged off windows has encountered a critical problem and will restart in one minute please save your work." I'm usually a good Google DIYer but nothing I've come across has worked. Even Safe Mode is not free from this pest.
Tried System Repair. Says there is nothing to fix.
Unable to do a system restore
Tried using ESET fixes. Don't have enough time to run the scan before forced reboot.
I would have no problem nuking the whole thing and doing a new install but there are files I need to get off the PC and it won't stay running long enough to do that.

I'm running Vista 64-bit and thankfully have a laptop (XP) and flash drives.
I don't have a Vista DVD, thanks Gateway! I do have Gateway restore DVDs but don't know if that's the same thing as far as trying to boot from it (if needed)?
Thank you in advance for your help!

Edited by hamluis, 19 August 2012 - 09:55 AM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:40 PM

Posted 19 August 2012 - 08:59 AM

Does the RESTART happens in safemode?(not safemode with networking)

If yes

Restart the PC

Press F8 on bootup

Select REPAIR YOUR COMPUTER

Click on REPAIR

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Can you get to this screen?

#3 Anhydrite

Anhydrite

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 19 August 2012 - 09:04 AM

I just had the same problem. Microsoft security essentials is causing the reboots due to a conflict. I had to uninstall Microsoft Security essentials in order to stop the reboots. It took several tries for it to finish. Then after a last reboot my computer stayed on allowing me to accomplish a system Restor to a restore point over a week ago. Seems to have cleaned Sirefef out for me. I also ran Microsoft defender offline to ensure it was clean as it found it before I did the Restore but was unable to remove it.

Hope this helps.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:40 PM

Posted 19 August 2012 - 09:06 AM

Microsoft security essentials tries to clean INFECTED services.exe which makes system to reboot.

#5 Dex1138

Dex1138
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 19 August 2012 - 09:17 AM

Click on REPAIR

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Can you get to this screen?


Yes, I can get to this screen.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:40 PM

Posted 19 August 2012 - 09:19 AM

Select System restore

If you have restore point before you installed microsoft security essentials restore it or if you have restore point before you were infected would be fine

if there are no restore points

Select command prompt

Type notepad and press ENTER

Click on FILE-OPEN

Now you should be able to see your DRIVES

Let me know the DRIVE LETTER OF BOOT DRIVE

good luck

Edited by narenxp, 19 August 2012 - 09:37 AM.


#7 Dex1138

Dex1138
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 19 August 2012 - 09:38 AM

Hi Narenxp

I had tried a restore yesterday and it didn't work. But for the heck of it while I was waiting for a reply I tried again and it seems like it may have worked. The PC has been up for over 15 minutes without the error/reboot occurring.
Is there anything else I should do as far as cleanup to make sure everything is squeaky clean?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:40 PM

Posted 19 August 2012 - 09:41 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#9 Dex1138

Dex1138
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 20 August 2012 - 05:22 AM

Apologies for the lengthy posts, couldn't find how to upload txt files

10:54:11.0310 0600 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
10:54:11.0590 0600 ============================================================
10:54:11.0590 0600 Current date / time: 2012/08/19 10:54:11.0590
10:54:11.0590 0600 SystemInfo:
10:54:11.0590 0600
10:54:11.0590 0600 OS Version: 6.0.6002 ServicePack: 2.0
10:54:11.0590 0600 Product type: Workstation
10:54:11.0590 0600 ComputerName: OWNER-PC
10:54:11.0590 0600 UserName: Owner
10:54:11.0590 0600 Windows directory: C:\Windows
10:54:11.0590 0600 System windows directory: C:\Windows
10:54:11.0590 0600 Running under WOW64
10:54:11.0590 0600 Processor architecture: Intel x64
10:54:11.0590 0600 Number of processors: 4
10:54:11.0590 0600 Page size: 0x1000
10:54:11.0590 0600 Boot type: Normal boot
10:54:11.0590 0600 ============================================================
10:54:23.0353 0600 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:54:23.0509 0600 ============================================================
10:54:23.0509 0600 \Device\Harddisk0\DR0:
10:54:23.0618 0600 MBR partitions:
10:54:23.0618 0600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1F74186
10:54:23.0618 0600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1F74800, BlocksNum 0x488E2800
10:54:23.0618 0600 ============================================================
10:54:23.0649 0600 C: <-> \Device\Harddisk0\DR0\Partition2
10:54:23.0665 0600 D: <-> \Device\Harddisk0\DR0\Partition1
10:54:23.0665 0600 ============================================================
10:54:23.0665 0600 Initialize success
10:54:23.0665 0600 ============================================================
10:54:33.0116 5476 ============================================================
10:54:33.0116 5476 Scan started
10:54:33.0116 5476 Mode: Manual;
10:54:33.0116 5476 ============================================================
10:54:34.0364 5476 ================ Scan services =============================
10:54:34.0520 5476 [ 1965aaffab07e3fb03c77f81beba3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:54:34.0520 5476 ACPI - ok
10:54:34.0707 5476 [ 2017d497d1f099cb74671539aaacadc3 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:54:34.0707 5476 AcrSch2Svc - ok
10:54:34.0848 5476 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:54:34.0910 5476 AdobeARMservice - ok
10:54:35.0035 5476 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:54:35.0050 5476 AdobeFlashPlayerUpdateSvc - ok
10:54:35.0128 5476 [ f14215e37cf124104575073f782111d2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:54:35.0128 5476 adp94xx - ok
10:54:35.0160 5476 [ 7d05a75e3066861a6610f7ee04ff085c ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:54:35.0160 5476 adpahci - ok
10:54:35.0238 5476 [ 820a201fe08a0c345b3bedbc30e1a77c ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:54:35.0238 5476 adpu160m - ok
10:54:35.0284 5476 [ 9b4ab6854559dc168fbb4c24fc52e794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:54:35.0284 5476 adpu320 - ok
10:54:35.0362 5476 [ 0f421175574bfe0bf2f4d8e910a253bb ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:54:35.0394 5476 AeLookupSvc - ok
10:54:35.0487 5476 [ ae1fce2cd1e99bea89183ba8cd320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
10:54:35.0565 5476 afcdp - ok
10:54:35.0706 5476 [ af44f7e027037628f1fac3c13cde73e6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
10:54:35.0971 5476 afcdpsrv - ok
10:54:36.0033 5476 [ c4f6ce6087760ad70960c9eb130e7943 ] AFD C:\Windows\system32\drivers\afd.sys
10:54:36.0096 5476 AFD - ok
10:54:36.0158 5476 [ ead9c3ab25a3159abd7b05dcac607a61 ] AGCoreService C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe
10:54:36.0189 5476 AGCoreService - ok
10:54:36.0236 5476 [ f6f6793b7f17b550ecfdbd3b229173f7 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:54:36.0236 5476 agp440 - ok
10:54:36.0298 5476 [ 222cb641b4b8a1d1126f8033f9fd6a00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:54:36.0330 5476 aic78xx - ok
10:54:36.0376 5476 [ 5922f4f59b7868f3d74bbbbeb7b825a3 ] ALG C:\Windows\System32\alg.exe
10:54:36.0454 5476 ALG - ok
10:54:36.0501 5476 [ 157d0898d4b73f075ce9fa26b482df98 ] aliide C:\Windows\system32\drivers\aliide.sys
10:54:36.0517 5476 aliide - ok
10:54:37.0468 5476 [ aaa1f9d4cf4c976c21bca8afa2bae6a4 ] AllShare C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
10:54:38.0950 5476 AllShare - ok
10:54:39.0013 5476 [ 20c8a3e435a47f0408a1ea674afa6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:54:39.0169 5476 AMD External Events Utility - ok
10:54:39.0309 5476 AMD FUEL Service - ok
10:54:39.0356 5476 [ 970fa5059e61e30d25307b99903e991e ] amdide C:\Windows\system32\drivers\amdide.sys
10:54:39.0356 5476 amdide - ok
10:54:39.0450 5476 [ 6a2eeb0c4133b20773bb3dd0b7b377b4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
10:54:39.0450 5476 amdiox64 - ok
10:54:39.0481 5476 [ cdc3632a3a5ea4dbb83e46076a3165a1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:54:39.0496 5476 AmdK8 - ok
10:54:39.0964 5476 [ 0b45c18b0f3ee996d25baa4e74884b83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:54:40.0261 5476 amdkmdag - ok
10:54:40.0354 5476 [ 0e57258e5cc4cc7a9a9a877afdf0cec6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:54:40.0386 5476 amdkmdap - ok
10:54:40.0526 5476 [ 5b25d1a753cc3a3edb909bb759ac1098 ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:54:40.0526 5476 AODDriver4.01 - ok
10:54:40.0557 5476 [ 5b25d1a753cc3a3edb909bb759ac1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:54:40.0557 5476 AODDriver4.1 - ok
10:54:40.0620 5476 [ 9c37b3fd5615477cb9a0cd116cf43f5c ] Appinfo C:\Windows\System32\appinfo.dll
10:54:40.0666 5476 Appinfo - ok
10:54:40.0822 5476 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:54:40.0822 5476 Apple Mobile Device - ok
10:54:40.0854 5476 [ ba8417d4765f3988ff921f30f630e303 ] arc C:\Windows\system32\drivers\arc.sys
10:54:40.0854 5476 arc - ok
10:54:40.0916 5476 [ 9d41c435619733b34cc16a511e644b11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:54:40.0916 5476 arcsas - ok
10:54:40.0963 5476 [ 22d13ff3dafec2a80634752b1eaa2de6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:54:40.0994 5476 AsyncMac - ok
10:54:41.0041 5476 [ e68d9b3a3905619732f7fe039466a623 ] atapi C:\Windows\system32\drivers\atapi.sys
10:54:41.0056 5476 atapi - ok
10:54:41.0680 5476 [ 0b45c18b0f3ee996d25baa4e74884b83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:54:41.0805 5476 atikmdag - ok
10:54:41.0883 5476 [ 79318c744693ec983d20e9337a2f8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:54:41.0946 5476 AudioEndpointBuilder - ok
10:54:42.0039 5476 [ 79318c744693ec983d20e9337a2f8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:54:42.0039 5476 AudioSrv - ok
10:54:42.0133 5476 [ 7692f4b242e45870873caf4cb85cf769 ] AxAutoMntSrv C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
10:54:42.0211 5476 AxAutoMntSrv - ok
10:54:42.0320 5476 [ 1777e5ac9fc74f7991b2aba25ea34759 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:54:42.0351 5476 b57nd60a - ok
10:54:42.0429 5476 [ a2160c5d70f3517fc7356b689abd6fcd ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl664.sys
10:54:42.0492 5476 BCM43XV - ok
10:54:42.0585 5476 [ ffb96c2589ffa60473ead78b39fbde29 ] BFE C:\Windows\System32\bfe.dll
10:54:42.0679 5476 BFE - ok
10:54:42.0913 5476 [ 6d316f4859634071cc25c4fd4589ad2c ] BITS C:\Windows\System32\qmgr.dll
10:54:43.0069 5476 BITS - ok
10:54:43.0084 5476 [ 79feeb40056683f8f61398d81dda65d2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:54:43.0116 5476 blbdrive - ok
10:54:43.0178 5476 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:54:43.0178 5476 Bonjour Service - ok
10:54:43.0225 5476 [ 2348447a80920b2493a9b582a23e81e1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:54:43.0256 5476 bowser - ok
10:54:43.0303 5476 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:54:43.0334 5476 BrFiltLo - ok
10:54:43.0365 5476 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:54:43.0381 5476 BrFiltUp - ok
10:54:43.0443 5476 [ a1b39de453433b115b4ea69ee0343816 ] Browser C:\Windows\System32\browser.dll
10:54:43.0521 5476 Browser - ok
10:54:43.0584 5476 [ f0f0ba4d815be446aa6a4583ca3bca9b ] Brserid C:\Windows\system32\drivers\brserid.sys
10:54:43.0708 5476 Brserid - ok
10:54:43.0786 5476 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:54:43.0818 5476 BrSerWdm - ok
10:54:43.0833 5476 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:54:43.0864 5476 BrUsbMdm - ok
10:54:43.0911 5476 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:54:43.0927 5476 BrUsbSer - ok
10:54:43.0974 5476 [ e0777b34e05f8a82a21856efc900c29f ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:54:43.0989 5476 BTHMODEM - ok
10:54:44.0067 5476 [ 797c36e597f9fc4efd88e6e0e98abe37 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
10:54:44.0161 5476 CAXHWBS2 - ok
10:54:44.0208 5476 [ b4d787db8d30793a4d4df9feed18f136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:54:44.0223 5476 cdfs - ok
10:54:44.0286 5476 [ c025aa69be3d0d25c7a2e746ef6f94fc ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:54:44.0317 5476 cdrom - ok
10:54:44.0379 5476 [ 5a268127633c7ee2a7fb87f39d748d56 ] CertPropSvc C:\Windows\System32\certprop.dll
10:54:44.0426 5476 CertPropSvc - ok
10:54:44.0488 5476 [ 02ea568d498bbdd4ba55bf3fce34d456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:54:44.0504 5476 circlass - ok
10:54:44.0551 5476 [ 3dca9a18b204939cfb24bea53e31eb48 ] CLFS C:\Windows\system32\CLFS.sys
10:54:44.0644 5476 CLFS - ok
10:54:44.0863 5476 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:54:44.0925 5476 clr_optimization_v2.0.50727_32 - ok
10:54:44.0972 5476 [ ce07a466201096f021cd09d631b21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:54:45.0034 5476 clr_optimization_v2.0.50727_64 - ok
10:54:45.0097 5476 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:54:45.0128 5476 clr_optimization_v4.0.30319_32 - ok
10:54:45.0206 5476 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:54:45.0237 5476 clr_optimization_v4.0.30319_64 - ok
10:54:45.0315 5476 [ b52d9a14ce4101577900a364ba86f3df ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:54:45.0331 5476 CmBatt - ok
10:54:45.0362 5476 [ e5d5499a1c50a54b5161296b6afe6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:54:45.0393 5476 cmdide - ok
10:54:45.0456 5476 [ 7fb8ad01db0eabe60c8a861531a8f431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:54:45.0471 5476 Compbatt - ok
10:54:45.0487 5476 COMSysApp - ok
10:54:45.0487 5476 [ a8585b6412253803ce8efcbd6d6dc15c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:54:45.0518 5476 crcdisk - ok
10:54:45.0580 5476 [ 62740b9d2a137e8ced41a9e4239a7a31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:54:45.0674 5476 CryptSvc - ok
10:54:45.0736 5476 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] DcomLaunch C:\Windows\system32\rpcss.dll
10:54:45.0768 5476 DcomLaunch - ok
10:54:45.0830 5476 [ 8b722ba35205c71e7951cdc4cdbade19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:54:45.0908 5476 DfsC - ok
10:54:46.0142 5476 [ c647f468f7de343df8c143655c5557d4 ] DFSR C:\Windows\system32\DFSR.exe
10:54:46.0516 5476 DFSR - ok
10:54:46.0579 5476 [ 3ed0321127ce70acdaabbf77e157c2a7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:54:46.0657 5476 Dhcp - ok
10:54:46.0688 5476 [ b0107e40ecdb5fa692ebf832f295d905 ] disk C:\Windows\system32\drivers\disk.sys
10:54:46.0704 5476 disk - ok
10:54:46.0797 5476 [ 06230f1b721494a6df8d47fd395bb1b0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:54:46.0844 5476 Dnscache - ok
10:54:46.0906 5476 [ 1a7156dd1e850e9914e5e991e3225b94 ] dot3svc C:\Windows\System32\dot3svc.dll
10:54:47.0000 5476 dot3svc - ok
10:54:47.0047 5476 [ 1583b39790db3eaec7edb0cb0140c708 ] DPS C:\Windows\system32\dps.dll
10:54:47.0156 5476 DPS - ok
10:54:47.0187 5476 [ f1a78a98cfc2ee02144c6bec945447e6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:54:47.0218 5476 drmkaud - ok
10:54:47.0328 5476 [ 9f98d7afa293947a0dfc6ffd4671fe70 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:54:47.0437 5476 dtsoftbus01 - ok
10:54:47.0515 5476 [ b8e554e502d5123bc111f99d6a2181b4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:54:47.0562 5476 DXGKrnl - ok
10:54:47.0624 5476 [ 264cee7b031a9d6c827f3d0cb031f2fe ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
10:54:47.0702 5476 E1G60 - ok
10:54:47.0764 5476 [ c2303883fd9be49dc36a6400643002ea ] EapHost C:\Windows\System32\eapsvc.dll
10:54:47.0827 5476 EapHost - ok
10:54:47.0905 5476 [ 5f94962be5a62db6e447ff6470c4f48a ] Ecache C:\Windows\system32\drivers\ecache.sys
10:54:48.0030 5476 Ecache - ok
10:54:48.0076 5476 [ 14ce384d2e27b64c256bda4dc39c312d ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:54:48.0201 5476 ehRecvr - ok
10:54:48.0232 5476 [ b93159c1313d66fdfbbe876f5189cd52 ] ehSched C:\Windows\ehome\ehsched.exe
10:54:48.0326 5476 ehSched - ok
10:54:48.0373 5476 [ f5ee2527d74449868e3c3227a59bcd28 ] ehstart C:\Windows\ehome\ehstart.dll
10:54:48.0420 5476 ehstart - ok
10:54:48.0451 5476 [ c4636d6e10469404ab5308d9fd45ed07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:54:48.0498 5476 elxstor - ok
10:54:48.0607 5476 [ a9b18b63a4fd6baab83326706d857fab ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:54:48.0622 5476 EMDMgmt - ok
10:54:48.0685 5476 [ bc3a58e938bb277e46bf4b3003b01abd ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:54:48.0700 5476 ErrDev - ok
10:54:48.0794 5476 [ e12f22b73f153dece721cd45ec05b4af ] EventSystem C:\Windows\system32\es.dll
10:54:48.0810 5476 EventSystem - ok
10:54:48.0841 5476 [ 486844f47b6636044a42454614ed4523 ] exfat C:\Windows\system32\drivers\exfat.sys
10:54:48.0903 5476 exfat - ok
10:54:48.0919 5476 [ 1a4bee34277784619ddaf0422c0c6e23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:54:48.0966 5476 fastfat - ok
10:54:48.0997 5476 [ 81b79b6df71fa1d2c6d688d830616e39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:54:49.0012 5476 fdc - ok
10:54:49.0044 5476 [ bb9267acacd8b7533dd936c34a0cba5e ] fdPHost C:\Windows\system32\fdPHost.dll
10:54:49.0090 5476 fdPHost - ok
10:54:49.0168 5476 [ 300c80931eabbe1db7591c516efe8d0f ] FDResPub C:\Windows\system32\fdrespub.dll
10:54:49.0215 5476 FDResPub - ok
10:54:49.0262 5476 [ 457b7d1d533e4bd62a99aed9c7bb4c59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:54:49.0293 5476 FileInfo - ok
10:54:49.0340 5476 [ d421327fd6efccaf884a54c58e1b0d7f ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:54:49.0371 5476 Filetrace - ok
10:54:49.0418 5476 [ 230923ea2b80f79b0f88d90f87b87ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:54:49.0434 5476 flpydisk - ok
10:54:49.0449 5476 [ e3041bc26d6930d61f42aedb79c91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:54:49.0543 5476 FltMgr - ok
10:54:49.0636 5476 [ be1c5bd1ca7ed015bc6fa1ae67e592c8 ] FontCache C:\Windows\system32\FntCache.dll
10:54:49.0777 5476 FontCache - ok
10:54:49.0824 5476 [ bc5b0be5af3510b0fd8c140ee42c6d3e ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:54:49.0855 5476 FontCache3.0.0.0 - ok
10:54:49.0933 5476 [ dc0dce4ec2c5d2cf6472f9fd6aa9a7dc ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:54:49.0964 5476 fssfltr - ok
10:54:50.0214 5476 [ 40cdfad174b3d5e80f95dda003c0b97f ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:54:50.0635 5476 fsssvc - ok
10:54:50.0697 5476 [ 5779b86cd8b32519fbecb136394d946a ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:54:50.0728 5476 Fs_Rec - ok
10:54:50.0775 5476 [ c8e416668d3dc2be3d4fe4c79224997f ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:54:50.0806 5476 gagp30kx - ok
10:54:50.0900 5476 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:54:50.0931 5476 GEARAspiWDM - ok
10:54:50.0962 5476 [ a0e1b575ba8f504968cd40c0faeb2384 ] gpsvc C:\Windows\System32\gpsvc.dll
10:54:51.0087 5476 gpsvc - ok
10:54:51.0134 5476 [ df45f8142dc6df9d18c39b3effbd0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:54:51.0181 5476 HdAudAddService - ok
10:54:51.0274 5476 [ f942c5820205f2fb453243edfec82a3d ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:54:51.0368 5476 HDAudBus - ok
10:54:51.0399 5476 [ b4881c84a180e75b8c25dc1d726c375f ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:54:51.0415 5476 HidBth - ok
10:54:51.0446 5476 [ 5f47839455d01ff6403b008d481a6f5b ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:54:51.0477 5476 HidIr - ok
10:54:51.0524 5476 [ 59361d38a297755d46a540e450202b2a ] hidserv C:\Windows\system32\hidserv.dll
10:54:51.0571 5476 hidserv - ok
10:54:51.0649 5476 [ 443bdd2d30bb4f00795c797e2cf99edf ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:54:51.0664 5476 HidUsb - ok
10:54:51.0727 5476 [ b12f367ea39c0795fd57e31242ce1a5a ] hkmsvc C:\Windows\system32\kmsvc.dll
10:54:51.0789 5476 hkmsvc - ok
10:54:51.0820 5476 [ d7109a1e6bd2dfdbcba72a6bc626a13b ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:54:51.0836 5476 HpCISSs - ok
10:54:51.0898 5476 [ 1e260b33f6555146a0b826f047238c00 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
10:54:52.0070 5476 HSF_DPV - ok
10:54:52.0179 5476 [ 098f1e4e5c9cb5b0063a959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:54:52.0226 5476 HTTP - ok
10:54:52.0273 5476 [ da94c854cea5fac549d4e1f6e88349e8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:54:52.0288 5476 i2omp - ok
10:54:52.0351 5476 [ cbb597659a2713ce0c9cc20c88c7591f ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:54:52.0366 5476 i8042prt - ok
10:54:52.0398 5476 [ 3e3bf3627d886736d0b4e90054f929f6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:54:52.0522 5476 iaStorV - ok
10:54:52.0741 5476 [ 749f5f8cedca70f2a512945325fc489d ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:54:52.0850 5476 idsvc - ok
10:54:52.0866 5476 [ 8c3951ad2fe886ef76c7b5027c3125d3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:54:52.0897 5476 iirsp - ok
10:54:53.0006 5476 [ 0c9ea6e654e7b0471741e343a6c671af ] IKEEXT C:\Windows\System32\ikeext.dll
10:54:53.0115 5476 IKEEXT - ok
10:54:53.0224 5476 [ e28d6b50a12bfa3df0bd7c31e19599f3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:54:53.0271 5476 IntcAzAudAddService - ok
10:54:53.0318 5476 [ df797a12176f11b2d301c5b234bb200e ] intelide C:\Windows\system32\drivers\intelide.sys
10:54:53.0334 5476 intelide - ok
10:54:53.0396 5476 [ bfd84af32fa1bad6231c4585cb469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:54:53.0412 5476 intelppm - ok
10:54:53.0458 5476 [ 5624bc1bc5eeb49c0ab76a8114f05ea3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:54:53.0521 5476 IPBusEnum - ok
10:54:53.0568 5476 [ d8aabc341311e4780d6fce8c73c0ad81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:54:53.0599 5476 IpFilterDriver - ok
10:54:53.0630 5476 [ bf0dbfa9792c5c14fa00f61c75116c1b ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:54:53.0739 5476 iphlpsvc - ok
10:54:53.0755 5476 IpInIp - ok
10:54:53.0817 5476 [ 9c2ee2e6e5a7203bfae15c299475ec67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:54:53.0833 5476 IPMIDRV - ok
10:54:53.0880 5476 [ b7e6212f581ea5f6ab0c3a6ceeeb89be ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:54:53.0958 5476 IPNAT - ok
10:54:54.0114 5476 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:54:54.0129 5476 iPod Service - ok
10:54:54.0160 5476 [ 8c42ca155343a2f11d29feca67faa88d ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:54:54.0192 5476 IRENUM - ok
10:54:54.0254 5476 [ 0672bfcedc6fc468a2b0500d81437f4f ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:54:54.0270 5476 isapnp - ok
10:54:54.0316 5476 [ e4fdf99599f27ec25d2cf6d754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:54:54.0348 5476 iScsiPrt - ok
10:54:54.0394 5476 [ 63c766cdc609ff8206cb447a65abba4a ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:54:54.0426 5476 iteatapi - ok
10:54:54.0472 5476 [ 1281fe73b17664631d12f643cbea3f59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:54:54.0504 5476 iteraid - ok
10:54:54.0519 5476 [ 423696f3ba6472dd17699209b933bc26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:54:54.0550 5476 kbdclass - ok
10:54:54.0613 5476 [ dbdf75d51464fbc47d0104ec3d572c05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:54:54.0644 5476 kbdhid - ok
10:54:54.0691 5476 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] KeyIso C:\Windows\system32\lsass.exe
10:54:54.0722 5476 KeyIso - ok
10:54:54.0940 5476 [ 1a8d8cb042e2724385227f1a19a8decc ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
10:54:55.0190 5476 Kodak AiO Network Discovery Service - ok
10:54:55.0268 5476 [ 88956ad9fa510848ad176777a6c6c1f5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:54:55.0346 5476 KSecDD - ok
10:54:55.0377 5476 [ 1d419cf43db29396ecd7113d129d94eb ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:54:55.0408 5476 ksthunk - ok
10:54:55.0486 5476 [ 1faf6926f3416d3da05c5b265491bdae ] KtmRm C:\Windows\system32\msdtckrm.dll
10:54:55.0580 5476 KtmRm - ok
10:54:55.0627 5476 [ 50c7a3cb427e9bb5ed0708a669956ab5 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:54:55.0720 5476 LanmanServer - ok
10:54:55.0798 5476 [ caf86fc1388be1e470f1a7b43e348adb ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:54:55.0861 5476 LanmanWorkstation - ok
10:54:56.0048 5476 [ 19eff704cd16dd0429e128431f1dd631 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:54:56.0251 5476 LBTServ - ok
10:54:56.0344 5476 [ abfd2b5726f4cce49297ae48806cc594 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
10:54:56.0376 5476 LEqdUsb - ok
10:54:56.0407 5476 [ 933f69cf9acd2498693bfcd7ed68e8d4 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
10:54:56.0438 5476 LHidEqd - ok
10:54:56.0500 5476 [ 1074c77a47835e03c15bf92452f9a750 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:54:56.0532 5476 LHidFilt - ok
10:54:56.0625 5476 [ 511e99ac5e322283df6a752001cebf05 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:54:56.0766 5476 LightScribeService - ok
10:54:56.0812 5476 [ 96ece2659b6654c10a0c310ae3a6d02c ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:54:56.0844 5476 lltdio - ok
10:54:56.0937 5476 [ 961ccbd0b1ccb5675d64976fae37d092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:54:57.0015 5476 lltdsvc - ok
10:54:57.0046 5476 [ a47f8080cacc23c91fe823ad19aa5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:54:57.0093 5476 lmhosts - ok
10:54:57.0140 5476 [ 96999c364c649e2866a268f7420a304a ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:54:57.0171 5476 LMouFilt - ok
10:54:57.0218 5476 [ acbe1af32d3123e330a07bfbc5ec4a9b ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:54:57.0249 5476 LSI_FC - ok
10:54:57.0327 5476 [ 799ffb2fc4729fa46d2157c0065b3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:54:57.0358 5476 LSI_SAS - ok
10:54:57.0436 5476 [ f445ff1daad8a226366bfaf42551226b ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:54:57.0452 5476 LSI_SCSI - ok
10:54:57.0499 5476 [ 52f87b9cc8932c2a7375c3b2a9be5e3e ] luafv C:\Windows\system32\drivers\luafv.sys
10:54:57.0546 5476 luafv - ok
10:54:57.0577 5476 [ 76a58df02bd4ea29f189b82d0bef17f8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:54:57.0624 5476 Mcx2Svc - ok
10:54:57.0670 5476 [ e4f44ec214b3e381e1fc844a02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:54:57.0702 5476 mdmxsdk - ok
10:54:57.0764 5476 [ 5c5cd6aaced32fb26c3fb34b3dcf972f ] megasas C:\Windows\system32\drivers\megasas.sys
10:54:57.0795 5476 megasas - ok
10:54:57.0858 5476 [ 859bc2436b076c77c159ed694acfe8f8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
10:54:57.0936 5476 MegaSR - ok
10:54:58.0029 5476 Microsoft SharePoint Workspace Audit Service - ok
10:54:58.0045 5476 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] MMCSS C:\Windows\system32\mmcss.dll
10:54:58.0092 5476 MMCSS - ok
10:54:58.0154 5476 [ 59848d5cc74606f0ee7557983bb73c2e ] Modem C:\Windows\system32\drivers\modem.sys
10:54:58.0170 5476 Modem - ok
10:54:58.0185 5476 [ c247cc2a57e0a0c8c6dccf7807b3e9e5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:54:58.0216 5476 monitor - ok
10:54:58.0263 5476 [ 9367304e5e412b120cf5f4ea14e4e4f1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:54:58.0279 5476 mouclass - ok
10:54:58.0341 5476 [ c2c2bd5c5ce5aaf786ddd74b75d2ac69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:54:58.0357 5476 mouhid - ok
10:54:58.0419 5476 [ 11bc9b1e8801b01f7f6adb9ead30019b ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:54:58.0450 5476 MountMgr - ok
10:54:58.0544 5476 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:54:58.0669 5476 MozillaMaintenance - ok
10:54:58.0684 5476 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:54:58.0716 5476 MpFilter - ok
10:54:58.0762 5476 [ f8276eb8698142884498a528dfea8478 ] mpio C:\Windows\system32\drivers\mpio.sys
10:54:58.0794 5476 mpio - ok
10:54:58.0840 5476 [ c92b9abdb65a5991e00c28f13491dba2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:54:58.0887 5476 mpsdrv - ok
10:54:58.0965 5476 [ 897e3baf68ba406a61682ae39c83900c ] MpsSvc C:\Windows\system32\mpssvc.dll
10:54:59.0074 5476 MpsSvc - ok
10:54:59.0121 5476 [ 3c200630a89ef2c0864d515b7a75802e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:54:59.0152 5476 Mraid35x - ok
10:54:59.0230 5476 [ 7c1de4aa96dc0c071611f9e7de02a68d ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:54:59.0371 5476 MRxDAV - ok
10:54:59.0418 5476 [ 1485811b320ff8c7edad1caebb1c6c2b ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:54:59.0511 5476 mrxsmb - ok
10:54:59.0542 5476 [ 3b929a60c833fc615fd97fba82bc7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:54:59.0589 5476 mrxsmb10 - ok
10:54:59.0652 5476 [ c64ab3e1f53b4f5b5bb6d796b2d7bec3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:54:59.0683 5476 mrxsmb20 - ok
10:54:59.0714 5476 [ 1ac860612b85d8e85ee257d372e39f4d ] msahci C:\Windows\system32\drivers\msahci.sys
10:54:59.0730 5476 msahci - ok
10:54:59.0808 5476 [ 906ab4c23d7a5fa9dcc3260f7e11713a ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
10:54:59.0808 5476 MSCamSvc - ok
10:54:59.0854 5476 [ 264bbb4aaf312a485f0e44b65a6b7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:54:59.0886 5476 msdsm - ok
10:54:59.0948 5476 [ 7ec02ce772f068ed0beafa3da341a9bc ] MSDTC C:\Windows\System32\msdtc.exe
10:54:59.0995 5476 MSDTC - ok
10:55:00.0026 5476 [ 704f59bfc4512d2bb0146aec31b10a7c ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:55:00.0057 5476 Msfs - ok
10:55:00.0120 5476 [ 33b423eba075d0cc40353c72e96eba55 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
10:55:00.0151 5476 MSHUSBVideo - ok
10:55:00.0213 5476 [ 00ebc952961664780d43dca157e79b27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:55:00.0229 5476 msisadrv - ok
10:55:00.0307 5476 [ 366b0c1f4478b519c181e37d43dcda32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:55:00.0400 5476 MSiSCSI - ok
10:55:00.0400 5476 msiserver - ok
10:55:00.0447 5476 [ 0ea73e498f53b96d83dbfca074ad4cf8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:55:00.0463 5476 MSKSSRV - ok
10:55:00.0541 5476 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:55:00.0556 5476 MsMpSvc - ok
10:55:00.0572 5476 [ 52e59b7e992a58e740aa63f57edbae8b ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:55:00.0588 5476 MSPCLOCK - ok
10:55:00.0619 5476 [ 49084a75bae043ae02d5b44d02991bb2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:55:00.0634 5476 MSPQM - ok
10:55:00.0681 5476 [ dc6ccf440cdede4293db41c37a5060a5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:55:00.0775 5476 MsRPC - ok
10:55:00.0837 5476 [ 855796e59df77ea93af46f20155bf55b ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:55:00.0853 5476 mssmbios - ok
10:55:00.0900 5476 [ 86d632d75d05d5b7c7c043fa3564ae86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:55:00.0931 5476 MSTEE - ok
10:55:01.0009 5476 [ 0cc49f78d8aca0877d885f149084e543 ] Mup C:\Windows\system32\Drivers\mup.sys
10:55:01.0040 5476 Mup - ok
10:55:01.0102 5476 [ a5b10c845e7538c60c0f5d87a57cb3f5 ] napagent C:\Windows\system32\qagentRT.dll
10:55:01.0118 5476 napagent - ok
10:55:01.0165 5476 [ 2007b826c4acd94ae32232b41f0842b9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:55:01.0196 5476 NativeWifiP - ok
10:55:01.0243 5476 [ 65950e07329fcee8e6516b17c8d0abb6 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:55:01.0305 5476 NDIS - ok
10:55:01.0336 5476 [ 64df698a425478e321981431ac171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:55:01.0352 5476 NdisTapi - ok
10:55:01.0368 5476 [ 8baa43196d7b5bb972c9a6b2bbf61a19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:55:01.0383 5476 Ndisuio - ok
10:55:01.0430 5476 [ f8158771905260982ce724076419ef19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:55:01.0461 5476 NdisWan - ok
10:55:01.0555 5476 [ 9cb77ed7cb72850253e973a2d6afdf49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:55:01.0570 5476 NDProxy - ok
10:55:01.0633 5476 [ a499294f5029a7862adc115bda7371ce ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:55:01.0664 5476 NetBIOS - ok
10:55:01.0711 5476 [ fc2c792ebddc8e28df939d6a92c83d61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:55:01.0773 5476 netbt - ok
10:55:01.0851 5476 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] Netlogon C:\Windows\system32\lsass.exe
10:55:01.0851 5476 Netlogon - ok
10:55:01.0882 5476 [ 9b63b29defc0f3115a559d2597bf5d75 ] Netman C:\Windows\System32\netman.dll
10:55:02.0023 5476 Netman - ok
10:55:02.0054 5476 [ 7846d0136cc2b264926a73047ba7688a ] netprofm C:\Windows\System32\netprofm.dll
10:55:02.0148 5476 netprofm - ok
10:55:02.0226 5476 [ 74751dda198165947fd7454d83f49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:55:02.0288 5476 NetTcpPortSharing - ok
10:55:02.0319 5476 [ 4ac08bd6af2df42e0c3196d826c8aea7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:55:02.0335 5476 nfrd960 - ok
10:55:02.0413 5476 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:55:02.0444 5476 NisDrv - ok
10:55:02.0475 5476 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
10:55:02.0553 5476 NisSrv - ok
10:55:02.0584 5476 [ f145bf4c4668e7e312069f81ef847cfc ] NlaSvc C:\Windows\System32\nlasvc.dll
10:55:02.0694 5476 NlaSvc - ok
10:55:02.0803 5476 [ b298874f8e0ea93f06ec40aa8d146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:55:02.0834 5476 Npfs - ok
10:55:02.0865 5476 [ acb62baa1c319b17752553df3026eeeb ] nsi C:\Windows\system32\nsisvc.dll
10:55:02.0912 5476 nsi - ok
10:55:02.0943 5476 [ 1523af19ee8b030ba682f7a53537eaeb ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:55:02.0974 5476 nsiproxy - ok
10:55:03.0099 5476 [ bac869dfb98e499ba4d9bb1fb43270e1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:55:03.0240 5476 Ntfs - ok
10:55:03.0255 5476 [ dd5d684975352b85b52e3fd5347c20cb ] Null C:\Windows\system32\drivers\Null.sys
10:55:03.0271 5476 Null - ok
10:55:03.0318 5476 [ 2c040b7ada5b06f6facadac8514aa034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:55:03.0349 5476 nvraid - ok
10:55:03.0396 5476 [ f7ea0fe82842d05eda3efdd376dbfdba ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:55:03.0427 5476 nvstor - ok
10:55:03.0474 5476 [ 19067ca93075ef4823e3938a686f532f ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:55:03.0505 5476 nv_agp - ok
10:55:03.0520 5476 NwlnkFlt - ok
10:55:03.0536 5476 NwlnkFwd - ok
10:55:03.0614 5476 [ b5b1ce65ac15bbd11c0619e3ef7cfc28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:55:03.0630 5476 ohci1394 - ok
10:55:03.0692 5476 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:55:03.0770 5476 ose - ok
10:55:04.0082 5476 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:55:04.0831 5476 osppsvc - ok
10:55:04.0878 5476 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:55:05.0002 5476 p2pimsvc - ok
10:55:05.0065 5476 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2psvc C:\Windows\system32\p2psvc.dll
10:55:05.0080 5476 p2psvc - ok
10:55:05.0127 5476 [ 4c6a7fd04ddf4db88791048382e3edb1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:55:05.0158 5476 Parport - ok
10:55:05.0221 5476 [ b43751085e2abe389da466bc62a4b987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:55:05.0252 5476 partmgr - ok
10:55:05.0314 5476 [ 9ab157b374192ff276c1628fbdba2b0e ] PcaSvc C:\Windows\System32\pcasvc.dll
10:55:05.0361 5476 PcaSvc - ok
10:55:05.0408 5476 [ 47ab1e0fc9d0e12bb53ba246e3a0906d ] pci C:\Windows\system32\drivers\pci.sys
10:55:05.0486 5476 pci - ok
10:55:05.0533 5476 [ 2657f6c0b78c36d95034be109336e382 ] pciide C:\Windows\system32\drivers\pciide.sys
10:55:05.0548 5476 pciide - ok
10:55:05.0626 5476 [ a2d6b9c3f532baa27cb0c158d8ef4da6 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:55:05.0658 5476 pcmcia - ok
10:55:05.0798 5476 [ 58865916f53592a61549b04941bfd80d ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:55:05.0892 5476 PEAUTH - ok
10:55:06.0063 5476 [ 0ed8727ea0172860f47258456c06caea ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:55:06.0110 5476 PerfHost - ok
10:55:06.0219 5476 [ e9e68c1a0f25cf4a7ac966eea74ee89e ] pla C:\Windows\system32\pla.dll
10:55:06.0344 5476 pla - ok
10:55:06.0422 5476 [ fe6b0f59215c9fd9f9d26539c58c8b82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:55:06.0547 5476 PlugPlay - ok
10:55:06.0609 5476 [ 3072137896bfccf4b190d248f583b48e ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
10:55:06.0609 5476 PMBDeviceInfoProvider - ok
10:55:06.0625 5476 PnkBstrA - ok
10:55:06.0703 5476 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:55:06.0718 5476 PNRPAutoReg - ok
10:55:06.0859 5476 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:55:06.0859 5476 PNRPsvc - ok
10:55:06.0937 5476 [ 89a5560671c2d8b4a4b51f3e1aa069d8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:55:07.0030 5476 PolicyAgent - ok
10:55:07.0108 5476 [ 23386e9952025f5f21c368971e2e7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:55:07.0140 5476 PptpMiniport - ok
10:55:07.0186 5476 [ 5080e59ecee0bc923f14018803aa7a01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:55:07.0202 5476 Processor - ok
10:55:07.0264 5476 [ e058ce4fc2449d8bfa14739c83b7ff2a ] ProfSvc C:\Windows\system32\profsvc.dll
10:55:07.0342 5476 ProfSvc - ok
10:55:07.0405 5476 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] ProtectedStorage C:\Windows\system32\lsass.exe
10:55:07.0420 5476 ProtectedStorage - ok
10:55:07.0467 5476 [ c5ab7f0809392d0da027f4a2a81bfa31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:55:07.0483 5476 PSched - ok
10:55:07.0592 5476 [ 87b04878a6d59d6c79251dc960c674c1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:55:07.0623 5476 PxHlpa64 - ok
10:55:07.0732 5476 [ 0b83f4e681062f3839be2ec1d98fd94a ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:55:07.0873 5476 ql2300 - ok
10:55:07.0904 5476 [ e1c80f8d4d1e39ef9595809c1369bf2a ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:55:07.0966 5476 ql40xx - ok
10:55:07.0998 5476 [ 90574842c3da781e279061a3eff91f07 ] QWAVE C:\Windows\system32\qwave.dll
10:55:08.0154 5476 QWAVE - ok
10:55:08.0154 5476 [ e8d76edab77ec9c634c27b8eac33adc5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:55:08.0185 5476 QWAVEdrv - ok
10:55:08.0824 5476 [ 0b45c18b0f3ee996d25baa4e74884b83 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
10:55:08.0949 5476 R300 - ok
10:55:08.0980 5476 [ 1013b3b663a56d3ddd784f581c1bd005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:55:08.0996 5476 RasAcd - ok
10:55:09.0058 5476 [ b2ae18f847d07f0044404ddf7cb04497 ] RasAuto C:\Windows\System32\rasauto.dll
10:55:09.0121 5476 RasAuto - ok
10:55:09.0199 5476 [ ac7bc4d42a7e558718dfdec599bbfc2c ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:55:09.0230 5476 Rasl2tp - ok
10:55:09.0308 5476 [ 3ad83e4046c43be510de681588acb8af ] RasMan C:\Windows\System32\rasmans.dll
10:55:09.0370 5476 RasMan - ok
10:55:09.0417 5476 [ 4517fbf8b42524afe4ede1de102aae3e ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:55:09.0448 5476 RasPppoe - ok
10:55:09.0480 5476 [ c6a593b51f34c33e5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:55:09.0511 5476 RasSstp - ok
10:55:09.0526 5476 [ 322db5c6b55e8d8ee8d6f358b2aaabb1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:55:09.0636 5476 rdbss - ok
10:55:09.0651 5476 [ 603900cc05f6be65ccbf373800af3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:55:09.0667 5476 RDPCDD - ok
10:55:09.0698 5476 [ c045d1fb111c28df0d1be8d4bda22c06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:55:09.0792 5476 rdpdr - ok
10:55:09.0792 5476 [ cab9421daf3d97b33d0d055858e2c3ab ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:55:09.0823 5476 RDPENCDD - ok
10:55:09.0870 5476 [ ae4bd9e1c33d351d8e607fc81f15160c ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:55:09.0963 5476 RDPWD - ok
10:55:10.0010 5476 [ c612b9557da73f70d41f8a6fbc8e5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:55:10.0088 5476 RemoteAccess - ok
10:55:10.0104 5476 [ 44b9d8ec2f3ef3a0efb00857af70d861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:55:10.0213 5476 RemoteRegistry - ok
10:55:10.0291 5476 [ f46c457840d4b7a4daafee739ce04102 ] RpcLocator C:\Windows\system32\locator.exe
10:55:10.0322 5476 RpcLocator - ok
10:55:10.0416 5476 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] RpcSs C:\Windows\system32\rpcss.dll
10:55:10.0416 5476 RpcSs - ok
10:55:10.0478 5476 [ 22a9cb08b1a6707c1550c6bf099aae73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:55:10.0509 5476 rspndr - ok
10:55:10.0572 5476 [ 0328ffdf9d805723d0e420018136fa7b ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
10:55:10.0603 5476 RTHDMIAzAudService - ok
10:55:10.0650 5476 [ fe1d4924e1680a192f9617c5eca19c93 ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
10:55:10.0665 5476 RTSTOR - ok
10:55:10.0728 5476 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] SamSs C:\Windows\system32\lsass.exe
10:55:10.0728 5476 SamSs - ok
10:55:10.0774 5476 [ cd9c693589c60ad59bbbcfb0e524e01b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:55:10.0806 5476 sbp2port - ok
10:55:10.0884 5476 [ fd1cdcf108d5ef3366f00d18b70fb89b ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:55:10.0962 5476 SCardSvr - ok
10:55:11.0008 5476 [ 0f838c811ad295d2a4489b9993096c63 ] Schedule C:\Windows\system32\schedsvc.dll
10:55:11.0040 5476 Schedule - ok
10:55:11.0071 5476 [ 5a268127633c7ee2a7fb87f39d748d56 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:55:11.0071 5476 SCPolicySvc - ok
10:55:11.0102 5476 [ b42ee50f7d24f837f925332eb349eca5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:55:11.0133 5476 sdbus - ok
10:55:11.0180 5476 [ 4ff71b076a7760fe75ea5ae2d0ee0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:55:11.0242 5476 SDRSVC - ok
10:55:11.0274 5476 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:55:11.0305 5476 secdrv - ok
10:55:11.0352 5476 [ 5acdcbc67fcf894a1815b9f96d704490 ] seclogon C:\Windows\system32\seclogon.dll
10:55:11.0398 5476 seclogon - ok
10:55:11.0445 5476 [ 90973a64b96cd647ff81c79443618eed ] SENS C:\Windows\System32\sens.dll
10:55:11.0508 5476 SENS - ok
10:55:11.0539 5476 [ 2449316316411d65bd2c761a6ffb2ce2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:55:11.0554 5476 Serenum - ok
10:55:11.0617 5476 [ 4b438170be2fc8e0bd35ee87a960f84f ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:55:11.0648 5476 Serial - ok
10:55:11.0679 5476 [ a842f04833684bceea7336211be478df ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:55:11.0710 5476 sermouse - ok
10:55:11.0773 5476 [ a8e4a4407a09f35dccc3771af590b0c4 ] SessionEnv C:\Windows\system32\sessenv.dll
10:55:11.0820 5476 SessionEnv - ok
10:55:11.0866 5476 [ 14d4b4465193a87c127933978e8c4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:55:11.0882 5476 sffdisk - ok
10:55:11.0929 5476 [ 7073aee3f82f3d598e3825962aa98ab2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:55:11.0944 5476 sffp_mmc - ok
10:55:11.0991 5476 [ 35e59ebe4a01a0532ed67975161c7b82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:55:12.0007 5476 sffp_sd - ok
10:55:12.0038 5476 [ 6b7838c94135768bd455cbdc23e39e5f ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:55:12.0069 5476 sfloppy - ok
10:55:12.0256 5476 [ 4c5aee179da7e1ee9a9ccb9da289af34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:55:12.0350 5476 SharedAccess - ok
10:55:12.0428 5476 [ 56793271ecdedd350c5add305603e963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:55:12.0475 5476 ShellHWDetection - ok
10:55:12.0506 5476 [ 7a5de502aeb719d4594c6471060a78b3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:55:12.0537 5476 SiSRaid2 - ok
10:55:12.0584 5476 [ 3a2f769fab9582bc720e11ea1dfb184d ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:55:12.0615 5476 SiSRaid4 - ok
10:55:12.0678 5476 [ 6128e98eaaed364ed1a32708d2fd22cb ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:55:12.0990 5476 SkypeUpdate - ok
10:55:13.0146 5476 [ a9a27a8e257b45a604fdad4f26fe7241 ] slsvc C:\Windows\system32\SLsvc.exe
10:55:13.0302 5476 slsvc - ok
10:55:13.0364 5476 [ fd74b4b7c2088e390a30c85a896fc3af ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:55:13.0458 5476 SLUINotify - ok
10:55:13.0489 5476 [ 290b6f6a0ec4fcdfc90f5cb6d7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:55:13.0504 5476 Smb - ok
10:55:13.0551 5476 [ 10450f432811d7fda60a97fcc674d7b2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
10:55:13.0645 5476 snapman - ok
10:55:13.0645 5476 [ f8f47f38909823b1af28d60b96340cff ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:55:13.0692 5476 SNMPTRAP - ok
10:55:14.0019 5476 [ ccf611a259882d8cf4dbabae2341ee31 ] SplashtopRemoteService C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
10:55:14.0035 5476 SplashtopRemoteService - ok
10:55:14.0113 5476 [ 386c3c63f00a7040c7ec5e384217e89d ] spldr C:\Windows\system32\drivers\spldr.sys
10:55:14.0144 5476 spldr - ok
10:55:14.0238 5476 [ f66ff751e7efc816d266977939ef5dc3 ] Spooler C:\Windows\System32\spoolsv.exe
10:55:14.0331 5476 Spooler - ok
10:55:14.0456 5476 [ a15860e920b02c9a7ce8f3a6c2ff1e3a ] sptd C:\Windows\System32\Drivers\sptd.sys
10:55:18.0793 5476 sptd - ok
10:55:18.0840 5476 [ 880a57fccb571ebd063d4dd50e93e46d ] srv C:\Windows\system32\DRIVERS\srv.sys
10:55:18.0871 5476 srv - ok
10:55:18.0918 5476 [ a1ad14a6d7a37891fffeca35ebbb0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:55:19.0011 5476 srv2 - ok
10:55:19.0089 5476 [ 4bed62f4fa4d8300973f1151f4c4d8a7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:55:19.0136 5476 srvnet - ok
10:55:19.0183 5476 [ 192c74646ec5725aef3f80d19ff75f6a ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:55:19.0230 5476 SSDPSRV - ok
10:55:19.0292 5476 [ 2ee3fa0308e6185ba64a9a7f2e74332b ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:55:19.0401 5476 SstpSvc - ok
10:55:19.0479 5476 [ 1cfa4a1f3c7bb4c8f299e00428eb8677 ] SSUService C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
10:55:19.0495 5476 SSUService - ok
10:55:19.0682 5476 [ e5c796b621f6fba8616511063d7f0ffe ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
10:55:19.0916 5476 StarWindServiceAE - ok
10:55:19.0947 5476 Steam Client Service - ok
10:55:19.0994 5476 [ 15825c1fbfb8779992cb65087f316af5 ] stisvc C:\Windows\System32\wiaservc.dll
10:55:20.0056 5476 stisvc - ok
10:55:20.0119 5476 [ 8a851ca908b8b974f89c50d2e18d4f0c ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:55:20.0150 5476 swenum - ok
10:55:20.0244 5476 [ 6de37f4de19d4efd9c48c43addbc949a ] swprv C:\Windows\System32\swprv.dll
10:55:20.0337 5476 swprv - ok
10:55:20.0400 5476 [ 2f26a2c6fc96b29beff5d8ed74e6625b ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:55:20.0415 5476 Symc8xx - ok
10:55:20.0478 5476 [ a909667976d3bccd1df813fed517d837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:55:20.0493 5476 Sym_hi - ok
10:55:20.0524 5476 [ 36887b56ec2d98b9c362f6ae4de5b7b0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:55:20.0540 5476 Sym_u3 - ok
10:55:20.0665 5476 [ 92d7a8b0f87b036f17d25885937897a6 ] SysMain C:\Windows\system32\sysmain.dll
10:55:20.0774 5476 SysMain - ok
10:55:20.0899 5476 [ 005ce42567f9113a3bccb3b20073b029 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:55:20.0946 5476 TabletInputService - ok
10:55:21.0055 5476 [ cc2562b4d55e0b6a4758c65407f63b79 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:55:21.0195 5476 TapiSrv - ok
10:55:21.0211 5476 [ cdbe8d7c1e201b911cdc346d06617fb5 ] TBS C:\Windows\System32\tbssvc.dll
10:55:21.0258 5476 TBS - ok
10:55:21.0351 5476 [ ac8d5728e6ad6a7c4819d9a67008337a ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:55:21.0585 5476 Tcpip - ok
10:55:21.0632 5476 [ ac8d5728e6ad6a7c4819d9a67008337a ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:55:21.0648 5476 Tcpip6 - ok
10:55:21.0726 5476 [ fd8fde859e38e40a20085ebb0c22b416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:55:21.0741 5476 tcpipreg - ok
10:55:21.0788 5476 [ 1d8bf4aaa5fb7a2761475781dc1195bc ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:55:21.0804 5476 TDPIPE - ok
10:55:22.0084 5476 [ 99527d49ee0a96fc25537c61b270a372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
10:55:22.0256 5476 tdrpman273 - ok
10:55:22.0303 5476 [ 7f7e00cdf609df657f4cda02dd1c9bb1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:55:22.0318 5476 TDTCP - ok
10:55:22.0381 5476 [ 458919c8c42e398dc4802178d5ffee27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:55:22.0412 5476 tdx - ok
10:55:22.0459 5476 [ 8c19678d22649ec002ef2282eae92f98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:55:22.0490 5476 TermDD - ok
10:55:22.0521 5476 [ 5cdd30bc217082dac71a9878d9bfd566 ] TermService C:\Windows\System32\termsrv.dll
10:55:22.0630 5476 TermService - ok
10:55:22.0693 5476 [ 56793271ecdedd350c5add305603e963 ] Themes C:\Windows\system32\shsvcs.dll
10:55:22.0693 5476 Themes - ok
10:55:22.0786 5476 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] THREADORDER C:\Windows\system32\mmcss.dll
10:55:22.0786 5476 THREADORDER - ok
10:55:22.0880 5476 [ ebbaea02f0095a798000c7e06b16d41b ] timounter C:\Windows\system32\DRIVERS\timntr.sys
10:55:23.0036 5476 timounter - ok
10:55:23.0145 5476 [ efef22b9577e5051057fde1ae381b50c ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
10:55:23.0145 5476 TomTomHOMEService - ok
10:55:23.0176 5476 [ f4689f05af472a651a7b1b7b02d200e7 ] TrkWks C:\Windows\System32\trkwks.dll
10:55:23.0223 5476 TrkWks - ok
10:55:23.0254 5476 [ 66328b08ef5a9305d8ede36b93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:55:23.0254 5476 TrustedInstaller - ok
10:55:23.0317 5476 [ 9e5409cd17c8bef193aad498f3bc2cb8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:55:23.0348 5476 tssecsrv - ok
10:55:23.0410 5476 [ 89ec74a9e602d16a75a4170511029b3c ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:55:23.0426 5476 tunmp - ok
10:55:23.0457 5476 [ 30a9b3f45ad081bffc3bcaa9c812b609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:55:23.0488 5476 tunnel - ok
10:55:23.0535 5476 [ fec266ef401966311744bd0f359f7f56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:55:23.0551 5476 uagp35 - ok
10:55:23.0644 5476 [ faf2640a2a76ed03d449e443194c4c34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:55:23.0691 5476 udfs - ok
10:55:23.0707 5476 [ 060507c4113391394478f6953a79eedc ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:55:23.0754 5476 UI0Detect - ok
10:55:23.0769 5476 [ 4ec9447ac3ab462647f60e547208ca00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:55:23.0800 5476 uliagpkx - ok
10:55:23.0863 5476 [ 697f0446134cdc8f99e69306184fbbb4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:55:23.0925 5476 uliahci - ok
10:55:23.0956 5476 [ 31707f09846056651ea2c37858f5ddb0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:55:24.0034 5476 UlSata - ok
10:55:24.0050 5476 [ 85e5e43ed5b48c8376281bab519271b7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:55:24.0128 5476 ulsata2 - ok
10:55:24.0159 5476 [ 46e9a994c4fed537dd951f60b86ad3f4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:55:24.0222 5476 umbus - ok
10:55:24.0268 5476 [ 7ccf424450af71461ca5aca14fb45b72 ] Updater Service for StartNow Toolbar C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
10:55:24.0549 5476 Updater Service for StartNow Toolbar - ok
10:55:24.0627 5476 [ 7093799ff80e9deca0680d2e3535be60 ] upnphost C:\Windows\System32\upnphost.dll
10:55:24.0705 5476 upnphost - ok
10:55:24.0768 5476 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:55:24.0799 5476 USBAAPL64 - ok
10:55:24.0877 5476 [ c6ba890de6e41857fbe84175519cae7d ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:55:24.0908 5476 usbaudio - ok
10:55:24.0955 5476 [ 07e3498fc60834219d2356293da0fecc ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:55:24.0986 5476 usbccgp - ok
10:55:25.0017 5476 [ 8c39d53e1a343f4c47ee8f3c052126d8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
10:55:25.0080 5476 usbcir - ok
10:55:25.0111 5476 [ 827e44de934a736ea31e91d353eb126f ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:55:25.0126 5476 usbehci - ok
10:55:25.0158 5476 [ bb35cd80a2ececfadc73569b3d70c7d1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:55:25.0236 5476 usbhub - ok
10:55:25.0267 5476 [ e406b003a354776d317762694956b0fc ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:55:25.0282 5476 usbohci - ok
10:55:25.0298 5476 [ 28b693b6d31e7b9332c1bdcefef228c1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:55:25.0329 5476 usbprint - ok
10:55:25.0407 5476 [ ea0bf666868964fbe8cb10e50c97b9f1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:55:25.0423 5476 usbscan - ok
10:55:25.0438 5476 [ b854c1558fca0c269a38663e8b59b581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:55:25.0454 5476 USBSTOR - ok
10:55:25.0485 5476 [ b2872cbf9f47316abd0e0c74a1aba507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:55:25.0516 5476 usbuhci - ok
10:55:25.0579 5476 [ fc33099877790d51b0927b7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:55:25.0704 5476 usbvideo - ok
10:55:25.0735 5476 [ d76e231e4850bb3f88a3d9a78df191e3 ] UxSms C:\Windows\System32\uxsms.dll
10:55:25.0782 5476 UxSms - ok
10:55:25.0844 5476 [ 294945381dfa7ce58cecf0a9896af327 ] vds C:\Windows\System32\vds.exe
10:55:25.0906 5476 vds - ok
10:55:25.0938 5476 [ 916b94bcf1e09873fff2d5fb11767bbc ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:55:25.0969 5476 vga - ok
10:55:25.0984 5476 [ b83ab16b51feda65dd81b8c59d114d63 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:55:26.0000 5476 VgaSave - ok
10:55:26.0031 5476 [ 8294b6c3fdb6c33f24e150de647ecdaa ] viaide C:\Windows\system32\drivers\viaide.sys
10:55:26.0047 5476 viaide - ok
10:55:26.0094 5476 [ 2b7e885ed951519a12c450d24535dfca ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:55:26.0125 5476 volmgr - ok
10:55:26.0187 5476 [ cec5ac15277d75d9e5dec2e1c6eaf877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:55:26.0312 5476 volmgrx - ok
10:55:26.0343 5476 [ 5280aada24ab36b01a84a6424c475c8d ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:55:26.0374 5476 volsnap - ok
10:55:26.0421 5476 [ a68f455ed2673835209318dd61bfbb0e ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:55:26.0484 5476 vsmraid - ok
10:55:26.0546 5476 [ b75232dad33bfd95bf6f0a3e6bff51e1 ] VSS C:\Windows\system32\vssvc.exe
10:55:26.0640 5476 VSS - ok
10:55:26.0655 5476 [ f14a7de2ea41883e250892e1e5230a9a ] W32Time C:\Windows\system32\w32time.dll
10:55:26.0749 5476 W32Time - ok
10:55:26.0780 5476 [ fef8fe5923fead2cee4dfabfce3393a7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:55:26.0796 5476 WacomPen - ok
10:55:26.0858 5476 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:55:26.0920 5476 Wanarp - ok
10:55:26.0920 5476 [ b8e7049622300d20ba6d8be0c47c0cfd ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:55:26.0920 5476 Wanarpv6 - ok
10:55:27.0061 5476 [ b4e4c37d0aa6100090a53213ee2bf1c1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:55:27.0248 5476 wcncsvc - ok
10:55:27.0264 5476 [ ea4b369560e986f19d93f45a881484ac ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:55:27.0326 5476 WcsPlugInService - ok
10:55:27.0373 5476 [ 0c17a0816f65b89e362e682ad5e7266e ] Wd C:\Windows\system32\drivers\wd.sys
10:55:27.0388 5476 Wd - ok
10:55:27.0513 5476 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:55:27.0576 5476 Wdf01000 - ok
10:55:27.0622 5476 [ c5efda73ebfca8b02a094898de0a9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:55:27.0669 5476 WdiServiceHost - ok
10:55:27.0685 5476 [ c5efda73ebfca8b02a094898de0a9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:55:27.0685 5476 WdiSystemHost - ok
10:55:27.0763 5476 [ 3e6d05381cf35f75ebb055544a8ed9ac ] WebClient C:\Windows\System32\webclnt.dll
10:55:27.0888 5476 WebClient - ok
10:55:27.0919 5476 [ 8d40bc587993f876658bf9fb0f7d3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:55:28.0012 5476 Wecsvc - ok
10:55:28.0028 5476 [ 9c980351d7e96288ea0c23ae232bd065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:55:28.0090 5476 wercplsupport - ok
10:55:28.0122 5476 [ 66b9ecebc46683f47edc06333c075fef ] WerSvc C:\Windows\System32\WerSvc.dll
10:55:28.0215 5476 WerSvc - ok
10:55:28.0356 5476 [ cbdeb4b3b5cf8c49acc221d45f1c50c1 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:55:28.0434 5476 winachsf - ok
10:55:28.0480 5476 WinDefend - ok
10:55:28.0496 5476 WinHttpAutoProxySvc - ok
10:55:28.0605 5476 [ d2e7296ed1bd26d8db2799770c077a02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:55:28.0699 5476 Winmgmt - ok
10:55:28.0886 5476 [ 6cbb0c68f13b9c2ec1b16f5fa5e7c869 ] WinRM C:\Windows\system32\WsmSvc.dll
10:55:29.0042 5476 WinRM - ok
10:55:29.0121 5476 [ 7f2f9e48566b2087f2aaad258cb2a8d4 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
10:55:29.0137 5476 WinUSB - ok
10:55:29.0215 5476 [ ec339c8115e91baed835957e9a677f16 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:55:29.0339 5476 Wlansvc - ok
10:55:29.0480 5476 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:55:29.0527 5476 wlcrasvc - ok
10:55:29.0683 5476 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:55:29.0714 5476 wlidsvc - ok
10:55:29.0823 5476 [ e18aebaaa5a773fe11aa2c70f65320f5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:55:29.0839 5476 WmiAcpi - ok
10:55:29.0979 5476 [ 21fa389e65a852698b6a1341f36ee02d ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:55:30.0026 5476 wmiApSrv - ok
10:55:30.0089 5476 WMPNetworkSvc - ok
10:55:30.0214 5476 [ 83b6ca03c846fcd47f9883d77d1eb27b ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
10:55:30.0308 5476 WMZuneComm - ok
10:55:30.0386 5476 [ cbc156c913f099e6680d1df9307db7a8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:55:30.0479 5476 WPCSvc - ok
10:55:30.0557 5476 [ 490a18b4e4d53dc10879deaa8e8b70d9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:55:30.0620 5476 WPDBusEnum - ok
10:55:30.0651 5476 [ 5e2401b3fc1089c90e081291357371a9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:55:30.0682 5476 WpdUsb - ok
10:55:30.0776 5476 [ 991e2c2cf3bc204c2bb2ee1476149e4e ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:55:30.0838 5476 WPFFontCache_v0400 - ok
10:55:30.0932 5476 [ 8a900348370e359b6bff6a550e4649e1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:55:30.0947 5476 ws2ifsl - ok
10:55:30.0978 5476 [ 9ea3e6d0ef7a5c2b9181961052a4b01a ] wscsvc C:\Windows\System32\wscsvc.dll
10:55:30.0994 5476 wscsvc - ok
10:55:31.0010 5476 WSearch - ok
10:55:31.0119 5476 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:55:31.0150 5476 wuauserv - ok
10:55:31.0212 5476 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:55:31.0259 5476 WudfPf - ok
10:55:31.0322 5476 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:55:31.0353 5476 WUDFRd - ok
10:55:31.0384 5476 [ 3dcc7bf5afa921b479e622bd999121f3 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:55:31.0431 5476 wudfsvc - ok
10:55:31.0478 5476 [ 2f2ce5e47b014f52bc722ae28b19cbf3 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
10:55:31.0509 5476 XAudio - ok
10:55:31.0524 5476 [ a337887a4e3396a3ea5d6e54fa431c84 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
10:55:31.0696 5476 XAudioService - ok
10:55:31.0774 5476 [ 2ae06b41b36549fabf0886b2af89a599 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
10:55:31.0852 5476 yukonx64 - ok
10:55:32.0585 5476 [ 67b787c34fb2888d01b130ae007042d8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
10:55:32.0866 5476 ZuneNetworkSvc - ok
10:55:32.0991 5476 [ 4d89fc1c20cf655739efac5da81a67bc ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
10:55:33.0084 5476 ZuneWlanCfgSvc - ok
10:55:33.0084 5476 ================ Scan global ===============================
10:55:33.0147 5476 (060dc3a7a9a2626031eb23d90151428d) C:\Windows\system32\basesrv.dll
10:55:33.0256 5476 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
10:55:33.0381 5476 (aa137104cdfc81818a309cde32abb74a) C:\Windows\system32\winsrv.dll
10:55:33.0521 5476 (934e0b7d77ff78c18d9f8891221b6de3) C:\Windows\system32\services.exe
10:55:33.0568 5476 [Global] - ok
10:55:33.0568 5476 ================ Scan MBR ==================================
10:55:33.0646 5476 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:55:34.0145 5476 \Device\Harddisk0\DR0 - ok
10:55:34.0145 5476 ================ Scan VBR ==================================
10:55:34.0161 5476 Boot (0x1200) (8b6cf597c1ed8af394d959e759ab1dd4) \Device\Harddisk0\DR0\Partition1
10:55:34.0161 5476 \Device\Harddisk0\DR0\Partition1 - ok
10:55:34.0161 5476 Boot (0x1200) (f21c4dca585cd9a77c8da07da1c3052e) \Device\Harddisk0\DR0\Partition2
10:55:34.0161 5476 \Device\Harddisk0\DR0\Partition2 - ok
10:55:34.0176 5476 ============================================================
10:55:34.0176 5476 Scan finished
10:55:34.0176 5476 ============================================================
10:55:34.0192 5612 Detected object count: 0
10:55:34.0192 5612 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 10:57:05
-----------------------------
10:57:05.116 OS Version: Windows x64 6.0.6002 Service Pack 2
10:57:05.116 Number of processors: 4 586 0x203
10:57:05.116 ComputerName: OWNER-PC UserName: Owner
10:57:08.033 Initialize success
10:58:00.216 AVAST engine defs: 12081900
10:58:59.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:58:59.683 Disk 0 Vendor: WDC_WD6400AAKS-65A7B2 01.03B01 Size: 610480MB BusType: 3
10:58:59.714 Disk 0 MBR read successfully
10:58:59.714 Disk 0 MBR scan
10:58:59.730 Disk 0 Windows VISTA default MBR code
10:58:59.730 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 16104 MB offset 63
10:58:59.776 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 594373 MB offset 32983040
10:58:59.870 Disk 0 scanning C:\Windows\system32\drivers
10:59:43.066 Service scanning
11:00:56.246 Modules scanning
11:00:56.246 Disk 0 trace - called modules:
11:00:56.308 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80060492c0]<<sptd.sys ataport.SYS pciide.sys
11:00:56.308 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007860750]
11:00:56.324 3 CLASSPNP.SYS[fffffa60015c7c33] -> nt!IofCallDriver -> [0xfffffa80055df930]
11:00:56.324 5 acpi.sys[fffffa6000989fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800617e060]
11:00:56.340 \Driver\atapi[0xfffffa800616c8f0] -> IRP_MJ_CREATE -> 0xfffffa80060492c0
11:00:59.756 AVAST engine scan C:\Windows
11:01:22.750 AVAST engine scan C:\Windows\system32
11:18:34.884 AVAST engine scan C:\Windows\system32\drivers
11:20:27.235 AVAST engine scan C:\Users\Owner
16:30:10.115 AVAST engine scan C:\ProgramData
16:34:58.745 Scan finished successfully
16:57:29.825 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
16:57:29.838 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

ESET log

C:\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe Win32/Toolbar.Zugo application
C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll a variant of Win32/Toolbar.Zugo application
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3de9e793-6d082b18 multiple threats
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5c373f97-7c3cf379 multiple threats
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\67de24e0-2e6168a6 multiple threats

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:40 PM

Posted 20 August 2012 - 06:09 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#11 Dex1138

Dex1138
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 21 August 2012 - 05:14 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Owner (administrator) on 20-08-2012 at 21:22:22
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1F-E2-06-27-16
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5093:a5c5:939c:40d9%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 20, 2012 8:56:52 PM
Lease Expires . . . . . . . . . . : Tuesday, August 21, 2012 8:56:51 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218111970
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-83-43-CF-00-1F-E2-06-27-16
DNS Servers . . . . . . . . . . . : 192.168.1.1
71.243.0.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4d8:2628:b80a:1e31(Preferred)
Link-local IPv6 Address . . . . . : fe80::4d8:2628:b80a:1e31%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4006:801::1007
74.125.226.198
74.125.226.193
74.125.226.195
74.125.226.199
74.125.226.192
74.125.226.206
74.125.226.201
74.125.226.194
74.125.226.196
74.125.226.200
74.125.226.197

Pinging google.com [74.125.226.233] with 32 bytes of data:Reply from 74.125.226.233: bytes=32 time=15ms TTL=251Reply from 74.125.226.233: bytes=32 time=16ms TTL=251Ping statistics for 74.125.226.233: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 15ms, Maximum = 16ms, Average = 15msServer: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=135ms TTL=250Reply from 72.30.38.140: bytes=32 time=223ms TTL=250Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 135ms, Maximum = 223ms, Average = 179msServer: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
10 ...00 1f e2 06 27 16 ...... Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.home
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 276
192.168.1.6 255.255.255.255 On-link 192.168.1.6 276
192.168.1.255 255.255.255.255 On-link 192.168.1.6 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:4137:9e76:4d8:2628:b80a:1e31/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
11 266 fe80::4d8:2628:b80a:1e31/128
On-link
10 276 fe80::5093:a5c5:939c:40d9/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/20/2012 08:58:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 04:57:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/19/2012 04:57:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/19/2012 10:54:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (08/19/2012 10:17:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 09:17:46 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x800706be].


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 13
Snapshot Context: 13
Execution Context: Coordinator

Error: (08/19/2012 09:17:46 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x800706be]


Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 13
Snapshot Context: 13
Execution Context: Coordinator

Error: (08/19/2012 09:15:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 09:10:48 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 09:06:33 AM) (Source: Application Error) (User: )
Description: Faulting application BDRemovalToolLauncher_sirefef_sfc_x64.exe, version 0.0.0.0, time stamp 0x4ff15a64, faulting module BDRemovalToolLauncher_sirefef_sfc_x64.exe, version 0.0.0.0, time stamp 0x4ff15a64, exception code 0xc0000005, fault offset 0x00000000001562d0,
process id 0x778, application start time 0xBDRemovalToolLauncher_sirefef_sfc_x64.exe0.


System errors:
=============
Error: (08/20/2012 09:04:31 PM) (Source: Service Control Manager) (User: )
Description: Windows Presentation Foundation Font Cache 3.0.0.0%%1053

Error: (08/20/2012 09:04:31 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Presentation Foundation Font Cache 3.0.0.0

Error: (08/20/2012 08:58:00 PM) (Source: Service Control Manager) (User: )
Description: AODDriver4.1%%2

Error: (08/19/2012 10:32:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.2343.0){B1BD8D5B-7BB1-4143-8E49-93027AA6E77F}100

Error: (08/19/2012 10:31:20 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2343.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/19/2012 10:31:18 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

New Engine Version:

Previous Engine Version: 2.0.8001.0

Engine Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Error Code: %NT AUTHORITY601

Error description: %NT AUTHORITY602

Error: (08/19/2012 10:31:18 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 11.159.0.0

Update Source: %NT AUTHORITY15

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/19/2012 10:17:28 AM) (Source: Service Control Manager) (User: )
Description: AODDriver4.1%%2

Error: (08/19/2012 09:17:51 AM) (Source: Microsoft Antimalware) (User: )
Description: %Virus:Win64/Sirefef.A60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Virus:Win64/Sirefef.A603

Name: Virus:Win64/Sirefef.A

ID: 2147657893

Severity: %Virus:Win64/Sirefef.A600

Category: %Virus:Win64/Sirefef.A602

Path: 4.0.1526.02

Detection Origin: 4.0.1526.04

Detection Type: 4.0.1526.08

Detection Source: %Virus:Win64/Sirefef.A608

User: {0B4260CE-F2F1-468B-AEB3-648A5F524100}9

Process Name: %Virus:Win64/Sirefef.A609

Action: {0B4260CE-F2F1-468B-AEB3-648A5F524100}1

Action Status: {0B4260CE-F2F1-468B-AEB3-648A5F524100}8

Error Code: {0B4260CE-F2F1-468B-AEB3-648A5F524100}3

Error description: {0B4260CE-F2F1-468B-AEB3-648A5F524100}4

Signature Version: 2012-08-19T13:15:41.943Z1

Engine Version: 2012-08-19T13:15:41.943Z2

Error: (08/19/2012 09:17:46 AM) (Source: DCOM) (User: )
Description: 1726swprv{65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}


Microsoft Office Sessions:
=========================
Error: (08/20/2012 08:58:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 04:57:58 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Error: (08/19/2012 04:57:57 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Error: (08/19/2012 10:54:04 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Error: (08/19/2012 10:17:26 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 09:17:46 AM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x800706be

Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 13
Snapshot Context: 13
Execution Context: Coordinator

Error: (08/19/2012 09:17:46 AM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x800706be

Operation:
Obtain a callable interface for this provider
List interfaces for all providers supporting this context
Query Shadow Copies

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshot Context: 13
Snapshot Context: 13
Execution Context: Coordinator

Error: (08/19/2012 09:15:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 09:10:48 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2012 09:06:33 AM) (Source: Application Error)(User: )
Description: BDRemovalToolLauncher_sirefef_sfc_x64.exe0.0.0.04ff15a64BDRemovalToolLauncher_sirefef_sfc_x64.exe0.0.0.04ff15a64c000000500000000001562d077801cd7e0b73c1529d


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
aioprnt (Version: 5.3.1.0)
AMD APP SDK Runtime (Version: 10.0.938.1)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Fuel (Version: 2012.0611.1251.21046)
Apple Mobile Device Support (Version: 5.2.0.6)
Bonjour (Version: 3.0.0.10)
ccc-utility64 (Version: 2012.0611.1251.21046)
CDBurnerXP (Version: 4.3.8.2523)
Clone Wars
Google Chrome (Version: 21.0.1180.79)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.6.3.25)
JDownloader
Kalydo Player 3.08.01 (Version: 3.08.01)
Logitech SetPoint 6.30 (Version: 6.30.43)
Marvell Miniport Driver (Version: 10.51.4.3)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.0.0.0)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft LifeCam (Version: 3.50.242.0)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MobileMe Control Panel (Version: 3.1.8.0)
PDF-XChange 4 Pro (Version: 4.198.198.0)
Soft Data Fax Modem with SmartCP
Spotify (Version: 0.8.4.124.ga3559d86)
TomTomHeavenXplorer (Version: 1.0.0.48)
Unity Web Player (Version: )
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 5886.27 MB
Available physical RAM: 3482.61 MB
Total Pagefile: 11979.04 MB
Available Pagefile: 9286.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3995.09 MB

========================= Partitions: =====================================

1 Drive c: (Partition_1) (Fixed) (Total:580.44 GB) (Free:28.21 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:15.73 GB) (Free:9.55 GB) NTFS
4 Drive f: (Iso_VolumID_Not_) (CDROM) (Total:3.81 GB) (Free:0 GB) CDFS
8 Drive j: (FantomHD) (Fixed) (Total:1863.01 GB) (Free:965.17 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner


**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by Owner (administrator) on 21-08-2012 at 06:02:22
Running from "C:\Incoming"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2010-11-27 17:52] - [2009-04-11 01:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-15 07:20] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:53] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 15:07] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2010-11-27 17:52] - [2009-04-11 01:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2010-11-27 17:52] - [2009-04-11 01:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2010-11-27 17:52] - [2009-04-11 01:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2010-11-27 17:52] - [2009-04-11 01:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2010-11-27 17:52] - [2009-04-11 01:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2010-11-27 17:52] - [2009-04-11 01:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2010-11-27 17:52] - [2009-04-11 01:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 21:08] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-27 17:52] - [2009-04-11 01:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

# AdwCleaner v1.801 - Logfile created 08/21/2012 at 06:04:01
# Updated 14/08/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Incoming\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

Deleted on reboot : C:\splashtop
Deleted on reboot : C:\Users\Owner\AppData\Local\Conduit
Deleted on reboot : C:\Users\Owner\AppData\Local\splashtop
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\uTorrentControl2
Deleted on reboot : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f042maya.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\splashtop
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\splashtop
Deleted on reboot : C:\Program Files (x86)\uTorrentControl2
Deleted on reboot : C:\Program Files (x86)\Common Files\Software Update Utility
Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\FCTB000060497
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.FCTB000060497Pos
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.FCTB000060497Pos.1
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar.1
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.IEToolbar.3
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl
[*] Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060497.JSOptionsImpl.1
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\StartNow Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\uTorrentControl2
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [StartNowToolbarHelper]
[x64] Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAF8B71D-24B7-4FDC-A6A0-26D5AD3AC741}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12701BFC-1DDA-4CEF-BF79-D4B51343A827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f042maya.default\prefs.js

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\f042maya.default\user.js ... Deleted !

Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder", "C:\\Program Files (x86)\\StartNo[...]
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "stp.startnow.com");

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "default_title": "StartNow"
Deleted : "description": "StartNow Search.",
Deleted : "name": "StartNow",
Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT307225[...]
Deleted : "path": "C:\\Users\\Owner\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

*************************

AdwCleaner[S1].txt - [9400 octets] - [21/08/2012 06:04:01]

########## EOF - C:\AdwCleaner[S1].txt - [9528 octets] ##########

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:40 PM

Posted 21 August 2012 - 06:35 AM

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Any current issues?

#13 Dex1138

Dex1138
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 21 August 2012 - 04:52 PM

No problems since the restore...

Rkill 2.3.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2012 05:51:19 PM in x64 mode.
Windows Version: Windows Vista Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Owner\Desktop\rkill\rkill-08-21-2012-05-51-35.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/21/2012 05:51:56 PM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:40 PM

Posted 21 August 2012 - 05:03 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#15 Dex1138

Dex1138
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 22 August 2012 - 07:30 AM

All set.

Thank you so much for the quick replies!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users