Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Virus Sirefef Need help to remove please


  • Please log in to reply
45 replies to this topic

#1 Andos

Andos

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 21 August 2012 - 04:50 AM

Hi there,

I am operating on Windows 7, 64 bit and clicked on a google image that linked to a Trojan Virus Sirefef or a virus of similar spelling that I have now possibly removed.

I have used Malwarebytes to run a scan of my computer and remove the Sirefef virus but I am not sure if there is any damage to files or malicuous virus hidden or left on my system. I have been receiving mixed advice from friends and then I was refered to this site - awesome site!

One friend said I could do a system back track 1 week to remove the virus, others mentioned wiping my complete hard drive. I would like the adivse from a staff member of this site please?

I currently get the message C:\Users\Andy Whitting\AppData\Roaming\Xiva\xiaft.exe in the Microsoft Security Essentials Pop Up every time I turn on the PC. It says Security Essentials detected items on your PC that it doesnt recognize. By sending these files listed below, you can help Microsoft analysts determine whether these items are malicious.

I have read through a previous post but as I have already run the Malwarebytes program intially I would really apeciate help to remove the remaining parts of the virus and check that my PC is ok.

Thank you so much in advance.

Andy

Edited by hamluis, 21 August 2012 - 08:02 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:38 PM

Posted 21 August 2012 - 06:38 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Andos

Andos
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 21 August 2012 - 10:34 AM

Thank you so much, please see logs below;

TDSSKILLER - LOG

22:46:31.0624 5012 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
22:46:33.0027 5012 ============================================================
22:46:33.0027 5012 Current date / time: 2012/08/21 22:46:33.0027
22:46:33.0027 5012 SystemInfo:
22:46:33.0027 5012
22:46:33.0027 5012 OS Version: 6.1.7601 ServicePack: 1.0
22:46:33.0028 5012 Product type: Workstation
22:46:33.0028 5012 ComputerName: ANDYWHITTING-PC
22:46:33.0028 5012 UserName: Andy Whitting
22:46:33.0028 5012 Windows directory: C:\Windows
22:46:33.0028 5012 System windows directory: C:\Windows
22:46:33.0028 5012 Running under WOW64
22:46:33.0028 5012 Processor architecture: Intel x64
22:46:33.0028 5012 Number of processors: 8
22:46:33.0028 5012 Page size: 0x1000
22:46:33.0028 5012 Boot type: Normal boot
22:46:33.0028 5012 ============================================================
22:46:33.0751 5012 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:46:33.0757 5012 ============================================================
22:46:33.0757 5012 \Device\Harddisk0\DR0:
22:46:33.0757 5012 MBR partitions:
22:46:33.0757 5012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A4D000
22:46:33.0757 5012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A61000, BlocksNum 0x38924800
22:46:33.0757 5012 ============================================================
22:46:33.0777 5012 C: <-> \Device\Harddisk0\DR0\Partition2
22:46:33.0777 5012 ============================================================
22:46:33.0777 5012 Initialize success
22:46:33.0777 5012 ============================================================
22:47:26.0878 0412 ============================================================
22:47:26.0878 0412 Scan started
22:47:26.0878 0412 Mode: Manual; TDLFS;
22:47:26.0878 0412 ============================================================
22:47:27.0522 0412 ================ Scan system memory ========================
22:47:27.0522 0412 System memory - ok
22:47:27.0523 0412 ================ Scan services =============================
22:47:27.0651 0412 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:47:27.0680 0412 1394ohci - ok
22:47:27.0774 0412 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
22:47:27.0796 0412 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
22:47:27.0848 0412 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:47:27.0852 0412 ACPI - ok
22:47:27.0870 0412 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:47:27.0879 0412 AcpiPmi - ok
22:47:27.0920 0412 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:47:27.0933 0412 AdobeARMservice - ok
22:47:28.0001 0412 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:47:28.0003 0412 AdobeFlashPlayerUpdateSvc - ok
22:47:28.0039 0412 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:47:28.0061 0412 adp94xx - ok
22:47:28.0085 0412 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:47:28.0105 0412 adpahci - ok
22:47:28.0128 0412 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:47:28.0144 0412 adpu320 - ok
22:47:28.0169 0412 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:47:28.0169 0412 AeLookupSvc - ok
22:47:28.0238 0412 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
22:47:28.0249 0412 AERTFilters - ok
22:47:28.0306 0412 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:47:28.0329 0412 AFD - ok
22:47:28.0351 0412 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:47:28.0358 0412 agp440 - ok
22:47:28.0379 0412 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:47:28.0392 0412 ALG - ok
22:47:28.0407 0412 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:47:29.0146 0412 aliide - ok
22:47:29.0168 0412 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:47:29.0176 0412 amdide - ok
22:47:29.0191 0412 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:47:29.0201 0412 AmdK8 - ok
22:47:29.0211 0412 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:47:29.0220 0412 AmdPPM - ok
22:47:29.0234 0412 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:47:29.0245 0412 amdsata - ok
22:47:29.0266 0412 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:47:29.0280 0412 amdsbs - ok
22:47:29.0292 0412 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:47:29.0300 0412 amdxata - ok
22:47:29.0317 0412 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:47:29.0328 0412 AppID - ok
22:47:29.0338 0412 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:47:29.0346 0412 AppIDSvc - ok
22:47:29.0350 0412 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:47:29.0351 0412 Appinfo - ok
22:47:29.0397 0412 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:47:29.0409 0412 Apple Mobile Device - ok
22:47:29.0462 0412 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:47:29.0474 0412 AppMgmt - ok
22:47:29.0493 0412 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:47:29.0503 0412 arc - ok
22:47:29.0506 0412 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:47:29.0516 0412 arcsas - ok
22:47:29.0590 0412 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:47:29.0603 0412 aspnet_state - ok
22:47:29.0611 0412 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:47:29.0611 0412 AsyncMac - ok
22:47:29.0628 0412 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:47:29.0636 0412 atapi - ok
22:47:29.0668 0412 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:47:29.0673 0412 AudioEndpointBuilder - ok
22:47:29.0683 0412 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:47:29.0688 0412 AudioSrv - ok
22:47:29.0718 0412 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:47:29.0731 0412 AxInstSV - ok
22:47:29.0761 0412 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:47:29.0780 0412 b06bdrv - ok
22:47:29.0811 0412 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:47:29.0831 0412 b57nd60a - ok
22:47:29.0914 0412 [ 6F8638EA0A55D65B03E24F6D1153D8F7 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:47:29.0935 0412 BBSvc - ok
22:47:29.0972 0412 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:47:29.0995 0412 BBUpdate - ok
22:47:30.0033 0412 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:47:30.0050 0412 BDESVC - ok
22:47:30.0072 0412 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:47:30.0080 0412 Beep - ok
22:47:30.0112 0412 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:47:30.0121 0412 BITS - ok
22:47:30.0136 0412 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:47:30.0607 0412 blbdrive - ok
22:47:30.0634 0412 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:47:30.0650 0412 Bonjour Service - ok
22:47:30.0690 0412 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:47:30.0703 0412 bowser - ok
22:47:30.0726 0412 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:47:30.0736 0412 BrFiltLo - ok
22:47:30.0739 0412 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:47:30.0747 0412 BrFiltUp - ok
22:47:30.0773 0412 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:47:30.0774 0412 Browser - ok
22:47:30.0793 0412 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:47:30.0830 0412 Brserid - ok
22:47:30.0834 0412 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:47:30.0845 0412 BrSerWdm - ok
22:47:30.0849 0412 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:47:30.0854 0412 BrUsbMdm - ok
22:47:30.0855 0412 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:47:30.0859 0412 BrUsbSer - ok
22:47:30.0867 0412 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:47:30.0874 0412 BTHMODEM - ok
22:47:30.0899 0412 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:47:30.0905 0412 bthserv - ok
22:47:30.0921 0412 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:47:30.0934 0412 cdfs - ok
22:47:30.0954 0412 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:47:30.0962 0412 cdrom - ok
22:47:30.0984 0412 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:47:30.0985 0412 CertPropSvc - ok
22:47:30.0995 0412 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:47:31.0480 0412 circlass - ok
22:47:31.0500 0412 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:47:31.0503 0412 CLFS - ok
22:47:31.0554 0412 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:47:31.0568 0412 clr_optimization_v2.0.50727_32 - ok
22:47:31.0595 0412 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:47:31.0609 0412 clr_optimization_v2.0.50727_64 - ok
22:47:31.0635 0412 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:47:31.0636 0412 clr_optimization_v4.0.30319_32 - ok
22:47:31.0643 0412 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:47:31.0645 0412 clr_optimization_v4.0.30319_64 - ok
22:47:31.0662 0412 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:47:32.0132 0412 CmBatt - ok
22:47:32.0138 0412 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:47:32.0147 0412 cmdide - ok
22:47:32.0173 0412 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:47:32.0193 0412 CNG - ok
22:47:32.0210 0412 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:47:32.0220 0412 Compbatt - ok
22:47:32.0249 0412 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:47:32.0258 0412 CompositeBus - ok
22:47:32.0267 0412 COMSysApp - ok
22:47:32.0274 0412 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:47:32.0282 0412 crcdisk - ok
22:47:32.0304 0412 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:47:32.0316 0412 CryptSvc - ok
22:47:32.0338 0412 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:47:32.0362 0412 CSC - ok
22:47:32.0406 0412 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:47:32.0413 0412 CscService - ok
22:47:32.0442 0412 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:47:32.0448 0412 DcomLaunch - ok
22:47:32.0473 0412 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:47:32.0487 0412 defragsvc - ok
22:47:32.0500 0412 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:47:32.0515 0412 DfsC - ok
22:47:32.0534 0412 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:47:32.0540 0412 Dhcp - ok
22:47:32.0565 0412 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:47:32.0566 0412 discache - ok
22:47:32.0570 0412 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:47:32.0580 0412 Disk - ok
22:47:32.0598 0412 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
22:47:32.0609 0412 dmvsc - ok
22:47:32.0624 0412 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:47:32.0626 0412 Dnscache - ok
22:47:32.0637 0412 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:47:32.0651 0412 dot3svc - ok
22:47:32.0664 0412 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:47:32.0666 0412 DPS - ok
22:47:32.0674 0412 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:47:32.0682 0412 drmkaud - ok
22:47:32.0702 0412 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:47:32.0719 0412 DXGKrnl - ok
22:47:32.0747 0412 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:47:32.0749 0412 EapHost - ok
22:47:32.0814 0412 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:47:32.0931 0412 ebdrv - ok
22:47:32.0954 0412 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:47:32.0955 0412 EFS - ok
22:47:32.0998 0412 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:47:33.0025 0412 ehRecvr - ok
22:47:33.0039 0412 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:47:33.0054 0412 ehSched - ok
22:47:33.0104 0412 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:47:33.0125 0412 elxstor - ok
22:47:33.0165 0412 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
22:47:33.0198 0412 EpsonBidirectionalService - ok
22:47:33.0200 0412 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:47:33.0204 0412 ErrDev - ok
22:47:33.0222 0412 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:47:33.0228 0412 EventSystem - ok
22:47:33.0244 0412 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:47:33.0254 0412 exfat - ok
22:47:33.0269 0412 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:47:33.0276 0412 fastfat - ok
22:47:33.0294 0412 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:47:33.0297 0412 Fax - ok
22:47:33.0306 0412 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:47:33.0312 0412 fdc - ok
22:47:33.0323 0412 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:47:33.0330 0412 fdPHost - ok
22:47:33.0339 0412 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:47:33.0346 0412 FDResPub - ok
22:47:33.0365 0412 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:47:33.0376 0412 FileInfo - ok
22:47:33.0388 0412 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:47:33.0399 0412 Filetrace - ok
22:47:33.0402 0412 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:47:33.0407 0412 flpydisk - ok
22:47:33.0418 0412 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:47:33.0429 0412 FltMgr - ok
22:47:33.0453 0412 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:47:33.0461 0412 FontCache - ok
22:47:33.0496 0412 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:47:33.0497 0412 FontCache3.0.0.0 - ok
22:47:33.0508 0412 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:47:33.0518 0412 FsDepends - ok
22:47:33.0536 0412 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:47:33.0544 0412 Fs_Rec - ok
22:47:33.0571 0412 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:47:33.0592 0412 fvevol - ok
22:47:33.0612 0412 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:47:33.0623 0412 gagp30kx - ok
22:47:33.0643 0412 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:47:33.0651 0412 GEARAspiWDM - ok
22:47:33.0690 0412 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
22:47:33.0701 0412 GoToAssist - ok
22:47:33.0728 0412 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:47:33.0735 0412 gpsvc - ok
22:47:33.0747 0412 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:47:33.0756 0412 hcw85cir - ok
22:47:33.0779 0412 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:47:33.0782 0412 HDAudBus - ok
22:47:33.0792 0412 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:47:33.0802 0412 HidBatt - ok
22:47:33.0810 0412 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:47:33.0822 0412 HidBth - ok
22:47:33.0828 0412 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:47:33.0835 0412 HidIr - ok
22:47:33.0844 0412 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:47:33.0848 0412 hidserv - ok
22:47:33.0869 0412 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:47:33.0876 0412 HidUsb - ok
22:47:33.0891 0412 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:47:33.0892 0412 hkmsvc - ok
22:47:33.0902 0412 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:47:33.0915 0412 HomeGroupListener - ok
22:47:33.0933 0412 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:47:33.0944 0412 HomeGroupProvider - ok
22:47:33.0955 0412 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:47:33.0964 0412 HpSAMD - ok
22:47:33.0988 0412 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:47:34.0015 0412 HTTP - ok
22:47:34.0022 0412 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:47:34.0031 0412 hwpolicy - ok
22:47:34.0055 0412 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:47:34.0071 0412 i8042prt - ok
22:47:34.0097 0412 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:47:34.0101 0412 iaStor - ok
22:47:34.0144 0412 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:47:34.0154 0412 IAStorDataMgrSvc - ok
22:47:34.0172 0412 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:47:34.0191 0412 iaStorV - ok
22:47:34.0237 0412 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:47:34.0262 0412 idsvc - ok
22:47:34.0280 0412 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:47:34.0288 0412 iirsp - ok
22:47:34.0326 0412 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:47:34.0334 0412 IKEEXT - ok
22:47:34.0387 0412 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:47:34.0404 0412 IntcAzAudAddService - ok
22:47:34.0437 0412 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:47:34.0448 0412 IntcDAud - ok
22:47:34.0450 0412 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:47:34.0457 0412 intelide - ok
22:47:34.0487 0412 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:47:34.0488 0412 intelppm - ok
22:47:34.0504 0412 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:47:34.0516 0412 IPBusEnum - ok
22:47:34.0520 0412 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:47:34.0532 0412 IpFilterDriver - ok
22:47:34.0537 0412 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:47:34.0548 0412 IPMIDRV - ok
22:47:34.0590 0412 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:47:34.0604 0412 IPNAT - ok
22:47:34.0658 0412 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:47:34.0665 0412 iPod Service - ok
22:47:34.0681 0412 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:47:34.0690 0412 IRENUM - ok
22:47:34.0693 0412 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:47:34.0702 0412 isapnp - ok
22:47:34.0738 0412 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:47:34.0754 0412 iScsiPrt - ok
22:47:34.0789 0412 [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
22:47:34.0808 0412 k57nd60a - ok
22:47:34.0830 0412 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:47:34.0835 0412 kbdclass - ok
22:47:34.0854 0412 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:47:34.0865 0412 kbdhid - ok
22:47:34.0876 0412 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:47:34.0877 0412 KeyIso - ok
22:47:34.0889 0412 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:47:34.0896 0412 KSecDD - ok
22:47:34.0911 0412 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:47:34.0922 0412 KSecPkg - ok
22:47:34.0935 0412 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:47:34.0942 0412 ksthunk - ok
22:47:34.0969 0412 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:47:34.0982 0412 KtmRm - ok
22:47:34.0999 0412 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:47:35.0002 0412 LanmanServer - ok
22:47:35.0016 0412 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:47:35.0018 0412 LanmanWorkstation - ok
22:47:35.0036 0412 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:47:35.0045 0412 lltdio - ok
22:47:35.0066 0412 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:47:35.0078 0412 lltdsvc - ok
22:47:35.0089 0412 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:47:35.0097 0412 lmhosts - ok
22:47:35.0120 0412 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:47:35.0133 0412 LSI_FC - ok
22:47:35.0138 0412 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:47:36.0111 0412 LSI_SAS - ok
22:47:36.0121 0412 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:47:36.0132 0412 LSI_SAS2 - ok
22:47:36.0140 0412 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:47:36.0152 0412 LSI_SCSI - ok
22:47:36.0178 0412 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:47:36.0193 0412 luafv - ok
22:47:36.0238 0412 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:47:36.0245 0412 MBAMProtector - ok
22:47:36.0276 0412 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:47:36.0281 0412 MBAMService - ok
22:47:36.0309 0412 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
22:47:36.0329 0412 mcdbus - ok
22:47:36.0346 0412 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:47:36.0353 0412 Mcx2Svc - ok
22:47:36.0358 0412 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:47:36.0363 0412 megasas - ok
22:47:36.0368 0412 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:47:36.0378 0412 MegaSR - ok
22:47:36.0403 0412 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:47:36.0412 0412 MEIx64 - ok
22:47:36.0427 0412 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:47:36.0429 0412 MMCSS - ok
22:47:36.0432 0412 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:47:36.0439 0412 Modem - ok
22:47:36.0451 0412 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:47:36.0451 0412 monitor - ok
22:47:36.0461 0412 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:47:36.0471 0412 mouclass - ok
22:47:36.0487 0412 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:47:36.0497 0412 mouhid - ok
22:47:36.0503 0412 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:47:36.0514 0412 mountmgr - ok
22:47:36.0532 0412 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:47:36.0540 0412 MpFilter - ok
22:47:36.0561 0412 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:47:36.0581 0412 mpio - ok
22:47:36.0597 0412 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:47:36.0605 0412 mpsdrv - ok
22:47:36.0608 0412 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:47:36.0618 0412 MRxDAV - ok
22:47:36.0627 0412 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:47:36.0640 0412 mrxsmb - ok
22:47:36.0650 0412 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:47:36.0665 0412 mrxsmb10 - ok
22:47:36.0676 0412 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:47:36.0684 0412 mrxsmb20 - ok
22:47:36.0693 0412 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:47:36.0699 0412 msahci - ok
22:47:36.0706 0412 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:47:36.0713 0412 msdsm - ok
22:47:36.0722 0412 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:47:36.0731 0412 MSDTC - ok
22:47:36.0752 0412 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:47:36.0758 0412 Msfs - ok
22:47:36.0766 0412 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:47:36.0771 0412 mshidkmdf - ok
22:47:36.0783 0412 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:47:36.0787 0412 msisadrv - ok
22:47:36.0819 0412 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:47:36.0833 0412 MSiSCSI - ok
22:47:36.0836 0412 msiserver - ok
22:47:36.0853 0412 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:47:37.0620 0412 MSKSSRV - ok
22:47:37.0687 0412 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:47:37.0695 0412 MsMpSvc - ok
22:47:37.0718 0412 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:47:37.0726 0412 MSPCLOCK - ok
22:47:37.0729 0412 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:47:37.0737 0412 MSPQM - ok
22:47:37.0752 0412 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:47:37.0768 0412 MsRPC - ok
22:47:37.0784 0412 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:47:37.0784 0412 mssmbios - ok
22:47:37.0786 0412 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:47:37.0790 0412 MSTEE - ok
22:47:37.0792 0412 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:47:37.0797 0412 MTConfig - ok
22:47:37.0807 0412 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:47:37.0813 0412 Mup - ok
22:47:37.0857 0412 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:47:37.0862 0412 napagent - ok
22:47:37.0887 0412 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:47:37.0906 0412 NativeWifiP - ok
22:47:37.0937 0412 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:47:37.0945 0412 NDIS - ok
22:47:37.0955 0412 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:47:37.0964 0412 NdisCap - ok
22:47:37.0977 0412 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:47:37.0983 0412 NdisTapi - ok
22:47:37.0999 0412 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:47:38.0482 0412 Ndisuio - ok
22:47:38.0496 0412 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:47:38.0972 0412 NdisWan - ok
22:47:38.0983 0412 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:47:38.0993 0412 NDProxy - ok
22:47:39.0010 0412 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
22:47:39.0018 0412 Netaapl - ok
22:47:39.0032 0412 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:47:39.0042 0412 NetBIOS - ok
22:47:39.0051 0412 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:47:39.0067 0412 NetBT - ok
22:47:39.0080 0412 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:47:39.0082 0412 Netlogon - ok
22:47:39.0106 0412 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:47:39.0110 0412 Netman - ok
22:47:39.0142 0412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:47:39.0161 0412 NetMsmqActivator - ok
22:47:39.0164 0412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:47:39.0164 0412 NetPipeActivator - ok
22:47:39.0178 0412 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:47:39.0185 0412 netprofm - ok
22:47:39.0188 0412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:47:39.0188 0412 NetTcpActivator - ok
22:47:39.0190 0412 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:47:39.0191 0412 NetTcpPortSharing - ok
22:47:39.0215 0412 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
22:47:39.0685 0412 netvsc - ok
22:47:39.0715 0412 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:47:39.0727 0412 nfrd960 - ok
22:47:39.0795 0412 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:47:39.0813 0412 NisDrv - ok
22:47:39.0842 0412 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:47:39.0860 0412 NisSrv - ok
22:47:39.0893 0412 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:47:39.0896 0412 NlaSvc - ok
22:47:39.0977 0412 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
22:47:40.0025 0412 NOBU - ok
22:47:40.0031 0412 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:47:40.0040 0412 Npfs - ok
22:47:40.0046 0412 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:47:40.0047 0412 nsi - ok
22:47:40.0068 0412 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:47:40.0081 0412 nsiproxy - ok
22:47:40.0118 0412 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:47:40.0175 0412 Ntfs - ok
22:47:40.0236 0412 [ F632DD8AA5C388D1D0528A876A71320D ] ntrtscan c:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe
22:47:40.0245 0412 ntrtscan - ok
22:47:40.0268 0412 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:47:40.0279 0412 Null - ok
22:47:40.0303 0412 [ 857FB74754EBFF94EE3AD40788740916 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:47:40.0319 0412 NVHDA - ok
22:47:40.0507 0412 [ 64B046CA14B8EE7ED6D21CFA326B3363 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:47:41.0124 0412 nvlddmkm - ok
22:47:41.0151 0412 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:47:41.0883 0412 nvraid - ok
22:47:41.0917 0412 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:47:41.0936 0412 nvstor - ok
22:47:41.0973 0412 [ 77B013AE58952C6E9DC982D7803311C5 ] NVSvc C:\Windows\system32\nvvsvc.exe
22:47:41.0988 0412 NVSvc - ok
22:47:41.0999 0412 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:47:42.0009 0412 nv_agp - ok
22:47:42.0032 0412 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:47:42.0042 0412 ohci1394 - ok
22:47:42.0087 0412 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:47:42.0110 0412 ose - ok
22:47:42.0222 0412 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:47:42.0239 0412 osppsvc - ok
22:47:42.0255 0412 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:47:42.0257 0412 p2pimsvc - ok
22:47:42.0273 0412 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:47:42.0275 0412 p2psvc - ok
22:47:42.0294 0412 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:47:42.0304 0412 Parport - ok
22:47:42.0321 0412 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:47:42.0336 0412 partmgr - ok
22:47:42.0345 0412 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:47:42.0347 0412 PcaSvc - ok
22:47:42.0357 0412 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:47:42.0367 0412 pci - ok
22:47:42.0382 0412 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:47:42.0389 0412 pciide - ok
22:47:42.0394 0412 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:47:42.0414 0412 pcmcia - ok
22:47:42.0425 0412 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:47:42.0435 0412 pcw - ok
22:47:42.0447 0412 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:47:42.0463 0412 PEAUTH - ok
22:47:42.0487 0412 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:47:42.0505 0412 PeerDistSvc - ok
22:47:42.0557 0412 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:47:42.0578 0412 PerfHost - ok
22:47:42.0603 0412 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:47:42.0653 0412 pla - ok
22:47:42.0685 0412 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:47:42.0689 0412 PlugPlay - ok
22:47:42.0700 0412 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:47:42.0714 0412 PNRPAutoReg - ok
22:47:42.0731 0412 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:47:42.0733 0412 PNRPsvc - ok
22:47:42.0746 0412 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:47:42.0761 0412 PolicyAgent - ok
22:47:42.0770 0412 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
22:47:42.0772 0412 Power - ok
22:47:42.0799 0412 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:47:42.0819 0412 PptpMiniport - ok
22:47:42.0829 0412 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:47:42.0840 0412 Processor - ok
22:47:42.0858 0412 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:47:42.0860 0412 ProfSvc - ok
22:47:42.0869 0412 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:47:42.0870 0412 ProtectedStorage - ok
22:47:42.0893 0412 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:47:42.0911 0412 Psched - ok
22:47:42.0926 0412 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:47:42.0931 0412 PxHlpa64 - ok
22:47:42.0962 0412 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:47:43.0030 0412 ql2300 - ok
22:47:43.0035 0412 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:47:43.0046 0412 ql40xx - ok
22:47:43.0063 0412 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:47:43.0077 0412 QWAVE - ok
22:47:43.0090 0412 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:47:43.0101 0412 QWAVEdrv - ok
22:47:43.0104 0412 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:47:43.0112 0412 RasAcd - ok
22:47:43.0124 0412 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:47:43.0134 0412 RasAgileVpn - ok
22:47:43.0143 0412 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:47:43.0153 0412 RasAuto - ok
22:47:43.0163 0412 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:47:43.0176 0412 Rasl2tp - ok
22:47:43.0188 0412 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:47:43.0199 0412 RasMan - ok
22:47:43.0220 0412 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:47:43.0233 0412 RasPppoe - ok
22:47:43.0242 0412 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:47:43.0256 0412 RasSstp - ok
22:47:43.0274 0412 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:47:43.0295 0412 rdbss - ok
22:47:43.0301 0412 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:47:43.0312 0412 rdpbus - ok
22:47:43.0319 0412 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:47:43.0326 0412 RDPCDD - ok
22:47:43.0344 0412 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:47:43.0352 0412 RDPDR - ok
22:47:43.0366 0412 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:47:43.0371 0412 RDPENCDD - ok
22:47:43.0377 0412 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:47:43.0382 0412 RDPREFMP - ok
22:47:43.0409 0412 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:47:43.0420 0412 RDPWD - ok
22:47:43.0447 0412 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:47:43.0461 0412 rdyboost - ok
22:47:43.0490 0412 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:47:43.0501 0412 RemoteAccess - ok
22:47:43.0521 0412 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:47:43.0534 0412 RemoteRegistry - ok
22:47:43.0607 0412 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
22:47:43.0667 0412 RoxMediaDB12OEM - ok
22:47:43.0682 0412 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
22:47:43.0683 0412 RoxWatch12 - ok
22:47:43.0696 0412 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:47:43.0698 0412 RpcEptMapper - ok
22:47:43.0717 0412 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:47:43.0726 0412 RpcLocator - ok
22:47:43.0739 0412 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:47:43.0744 0412 RpcSs - ok
22:47:43.0760 0412 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:47:43.0769 0412 rspndr - ok
22:47:43.0792 0412 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:47:43.0798 0412 s3cap - ok
22:47:43.0809 0412 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:47:43.0810 0412 SamSs - ok
22:47:43.0827 0412 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:47:43.0836 0412 sbp2port - ok
22:47:43.0846 0412 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:47:43.0858 0412 SCardSvr - ok
22:47:43.0862 0412 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:47:43.0869 0412 scfilter - ok
22:47:43.0893 0412 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:47:43.0902 0412 Schedule - ok
22:47:43.0920 0412 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:47:43.0921 0412 SCPolicySvc - ok
22:47:43.0931 0412 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:47:43.0933 0412 SDRSVC - ok
22:47:43.0955 0412 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:47:43.0964 0412 secdrv - ok
22:47:43.0973 0412 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:47:43.0980 0412 seclogon - ok
22:47:43.0993 0412 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:47:44.0000 0412 SENS - ok
22:47:44.0011 0412 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:47:44.0018 0412 SensrSvc - ok
22:47:44.0046 0412 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:47:44.0517 0412 Serenum - ok
22:47:44.0532 0412 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:47:44.0548 0412 Serial - ok
22:47:44.0552 0412 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:47:44.0562 0412 sermouse - ok
22:47:44.0580 0412 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:47:44.0587 0412 SessionEnv - ok
22:47:44.0589 0412 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:47:44.0593 0412 sffdisk - ok
22:47:44.0595 0412 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:47:45.0140 0412 sffp_mmc - ok
22:47:45.0161 0412 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:47:45.0170 0412 sffp_sd - ok
22:47:45.0174 0412 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:47:45.0182 0412 sfloppy - ok
22:47:45.0239 0412 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:47:45.0298 0412 SftService - ok
22:47:45.0324 0412 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:47:45.0332 0412 ShellHWDetection - ok
22:47:45.0341 0412 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:47:45.0350 0412 SiSRaid2 - ok
22:47:45.0354 0412 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:47:45.0364 0412 SiSRaid4 - ok
22:47:45.0457 0412 [ 17EAB7852FF9F15FBAAB4E95EFC0B812 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:47:45.0695 0412 SkypeUpdate - ok
22:47:45.0713 0412 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:47:45.0720 0412 Smb - ok
22:47:45.0743 0412 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:47:45.0748 0412 SNMPTRAP - ok
22:47:45.0755 0412 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:47:45.0759 0412 spldr - ok
22:47:45.0779 0412 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:47:45.0782 0412 Spooler - ok
22:47:45.0845 0412 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:47:45.0872 0412 sppsvc - ok
22:47:45.0886 0412 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:47:45.0892 0412 sppuinotify - ok
22:47:45.0906 0412 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:47:45.0927 0412 srv - ok
22:47:45.0948 0412 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:47:45.0971 0412 srv2 - ok
22:47:45.0990 0412 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:47:45.0999 0412 srvnet - ok
22:47:46.0018 0412 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:47:46.0020 0412 SSDPSRV - ok
22:47:46.0028 0412 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:47:46.0038 0412 SstpSvc - ok
22:47:46.0050 0412 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:47:46.0058 0412 stexstor - ok
22:47:46.0091 0412 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:47:46.0098 0412 stisvc - ok
22:47:46.0128 0412 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:47:46.0160 0412 stllssvr - ok
22:47:46.0167 0412 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:47:46.0172 0412 StorSvc - ok
22:47:46.0202 0412 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:47:46.0207 0412 storvsc - ok
22:47:46.0538 0412 [ 15323AE5D254AA1D389522166E6F4244 ] svcGenericHost c:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
22:47:46.0550 0412 svcGenericHost - ok
22:47:46.0571 0412 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:47:46.0579 0412 swenum - ok
22:47:46.0639 0412 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:47:46.0644 0412 SwitchBoard - ok
22:47:46.0672 0412 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:47:46.0678 0412 swprv - ok
22:47:46.0697 0412 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
22:47:47.0171 0412 SynthVid - ok
22:47:47.0220 0412 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:47:47.0233 0412 SysMain - ok
22:47:47.0245 0412 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:47:47.0252 0412 TabletInputService - ok
22:47:47.0259 0412 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:47:47.0269 0412 TapiSrv - ok
22:47:47.0281 0412 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:47:47.0285 0412 TBS - ok
22:47:47.0329 0412 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:47:47.0396 0412 Tcpip - ok
22:47:47.0425 0412 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:47:47.0432 0412 TCPIP6 - ok
22:47:47.0457 0412 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:47:47.0752 0412 tcpipreg - ok
22:47:47.0765 0412 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:47:47.0774 0412 TDPIPE - ok
22:47:47.0798 0412 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:47:47.0809 0412 TDTCP - ok
22:47:47.0827 0412 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:47:47.0840 0412 tdx - ok
22:47:47.0852 0412 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:47:47.0860 0412 TermDD - ok
22:47:47.0887 0412 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:47:47.0892 0412 TermService - ok
22:47:47.0903 0412 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:47:47.0905 0412 Themes - ok
22:47:47.0924 0412 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:47:47.0926 0412 THREADORDER - ok
22:47:47.0970 0412 [ 963C903E5176C5CDCAE321D48635B21F ] TMBMServer c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
22:47:47.0988 0412 TMBMServer - ok
22:47:48.0019 0412 [ 8B97BA7E28BD39A2BC4A2BB66A83FEC0 ] TmFilter c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys
22:47:48.0036 0412 TmFilter - ok
22:47:48.0069 0412 [ E5F23152B394FDEBC53B07E2B2E64C62 ] tmlisten c:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe
22:47:48.0076 0412 tmlisten - ok
22:47:48.0113 0412 [ B5C00FC8786A237937C33AABEE68CA26 ] tmlwf C:\Windows\system32\DRIVERS\tmlwf.sys
22:47:48.0115 0412 tmlwf - ok
22:47:48.0135 0412 [ 48D09383511757645C0A828622EF5AB3 ] TmPfw c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe
22:47:48.0141 0412 TmPfw - ok
22:47:48.0162 0412 [ 1889F49A828B1CF0E2866CDD325875B0 ] TmPreFilter c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys
22:47:48.0167 0412 TmPreFilter - ok
22:47:48.0182 0412 [ 19D6F618802F93C0ED9EA89E5CD6E12E ] TmProxy c:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
22:47:48.0186 0412 TmProxy - ok
22:47:48.0193 0412 [ A42E6780C52B248AF54C6010A9A93384 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
22:47:48.0199 0412 tmtdi - ok
22:47:48.0222 0412 [ 5D38C32A4B093BC8190CF3FB9078C9CD ] tmwfp C:\Windows\system32\DRIVERS\tmwfp.sys
22:47:48.0231 0412 tmwfp - ok
22:47:48.0256 0412 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:47:48.0259 0412 TrkWks - ok
22:47:48.0288 0412 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:47:48.0290 0412 TrustedInstaller - ok
22:47:48.0308 0412 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:47:48.0320 0412 tssecsrv - ok
22:47:48.0348 0412 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:47:48.0358 0412 TsUsbFlt - ok
22:47:48.0369 0412 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:47:48.0378 0412 TsUsbGD - ok
22:47:48.0396 0412 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:47:48.0409 0412 tunnel - ok
22:47:48.0422 0412 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:47:48.0432 0412 uagp35 - ok
22:47:48.0450 0412 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:47:48.0468 0412 udfs - ok
22:47:48.0489 0412 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:47:48.0501 0412 UI0Detect - ok
22:47:48.0517 0412 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:47:48.0528 0412 uliagpkx - ok
22:47:48.0548 0412 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:47:48.0557 0412 umbus - ok
22:47:48.0570 0412 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:47:49.0578 0412 UmPass - ok
22:47:49.0592 0412 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:47:49.0595 0412 UmRdpService - ok
22:47:49.0615 0412 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:47:49.0629 0412 upnphost - ok
22:47:49.0660 0412 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:47:49.0670 0412 USBAAPL64 - ok
22:47:49.0689 0412 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:47:49.0701 0412 usbccgp - ok
22:47:49.0723 0412 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:47:49.0735 0412 usbcir - ok
22:47:49.0744 0412 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:47:49.0755 0412 usbehci - ok
22:47:49.0784 0412 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:47:49.0805 0412 usbhub - ok
22:47:49.0815 0412 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:47:49.0820 0412 usbohci - ok
22:47:49.0823 0412 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:47:49.0829 0412 usbprint - ok
22:47:49.0840 0412 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:47:49.0852 0412 USBSTOR - ok
22:47:49.0856 0412 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:47:49.0865 0412 usbuhci - ok
22:47:49.0886 0412 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:47:49.0886 0412 UxSms - ok
22:47:49.0894 0412 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:47:49.0895 0412 VaultSvc - ok
22:47:49.0910 0412 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:47:49.0918 0412 vdrvroot - ok
22:47:49.0946 0412 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:47:49.0952 0412 vds - ok
22:47:49.0956 0412 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:47:49.0966 0412 vga - ok
22:47:49.0979 0412 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:47:49.0990 0412 VgaSave - ok
22:47:49.0994 0412 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:47:50.0008 0412 vhdmp - ok
22:47:50.0012 0412 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:47:50.0019 0412 viaide - ok
22:47:50.0034 0412 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:47:50.0040 0412 VMBusHID - ok
22:47:50.0056 0412 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:47:50.0064 0412 volmgr - ok
22:47:50.0081 0412 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:47:50.0100 0412 volmgrx - ok
22:47:50.0114 0412 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:47:50.0135 0412 volsnap - ok
22:47:50.0207 0412 [ 3A5862D9A4FE4BBB2FFA1700E2B21B9B ] VSApiNt c:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys
22:47:50.0237 0412 VSApiNt - ok
22:47:50.0268 0412 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:47:50.0282 0412 vsmraid - ok
22:47:50.0314 0412 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:47:50.0344 0412 VSS - ok
22:47:50.0358 0412 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:47:50.0366 0412 vwifibus - ok
22:47:50.0378 0412 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:47:50.0382 0412 W32Time - ok
22:47:50.0398 0412 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:47:50.0889 0412 WacomPen - ok
22:47:50.0923 0412 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:47:50.0936 0412 WANARP - ok
22:47:50.0940 0412 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:47:50.0941 0412 Wanarpv6 - ok
22:47:50.0999 0412 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:47:51.0039 0412 WatAdminSvc - ok
22:47:51.0104 0412 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:47:51.0128 0412 wbengine - ok
22:47:51.0138 0412 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:47:51.0151 0412 WbioSrvc - ok
22:47:51.0163 0412 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:47:51.0180 0412 wcncsvc - ok
22:47:51.0190 0412 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:47:51.0199 0412 WcsPlugInService - ok
22:47:51.0219 0412 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:47:51.0228 0412 Wd - ok
22:47:51.0255 0412 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
22:47:51.0263 0412 WDC_SAM - ok
22:47:51.0284 0412 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:47:51.0308 0412 Wdf01000 - ok
22:47:51.0329 0412 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:47:51.0338 0412 WdiServiceHost - ok
22:47:51.0341 0412 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:47:51.0343 0412 WdiSystemHost - ok
22:47:51.0359 0412 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:47:51.0376 0412 WebClient - ok
22:47:51.0386 0412 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:47:51.0401 0412 Wecsvc - ok
22:47:51.0410 0412 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:47:51.0412 0412 wercplsupport - ok
22:47:51.0420 0412 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:47:51.0422 0412 WerSvc - ok
22:47:51.0439 0412 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:47:51.0445 0412 WfpLwf - ok
22:47:51.0476 0412 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:47:51.0490 0412 WimFltr - ok
22:47:51.0500 0412 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:47:52.0014 0412 WIMMount - ok
22:47:52.0021 0412 WinHttpAutoProxySvc - ok
22:47:52.0064 0412 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:47:52.0076 0412 Winmgmt - ok
22:47:52.0137 0412 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:47:52.0196 0412 WinRM - ok
22:47:52.0223 0412 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:47:52.0227 0412 WinUsb - ok
22:47:52.0265 0412 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:47:52.0292 0412 Wlansvc - ok
22:47:52.0341 0412 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:47:52.0353 0412 wlcrasvc - ok
22:47:52.0430 0412 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:47:52.0447 0412 wlidsvc - ok
22:47:52.0475 0412 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:47:52.0481 0412 WmiAcpi - ok
22:47:52.0512 0412 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:47:52.0530 0412 wmiApSrv - ok
22:47:52.0547 0412 WMPNetworkSvc - ok
22:47:52.0567 0412 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:47:52.0576 0412 WPCSvc - ok
22:47:52.0588 0412 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:47:52.0591 0412 WPDBusEnum - ok
22:47:52.0604 0412 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:47:52.0614 0412 ws2ifsl - ok
22:47:52.0617 0412 WSearch - ok
22:47:52.0675 0412 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:47:52.0707 0412 wuauserv - ok
22:47:52.0714 0412 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:47:52.0723 0412 WudfPf - ok
22:47:52.0734 0412 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:47:52.0735 0412 WUDFRd - ok
22:47:52.0747 0412 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:47:52.0753 0412 wudfsvc - ok
22:47:52.0761 0412 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:47:52.0772 0412 WwanSvc - ok
22:47:52.0794 0412 ================ Scan global ===============================
22:47:52.0809 0412 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:47:52.0827 0412 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:47:52.0831 0412 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
22:47:52.0846 0412 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:47:52.0876 0412 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:47:52.0894 0412 [Global] - ok
22:47:52.0895 0412 ================ Scan MBR ==================================
22:47:52.0910 0412 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:47:53.0183 0412 \Device\Harddisk0\DR0 - ok
22:47:53.0184 0412 ================ Scan VBR ==================================
22:47:53.0186 0412 [ 1C78C80551045F3EA52591DB544D1AC8 ] \Device\Harddisk0\DR0\Partition1
22:47:53.0188 0412 \Device\Harddisk0\DR0\Partition1 - ok
22:47:53.0212 0412 [ 27E6364BC64EC3FC8622FBFE392B32BD ] \Device\Harddisk0\DR0\Partition2
22:47:53.0214 0412 \Device\Harddisk0\DR0\Partition2 - ok
22:47:53.0214 0412 ============================================================
22:47:53.0214 0412 Scan finished
22:47:53.0214 0412 ============================================================
22:47:53.0224 5168 Detected object count: 0
22:47:53.0224 5168 Actual detected object count: 0
22:50:54.0967 1680 Deinitialize success

ASWMBR - LOG

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 23:05:10
-----------------------------
23:05:10.513 OS Version: Windows x64 6.1.7601 Service Pack 1
23:05:10.513 Number of processors: 8 586 0x2A07
23:05:10.514 ComputerName: ANDYWHITTING-PC UserName: Andy Whitting
23:05:17.409 Initialize success
23:05:21.562 AVAST engine defs: 12082100
23:05:25.247 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:05:25.249 Disk 0 Vendor: ST350041 JC49 Size: 476940MB BusType: 3
23:05:25.281 Disk 0 MBR read successfully
23:05:25.283 Disk 0 MBR scan
23:05:25.316 Disk 0 Windows 7 default MBR code
23:05:25.318 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
23:05:25.334 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13466 MB offset 81920
23:05:25.351 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463433 MB offset 27660288
23:05:25.408 Disk 0 scanning C:\Windows\system32\drivers
23:05:38.094 Service scanning
23:06:02.564 Modules scanning
23:06:02.572 Disk 0 trace - called modules:
23:06:02.599 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:06:02.931 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099ae790]
23:06:02.936 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007564050]
23:06:08.357 AVAST engine scan C:\Windows
23:06:10.665 AVAST engine scan C:\Windows\system32
23:09:33.528 AVAST engine scan C:\Windows\system32\drivers
23:09:48.046 AVAST engine scan C:\Users\Andy Whitting
23:12:41.451 File: C:\Users\Andy Whitting\AppData\Roaming\Xiva\xiaft.exe **INFECTED** Win32:Zbot-PGF [Trj]
23:14:01.705 Disk 0 MBR has been saved successfully to "C:\Users\Andy Whitting\Desktop\MBR.dat"
23:14:01.743 The log file has been saved successfully to "C:\Users\Andy Whitting\Desktop\aswMBR.txt"

ESET ONLINE SCANNER

C:\Users\Andy Whitting\AppData\Roaming\wprops.dll a variant of Win32/Medfos.CQ trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Andy Whitting\AppData\Roaming\Xiva\xiaft.exe a variant of Win32/Kryptik.AKFW trojan cleaned by deleting - quarantined

Please let me know next steps, thanks so much.

Andy

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:38 PM

Posted 21 August 2012 - 11:40 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 Andos

Andos
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 21 August 2012 - 08:26 PM

Thank you Naren,

Please see below logs;


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andy Whitting :: ANDYWHITTING-PC [administrator]

Protection: Enabled

22/08/2012 9:04:52 AM
mbam-log-2012-08-22 (09-04-52).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393777
Time elapsed: 1 hour(s), 50 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 23-07-2012
Ran by Andy Whitting (administrator) on 22-08-2012 at 10:57:46
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com

========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=10.1.1.2 metric=1 publish=Yes


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AndyWhitting-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : D4-BE-D9-89-B4-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fdb2:14ad:4bef:153f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, 22 August 2012 9:02:57 AM
Lease Expires . . . . . . . . . . : Thursday, 23 August 2012 9:02:57 AM
Default Gateway . . . . . . . . . : 10.1.1.1
DHCP Server . . . . . . . . . . . : 10.1.1.1
DHCPv6 IAID . . . . . . . . . . . : 248823513
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A2-55-D0-D4-BE-D9-89-B4-2A
DNS Servers . . . . . . . . . . . : 10.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{945A0BEA-4A20-4DAE-A7C5-BB1814D784B5}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 10.1.1.1

Name: google.com
Addresses: 2404:6800:4006:804::1003
74.125.237.142
74.125.237.128
74.125.237.129
74.125.237.130
74.125.237.131
74.125.237.132
74.125.237.133
74.125.237.134
74.125.237.135
74.125.237.136
74.125.237.137


Pinging google.com [74.125.237.9] with 32 bytes of data:
Reply from 74.125.237.9: bytes=32 time=25ms TTL=56
Reply from 74.125.237.9: bytes=32 time=26ms TTL=56

Ping statistics for 74.125.237.9:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 26ms, Average = 25ms
Server: UnKnown
Address: 10.1.1.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=180ms TTL=55
Reply from 72.30.38.140: bytes=32 time=257ms TTL=55

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 180ms, Maximum = 257ms, Average = 218ms
Server: UnKnown
Address: 10.1.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...d4 be d9 89 b4 2a ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.2 20
10.1.1.0 255.255.255.0 On-link 10.1.1.2 276
10.1.1.2 255.255.255.255 On-link 10.1.1.2 276
10.1.1.255 255.255.255.255 On-link 10.1.1.2 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 10.1.1.2 21
169.254.255.255 255.255.255.255 On-link 10.1.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.1.2 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 10.1.1.2 1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::fdb2:14ad:4bef:153f/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/22/2012 09:04:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2012 08:45:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2012 11:14:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/21/2012 10:40:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2012 07:36:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2012 10:45:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2012 10:28:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2012 10:20:42 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Business 2010; Error = 0x8007043c).

Error: (08/20/2012 10:20:40 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Business 2010; Error = 0x8007043c).

Error: (08/20/2012 10:20:27 PM) (Source: Outlook) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).


System errors:
=============
Error: (08/22/2012 09:04:27 AM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Client/Server Security Agent Personal Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error:
%%2

Error: (08/22/2012 09:04:27 AM) (Source: Service Control Manager) (User: )
Description: The Trend Micro WFP Callout Driver service failed to start due to the following error:
%%2

Error: (08/22/2012 09:04:26 AM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Client/Server Security Agent Personal Firewall service depends on the Trend Micro WFP Callout Driver service which failed to start because of the following error:
%%2

Error: (08/22/2012 09:04:26 AM) (Source: Service Control Manager) (User: )
Description: The Trend Micro WFP Callout Driver service failed to start due to the following error:
%%2

Error: (08/22/2012 09:04:26 AM) (Source: Service Control Manager) (User: )
Description: The Trend Micro WFP Callout Driver service failed to start due to the following error:
%%2

Error: (08/22/2012 09:04:11 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (08/22/2012 09:04:00 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/22/2012 09:04:00 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/22/2012 09:03:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (08/22/2012 09:03:06 AM) (Source: Service Control Manager) (User: )
Description: The Trend Micro WFP Callout Driver service failed to start due to the following error:
%%1753


Microsoft Office Sessions:
=========================
Error: (08/22/2012 09:04:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2012 08:45:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2012 11:14:54 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Andy Whitting\Downloads\esetsmartinstaller_enu.exe

Error: (08/21/2012 10:40:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2012 07:36:45 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2012 10:45:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2012 10:28:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2012 10:20:42 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (08/20/2012 10:20:40 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Business 20100x8007043c

Error: (08/20/2012 10:20:27 PM) (Source: Outlook)(User: )
Description: 0x8007043c


=========================== Installed Programs ============================

ABBYY FineReader 9.0 Sprint (Version: 9.01.506.5829)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (Version: 9.0.0)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.4)
Adobe AIR (Version: 3.1.0.4880)
Adobe Creative Suite 5 Master Collection (Version: 5.0)
Adobe Creative Suite 6 Master Collection (Version: 6)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Help Manager (Version: 4.0.244)
Adobe Media Player (Version: 1.8)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
AUSkey software 1.4.0.6 (Version: 1.4.0.6)
Bing Bar (Version: 7.0.858.0)
Bonjour (Version: 3.0.0.10)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software (Version: 9.4.61)
Dell DataSafe Local Backup (Version: 9.4.61)
Dell DataSafe Online (Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell Support Center (Version: 3.1.5907.39)
DirectX 9 Runtime (Version: 1.00.0000)
Dropbox (Version: 1.4.7)
e-tax 2012 (Version: 6.0.577)
EPSON Artisan 730 Series Printer Uninstall
Epson Download Navigator (Version: 1.0.1)
Epson Easy Photo Print 2 (Version: 2.3.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.50.0000)
Epson Print CD (Version: 2.05.00)
EPSON Scan
EpsonNet Print (Version: 2.4j)
ESET Online Scanner v3
Google Chrome (Version: 21.0.1180.83)
GoToAssist Corporate (Version: 9.1.0.615)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Rapid Storage Technology (Version: 10.6.0.1002)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
Java™ 6 Update 27 (Version: 6.0.270)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Display Control Panel (Version: 6.14.12.6716)
PDF Settings CS5 (Version: 10.0)
PDF Settings CS6 (Version: 11.0)
PhotoShowExpress (Version: 2.0.063)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.154)
SolidWorks eDrawings 2012 (Version: 12.3.113)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Trend Micro Client/Server Security Agent (Version: 3.5.1163)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 8174.45 MB
Available physical RAM: 5246.03 MB
Total Pagefile: 16347.08 MB
Available Pagefile: 13321.01 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.76 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:452.57 GB) (Free:325.46 GB) NTFS

========================= Users: ========================================

User accounts for \\ANDYWHITTING-PC

Administrator Andy Whitting Guest


**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by Andy Whitting (administrator) on 22-08-2012 at 11:01:45
Running from "C:\Users\Andy Whitting\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v1.801 - Logfile created 08/22/2012 at 11:18:34
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Andy Whitting - ANDYWHITTING-PC
# Boot Mode : Normal
# Running from : C:\Users\Andy Whitting\Downloads\adwcleaner (2).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\ANDYWH~1\AppData\Local\TempC:\Program Files (x86)\Software

***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Andy Whitting\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [315 octets] - [22/08/2012 11:02:34]
AdwCleaner[S2].txt - [1062 octets] - [22/08/2012 11:05:16]
AdwCleaner[S3].txt - [936 octets] - [22/08/2012 11:18:34]

########## EOF - C:\AdwCleaner[S3].txt - [1063 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:38 PM

Posted 21 August 2012 - 08:27 PM

Download

MpsSvc
BFE
wscsvc
defender
Sharedaccess

Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 Andos

Andos
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 21 August 2012 - 09:31 PM

Hi Naren, I cant seem to find the Windows Repair Kit on the majorgeeks.com website? are you able to let me know where on the page to download please?

Thanks

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:38 PM

Posted 21 August 2012 - 09:42 PM

http://files1.majorgeeks.com/files/9719a00ed0c5709d80dfef33795dcef3/allinone/tweaking.com_windows_repair_aio.zip

#9 Andos

Andos
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 21 August 2012 - 09:43 PM

Sorry just found the link and launching now :thumbsup:

#10 Andos

Andos
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 21 August 2012 - 09:59 PM

Hi Naren,

Can you please let me know where i will find the FSS Log to post?

Thanks

#11 Andos

Andos
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 21 August 2012 - 10:03 PM

This is the log for Rkill but I cant find the FSS log?


Rkill 2.3.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/22/2012 01:01:30 PM in x64 mode.
Windows Version: Windows 7 Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Andy Whitting\Desktop\rkill\rkill-08-22-2012-01-02-08.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Firewall Disabled

[HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = dword:00000000

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\Andy Whitting\AppData\Local\{19c0256a-abee-a251-9179-6d1cd051d5c1}\ [ZA Dir]
* C:\Users\Andy Whitting\AppData\Local\{19c0256a-abee-a251-9179-6d1cd051d5c1}\L\ [ZA Dir]
* C:\Users\Andy Whitting\AppData\Local\{19c0256a-abee-a251-9179-6d1cd051d5c1}\U\ [ZA Dir]
* C:\Windows\installer\{19c0256a-abee-a251-9179-6d1cd051d5c1}\ [ZA Dir]
* C:\Windows\installer\{19c0256a-abee-a251-9179-6d1cd051d5c1}\L\ [ZA Dir]
* C:\Windows\installer\{19c0256a-abee-a251-9179-6d1cd051d5c1}\U\ [ZA Dir]

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic (Delayed Start)

* iphlpsvc [Missing Service]

* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

* WinDefend => %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/22/2012 01:02:15 PM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:38 PM

Posted 21 August 2012 - 10:03 PM

Folder from which FSS is being run

#13 Andos

Andos
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 21 August 2012 - 10:11 PM

Sorry but where would i find out where this is?

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:38 PM

Posted 21 August 2012 - 10:15 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#15 Andos

Andos
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 21 August 2012 - 10:22 PM

FSS Log

Farbar Service Scanner Version: 06-08-2012
Ran by Andy Whitting (administrator) on 22-08-2012 at 13:22:17
Running from "C:\Users\Andy Whitting\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users