Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of Sirefef family viruses


  • Please log in to reply
11 replies to this topic

#1 algis87

algis87

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 01 September 2012 - 10:07 AM

Hello everyone, for some time now, I have been having problems with sirefef viruses. I tried various AV software and cleaning tools. Some successfully deletes malware, but it keeps coming back after a few days. When viruses come back, my MSE, firewall and windows updates gets turned off. I have to start the procedure all over again. I need help for completely removing this malware. I am running windows 7 x64

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:10 PM

Posted 01 September 2012 - 10:10 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 algis87

algis87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 01 September 2012 - 06:21 PM

TDSSkiller


01:19:29.0027 2260 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
01:19:29.0292 2260 ============================================================
01:19:29.0292 2260 Current date / time: 2012/09/02 01:19:29.0292
01:19:29.0292 2260 SystemInfo:
01:19:29.0292 2260
01:19:29.0292 2260 OS Version: 6.1.7601 ServicePack: 1.0
01:19:29.0292 2260 Product type: Workstation
01:19:29.0292 2260 ComputerName: ALGIS-PC
01:19:29.0292 2260 UserName: Algis
01:19:29.0292 2260 Windows directory: C:\Windows
01:19:29.0292 2260 System windows directory: C:\Windows
01:19:29.0292 2260 Running under WOW64
01:19:29.0292 2260 Processor architecture: Intel x64
01:19:29.0292 2260 Number of processors: 4
01:19:29.0292 2260 Page size: 0x1000
01:19:29.0292 2260 Boot type: Normal boot
01:19:29.0292 2260 ============================================================
01:19:30.0821 2260 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:19:30.0821 2260 ============================================================
01:19:30.0821 2260 \Device\Harddisk0\DR0:
01:19:30.0821 2260 MBR partitions:
01:19:30.0821 2260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:19:30.0821 2260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x42628AD
01:19:30.0821 2260 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x4299738, BlocksNum 0x80B68C8
01:19:30.0821 2260 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x683B6000
01:19:30.0821 2260 ============================================================
01:19:30.0852 2260 C: <-> \Device\Harddisk0\DR0\Partition3
01:19:30.0883 2260 D: <-> \Device\Harddisk0\DR0\Partition4
01:19:30.0961 2260 E: <-> \Device\Harddisk0\DR0\Partition2
01:19:30.0961 2260 ============================================================
01:19:30.0961 2260 Initialize success
01:19:30.0961 2260 ============================================================
01:20:00.0332 3260 ============================================================
01:20:00.0332 3260 Scan started
01:20:00.0332 3260 Mode: Manual; TDLFS;
01:20:00.0332 3260 ============================================================
01:20:00.0815 3260 ================ Scan system memory ========================
01:20:00.0815 3260 System memory - ok
01:20:00.0831 3260 ================ Scan services =============================
01:20:00.0925 3260 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:20:00.0925 3260 1394ohci - ok
01:20:00.0940 3260 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:20:00.0956 3260 ACPI - ok
01:20:00.0956 3260 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:20:00.0956 3260 AcpiPmi - ok
01:20:01.0003 3260 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:20:01.0018 3260 AdobeARMservice - ok
01:20:01.0049 3260 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:20:01.0049 3260 adp94xx - ok
01:20:01.0065 3260 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:20:01.0065 3260 adpahci - ok
01:20:01.0081 3260 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:20:01.0081 3260 adpu320 - ok
01:20:01.0112 3260 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:20:01.0112 3260 AeLookupSvc - ok
01:20:01.0127 3260 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:20:01.0143 3260 AFD - ok
01:20:01.0143 3260 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:20:01.0143 3260 agp440 - ok
01:20:01.0159 3260 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:20:01.0159 3260 ALG - ok
01:20:01.0174 3260 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:20:01.0174 3260 aliide - ok
01:20:01.0205 3260 ALSysIO - ok
01:20:01.0237 3260 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
01:20:01.0237 3260 AMD External Events Utility - ok
01:20:01.0252 3260 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:20:01.0252 3260 amdide - ok
01:20:01.0252 3260 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:20:01.0268 3260 AmdK8 - ok
01:20:01.0439 3260 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
01:20:01.0611 3260 amdkmdag - ok
01:20:01.0627 3260 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
01:20:01.0627 3260 amdkmdap - ok
01:20:01.0627 3260 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
01:20:01.0627 3260 AmdPPM - ok
01:20:01.0642 3260 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:20:01.0642 3260 amdsata - ok
01:20:01.0658 3260 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
01:20:01.0673 3260 amdsbs - ok
01:20:01.0673 3260 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:20:01.0673 3260 amdxata - ok
01:20:01.0689 3260 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:20:01.0705 3260 AppID - ok
01:20:01.0705 3260 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:20:01.0705 3260 AppIDSvc - ok
01:20:01.0720 3260 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:20:01.0720 3260 Appinfo - ok
01:20:01.0751 3260 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:20:01.0751 3260 Apple Mobile Device - ok
01:20:01.0783 3260 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
01:20:01.0783 3260 AppMgmt - ok
01:20:01.0798 3260 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
01:20:01.0798 3260 arc - ok
01:20:01.0814 3260 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:20:01.0814 3260 arcsas - ok
01:20:01.0861 3260 [ A7409B5C0E35DDEE64F16F3054E5530B ] ArcSec C:\Windows\system32\drivers\ArcSec.sys
01:20:01.0861 3260 ArcSec - ok
01:20:01.0923 3260 aspnet_state - ok
01:20:01.0939 3260 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:20:01.0939 3260 AsyncMac - ok
01:20:01.0954 3260 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:20:01.0954 3260 atapi - ok
01:20:02.0001 3260 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
01:20:02.0001 3260 AtiHDAudioService - ok
01:20:02.0017 3260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:20:02.0032 3260 AudioEndpointBuilder - ok
01:20:02.0032 3260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:20:02.0048 3260 AudioSrv - ok
01:20:02.0048 3260 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:20:02.0048 3260 AxInstSV - ok
01:20:02.0063 3260 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
01:20:02.0079 3260 b06bdrv - ok
01:20:02.0095 3260 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:20:02.0110 3260 b57nd60a - ok
01:20:02.0126 3260 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:20:02.0126 3260 BDESVC - ok
01:20:02.0141 3260 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:20:02.0141 3260 Beep - ok
01:20:02.0173 3260 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:20:02.0173 3260 BFE - ok
01:20:02.0188 3260 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:20:02.0188 3260 blbdrive - ok
01:20:02.0219 3260 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:20:02.0235 3260 Bonjour Service - ok
01:20:02.0251 3260 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:20:02.0251 3260 bowser - ok
01:20:02.0266 3260 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
01:20:02.0266 3260 BrFiltLo - ok
01:20:02.0266 3260 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
01:20:02.0266 3260 BrFiltUp - ok
01:20:02.0297 3260 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
01:20:02.0297 3260 BridgeMP - ok
01:20:02.0313 3260 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:20:02.0313 3260 Browser - ok
01:20:02.0329 3260 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:20:02.0344 3260 Brserid - ok
01:20:02.0344 3260 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:20:02.0344 3260 BrSerWdm - ok
01:20:02.0344 3260 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:20:02.0360 3260 BrUsbMdm - ok
01:20:02.0360 3260 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:20:02.0360 3260 BrUsbSer - ok
01:20:02.0391 3260 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
01:20:02.0391 3260 BthEnum - ok
01:20:02.0391 3260 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:20:02.0391 3260 BTHMODEM - ok
01:20:02.0422 3260 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:20:02.0422 3260 BthPan - ok
01:20:02.0453 3260 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
01:20:02.0453 3260 BTHPORT - ok
01:20:02.0469 3260 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:20:02.0469 3260 bthserv - ok
01:20:02.0500 3260 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
01:20:02.0500 3260 BTHUSB - ok
01:20:02.0500 3260 BTMCOM - ok
01:20:02.0500 3260 BTMUSB - ok
01:20:02.0516 3260 catchme - ok
01:20:02.0531 3260 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:20:02.0531 3260 cdfs - ok
01:20:02.0547 3260 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:20:02.0563 3260 cdrom - ok
01:20:02.0578 3260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:20:02.0578 3260 CertPropSvc - ok
01:20:02.0578 3260 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
01:20:02.0578 3260 circlass - ok
01:20:02.0609 3260 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:20:02.0609 3260 CLFS - ok
01:20:02.0625 3260 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:20:02.0625 3260 clr_optimization_v2.0.50727_32 - ok
01:20:02.0672 3260 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:20:02.0672 3260 clr_optimization_v2.0.50727_64 - ok
01:20:02.0734 3260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:20:02.0812 3260 clr_optimization_v4.0.30319_32 - ok
01:20:02.0828 3260 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:20:02.0859 3260 clr_optimization_v4.0.30319_64 - ok
01:20:02.0890 3260 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
01:20:02.0890 3260 CmBatt - ok
01:20:02.0906 3260 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:20:02.0906 3260 cmdide - ok
01:20:02.0937 3260 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:20:02.0937 3260 CNG - ok
01:20:02.0953 3260 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:20:02.0953 3260 Compbatt - ok
01:20:02.0953 3260 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
01:20:02.0968 3260 CompositeBus - ok
01:20:02.0968 3260 COMSysApp - ok
01:20:02.0968 3260 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:20:02.0968 3260 crcdisk - ok
01:20:02.0999 3260 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:20:02.0999 3260 CryptSvc - ok
01:20:03.0031 3260 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
01:20:03.0046 3260 CSC - ok
01:20:03.0067 3260 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
01:20:03.0077 3260 CscService - ok
01:20:03.0105 3260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:20:03.0113 3260 DcomLaunch - ok
01:20:03.0132 3260 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:20:03.0137 3260 defragsvc - ok
01:20:03.0150 3260 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:20:03.0152 3260 DfsC - ok
01:20:03.0169 3260 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:20:03.0174 3260 Dhcp - ok
01:20:03.0184 3260 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:20:03.0186 3260 discache - ok
01:20:03.0200 3260 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
01:20:03.0201 3260 Disk - ok
01:20:03.0223 3260 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
01:20:03.0225 3260 dmvsc - ok
01:20:03.0238 3260 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:20:03.0242 3260 Dnscache - ok
01:20:03.0249 3260 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:20:03.0253 3260 dot3svc - ok
01:20:03.0259 3260 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:20:03.0262 3260 DPS - ok
01:20:03.0275 3260 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:20:03.0277 3260 drmkaud - ok
01:20:03.0307 3260 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:20:03.0316 3260 DXGKrnl - ok
01:20:03.0325 3260 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:20:03.0328 3260 EapHost - ok
01:20:03.0390 3260 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
01:20:03.0438 3260 ebdrv - ok
01:20:03.0456 3260 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:20:03.0457 3260 EFS - ok
01:20:03.0508 3260 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:20:03.0541 3260 ehRecvr - ok
01:20:03.0553 3260 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:20:03.0575 3260 ehSched - ok
01:20:03.0607 3260 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:20:03.0614 3260 elxstor - ok
01:20:03.0625 3260 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:20:03.0626 3260 ErrDev - ok
01:20:03.0640 3260 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:20:03.0646 3260 EventSystem - ok
01:20:03.0663 3260 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:20:03.0667 3260 exfat - ok
01:20:03.0677 3260 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:20:03.0680 3260 fastfat - ok
01:20:03.0714 3260 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:20:03.0723 3260 Fax - ok
01:20:03.0727 3260 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
01:20:03.0729 3260 fdc - ok
01:20:03.0734 3260 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:20:03.0735 3260 fdPHost - ok
01:20:03.0739 3260 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:20:03.0740 3260 FDResPub - ok
01:20:03.0749 3260 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:20:03.0750 3260 FileInfo - ok
01:20:03.0757 3260 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:20:03.0758 3260 Filetrace - ok
01:20:03.0764 3260 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
01:20:03.0765 3260 flpydisk - ok
01:20:03.0776 3260 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:20:03.0779 3260 FltMgr - ok
01:20:03.0811 3260 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:20:03.0823 3260 FontCache - ok
01:20:03.0868 3260 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:20:03.0868 3260 FontCache3.0.0.0 - ok
01:20:03.0880 3260 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:20:03.0882 3260 FsDepends - ok
01:20:03.0897 3260 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:20:03.0897 3260 Fs_Rec - ok
01:20:03.0928 3260 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:20:03.0931 3260 fvevol - ok
01:20:03.0940 3260 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:20:03.0941 3260 gagp30kx - ok
01:20:03.0963 3260 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:20:03.0964 3260 GEARAspiWDM - ok
01:20:03.0986 3260 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:20:03.0995 3260 gpsvc - ok
01:20:04.0042 3260 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:20:04.0042 3260 gupdate - ok
01:20:04.0058 3260 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:20:04.0058 3260 gupdatem - ok
01:20:04.0073 3260 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:20:04.0073 3260 hcw85cir - ok
01:20:04.0089 3260 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:20:04.0104 3260 HdAudAddService - ok
01:20:04.0120 3260 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:20:04.0120 3260 HDAudBus - ok
01:20:04.0120 3260 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
01:20:04.0120 3260 HidBatt - ok
01:20:04.0136 3260 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:20:04.0136 3260 HidBth - ok
01:20:04.0136 3260 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
01:20:04.0136 3260 HidIr - ok
01:20:04.0151 3260 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
01:20:04.0151 3260 hidserv - ok
01:20:04.0182 3260 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:20:04.0183 3260 HidUsb - ok
01:20:04.0196 3260 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:20:04.0198 3260 hkmsvc - ok
01:20:04.0215 3260 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:20:04.0219 3260 HomeGroupListener - ok
01:20:04.0230 3260 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:20:04.0233 3260 HomeGroupProvider - ok
01:20:04.0239 3260 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:20:04.0241 3260 HpSAMD - ok
01:20:04.0267 3260 [ BBC89DA4065BDCE34257BE95B2F636EE ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
01:20:04.0267 3260 HssDRV6 - ok
01:20:04.0291 3260 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:20:04.0299 3260 HTTP - ok
01:20:04.0302 3260 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:20:04.0303 3260 hwpolicy - ok
01:20:04.0315 3260 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:20:04.0316 3260 i8042prt - ok
01:20:04.0339 3260 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:20:04.0344 3260 iaStorV - ok
01:20:04.0375 3260 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:20:04.0385 3260 idsvc - ok
01:20:04.0394 3260 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:20:04.0395 3260 iirsp - ok
01:20:04.0429 3260 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:20:04.0439 3260 IKEEXT - ok
01:20:04.0453 3260 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:20:04.0454 3260 intelide - ok
01:20:04.0466 3260 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:20:04.0466 3260 intelppm - ok
01:20:04.0470 3260 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:20:04.0472 3260 IPBusEnum - ok
01:20:04.0483 3260 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:20:04.0484 3260 IpFilterDriver - ok
01:20:04.0504 3260 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:20:04.0509 3260 iphlpsvc - ok
01:20:04.0529 3260 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:20:04.0531 3260 IPMIDRV - ok
01:20:04.0540 3260 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:20:04.0542 3260 IPNAT - ok
01:20:04.0579 3260 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:20:04.0591 3260 iPod Service - ok
01:20:04.0616 3260 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:20:04.0617 3260 IRENUM - ok
01:20:04.0629 3260 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:20:04.0630 3260 isapnp - ok
01:20:04.0646 3260 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:20:04.0650 3260 iScsiPrt - ok
01:20:04.0685 3260 [ C0D9BA660A41EE8A269EF804E6CD0D7B ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
01:20:04.0687 3260 JRAID - ok
01:20:04.0697 3260 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:20:04.0697 3260 kbdclass - ok
01:20:04.0706 3260 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:20:04.0707 3260 kbdhid - ok
01:20:04.0714 3260 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:20:04.0715 3260 KeyIso - ok
01:20:04.0735 3260 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:20:04.0736 3260 KSecDD - ok
01:20:04.0745 3260 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:20:04.0747 3260 KSecPkg - ok
01:20:04.0751 3260 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:20:04.0752 3260 ksthunk - ok
01:20:04.0768 3260 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:20:04.0774 3260 KtmRm - ok
01:20:04.0794 3260 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
01:20:04.0799 3260 LanmanServer - ok
01:20:04.0816 3260 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:20:04.0820 3260 LanmanWorkstation - ok
01:20:04.0884 3260 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
01:20:04.0889 3260 LBTServ - ok
01:20:04.0925 3260 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
01:20:04.0926 3260 LHidFilt - ok
01:20:04.0942 3260 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:20:04.0944 3260 lltdio - ok
01:20:04.0960 3260 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:20:04.0966 3260 lltdsvc - ok
01:20:04.0978 3260 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:20:04.0980 3260 lmhosts - ok
01:20:04.0984 3260 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
01:20:04.0985 3260 LMouFilt - ok
01:20:05.0003 3260 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:20:05.0005 3260 LSI_FC - ok
01:20:05.0031 3260 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:20:05.0033 3260 LSI_SAS - ok
01:20:05.0042 3260 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
01:20:05.0044 3260 LSI_SAS2 - ok
01:20:05.0054 3260 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:20:05.0056 3260 LSI_SCSI - ok
01:20:05.0068 3260 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:20:05.0070 3260 luafv - ok
01:20:05.0124 3260 Mcx2Svc - ok
01:20:05.0137 3260 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
01:20:05.0139 3260 megasas - ok
01:20:05.0153 3260 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
01:20:05.0158 3260 MegaSR - ok
01:20:05.0172 3260 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:20:05.0175 3260 MMCSS - ok
01:20:05.0186 3260 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:20:05.0186 3260 Modem - ok
01:20:05.0186 3260 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:20:05.0186 3260 monitor - ok
01:20:05.0202 3260 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:20:05.0202 3260 mouclass - ok
01:20:05.0218 3260 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:20:05.0218 3260 mouhid - ok
01:20:05.0233 3260 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:20:05.0249 3260 mountmgr - ok
01:20:05.0280 3260 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
01:20:05.0280 3260 MpFilter - ok
01:20:05.0296 3260 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:20:05.0296 3260 mpio - ok
01:20:05.0311 3260 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:20:05.0311 3260 mpsdrv - ok
01:20:05.0342 3260 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:20:05.0358 3260 MpsSvc - ok
01:20:05.0374 3260 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:20:05.0374 3260 MRxDAV - ok
01:20:05.0389 3260 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:20:05.0389 3260 mrxsmb - ok
01:20:05.0405 3260 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:20:05.0405 3260 mrxsmb10 - ok
01:20:05.0420 3260 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:20:05.0420 3260 mrxsmb20 - ok
01:20:05.0436 3260 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:20:05.0436 3260 msahci - ok
01:20:05.0452 3260 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:20:05.0452 3260 msdsm - ok
01:20:05.0467 3260 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:20:05.0467 3260 MSDTC - ok
01:20:05.0498 3260 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:20:05.0498 3260 Msfs - ok
01:20:05.0498 3260 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:20:05.0498 3260 mshidkmdf - ok
01:20:05.0522 3260 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:20:05.0523 3260 msisadrv - ok
01:20:05.0550 3260 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:20:05.0552 3260 MSiSCSI - ok
01:20:05.0555 3260 msiserver - ok
01:20:05.0562 3260 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:20:05.0563 3260 MSKSSRV - ok
01:20:05.0622 3260 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
01:20:05.0623 3260 MsMpSvc - ok
01:20:05.0635 3260 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:20:05.0637 3260 MSPCLOCK - ok
01:20:05.0641 3260 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:20:05.0642 3260 MSPQM - ok
01:20:05.0660 3260 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:20:05.0665 3260 MsRPC - ok
01:20:05.0672 3260 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:20:05.0672 3260 mssmbios - ok
01:20:05.0676 3260 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:20:05.0677 3260 MSTEE - ok
01:20:05.0694 3260 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
01:20:05.0695 3260 MTConfig - ok
01:20:05.0720 3260 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
01:20:05.0721 3260 MTsensor - ok
01:20:05.0729 3260 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:20:05.0730 3260 Mup - ok
01:20:05.0750 3260 [ 5582A3FE5761AFE730B277A56EB65268 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys
01:20:05.0755 3260 mv91xx - ok
01:20:05.0770 3260 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:20:05.0777 3260 napagent - ok
01:20:05.0790 3260 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:20:05.0795 3260 NativeWifiP - ok
01:20:05.0835 3260 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
01:20:05.0846 3260 NDIS - ok
01:20:05.0858 3260 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:20:05.0860 3260 NdisCap - ok
01:20:05.0872 3260 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:20:05.0873 3260 NdisTapi - ok
01:20:05.0886 3260 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:20:05.0888 3260 Ndisuio - ok
01:20:05.0905 3260 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:20:05.0908 3260 NdisWan - ok
01:20:05.0930 3260 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:20:05.0932 3260 NDProxy - ok
01:20:05.0936 3260 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:20:05.0937 3260 NetBIOS - ok
01:20:05.0947 3260 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:20:05.0951 3260 NetBT - ok
01:20:05.0964 3260 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:20:05.0966 3260 Netlogon - ok
01:20:05.0977 3260 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:20:05.0983 3260 Netman - ok
01:20:06.0030 3260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:20:06.0049 3260 NetMsmqActivator - ok
01:20:06.0054 3260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:20:06.0056 3260 NetPipeActivator - ok
01:20:06.0066 3260 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:20:06.0074 3260 netprofm - ok
01:20:06.0079 3260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:20:06.0081 3260 NetTcpActivator - ok
01:20:06.0085 3260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:20:06.0086 3260 NetTcpPortSharing - ok
01:20:06.0117 3260 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:20:06.0119 3260 nfrd960 - ok
01:20:06.0147 3260 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:20:06.0149 3260 NisDrv - ok
01:20:06.0177 3260 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
01:20:06.0181 3260 NisSrv - ok
01:20:06.0203 3260 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:20:06.0208 3260 NlaSvc - ok
01:20:06.0234 3260 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
01:20:06.0235 3260 nmwcd - ok
01:20:06.0261 3260 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
01:20:06.0263 3260 nmwcdc - ok
01:20:06.0277 3260 [ 697CA586209E022D15DD0C838B235D6A ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys
01:20:06.0279 3260 nmwcdnsucx64 - ok
01:20:06.0298 3260 [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
01:20:06.0301 3260 nmwcdnsux64 - ok
01:20:06.0312 3260 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:20:06.0313 3260 Npfs - ok
01:20:06.0322 3260 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:20:06.0324 3260 nsi - ok
01:20:06.0331 3260 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:20:06.0332 3260 nsiproxy - ok
01:20:06.0378 3260 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:20:06.0414 3260 Ntfs - ok
01:20:06.0424 3260 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:20:06.0425 3260 Null - ok
01:20:06.0441 3260 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:20:06.0443 3260 nvraid - ok
01:20:06.0470 3260 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:20:06.0473 3260 nvstor - ok
01:20:06.0486 3260 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:20:06.0489 3260 nv_agp - ok
01:20:06.0494 3260 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:20:06.0495 3260 ohci1394 - ok
01:20:06.0530 3260 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:20:06.0530 3260 ose - ok
01:20:06.0561 3260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:20:06.0561 3260 p2pimsvc - ok
01:20:06.0576 3260 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:20:06.0576 3260 p2psvc - ok
01:20:06.0608 3260 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
01:20:06.0608 3260 Parport - ok
01:20:06.0623 3260 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:20:06.0623 3260 partmgr - ok
01:20:06.0639 3260 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:20:06.0639 3260 PcaSvc - ok
01:20:06.0654 3260 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
01:20:06.0670 3260 pccsmcfd - ok
01:20:06.0670 3260 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:20:06.0686 3260 pci - ok
01:20:06.0686 3260 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:20:06.0686 3260 pciide - ok
01:20:06.0701 3260 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:20:06.0701 3260 pcmcia - ok
01:20:06.0717 3260 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:20:06.0718 3260 pcw - ok
01:20:06.0736 3260 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:20:06.0743 3260 PEAUTH - ok
01:20:06.0776 3260 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
01:20:06.0792 3260 PeerDistSvc - ok
01:20:06.0812 3260 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:20:06.0814 3260 PerfHost - ok
01:20:06.0843 3260 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:20:06.0862 3260 pla - ok
01:20:06.0883 3260 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:20:06.0889 3260 PlugPlay - ok
01:20:06.0892 3260 PnkBstrA - ok
01:20:06.0903 3260 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:20:06.0905 3260 PNRPAutoReg - ok
01:20:06.0918 3260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:20:06.0921 3260 PNRPsvc - ok
01:20:06.0944 3260 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:20:06.0950 3260 PolicyAgent - ok
01:20:06.0977 3260 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:20:06.0981 3260 Power - ok
01:20:07.0005 3260 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:20:07.0007 3260 PptpMiniport - ok
01:20:07.0018 3260 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
01:20:07.0020 3260 Processor - ok
01:20:07.0040 3260 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:20:07.0043 3260 ProfSvc - ok
01:20:07.0056 3260 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:20:07.0057 3260 ProtectedStorage - ok
01:20:07.0074 3260 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:20:07.0076 3260 Psched - ok
01:20:07.0109 3260 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:20:07.0130 3260 ql2300 - ok
01:20:07.0143 3260 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:20:07.0145 3260 ql40xx - ok
01:20:07.0158 3260 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:20:07.0162 3260 QWAVE - ok
01:20:07.0174 3260 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:20:07.0176 3260 QWAVEdrv - ok
01:20:07.0185 3260 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:20:07.0187 3260 RasAcd - ok
01:20:07.0199 3260 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:20:07.0201 3260 RasAgileVpn - ok
01:20:07.0209 3260 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:20:07.0212 3260 RasAuto - ok
01:20:07.0227 3260 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:20:07.0229 3260 Rasl2tp - ok
01:20:07.0236 3260 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:20:07.0241 3260 RasMan - ok
01:20:07.0247 3260 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:20:07.0249 3260 RasPppoe - ok
01:20:07.0262 3260 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:20:07.0264 3260 RasSstp - ok
01:20:07.0275 3260 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:20:07.0278 3260 rdbss - ok
01:20:07.0291 3260 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:20:07.0292 3260 rdpbus - ok
01:20:07.0302 3260 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:20:07.0303 3260 RDPCDD - ok
01:20:07.0321 3260 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
01:20:07.0323 3260 RDPDR - ok
01:20:07.0327 3260 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:20:07.0327 3260 RDPENCDD - ok
01:20:07.0345 3260 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:20:07.0376 3260 RDPREFMP - ok
01:20:07.0399 3260 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:20:07.0401 3260 RdpVideoMiniport - ok
01:20:07.0421 3260 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:20:07.0425 3260 RDPWD - ok
01:20:07.0432 3260 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:20:07.0434 3260 rdyboost - ok
01:20:07.0454 3260 RemoteAccess - ok
01:20:07.0480 3260 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:20:07.0484 3260 RemoteRegistry - ok
01:20:07.0510 3260 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:20:07.0512 3260 RFCOMM - ok
01:20:07.0526 3260 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:20:07.0529 3260 RpcEptMapper - ok
01:20:07.0534 3260 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:20:07.0536 3260 RpcLocator - ok
01:20:07.0553 3260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:20:07.0556 3260 RpcSs - ok
01:20:07.0569 3260 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:20:07.0571 3260 rspndr - ok
01:20:07.0607 3260 [ 4B60EF388071E0BAF299496E3D6590AE ] RTCore64 C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
01:20:07.0618 3260 RTCore64 - ok
01:20:07.0651 3260 [ BD9BA262CF26EFE9A9867EBE32D12164 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
01:20:07.0657 3260 RTL8167 - ok
01:20:07.0672 3260 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
01:20:07.0673 3260 s3cap - ok
01:20:07.0680 3260 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:20:07.0682 3260 SamSs - ok
01:20:07.0694 3260 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:20:07.0697 3260 sbp2port - ok
01:20:07.0709 3260 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:20:07.0713 3260 SCardSvr - ok
01:20:07.0744 3260 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:20:07.0744 3260 scfilter - ok
01:20:07.0775 3260 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:20:07.0791 3260 Schedule - ok
01:20:07.0807 3260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:20:07.0807 3260 SCPolicySvc - ok
01:20:07.0822 3260 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:20:07.0838 3260 SDRSVC - ok
01:20:07.0853 3260 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:20:07.0854 3260 secdrv - ok
01:20:07.0861 3260 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:20:07.0864 3260 seclogon - ok
01:20:07.0879 3260 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
01:20:07.0882 3260 SENS - ok
01:20:07.0894 3260 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:20:07.0897 3260 SensrSvc - ok
01:20:07.0909 3260 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:20:07.0911 3260 Serenum - ok
01:20:07.0932 3260 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:20:07.0934 3260 Serial - ok
01:20:07.0953 3260 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:20:07.0955 3260 sermouse - ok
01:20:07.0993 3260 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
01:20:08.0003 3260 ServiceLayer - ok
01:20:08.0016 3260 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:20:08.0020 3260 SessionEnv - ok
01:20:08.0024 3260 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:20:08.0026 3260 sffdisk - ok
01:20:08.0030 3260 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:20:08.0031 3260 sffp_mmc - ok
01:20:08.0035 3260 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:20:08.0036 3260 sffp_sd - ok
01:20:08.0040 3260 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:20:08.0041 3260 sfloppy - ok
01:20:08.0067 3260 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:20:08.0072 3260 ShellHWDetection - ok
01:20:08.0094 3260 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
01:20:08.0095 3260 SiSRaid2 - ok
01:20:08.0107 3260 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:20:08.0108 3260 SiSRaid4 - ok
01:20:08.0139 3260 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:20:08.0141 3260 SkypeUpdate - ok
01:20:08.0150 3260 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:20:08.0152 3260 Smb - ok
01:20:08.0161 3260 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:20:08.0164 3260 SNMPTRAP - ok
01:20:08.0175 3260 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:20:08.0175 3260 spldr - ok
01:20:08.0197 3260 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:20:08.0202 3260 Spooler - ok
01:20:08.0255 3260 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:20:08.0317 3260 sppsvc - ok
01:20:08.0321 3260 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:20:08.0323 3260 sppuinotify - ok
01:20:08.0351 3260 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
01:20:08.0355 3260 sptd - ok
01:20:08.0378 3260 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:20:08.0383 3260 srv - ok
01:20:08.0394 3260 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:20:08.0398 3260 srv2 - ok
01:20:08.0409 3260 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:20:08.0411 3260 srvnet - ok
01:20:08.0424 3260 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:20:08.0427 3260 SSDPSRV - ok
01:20:08.0439 3260 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:20:08.0441 3260 SstpSvc - ok
01:20:08.0461 3260 Steam Client Service - ok
01:20:08.0464 3260 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
01:20:08.0465 3260 stexstor - ok
01:20:08.0486 3260 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:20:08.0492 3260 stisvc - ok
01:20:08.0509 3260 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
01:20:08.0509 3260 storflt - ok
01:20:08.0526 3260 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
01:20:08.0527 3260 storvsc - ok
01:20:08.0537 3260 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:20:08.0537 3260 swenum - ok
01:20:08.0552 3260 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:20:08.0560 3260 swprv - ok
01:20:08.0590 3260 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
01:20:08.0593 3260 Synth3dVsc - ok
01:20:08.0635 3260 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:20:08.0671 3260 SysMain - ok
01:20:08.0682 3260 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:20:08.0686 3260 TabletInputService - ok
01:20:08.0710 3260 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
01:20:08.0712 3260 taphss - ok
01:20:08.0729 3260 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:20:08.0735 3260 TapiSrv - ok
01:20:08.0756 3260 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:20:08.0759 3260 TBS - ok
01:20:08.0802 3260 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:20:08.0836 3260 Tcpip - ok
01:20:08.0852 3260 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:20:08.0868 3260 TCPIP6 - ok
01:20:08.0884 3260 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:20:08.0899 3260 tcpipreg - ok
01:20:08.0915 3260 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:20:08.0915 3260 TDPIPE - ok
01:20:08.0930 3260 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:20:08.0930 3260 TDTCP - ok
01:20:08.0946 3260 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:20:08.0946 3260 tdx - ok
01:20:08.0962 3260 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:20:08.0962 3260 TermDD - ok
01:20:08.0962 3260 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
01:20:08.0977 3260 terminpt - ok
01:20:09.0000 3260 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:20:09.0008 3260 TermService - ok
01:20:09.0012 3260 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:20:09.0014 3260 Themes - ok
01:20:09.0031 3260 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:20:09.0032 3260 THREADORDER - ok
01:20:09.0041 3260 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:20:09.0043 3260 TrkWks - ok
01:20:09.0094 3260 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:20:09.0124 3260 TrustedInstaller - ok
01:20:09.0142 3260 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:20:09.0143 3260 tssecsrv - ok
01:20:09.0156 3260 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:20:09.0157 3260 TsUsbFlt - ok
01:20:09.0159 3260 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
01:20:09.0160 3260 TsUsbGD - ok
01:20:09.0167 3260 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
01:20:09.0169 3260 tsusbhub - ok
01:20:09.0188 3260 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:20:09.0190 3260 tunnel - ok
01:20:09.0200 3260 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:20:09.0201 3260 uagp35 - ok
01:20:09.0215 3260 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:20:09.0219 3260 udfs - ok
01:20:09.0233 3260 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:20:09.0235 3260 UI0Detect - ok
01:20:09.0247 3260 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:20:09.0248 3260 uliagpkx - ok
01:20:09.0256 3260 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:20:09.0257 3260 umbus - ok
01:20:09.0269 3260 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
01:20:09.0270 3260 UmPass - ok
01:20:09.0294 3260 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
01:20:09.0298 3260 UmRdpService - ok
01:20:09.0311 3260 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:20:09.0316 3260 upnphost - ok
01:20:09.0338 3260 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
01:20:09.0340 3260 upperdev - ok
01:20:09.0365 3260 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:20:09.0367 3260 USBAAPL64 - ok
01:20:09.0377 3260 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:20:09.0379 3260 usbccgp - ok
01:20:09.0393 3260 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:20:09.0395 3260 usbcir - ok
01:20:09.0407 3260 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
01:20:09.0409 3260 usbehci - ok
01:20:09.0419 3260 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:20:09.0422 3260 usbhub - ok
01:20:09.0435 3260 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:20:09.0436 3260 usbohci - ok
01:20:09.0451 3260 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
01:20:09.0452 3260 usbprint - ok
01:20:09.0469 3260 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
01:20:09.0470 3260 usbser - ok
01:20:09.0477 3260 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
01:20:09.0478 3260 UsbserFilt - ok
01:20:09.0481 3260 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:20:09.0482 3260 USBSTOR - ok
01:20:09.0491 3260 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:20:09.0492 3260 usbuhci - ok
01:20:09.0500 3260 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:20:09.0502 3260 UxSms - ok
01:20:09.0514 3260 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:20:09.0515 3260 VaultSvc - ok
01:20:09.0523 3260 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:20:09.0523 3260 vdrvroot - ok
01:20:09.0539 3260 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:20:09.0545 3260 vds - ok
01:20:09.0548 3260 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:20:09.0549 3260 vga - ok
01:20:09.0565 3260 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:20:09.0566 3260 VgaSave - ok
01:20:09.0568 3260 VGPU - ok
01:20:09.0584 3260 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:20:09.0587 3260 vhdmp - ok
01:20:09.0634 3260 [ 8F69C38A8BA725F891F26AAC8888696E ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
01:20:09.0640 3260 VIAHdAudAddService - ok
01:20:09.0652 3260 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:20:09.0654 3260 viaide - ok
01:20:09.0661 3260 [ 1236737C7993FB462610E1A0AA92C40B ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
01:20:09.0662 3260 VIAKaraokeService - ok
01:20:09.0677 3260 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
01:20:09.0680 3260 vmbus - ok
01:20:09.0685 3260 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
01:20:09.0687 3260 VMBusHID - ok
01:20:09.0699 3260 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:20:09.0700 3260 volmgr - ok
01:20:09.0717 3260 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:20:09.0720 3260 volmgrx - ok
01:20:09.0733 3260 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:20:09.0736 3260 volsnap - ok
01:20:09.0756 3260 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:20:09.0758 3260 vsmraid - ok
01:20:09.0785 3260 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:20:09.0805 3260 VSS - ok
01:20:09.0808 3260 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
01:20:09.0809 3260 vwifibus - ok
01:20:09.0847 3260 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:20:09.0853 3260 W32Time - ok
01:20:09.0868 3260 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:20:09.0887 3260 WacomPen - ok
01:20:09.0890 3260 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:20:09.0892 3260 WANARP - ok
01:20:09.0902 3260 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:20:09.0903 3260 Wanarpv6 - ok
01:20:09.0933 3260 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:20:09.0957 3260 wbengine - ok
01:20:09.0973 3260 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:20:09.0977 3260 WbioSrvc - ok
01:20:09.0990 3260 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:20:09.0994 3260 wcncsvc - ok
01:20:09.0994 3260 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:20:09.0994 3260 WcsPlugInService - ok
01:20:10.0009 3260 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
01:20:10.0009 3260 Wd - ok
01:20:10.0025 3260 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:20:10.0041 3260 Wdf01000 - ok
01:20:10.0056 3260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:20:10.0056 3260 WdiServiceHost - ok
01:20:10.0056 3260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:20:10.0056 3260 WdiSystemHost - ok
01:20:10.0072 3260 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:20:10.0072 3260 WebClient - ok
01:20:10.0072 3260 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:20:10.0087 3260 Wecsvc - ok
01:20:10.0087 3260 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:20:10.0087 3260 wercplsupport - ok
01:20:10.0103 3260 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:20:10.0103 3260 WerSvc - ok
01:20:10.0103 3260 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:20:10.0103 3260 WfpLwf - ok
01:20:10.0119 3260 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:20:10.0119 3260 WIMMount - ok
01:20:10.0147 3260 WinDefend - ok
01:20:10.0152 3260 WinHttpAutoProxySvc - ok
01:20:10.0200 3260 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:20:10.0203 3260 Winmgmt - ok
01:20:10.0255 3260 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:20:10.0298 3260 WinRM - ok
01:20:10.0330 3260 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:20:10.0331 3260 WinUsb - ok
01:20:10.0373 3260 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:20:10.0384 3260 Wlansvc - ok
01:20:10.0783 3260 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:20:10.0810 3260 wlidsvc - ok
01:20:10.0814 3260 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:20:10.0815 3260 WmiAcpi - ok
01:20:10.0838 3260 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:20:10.0856 3260 wmiApSrv - ok
01:20:10.0871 3260 WMPNetworkSvc - ok
01:20:10.0883 3260 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:20:10.0885 3260 WPCSvc - ok
01:20:10.0899 3260 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:20:10.0902 3260 WPDBusEnum - ok
01:20:10.0905 3260 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:20:10.0907 3260 ws2ifsl - ok
01:20:10.0947 3260 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
01:20:10.0950 3260 wscsvc - ok
01:20:10.0954 3260 WSearch - ok
01:20:11.0076 3260 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:20:11.0107 3260 wuauserv - ok
01:20:11.0126 3260 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:20:11.0128 3260 WudfPf - ok
01:20:11.0159 3260 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:20:11.0161 3260 WUDFRd - ok
01:20:11.0190 3260 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:20:11.0194 3260 wudfsvc - ok
01:20:11.0206 3260 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:20:11.0212 3260 WwanSvc - ok
01:20:11.0231 3260 ================ Scan global ===============================
01:20:11.0249 3260 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:20:11.0289 3260 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:20:11.0299 3260 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:20:11.0315 3260 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:20:11.0342 3260 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:20:11.0348 3260 [Global] - ok
01:20:11.0349 3260 ================ Scan MBR ==================================
01:20:11.0419 3260 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:20:12.0272 3260 \Device\Harddisk0\DR0 - ok
01:20:12.0272 3260 ================ Scan VBR ==================================
01:20:12.0272 3260 [ A507FE36DE9DA46AC0FAEE029CF46E28 ] \Device\Harddisk0\DR0\Partition1
01:20:12.0272 3260 \Device\Harddisk0\DR0\Partition1 - ok
01:20:12.0303 3260 [ FF0EB8E81B6AFA8940BF394F21F6DDA8 ] \Device\Harddisk0\DR0\Partition2
01:20:12.0303 3260 \Device\Harddisk0\DR0\Partition2 - ok
01:20:12.0319 3260 [ B7BE4E57427875752FFEE5B5E291DE08 ] \Device\Harddisk0\DR0\Partition3
01:20:12.0319 3260 \Device\Harddisk0\DR0\Partition3 - ok
01:20:12.0335 3260 [ 0CF3DF293E86D7A6B7B9E8A13F578651 ] \Device\Harddisk0\DR0\Partition4
01:20:12.0335 3260 \Device\Harddisk0\DR0\Partition4 - ok
01:20:12.0335 3260 ============================================================
01:20:12.0335 3260 Scan finished
01:20:12.0335 3260 ============================================================
01:20:12.0350 3552 Detected object count: 0
01:20:12.0350 3552 Actual detected object count: 0
01:22:24.0166 2268 Deinitialize success

aswMBR found something

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-02 01:21:36
-----------------------------
01:21:36.048 OS Version: Windows x64 6.1.7601 Service Pack 1
01:21:36.048 Number of processors: 4 586 0x1E05
01:21:36.049 ComputerName: ALGIS-PC UserName: Algis
01:21:36.387 Initialize success
01:21:53.497 AVAST engine defs: 12090101
01:22:00.392 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
01:22:00.408 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11
01:22:00.408 Disk 0 MBR read successfully
01:22:00.423 Disk 0 MBR scan
01:22:00.423 Disk 0 Windows 7 default MBR code
01:22:00.423 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:22:00.486 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 33989 MB offset 208845
01:22:00.486 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 65901 MB offset 69834552
01:22:00.517 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 853868 MB offset 204800000
01:22:00.579 Disk 0 scanning C:\Windows\system32\drivers
01:22:10.170 Service scanning
01:22:19.417 Service Mcx2Svc C:\Windows\SysWOW64\Mcx2Svc.dll **INFECTED** Win32:Sirefef-YF [Trj]
01:22:30.226 Modules scanning
01:22:30.573 Disk 0 trace - called modules:
01:22:30.594 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80036a32c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
01:22:30.603 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d87060]
01:22:30.611 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8004529520]
01:22:30.619 5 ACPI.sys[fffff88000f3b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004534060]
01:22:30.627 \Driver\atapi[0xfffffa80044bf870] -> IRP_MJ_CREATE -> 0xfffffa80036a32c0
01:22:31.865 AVAST engine scan C:\Windows
01:22:35.316 AVAST engine scan C:\Windows\system32
01:25:14.720 AVAST engine scan C:\Windows\system32\drivers
01:25:24.450 AVAST engine scan C:\Users\Algis
01:29:20.031 AVAST engine scan C:\ProgramData
01:30:17.897 Scan finished successfully
01:31:37.931 Disk 0 MBR has been saved successfully to "C:\Users\Algis\Documents\MBR.dat"
01:31:38.002 The log file has been saved successfully to "C:\Users\Algis\Documents\aswMBR.txt"


ESET online scanner found something



C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$7dc22274c21eaf133398527849e79492\n.vir Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$7dc22274c21eaf133398527849e79492\U\80000000.@.vir Win64/Sirefef.AL trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-18\$7dc22274c21eaf133398527849e79492\U\800000cb.@.vir Win64/Sirefef.AH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-705876605-602355203-2582940999-1000\$7dc22274c21eaf133398527849e79492\n.vir Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Windows\System32\Mcx2Svc.dll a variant of Win32/Delf.OGP trojan unable to clean
C:\Windows\SysWOW64\Mcx2Svc.dll a variant of Win32/Delf.OGP trojan cleaned by deleting - quarantined


What next?

Edited by algis87, 01 September 2012 - 06:23 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:10 PM

Posted 01 September 2012 - 06:22 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 algis87

algis87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 02 September 2012 - 10:19 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Algis (administrator) on 02-09-2012 at 18:18:20
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Algis-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
Physical Address. . . . . . . . . : 00-02-5B-01-2A-B5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 48-5B-39-36-0B-21
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fd3b:4778:399d:0:a5f8:ea34:7040:62f(Preferred)
Temporary IPv6 Address. . . . . . : fd3b:4778:399d:0:1846:8e31:96f:3fad(Preferred)
Link-local IPv6 Address . . . . . : fe80::a5f8:ea34:7040:62f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.138(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 2012 m. rugsÓjo 2 d. 18:15:31
Lease Expires . . . . . . . . . . : 2012 m. rugsÓjo 3 d. 18:15:30
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239622969
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-84-78-AD-48-5B-39-36-0B-21
DNS Servers . . . . . . . . . . . : 217.17.85.1
217.17.85.2
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{AB81C77E-CA7D-4A61-8D22-E5C046DB75A5}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:342c:214a:2b8a:faa1(Preferred)
Link-local IPv6 Address . . . . . : fe80::342c:214a:2b8a:faa1%12(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{81F38F1C-D661-4BDC-8E20-E0BEA1C026DC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ns1.mikrovisata.net
Address: 217.17.85.1

Name: google.com
Addresses: 2a00:1450:4001:c01::64
173.194.70.100
173.194.70.101
173.194.70.102
173.194.70.113
173.194.70.138
173.194.70.139


Pinging google.com [209.85.148.102] with 32 bytes of data:
Reply from 209.85.148.102: bytes=32 time=73ms TTL=45
Reply from 209.85.148.102: bytes=32 time=71ms TTL=43

Ping statistics for 209.85.148.102:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 71ms, Maximum = 73ms, Average = 72ms
Server: ns1.mikrovisata.net
Address: 217.17.85.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=698ms TTL=41
Reply from 98.139.183.24: bytes=32 time=755ms TTL=40

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 698ms, Maximum = 755ms, Average = 726ms
Server: ns1.mikrovisata.net
Address: 217.17.85.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 02 5b 01 2a b5 ......Bluetooth Device (Personal Area Network) #2
11...48 5b 39 36 0b 21 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.138 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.138 266
192.168.1.138 255.255.255.255 On-link 192.168.1.138 266
192.168.1.255 255.255.255.255 On-link 192.168.1.138 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.138 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.138 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:5ef5:73b8:342c:214a:2b8a:faa1/128
On-link
11 18 fd3b:4778:399d::/64 On-link
11 266 fd3b:4778:399d:0:1846:8e31:96f:3fad/128
On-link
11 266 fd3b:4778:399d:0:a5f8:ea34:7040:62f/128
On-link
11 266 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::342c:214a:2b8a:faa1/128
On-link
11 266 fe80::a5f8:ea34:7040:62f/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/02/2012 06:17:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 06:07:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 10:53:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2012 10:53:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2012 10:52:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2012 10:35:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 01:19:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 01:08:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2012 06:23:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2012 06:16:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/02/2012 06:16:05 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/02/2012 06:16:05 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/02/2012 06:15:33 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/02/2012 06:15:31 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (09/02/2012 06:06:30 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/02/2012 06:06:30 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/02/2012 06:06:06 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/02/2012 06:06:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (09/02/2012 10:34:36 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/02/2012 10:34:36 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (09/02/2012 06:17:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 06:07:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 10:53:32 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Algis\downloads\esetsmartinstaller_enu.exe

Error: (09/02/2012 10:53:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Algis\downloads\esetsmartinstaller_enu.exe

Error: (09/02/2012 10:52:47 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/02/2012 10:35:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 01:19:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 01:08:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2012 06:23:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2012 06:16:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

«Sleeping Dogs - Limited Edition»
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70727.2220)
Amnesia - The Dark Descent (Version: 1.0.0)
Anglonas (Version: 1.0.0.128)
ApexDC++ 1.5.4 (Version: 1.5.4)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ArcSoft TotalMedia Theatre 5 (Version: 5.0.1.114)
ArcSoft TotalMedia Theatre 5 (Version: 5.0.1.80)
µTorrent (Version: 3.2.0)
Battlefield 3™ (Version: 1.3.0.0)
Battlelog Web Plugins (Version: 1.122.0)
Bigasoft Audio Converter 3.6.20.4501
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0806.1213.19931)
Catalyst Control Center Graphics Previews Common (Version: 2012.0806.1213.19931)
Catalyst Control Center InstallProxy (Version: 2012.0806.1213.19931)
Catalyst Control Center Localization All (Version: 2012.0806.1213.19931)
ccc-utility64 (Version: 2012.0806.1213.19931)
CCC Help Chinese Standard (Version: 2012.0806.1212.19931)
CCC Help Chinese Traditional (Version: 2012.0806.1212.19931)
CCC Help Czech (Version: 2012.0806.1212.19931)
CCC Help Danish (Version: 2012.0806.1212.19931)
CCC Help Dutch (Version: 2012.0806.1212.19931)
CCC Help English (Version: 2012.0806.1212.19931)
CCC Help Finnish (Version: 2012.0806.1212.19931)
CCC Help French (Version: 2012.0806.1212.19931)
CCC Help German (Version: 2012.0806.1212.19931)
CCC Help Greek (Version: 2012.0806.1212.19931)
CCC Help Hungarian (Version: 2012.0806.1212.19931)
CCC Help Italian (Version: 2012.0806.1212.19931)
CCC Help Japanese (Version: 2012.0806.1212.19931)
CCC Help Korean (Version: 2012.0806.1212.19931)
CCC Help Norwegian (Version: 2012.0806.1212.19931)
CCC Help Polish (Version: 2012.0806.1212.19931)
CCC Help Portuguese (Version: 2012.0806.1212.19931)
CCC Help Russian (Version: 2012.0806.1212.19931)
CCC Help Spanish (Version: 2012.0806.1212.19931)
CCC Help Swedish (Version: 2012.0806.1212.19931)
CCC Help Thai (Version: 2012.0806.1212.19931)
CCC Help Turkish (Version: 2012.0806.1212.19931)
Cisco Connect (Version: 1.4.12005.2)
Core Temp 1.0 RC3 (Version: 1.0)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0315)
Dark Souls Prepare to Die Edition (Version: 1.0.0000.130)
Diablo II
Diablo III (Version: 1.0.3.10485)
Diablo.III.Collectors.Edition
Driver Genius Professional Edition (Version: 11.0)
EASEUS Data Recovery Wizard Professional 4.3.6 (Version: 4.3.6)
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
FINAL FANTASY VII (Version: 1.0)
Flasher version 3.12.1 (Version: 3.12.1)
Fraps (remove only)
Google Chrome (Version: 21.0.1180.89)
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.115)
ImgBurn (Version: 2.5.7.0)
iTunes (Version: 10.6.3.25)
JMicron JMB36X Driver (Version: 1.17.63.1)
K-Lite Codec Pack 8.9.5 (Standard) (Version: 8.9.5)
King's Bounty Crossworlds (Version: 1.31)
King's Bounty. The Legend (Remove Only) (Version: 1.0.0.0)
Kingdoms of Amalur Reckoning
Logitech SetPoint 6.32 (Version: 6.32.20)
Magicka
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Might & Magic Heroes VI (Version: 1.4)
MPC-HC 1.6.3.5818 (Version: 1.6.3.5818)
MSI Afterburner 2.2.1 (Version: 2.2.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nexus Mod Manager (Version: 0.18.9)
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
NVIDIA PhysX (Version: 9.10.0513)
Origin (Version: 8.6.0.357)
Pando Media Booster (Version: 2.6.0.6)
PC Connectivity Solution (Version: 12.0.17.0)
Playlist Creator 3.6.2 (Version: 3.6.2.0)
PlanetSide 2 Beta
Platform (Version: 1.39)
PunkBuster Services (Version: 0.992)
Realtek Ethernet Controller Driver (Version: 7.58.411.2012)
Skype™ 5.10 (Version: 5.10.116)
Steam (Version: 1.0.0.0)
TechPowerUp GPU-Z
The Lord of the Rings Online™ v03.07.00.8037 (Version: 03.07.00.8037)
The Witcher 2 - Assassins of Kings Enhanced Edition
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VIA Platform Device Manager (Version: 1.39)
VLC media player 2.0.2 (Version: 2.0.2)
Warcraft III
Winamp (Version: 5.623 )
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
WinSCP 4.3.9 (Version: 4.3.9)
Xilisoft Video Converter Ultimate (Version: 7.1.0.20120222)

========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 4094.05 MB
Available physical RAM: 2199.71 MB
Total Pagefile: 8186.29 MB
Available Pagefile: 5979.12 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.59 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:64.36 GB) (Free:13.39 GB) NTFS
2 Drive d: () (Fixed) (Total:833.86 GB) (Free:37.84 GB) NTFS
3 Drive e: () (Fixed) (Total:33.19 GB) (Free:16.26 GB) NTFS

========================= Users: ========================================

User accounts for \\ALGIS-PC

Administrator Algis ASPNET
Guest


**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by Algis (administrator) on 02-09-2012 at 18:17:38
Running from "C:\Users\Algis\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


# AdwCleaner v2.000 - Logfile created 09/02/2012 at 18:14:21
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Algis - ALGIS-PC
# Boot Mode : Normal
# Running from : C:\Users\Algis\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\Software\Freeze.com

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Algis\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1045 octets] - [02/09/2012 18:14:21]

########## EOF - C:\AdwCleaner[S2].txt - [1105 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:10 PM

Posted 02 September 2012 - 10:29 AM

Malwarebytes log?

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 algis87

algis87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 02 September 2012 - 10:48 AM

Thanks for helping and your fast replies :thumbup2:
Here are the logs:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Algis :: ALGIS-PC [administrator]

2012.09.02 17:11:32
mbam-log-2012-09-02 (17-11-32).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 550967
Time elapsed: 49 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Program Files (x86)\Warcraft III\warcraft3 keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\GAMES\warhammer\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Torrent\OO Defrag Professional Edition v12.0.197 Incl Keymaker-ZWT\OO Defrag Professional Edition v12.0.197 x64\keygen.exe (Backdoor.RBot) -> Quarantined and deleted successfully.
D:\Torrent\OO Defrag Professional Edition v12.0.197 Incl Keymaker-ZWT\OO Defrag Professional Edition v12.0.197 x86\keygen.exe (Backdoor.RBot) -> Quarantined and deleted successfully.
D:\Torrent\Winamp.Pro.v5.623.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
D:\Torrent\Winamp.Pro.v5.623.Multilingual.Incl.Keymaker-CORE\keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)



Farbar Service Scanner Version: 06-08-2012
Ran by Algis (administrator) on 02-09-2012 at 18:43:13
Running from "C:\Users\Algis\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/02/2012 06:45:15 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Users\Algis\Downloads\FSS (1).exe (PID: 4744) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* WatAdminSvc [Missing Service]

* SharedAccess [Missing ImagePath]

* RemoteAccess => %SystemRoot%\SysWOW64\svchost.exe -k netsvcs [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/02/2012 06:45:26 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:10 PM

Posted 02 September 2012 - 10:56 AM

Download

Sharedaccess

Launch it ,click YES

Press Windows+ R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sharedaccess

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start windows firewall service

Post the new FSS log

#9 algis87

algis87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 02 September 2012 - 11:08 AM

Farbar Service Scanner Version: 06-08-2012
Ran by Algis (administrator) on 02-09-2012 at 19:06:11
Running from "C:\Users\Algis\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:10 PM

Posted 02 September 2012 - 11:10 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#11 algis87

algis87
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 02 September 2012 - 11:42 AM

Everything seems to be fine now, thanks for your help again :thumbup2:
I hope this nasty virus won't come back anymore, if it will I will post in this thread.

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:10 PM

Posted 02 September 2012 - 09:50 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users