Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Luhe.Sirefef.A


  • Please log in to reply
17 replies to this topic

#1 deazo

deazo

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 21 September 2012 - 11:40 AM

Hi all,

I stupidly executed a file that I should not have trusted.
It seems that I am now infected by the Luhe.Sirefef.A trojan.

AVG keeps on poping up with the message that it found this trojan. I move it to the vault but it regularly comes back.

Found Luhe.Sirefef.A, c:\$Recycle.Bin\S-1-5-18\$95f2732c6754393eece83b32ee8b3b77\U\80000032.@

I am using Windows 7 Ultimate, 64bits on a desktop computer.

I hope you guys can help me, this is so anoying!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 PM

Posted 21 September 2012 - 11:42 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 deazo

deazo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 21 September 2012 - 02:22 PM

Thank you for your prompt response!
Here is my logs below.
During the second scan 2 files have been found and AVG is going to try to remove them when restarting the PC.
I would rather use your method than trust AVG here so I will follow your future advices.


TDSSKILLER LOG:


20:25:03.0664 5828 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:25:04.0062 5828 ============================================================
20:25:04.0062 5828 Current date / time: 2012/09/21 20:25:04.0062
20:25:04.0062 5828 SystemInfo:
20:25:04.0062 5828
20:25:04.0062 5828 OS Version: 6.1.7601 ServicePack: 1.0
20:25:04.0062 5828 Product type: Workstation
20:25:04.0062 5828 ComputerName: GYOM-PC
20:25:04.0063 5828 UserName: Gyom
20:25:04.0063 5828 Windows directory: C:\Windows
20:25:04.0063 5828 System windows directory: C:\Windows
20:25:04.0063 5828 Running under WOW64
20:25:04.0063 5828 Processor architecture: Intel x64
20:25:04.0063 5828 Number of processors: 4
20:25:04.0063 5828 Page size: 0x1000
20:25:04.0063 5828 Boot type: Normal boot
20:25:04.0063 5828 ============================================================
20:25:04.0278 5828 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:25:04.0298 5828 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:25:04.0322 5828 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:25:04.0331 5828 ============================================================
20:25:04.0331 5828 \Device\Harddisk0\DR0:
20:25:04.0331 5828 MBR partitions:
20:25:04.0331 5828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
20:25:04.0331 5828 \Device\Harddisk1\DR1:
20:25:04.0331 5828 MBR partitions:
20:25:04.0331 5828 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x32740713
20:25:04.0350 5828 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32740791, BlocksNum 0x7C444B0
20:25:04.0350 5828 \Device\Harddisk2\DR2:
20:25:04.0350 5828 MBR partitions:
20:25:04.0350 5828 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2AD18E6D
20:25:04.0350 5828 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x2AD19670, BlocksNum 0xF66B990
20:25:04.0350 5828 ============================================================
20:25:04.0351 5828 C: <-> \Device\Harddisk0\DR0\Partition1
20:25:04.0376 5828 D: <-> \Device\Harddisk1\DR1\Partition1
20:25:04.0396 5828 E: <-> \Device\Harddisk1\DR1\Partition2
20:25:04.0402 5828 F: <-> \Device\Harddisk2\DR2\Partition1
20:25:04.0452 5828 G: <-> \Device\Harddisk2\DR2\Partition2
20:25:04.0452 5828 ============================================================
20:25:04.0452 5828 Initialize success
20:25:04.0452 5828 ============================================================
20:25:05.0711 5296 ============================================================
20:25:05.0711 5296 Scan started
20:25:05.0711 5296 Mode: Manual;
20:25:05.0711 5296 ============================================================
20:25:06.0122 5296 ================ Scan system memory ========================
20:25:06.0122 5296 System memory - ok
20:25:06.0123 5296 ================ Scan services =============================
20:25:06.0155 5296 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:25:06.0157 5296 1394ohci - ok
20:25:06.0162 5296 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:25:06.0163 5296 ACPI - ok
20:25:06.0166 5296 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:25:06.0167 5296 AcpiPmi - ok
20:25:06.0183 5296 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:25:06.0184 5296 AdobeFlashPlayerUpdateSvc - ok
20:25:06.0191 5296 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:25:06.0193 5296 adp94xx - ok
20:25:06.0199 5296 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:25:06.0200 5296 adpahci - ok
20:25:06.0204 5296 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:25:06.0205 5296 adpu320 - ok
20:25:06.0210 5296 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:25:06.0210 5296 AeLookupSvc - ok
20:25:06.0216 5296 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:25:06.0219 5296 AFD - ok
20:25:06.0222 5296 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:25:06.0223 5296 agp440 - ok
20:25:06.0225 5296 [ 8B6625D53C18774F0102F690E285B5E8 ] AiChargerPlus C:\Windows\system32\DRIVERS\AiChargerPlus.sys
20:25:06.0226 5296 AiChargerPlus - ok
20:25:06.0229 5296 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:25:06.0230 5296 ALG - ok
20:25:06.0232 5296 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:25:06.0233 5296 aliide - ok
20:25:06.0247 5296 ALSysIO - ok
20:25:06.0250 5296 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:25:06.0251 5296 amdide - ok
20:25:06.0254 5296 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:25:06.0255 5296 AmdK8 - ok
20:25:06.0258 5296 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:25:06.0259 5296 AmdPPM - ok
20:25:06.0263 5296 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:25:06.0263 5296 amdsata - ok
20:25:06.0268 5296 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:25:06.0269 5296 amdsbs - ok
20:25:06.0272 5296 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:25:06.0273 5296 amdxata - ok
20:25:06.0276 5296 [ 2FBB00A7616106B95104574C6CD640C2 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
20:25:06.0277 5296 amd_sata - ok
20:25:06.0281 5296 [ 87D0D7645CB0D53220649BD5FE15D93E ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
20:25:06.0281 5296 amd_xata - ok
20:25:06.0284 5296 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:25:06.0285 5296 AppID - ok
20:25:06.0294 5296 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:25:06.0294 5296 AppIDSvc - ok
20:25:06.0297 5296 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:25:06.0298 5296 Appinfo - ok
20:25:06.0302 5296 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:25:06.0303 5296 AppMgmt - ok
20:25:06.0307 5296 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:25:06.0307 5296 arc - ok
20:25:06.0311 5296 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:25:06.0311 5296 arcsas - ok
20:25:06.0314 5296 [ D7989234601A2DE9A1801F4ED9533B6E ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys
20:25:06.0315 5296 asahci64 - ok
20:25:06.0324 5296 [ 6E3F4538B33BC19259E99BE1826286A3 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
20:25:06.0328 5296 asComSvc - ok
20:25:06.0336 5296 [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
20:25:06.0340 5296 asHmComSvc - ok
20:25:06.0343 5296 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
20:25:06.0344 5296 AsIO - ok
20:25:06.0355 5296 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:25:06.0355 5296 aspnet_state - ok
20:25:06.0363 5296 [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
20:25:06.0365 5296 AsSysCtrlService - ok
20:25:06.0368 5296 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
20:25:06.0369 5296 AsUpIO - ok
20:25:06.0372 5296 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:25:06.0372 5296 AsyncMac - ok
20:25:06.0375 5296 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:25:06.0376 5296 atapi - ok
20:25:06.0384 5296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:25:06.0387 5296 AudioEndpointBuilder - ok
20:25:06.0394 5296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:25:06.0397 5296 AudioSrv - ok
20:25:06.0440 5296 [ 1D7D0D5D33D8B1507EC5FBFE332E5657 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
20:25:06.0463 5296 AVGIDSAgent - ok
20:25:06.0469 5296 [ 5FD4D6C35738899905E16E5284981427 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:25:06.0469 5296 AVGIDSDriver - ok
20:25:06.0473 5296 [ 132251CBBB95062E12FF21E212EB8FB4 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
20:25:06.0473 5296 AVGIDSHA - ok
20:25:06.0477 5296 [ 996FCACE7A8EFD926C8BB2C70A40C83F ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
20:25:06.0478 5296 Avgldx64 - ok
20:25:06.0482 5296 [ 3E0E2D8CD63C58A37CF81704E83459DD ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
20:25:06.0483 5296 Avgloga - ok
20:25:06.0487 5296 [ DC353C527816297BD11B13EA60C9BE75 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
20:25:06.0488 5296 Avgmfx64 - ok
20:25:06.0491 5296 [ 639CBC2F67FB25F9AB31957D9BF5CF8F ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
20:25:06.0491 5296 Avgrkx64 - ok
20:25:06.0495 5296 [ 1917293728A872BF520952F69E024FE6 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
20:25:06.0496 5296 Avgtdia - ok
20:25:06.0500 5296 [ 42F11F37CC06D9AB6528AF2E215B8799 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
20:25:06.0501 5296 avgwd - ok
20:25:06.0505 5296 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:25:06.0506 5296 AxInstSV - ok
20:25:06.0512 5296 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:25:06.0514 5296 b06bdrv - ok
20:25:06.0519 5296 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:25:06.0520 5296 b57nd60a - ok
20:25:06.0525 5296 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:25:06.0526 5296 BDESVC - ok
20:25:06.0528 5296 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:25:06.0529 5296 Beep - ok
20:25:06.0532 5296 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:25:06.0532 5296 blbdrive - ok
20:25:06.0536 5296 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:25:06.0536 5296 bowser - ok
20:25:06.0539 5296 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:25:06.0539 5296 BrFiltLo - ok
20:25:06.0542 5296 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:25:06.0542 5296 BrFiltUp - ok
20:25:06.0546 5296 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
20:25:06.0547 5296 Browser - ok
20:25:06.0551 5296 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:25:06.0553 5296 Brserid - ok
20:25:06.0556 5296 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:25:06.0556 5296 BrSerWdm - ok
20:25:06.0559 5296 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:25:06.0560 5296 BrUsbMdm - ok
20:25:06.0562 5296 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:25:06.0563 5296 BrUsbSer - ok
20:25:06.0566 5296 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:25:06.0567 5296 BTHMODEM - ok
20:25:06.0571 5296 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:25:06.0572 5296 bthserv - ok
20:25:06.0575 5296 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:25:06.0576 5296 cdfs - ok
20:25:06.0579 5296 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:25:06.0580 5296 cdrom - ok
20:25:06.0584 5296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:25:06.0585 5296 CertPropSvc - ok
20:25:06.0588 5296 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:25:06.0588 5296 circlass - ok
20:25:06.0595 5296 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:25:06.0597 5296 CLFS - ok
20:25:06.0602 5296 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:25:06.0602 5296 clr_optimization_v2.0.50727_32 - ok
20:25:06.0607 5296 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:25:06.0607 5296 clr_optimization_v2.0.50727_64 - ok
20:25:06.0614 5296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:25:06.0615 5296 clr_optimization_v4.0.30319_32 - ok
20:25:06.0619 5296 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:25:06.0620 5296 clr_optimization_v4.0.30319_64 - ok
20:25:06.0623 5296 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:25:06.0624 5296 CmBatt - ok
20:25:06.0627 5296 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:25:06.0627 5296 cmdide - ok
20:25:06.0633 5296 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:25:06.0636 5296 CNG - ok
20:25:06.0639 5296 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:25:06.0640 5296 Compbatt - ok
20:25:06.0643 5296 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:25:06.0644 5296 CompositeBus - ok
20:25:06.0646 5296 COMSysApp - ok
20:25:06.0651 5296 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
20:25:06.0651 5296 cpuz135 - ok
20:25:06.0654 5296 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:25:06.0655 5296 crcdisk - ok
20:25:06.0665 5296 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:25:06.0666 5296 CryptSvc - ok
20:25:06.0674 5296 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:25:06.0677 5296 CSC - ok
20:25:06.0684 5296 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:25:06.0687 5296 CscService - ok
20:25:06.0695 5296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:25:06.0698 5296 DcomLaunch - ok
20:25:06.0703 5296 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:25:06.0704 5296 defragsvc - ok
20:25:06.0708 5296 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:25:06.0709 5296 DfsC - ok
20:25:06.0714 5296 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:25:06.0716 5296 Dhcp - ok
20:25:06.0719 5296 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:25:06.0720 5296 discache - ok
20:25:06.0723 5296 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:25:06.0724 5296 Disk - ok
20:25:06.0727 5296 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:25:06.0729 5296 Dnscache - ok
20:25:06.0733 5296 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:25:06.0734 5296 dot3svc - ok
20:25:06.0738 5296 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:25:06.0740 5296 DPS - ok
20:25:06.0742 5296 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:25:06.0743 5296 drmkaud - ok
20:25:06.0754 5296 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:25:06.0758 5296 DXGKrnl - ok
20:25:06.0764 5296 [ 0AFD37185A051E7957823102298BCF11 ] e1qexpress C:\Windows\system32\DRIVERS\e1q62x64.sys
20:25:06.0766 5296 e1qexpress - ok
20:25:06.0770 5296 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:25:06.0771 5296 EapHost - ok
20:25:06.0795 5296 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:25:06.0808 5296 ebdrv - ok
20:25:06.0812 5296 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:25:06.0813 5296 EFS - ok
20:25:06.0821 5296 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:25:06.0824 5296 ehRecvr - ok
20:25:06.0827 5296 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:25:06.0828 5296 ehSched - ok
20:25:06.0831 5296 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
20:25:06.0832 5296 ElbyCDIO - ok
20:25:06.0838 5296 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:25:06.0841 5296 elxstor - ok
20:25:06.0844 5296 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
20:25:06.0844 5296 epmntdrv - ok
20:25:06.0847 5296 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:25:06.0848 5296 ErrDev - ok
20:25:06.0852 5296 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
20:25:06.0853 5296 EuGdiDrv - ok
20:25:06.0860 5296 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:25:06.0862 5296 EventSystem - ok
20:25:06.0866 5296 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:25:06.0867 5296 exfat - ok
20:25:06.0871 5296 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:25:06.0872 5296 fastfat - ok
20:25:06.0879 5296 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:25:06.0883 5296 Fax - ok
20:25:06.0886 5296 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:25:06.0886 5296 fdc - ok
20:25:06.0889 5296 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:25:06.0890 5296 fdPHost - ok
20:25:06.0893 5296 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:25:06.0893 5296 FDResPub - ok
20:25:06.0897 5296 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:25:06.0898 5296 FileInfo - ok
20:25:06.0900 5296 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:25:06.0901 5296 Filetrace - ok
20:25:06.0904 5296 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:25:06.0904 5296 flpydisk - ok
20:25:06.0909 5296 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:25:06.0910 5296 FltMgr - ok
20:25:06.0920 5296 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:25:06.0926 5296 FontCache - ok
20:25:06.0929 5296 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:25:06.0930 5296 FontCache3.0.0.0 - ok
20:25:06.0933 5296 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:25:06.0934 5296 FsDepends - ok
20:25:06.0937 5296 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:25:06.0937 5296 Fs_Rec - ok
20:25:06.0942 5296 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:25:06.0943 5296 fvevol - ok
20:25:06.0946 5296 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:25:06.0947 5296 gagp30kx - ok
20:25:06.0949 5296 GEARAspiWDM - ok
20:25:06.0968 5296 GLCKIO - ok
20:25:06.0978 5296 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:25:06.0981 5296 gpsvc - ok
20:25:06.0985 5296 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:25:06.0985 5296 hcw85cir - ok
20:25:06.0990 5296 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:25:06.0992 5296 HdAudAddService - ok
20:25:06.0995 5296 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:25:06.0996 5296 HDAudBus - ok
20:25:06.0999 5296 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:25:07.0000 5296 HidBatt - ok
20:25:07.0004 5296 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:25:07.0004 5296 HidBth - ok
20:25:07.0008 5296 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:25:07.0008 5296 HidIr - ok
20:25:07.0012 5296 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:25:07.0013 5296 hidserv - ok
20:25:07.0016 5296 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:25:07.0017 5296 HidUsb - ok
20:25:07.0020 5296 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:25:07.0021 5296 hkmsvc - ok
20:25:07.0026 5296 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:25:07.0028 5296 HomeGroupListener - ok
20:25:07.0033 5296 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:25:07.0034 5296 HomeGroupProvider - ok
20:25:07.0038 5296 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:25:07.0038 5296 HpSAMD - ok
20:25:07.0047 5296 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:25:07.0050 5296 HTTP - ok
20:25:07.0053 5296 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:25:07.0053 5296 hwpolicy - ok
20:25:07.0057 5296 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:25:07.0057 5296 i8042prt - ok
20:25:07.0063 5296 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:25:07.0065 5296 iaStorV - ok
20:25:07.0074 5296 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:25:07.0077 5296 idsvc - ok
20:25:07.0081 5296 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:25:07.0081 5296 iirsp - ok
20:25:07.0089 5296 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:25:07.0093 5296 IKEEXT - ok
20:25:07.0123 5296 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:25:07.0140 5296 IntcAzAudAddService - ok
20:25:07.0145 5296 [ 42CEE1BA152FA267AE8587B4DE3B7B28 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
20:25:07.0146 5296 Intel® PROSet Monitoring Service - ok
20:25:07.0149 5296 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:25:07.0150 5296 intelide - ok
20:25:07.0153 5296 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:25:07.0153 5296 intelppm - ok
20:25:07.0157 5296 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:25:07.0158 5296 IPBusEnum - ok
20:25:07.0161 5296 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:25:07.0162 5296 IpFilterDriver - ok
20:25:07.0165 5296 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:25:07.0166 5296 IPMIDRV - ok
20:25:07.0169 5296 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:25:07.0170 5296 IPNAT - ok
20:25:07.0172 5296 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:25:07.0173 5296 IRENUM - ok
20:25:07.0176 5296 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:25:07.0176 5296 isapnp - ok
20:25:07.0181 5296 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:25:07.0182 5296 iScsiPrt - ok
20:25:07.0186 5296 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:25:07.0186 5296 kbdclass - ok
20:25:07.0189 5296 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:25:07.0190 5296 kbdhid - ok
20:25:07.0192 5296 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:25:07.0193 5296 KeyIso - ok
20:25:07.0197 5296 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:25:07.0197 5296 KSecDD - ok
20:25:07.0201 5296 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:25:07.0202 5296 KSecPkg - ok
20:25:07.0205 5296 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:25:07.0205 5296 ksthunk - ok
20:25:07.0210 5296 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:25:07.0212 5296 KtmRm - ok
20:25:07.0218 5296 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:25:07.0220 5296 LanmanServer - ok
20:25:07.0224 5296 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:25:07.0226 5296 LanmanWorkstation - ok
20:25:07.0231 5296 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:25:07.0231 5296 lltdio - ok
20:25:07.0236 5296 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:25:07.0238 5296 lltdsvc - ok
20:25:07.0241 5296 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:25:07.0241 5296 lmhosts - ok
20:25:07.0246 5296 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:25:07.0247 5296 LSI_FC - ok
20:25:07.0250 5296 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:25:07.0251 5296 LSI_SAS - ok
20:25:07.0254 5296 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:25:07.0255 5296 LSI_SAS2 - ok
20:25:07.0258 5296 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:25:07.0259 5296 LSI_SCSI - ok
20:25:07.0262 5296 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:25:07.0263 5296 luafv - ok
20:25:07.0266 5296 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:25:07.0267 5296 Mcx2Svc - ok
20:25:07.0270 5296 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:25:07.0271 5296 megasas - ok
20:25:07.0275 5296 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:25:07.0277 5296 MegaSR - ok
20:25:07.0280 5296 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:25:07.0282 5296 MMCSS - ok
20:25:07.0284 5296 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:25:07.0285 5296 Modem - ok
20:25:07.0288 5296 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:25:07.0288 5296 monitor - ok
20:25:07.0291 5296 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:25:07.0292 5296 mouclass - ok
20:25:07.0295 5296 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:25:07.0295 5296 mouhid - ok
20:25:07.0299 5296 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:25:07.0299 5296 mountmgr - ok
20:25:07.0303 5296 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:25:07.0304 5296 MpFilter - ok
20:25:07.0308 5296 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:25:07.0309 5296 mpio - ok
20:25:07.0313 5296 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:25:07.0313 5296 mpsdrv - ok
20:25:07.0317 5296 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:25:07.0318 5296 MRxDAV - ok
20:25:07.0322 5296 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:25:07.0323 5296 mrxsmb - ok
20:25:07.0328 5296 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:25:07.0329 5296 mrxsmb10 - ok
20:25:07.0333 5296 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:25:07.0334 5296 mrxsmb20 - ok
20:25:07.0337 5296 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:25:07.0338 5296 msahci - ok
20:25:07.0341 5296 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:25:07.0342 5296 msdsm - ok
20:25:07.0346 5296 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:25:07.0347 5296 MSDTC - ok
20:25:07.0353 5296 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:25:07.0354 5296 Msfs - ok
20:25:07.0357 5296 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:25:07.0357 5296 mshidkmdf - ok
20:25:07.0360 5296 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:25:07.0361 5296 msisadrv - ok
20:25:07.0365 5296 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:25:07.0366 5296 MSiSCSI - ok
20:25:07.0369 5296 msiserver - ok
20:25:07.0373 5296 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:25:07.0373 5296 MSKSSRV - ok
20:25:07.0376 5296 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:25:07.0376 5296 MSPCLOCK - ok
20:25:07.0380 5296 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:25:07.0380 5296 MSPQM - ok
20:25:07.0386 5296 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:25:07.0388 5296 MsRPC - ok
20:25:07.0393 5296 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:25:07.0394 5296 mssmbios - ok
20:25:07.0397 5296 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:25:07.0397 5296 MSTEE - ok
20:25:07.0401 5296 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:25:07.0401 5296 MTConfig - ok
20:25:07.0405 5296 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:25:07.0405 5296 Mup - ok
20:25:07.0416 5296 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:25:07.0419 5296 napagent - ok
20:25:07.0424 5296 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:25:07.0425 5296 NativeWifiP - ok
20:25:07.0437 5296 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:25:07.0441 5296 NDIS - ok
20:25:07.0444 5296 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:25:07.0444 5296 NdisCap - ok
20:25:07.0447 5296 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:25:07.0448 5296 NdisTapi - ok
20:25:07.0451 5296 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:25:07.0451 5296 Ndisuio - ok
20:25:07.0456 5296 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:25:07.0457 5296 NdisWan - ok
20:25:07.0460 5296 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:25:07.0460 5296 NDProxy - ok
20:25:07.0464 5296 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:25:07.0465 5296 NetBIOS - ok
20:25:07.0469 5296 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:25:07.0471 5296 NetBT - ok
20:25:07.0473 5296 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:25:07.0474 5296 Netlogon - ok
20:25:07.0479 5296 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:25:07.0481 5296 Netman - ok
20:25:07.0489 5296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:25:07.0489 5296 NetMsmqActivator - ok
20:25:07.0492 5296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:25:07.0493 5296 NetPipeActivator - ok
20:25:07.0499 5296 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:25:07.0502 5296 netprofm - ok
20:25:07.0505 5296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:25:07.0506 5296 NetTcpActivator - ok
20:25:07.0508 5296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:25:07.0509 5296 NetTcpPortSharing - ok
20:25:07.0514 5296 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:25:07.0515 5296 nfrd960 - ok
20:25:07.0518 5296 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:25:07.0519 5296 NisDrv - ok
20:25:07.0524 5296 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
20:25:07.0525 5296 NisSrv - ok
20:25:07.0530 5296 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:25:07.0533 5296 NlaSvc - ok
20:25:07.0539 5296 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:25:07.0539 5296 Npfs - ok
20:25:07.0542 5296 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:25:07.0543 5296 nsi - ok
20:25:07.0546 5296 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:25:07.0547 5296 nsiproxy - ok
20:25:07.0561 5296 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:25:07.0568 5296 Ntfs - ok
20:25:07.0571 5296 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:25:07.0572 5296 Null - ok
20:25:07.0576 5296 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:25:07.0577 5296 NVHDA - ok
20:25:07.0666 5296 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:25:07.0719 5296 nvlddmkm - ok
20:25:07.0726 5296 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:25:07.0727 5296 nvraid - ok
20:25:07.0731 5296 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:25:07.0732 5296 nvstor - ok
20:25:07.0740 5296 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
20:25:07.0745 5296 nvsvc - ok
20:25:07.0757 5296 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:25:07.0762 5296 nvUpdatusService - ok
20:25:07.0767 5296 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:25:07.0768 5296 nv_agp - ok
20:25:07.0771 5296 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:25:07.0772 5296 ohci1394 - ok
20:25:07.0777 5296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:25:07.0779 5296 p2pimsvc - ok
20:25:07.0785 5296 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:25:07.0788 5296 p2psvc - ok
20:25:07.0792 5296 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:25:07.0792 5296 Parport - ok
20:25:07.0796 5296 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:25:07.0797 5296 partmgr - ok
20:25:07.0800 5296 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:25:07.0802 5296 PcaSvc - ok
20:25:07.0806 5296 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:25:07.0807 5296 pci - ok
20:25:07.0810 5296 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:25:07.0810 5296 pciide - ok
20:25:07.0814 5296 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:25:07.0816 5296 pcmcia - ok
20:25:07.0819 5296 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:25:07.0820 5296 pcw - ok
20:25:07.0826 5296 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:25:07.0829 5296 PEAUTH - ok
20:25:07.0841 5296 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:25:07.0847 5296 PeerDistSvc - ok
20:25:07.0862 5296 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:25:07.0863 5296 PerfHost - ok
20:25:07.0879 5296 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:25:07.0886 5296 pla - ok
20:25:07.0892 5296 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:25:07.0895 5296 PlugPlay - ok
20:25:07.0897 5296 PnkBstrA - ok
20:25:07.0901 5296 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:25:07.0902 5296 PNRPAutoReg - ok
20:25:07.0906 5296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:25:07.0908 5296 PNRPsvc - ok
20:25:07.0915 5296 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:25:07.0918 5296 PolicyAgent - ok
20:25:07.0923 5296 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:25:07.0925 5296 Power - ok
20:25:07.0929 5296 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:25:07.0930 5296 PptpMiniport - ok
20:25:07.0932 5296 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:25:07.0933 5296 Processor - ok
20:25:07.0937 5296 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:25:07.0939 5296 ProfSvc - ok
20:25:07.0942 5296 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:25:07.0943 5296 ProtectedStorage - ok
20:25:07.0946 5296 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:25:07.0947 5296 Psched - ok
20:25:07.0950 5296 [ D8589A43B352E7F2317194C98447149F ] pwdrvio C:\Windows\system32\pwdrvio.sys
20:25:07.0951 5296 pwdrvio - ok
20:25:07.0954 5296 [ 4B8FDA635F4D2E7D638B2B3817B5AFC8 ] pwdspio C:\Windows\system32\pwdspio.sys
20:25:07.0955 5296 pwdspio - ok
20:25:07.0968 5296 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:25:07.0974 5296 ql2300 - ok
20:25:07.0978 5296 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:25:07.0979 5296 ql40xx - ok
20:25:07.0983 5296 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:25:07.0985 5296 QWAVE - ok
20:25:07.0988 5296 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:25:07.0989 5296 QWAVEdrv - ok
20:25:07.0991 5296 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:25:07.0992 5296 RasAcd - ok
20:25:07.0995 5296 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:25:07.0996 5296 RasAgileVpn - ok
20:25:07.0999 5296 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:25:08.0000 5296 RasAuto - ok
20:25:08.0004 5296 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:25:08.0005 5296 Rasl2tp - ok
20:25:08.0009 5296 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:25:08.0012 5296 RasMan - ok
20:25:08.0016 5296 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:25:08.0016 5296 RasPppoe - ok
20:25:08.0020 5296 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:25:08.0021 5296 RasSstp - ok
20:25:08.0026 5296 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:25:08.0028 5296 rdbss - ok
20:25:08.0031 5296 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:25:08.0031 5296 rdpbus - ok
20:25:08.0034 5296 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:25:08.0034 5296 RDPCDD - ok
20:25:08.0039 5296 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:25:08.0040 5296 RDPDR - ok
20:25:08.0043 5296 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:25:08.0043 5296 RDPENCDD - ok
20:25:08.0048 5296 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:25:08.0048 5296 RDPREFMP - ok
20:25:08.0053 5296 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:25:08.0053 5296 RdpVideoMiniport - ok
20:25:08.0057 5296 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:25:08.0058 5296 RDPWD - ok
20:25:08.0062 5296 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:25:08.0064 5296 rdyboost - ok
20:25:08.0067 5296 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:25:08.0068 5296 RemoteAccess - ok
20:25:08.0072 5296 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:25:08.0074 5296 RemoteRegistry - ok
20:25:08.0077 5296 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:25:08.0078 5296 RpcEptMapper - ok
20:25:08.0081 5296 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:25:08.0082 5296 RpcLocator - ok
20:25:08.0088 5296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:25:08.0091 5296 RpcSs - ok
20:25:08.0094 5296 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:25:08.0095 5296 rspndr - ok
20:25:08.0098 5296 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:25:08.0098 5296 s3cap - ok
20:25:08.0101 5296 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:25:08.0102 5296 SamSs - ok
20:25:08.0105 5296 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:25:08.0106 5296 sbp2port - ok
20:25:08.0110 5296 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:25:08.0112 5296 SCardSvr - ok
20:25:08.0115 5296 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:25:08.0115 5296 scfilter - ok
20:25:08.0126 5296 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:25:08.0131 5296 Schedule - ok
20:25:08.0135 5296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:25:08.0136 5296 SCPolicySvc - ok
20:25:08.0140 5296 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:25:08.0142 5296 SDRSVC - ok
20:25:08.0146 5296 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:25:08.0146 5296 secdrv - ok
20:25:08.0149 5296 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:25:08.0151 5296 seclogon - ok
20:25:08.0154 5296 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:25:08.0156 5296 SENS - ok
20:25:08.0159 5296 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:25:08.0160 5296 SensrSvc - ok
20:25:08.0167 5296 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:25:08.0168 5296 Serenum - ok
20:25:08.0171 5296 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:25:08.0172 5296 Serial - ok
20:25:08.0174 5296 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:25:08.0175 5296 sermouse - ok
20:25:08.0183 5296 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:25:08.0185 5296 SessionEnv - ok
20:25:08.0188 5296 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:25:08.0188 5296 sffdisk - ok
20:25:08.0191 5296 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:25:08.0191 5296 sffp_mmc - ok
20:25:08.0194 5296 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:25:08.0194 5296 sffp_sd - ok
20:25:08.0197 5296 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:25:08.0198 5296 sfloppy - ok
20:25:08.0205 5296 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:25:08.0207 5296 ShellHWDetection - ok
20:25:08.0210 5296 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:25:08.0211 5296 SiSRaid2 - ok
20:25:08.0215 5296 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:25:08.0216 5296 SiSRaid4 - ok
20:25:08.0219 5296 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:25:08.0220 5296 Smb - ok
20:25:08.0226 5296 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:25:08.0227 5296 SNMPTRAP - ok
20:25:08.0230 5296 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:25:08.0230 5296 spldr - ok
20:25:08.0237 5296 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
20:25:08.0241 5296 Spooler - ok
20:25:08.0269 5296 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:25:08.0285 5296 sppsvc - ok
20:25:08.0289 5296 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:25:08.0290 5296 sppuinotify - ok
20:25:08.0296 5296 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:25:08.0298 5296 srv - ok
20:25:08.0304 5296 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:25:08.0306 5296 srv2 - ok
20:25:08.0310 5296 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:25:08.0311 5296 srvnet - ok
20:25:08.0316 5296 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:25:08.0317 5296 SSDPSRV - ok
20:25:08.0321 5296 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:25:08.0323 5296 SstpSvc - ok
20:25:08.0328 5296 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:25:08.0330 5296 Stereo Service - ok
20:25:08.0333 5296 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:25:08.0334 5296 stexstor - ok
20:25:08.0341 5296 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:25:08.0345 5296 stisvc - ok
20:25:08.0348 5296 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:25:08.0349 5296 storflt - ok
20:25:08.0352 5296 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:25:08.0353 5296 storvsc - ok
20:25:08.0356 5296 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:25:08.0356 5296 swenum - ok
20:25:08.0362 5296 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:25:08.0365 5296 swprv - ok
20:25:08.0371 5296 [ FA122BC1451B1B35B7814FBE1ACF1924 ] Syncbox C:\Users\Gyom\AppData\Roaming\SyncboxServer\driver\syncbox.sys
20:25:08.0372 5296 Syncbox - ok
20:25:08.0374 5296 Synth3dVsc - ok
20:25:08.0390 5296 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:25:08.0399 5296 SysMain - ok
20:25:08.0403 5296 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:25:08.0405 5296 TabletInputService - ok
20:25:08.0409 5296 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:25:08.0412 5296 TapiSrv - ok
20:25:08.0415 5296 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:25:08.0417 5296 TBS - ok
20:25:08.0432 5296 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:25:08.0440 5296 Tcpip - ok
20:25:08.0455 5296 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:25:08.0462 5296 TCPIP6 - ok
20:25:08.0468 5296 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:25:08.0468 5296 tcpipreg - ok
20:25:08.0472 5296 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:25:08.0473 5296 TDPIPE - ok
20:25:08.0476 5296 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:25:08.0476 5296 TDTCP - ok
20:25:08.0480 5296 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:25:08.0481 5296 tdx - ok
20:25:08.0484 5296 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:25:08.0484 5296 TermDD - ok
20:25:08.0492 5296 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:25:08.0496 5296 TermService - ok
20:25:08.0500 5296 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:25:08.0501 5296 Themes - ok
20:25:08.0505 5296 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:25:08.0506 5296 THREADORDER - ok
20:25:08.0510 5296 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:25:08.0512 5296 TrkWks - ok
20:25:08.0516 5296 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:25:08.0517 5296 TrustedInstaller - ok
20:25:08.0522 5296 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:25:08.0523 5296 tssecsrv - ok
20:25:08.0526 5296 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:25:08.0527 5296 TsUsbFlt - ok
20:25:08.0529 5296 tsusbhub - ok
20:25:08.0534 5296 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:25:08.0535 5296 tunnel - ok
20:25:08.0538 5296 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:25:08.0539 5296 uagp35 - ok
20:25:08.0544 5296 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:25:08.0545 5296 udfs - ok
20:25:08.0551 5296 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:25:08.0553 5296 UI0Detect - ok
20:25:08.0556 5296 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:25:08.0557 5296 uliagpkx - ok
20:25:08.0560 5296 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:25:08.0560 5296 umbus - ok
20:25:08.0563 5296 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:25:08.0564 5296 UmPass - ok
20:25:08.0568 5296 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:25:08.0570 5296 UmRdpService - ok
20:25:08.0575 5296 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:25:08.0578 5296 upnphost - ok
20:25:08.0581 5296 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:25:08.0582 5296 usbccgp - ok
20:25:08.0586 5296 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:25:08.0586 5296 usbcir - ok
20:25:08.0589 5296 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:25:08.0590 5296 usbehci - ok
20:25:08.0593 5296 [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:25:08.0594 5296 usbfilter - ok
20:25:08.0598 5296 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:25:08.0600 5296 usbhub - ok
20:25:08.0603 5296 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:25:08.0603 5296 usbohci - ok
20:25:08.0606 5296 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:25:08.0607 5296 usbprint - ok
20:25:08.0610 5296 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:25:08.0611 5296 USBSTOR - ok
20:25:08.0614 5296 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:25:08.0615 5296 usbuhci - ok
20:25:08.0618 5296 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:25:08.0619 5296 UxSms - ok
20:25:08.0622 5296 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:25:08.0622 5296 VaultSvc - ok
20:25:08.0625 5296 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
20:25:08.0626 5296 VClone - ok
20:25:08.0629 5296 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:25:08.0630 5296 vdrvroot - ok
20:25:08.0636 5296 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:25:08.0639 5296 vds - ok
20:25:08.0642 5296 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:25:08.0642 5296 vga - ok
20:25:08.0645 5296 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:25:08.0646 5296 VgaSave - ok
20:25:08.0648 5296 VGPU - ok
20:25:08.0653 5296 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:25:08.0654 5296 vhdmp - ok
20:25:08.0657 5296 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:25:08.0657 5296 viaide - ok
20:25:08.0661 5296 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:25:08.0663 5296 vmbus - ok
20:25:08.0665 5296 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:25:08.0666 5296 VMBusHID - ok
20:25:08.0669 5296 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:25:08.0670 5296 volmgr - ok
20:25:08.0675 5296 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:25:08.0677 5296 volmgrx - ok
20:25:08.0682 5296 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:25:08.0683 5296 volsnap - ok
20:25:08.0687 5296 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:25:08.0688 5296 vsmraid - ok
20:25:08.0705 5296 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:25:08.0712 5296 VSS - ok
20:25:08.0715 5296 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:25:08.0716 5296 vwifibus - ok
20:25:08.0722 5296 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:25:08.0724 5296 W32Time - ok
20:25:08.0729 5296 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:25:08.0730 5296 WacomPen - ok
20:25:08.0733 5296 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:25:08.0734 5296 WANARP - ok
20:25:08.0736 5296 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:25:08.0737 5296 Wanarpv6 - ok
20:25:08.0750 5296 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:25:08.0757 5296 wbengine - ok
20:25:08.0762 5296 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:25:08.0764 5296 WbioSrvc - ok
20:25:08.0769 5296 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:25:08.0772 5296 wcncsvc - ok
20:25:08.0775 5296 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:25:08.0776 5296 WcsPlugInService - ok
20:25:08.0779 5296 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:25:08.0780 5296 Wd - ok
20:25:08.0787 5296 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:25:08.0790 5296 Wdf01000 - ok
20:25:08.0794 5296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:25:08.0795 5296 WdiServiceHost - ok
20:25:08.0798 5296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:25:08.0799 5296 WdiSystemHost - ok
20:25:08.0803 5296 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:25:08.0806 5296 WebClient - ok
20:25:08.0810 5296 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:25:08.0812 5296 Wecsvc - ok
20:25:08.0815 5296 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:25:08.0817 5296 wercplsupport - ok
20:25:08.0820 5296 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:25:08.0821 5296 WerSvc - ok
20:25:08.0824 5296 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:25:08.0825 5296 WfpLwf - ok
20:25:08.0827 5296 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:25:08.0828 5296 WIMMount - ok
20:25:08.0833 5296 WinHttpAutoProxySvc - ok
20:25:08.0841 5296 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:25:08.0842 5296 Winmgmt - ok
20:25:08.0857 5296 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:25:08.0867 5296 WinRM - ok
20:25:08.0874 5296 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:25:08.0874 5296 WinUsb - ok
20:25:08.0883 5296 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:25:08.0888 5296 Wlansvc - ok
20:25:08.0891 5296 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:25:08.0892 5296 WmiAcpi - ok
20:25:08.0898 5296 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:25:08.0899 5296 wmiApSrv - ok
20:25:08.0902 5296 WMPNetworkSvc - ok
20:25:08.0906 5296 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:25:08.0907 5296 WPCSvc - ok
20:25:08.0911 5296 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:25:08.0912 5296 WPDBusEnum - ok
20:25:08.0915 5296 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:25:08.0916 5296 ws2ifsl - ok
20:25:08.0918 5296 WSearch - ok
20:25:08.0924 5296 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:25:08.0925 5296 WudfPf - ok
20:25:08.0929 5296 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:25:08.0930 5296 WUDFRd - ok
20:25:08.0933 5296 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:25:08.0935 5296 wudfsvc - ok
20:25:08.0939 5296 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:25:08.0941 5296 WwanSvc - ok
20:25:08.0946 5296 ================ Scan global ===============================
20:25:08.0948 5296 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:25:08.0953 5296 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:25:08.0958 5296 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:25:08.0963 5296 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:25:08.0968 5296 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:25:08.0971 5296 [Global] - ok
20:25:08.0971 5296 ================ Scan MBR ==================================
20:25:08.0973 5296 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:25:09.0014 5296 \Device\Harddisk0\DR0 - ok
20:25:09.0017 5296 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:25:09.0152 5296 \Device\Harddisk1\DR1 - ok
20:25:09.0181 5296 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
20:25:09.0185 5296 \Device\Harddisk2\DR2 - ok
20:25:09.0185 5296 ================ Scan VBR ==================================
20:25:09.0188 5296 [ 91982FCACA82B35B12DE0E36B0ED9BE1 ] \Device\Harddisk0\DR0\Partition1
20:25:09.0189 5296 \Device\Harddisk0\DR0\Partition1 - ok
20:25:09.0191 5296 [ FADDAF0B4D773CAA7849F605546132A3 ] \Device\Harddisk1\DR1\Partition1
20:25:09.0192 5296 \Device\Harddisk1\DR1\Partition1 - ok
20:25:09.0194 5296 [ 1DA2BCC5E532E40E22C10A9E850FE62E ] \Device\Harddisk1\DR1\Partition2
20:25:09.0195 5296 \Device\Harddisk1\DR1\Partition2 - ok
20:25:09.0197 5296 [ 6160D2E4D6214F19AD9AE45B0AC3ECDE ] \Device\Harddisk2\DR2\Partition1
20:25:09.0198 5296 \Device\Harddisk2\DR2\Partition1 - ok
20:25:09.0218 5296 [ 4CD9334C79E6E258F238CF11570896BA ] \Device\Harddisk2\DR2\Partition2
20:25:09.0219 5296 \Device\Harddisk2\DR2\Partition2 - ok
20:25:09.0219 5296 ============================================================
20:25:09.0219 5296 Scan finished
20:25:09.0219 5296 ============================================================
20:25:09.0225 4248 Detected object count: 0
20:25:09.0225 4248 Actual detected object count: 0


ASWMBR LOG:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-21 20:26:14
-----------------------------
20:26:14.381 OS Version: Windows x64 6.1.7601 Service Pack 1
20:26:14.381 Number of processors: 4 586 0x403
20:26:14.381 ComputerName: GYOM-PC UserName: Gyom
20:26:14.797 Initialize success
20:39:11.893 AVAST engine defs: 12092100
20:39:17.126 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
20:39:17.127 Disk 0 Vendor: OCZ-VERT 2.15 Size: 114473MB BusType: 11
20:39:17.130 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
20:39:17.132 Disk 1 Vendor: SAMSUNG_ CR10 Size: 476940MB BusType: 11
20:39:17.135 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006a
20:39:17.136 Disk 2 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 11
20:39:17.146 Disk 0 MBR read successfully
20:39:17.148 Disk 0 MBR scan
20:39:17.151 Disk 0 Windows 7 default MBR code
20:39:17.153 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114471 MB offset 2048
20:39:17.158 Disk 0 scanning C:\Windows\system32\drivers
20:39:19.587 Service scanning
20:39:25.609 Modules scanning
20:39:25.616 Disk 0 trace - called modules:
20:39:25.620 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:39:25.623 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007765060]
20:39:25.626 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007545040]
20:39:25.629 5 amd_xata.sys[fffff880010ed8f7] -> nt!IofCallDriver -> \Device\00000067[0xfffffa8006837060]
20:39:26.005 AVAST engine scan C:\Windows
20:39:26.802 AVAST engine scan C:\Windows\system32
20:40:11.096 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:40:11.724 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
20:41:01.393 AVAST engine scan C:\Windows\system32\drivers
20:41:06.203 AVAST engine scan C:\Users\Gyom
20:42:44.994 AVAST engine scan C:\ProgramData
20:43:07.098 Scan finished successfully
20:44:47.613 Disk 0 MBR has been saved successfully to "C:\Users\Gyom\Desktop\MBR.dat"
20:44:47.617 The log file has been saved successfully to "C:\Users\Gyom\Desktop\aswMBR.txt"


ESET Log:


C:\Documents and Settings\Gyom\AppData\Local\Application Data\Temp\is1070216317\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Documents and Settings\Gyom\Desktop\Xobni_2_0_serials_key\Xobni_2_0_serials_key.exe a variant of Win32/Kryptik.AMCE trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 PM

Posted 21 September 2012 - 10:50 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.



Download

adware cleaner

Launch it click on Delete

post the generated log

#5 deazo

deazo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 22 September 2012 - 03:16 AM

Thank you

MBAM scan is now clean.

Here are the logs requested, what is the next step?

Tool box:


MiniToolBox by Farbar Version: 23-07-2012
Ran by Gyom (administrator) on 22-09-2012 at 10:12:55
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 109.95.42.129:54321

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® 82583V Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Gyom-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82583V Gigabit Network Connection
Physical Address. . . . . . . . . : 14-DA-E9-DA-9F-7A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9015:ab04:8414:3926%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : samedi 22 septembre 2012 08:59:27
Lease Expires . . . . . . . . . . : samedi 22 septembre 2012 20:59:26
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 236247785
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-F8-DB-6D-14-DA-E9-DA-9F-7A
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{D0768E78-2103-4BF9-8936-7A6D380E94E7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.254

Name: google.com
Addresses: 2a00:1450:4009:802::100e
173.194.34.162
173.194.34.164
173.194.34.161
173.194.34.169
173.194.34.165
173.194.34.160
173.194.34.167
173.194.34.174
173.194.34.168
173.194.34.163
173.194.34.166


Pinging google.com [173.194.34.166] with 32 bytes of data:
Reply from 173.194.34.166: bytes=32 time=49ms TTL=51
Reply from 173.194.34.166: bytes=32 time=50ms TTL=51

Ping statistics for 173.194.34.166:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 49ms, Maximum = 50ms, Average = 49ms
Server: UnKnown
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=1011ms TTL=50
Reply from 72.30.38.140: bytes=32 time=1013ms TTL=50

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1011ms, Maximum = 1013ms, Average = 1012ms
Server: UnKnown
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...14 da e9 da 9f 7a ......Intel® 82583V Gigabit Network Connection
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.9 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.9 266
192.168.1.9 255.255.255.255 On-link 192.168.1.9 266
192.168.1.255 255.255.255.255 On-link 192.168.1.9 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.9 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.9 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 266 fe80::/64 On-link
10 266 fe80::9015:ab04:8414:3926/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/22/2012 09:21:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/22/2012 09:20:49 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/22/2012 09:20:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/22/2012 08:48:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/22/2012 08:48:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: y, version: 0.0.0.0, time stamp: 0x5038a94a
Exception code: 0xc0000005
Fault offset: 0x000000000000166a
Faulting process id: 0x45c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (09/22/2012 08:48:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_ProfSvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: y, version: 0.0.0.0, time stamp: 0x5038a94a
Exception code: 0xc0000005
Fault offset: 0x0000000000005580
Faulting process id: 0x100
Faulting application start time: 0xsvchost.exe_ProfSvc0
Faulting application path: svchost.exe_ProfSvc1
Faulting module path: svchost.exe_ProfSvc2
Report Id: svchost.exe_ProfSvc3

Error: (09/22/2012 08:47:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7506c9f1
Faulting process id: 0x1144
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/22/2012 08:46:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7506c9f1
Faulting process id: 0x900
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/22/2012 08:45:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7506c9f1
Faulting process id: 0x10ac
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/22/2012 08:44:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7506c9f1
Faulting process id: 0x15e8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (09/22/2012 08:59:36 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/22/2012 08:59:36 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/22/2012 08:59:31 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/22/2012 08:59:29 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (09/22/2012 08:59:28 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (09/22/2012 08:59:28 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (09/22/2012 08:59:28 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (09/22/2012 08:59:23 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/22/2012 08:59:22 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/22/2012 08:58:42 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (09/22/2012 09:21:14 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Gyom\Desktop\esetsmartinstaller_enu.exe

Error: (09/22/2012 09:20:49 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\personal video database\DelZip179.dllc:\program files (x86)\personal video database\DelZip179.dll8

Error: (09/22/2012 09:20:45 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/22/2012 08:48:59 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Gyom\Desktop\esetsmartinstaller_enu.exe

Error: (09/22/2012 08:48:45 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4y0.0.0.05038a94ac0000005000000000000166a45c01cd9810dd95a9f7C:\Windows\Explorer.EXEc:\windows\system32\y8db0f06b-0481-11e2-b4a0-14dae9da9f7a

Error: (09/22/2012 08:48:08 AM) (Source: Application Error)(User: )
Description: svchost.exe_ProfSvc6.1.7600.163854a5bc3c1y0.0.0.05038a94ac0000005000000000000558010001cd9810dcd4da81C:\Windows\system32\svchost.exec:\windows\system32\y77607c16-0481-11e2-b4a0-14dae9da9f7a

Error: (09/22/2012 08:47:47 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057506c9f1114401cd988e2d67d015C:\Windows\SysWOW64\svchost.exeunknown6b1f4037-0481-11e2-b4a0-14dae9da9f7a

Error: (09/22/2012 08:46:47 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057506c9f190001cd988e098c0edbC:\Windows\SysWOW64\svchost.exeunknown473ffc80-0481-11e2-b4a0-14dae9da9f7a

Error: (09/22/2012 08:45:47 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057506c9f110ac01cd988de5bf690aC:\Windows\SysWOW64\svchost.exeunknown236c78c5-0481-11e2-b4a0-14dae9da9f7a

Error: (09/22/2012 08:44:47 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057506c9f115e801cd988dc1f35f7bC:\Windows\SysWOW64\svchost.exeunknownffa04825-0480-11e2-b4a0-14dae9da9f7a


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
AI Suite II (Version: 1.01.40)
Ant Movie Catalog (Version: 4.1.1)
Asmedia ASM106x SATA Host Controller Driver (Version: 1.2.2.000)
ATI Catalyst Install Manager (Version: 3.0.812.0)
µTorrent (Version: 3.1.3)
Audacity 2.0
AVG 2013 (Version: 13.0.2591)
AVG 2013 (Version: 13.0.2677)
AVG 2013 (Version: 2013.0.2677)
Banshee 2.4.0 - ALPHA (Version: 2.4.0)
Battlefield 3™ (Version: 1.4.0.0)
Battlelog Web Plugins (Version: 1.132.0)
Belarc Advisor 8.2 (Version: 8.2.7.6)
BF3 Settings Editor (Version: 2.3)
CCleaner (Version: 3.16)
CDBurnerXP (Version: 4.4.1.3099)
Core Temp 1.0 RC3 (Version: 1.0)
CPUID CPU-Z 1.60
CPUID HWMonitor 1.19
Dear Esther
EASEUS Partition Master 9.1.1 Home Edition
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
FileZilla Client 3.5.3 (Version: 3.5.3)
Foxit Reader (Version: 5.3.0.423)
Google Chrome (Version: 21.0.1180.89)
HandBrake 0.9.8 (Version: 0.9.8)
Harzing's Publish or Perish 3.7.4564 (Version: 3.7.4564)
HD Tune Pro 5.00
Intel® Network Connections 17.3.63.0 (Version: 17.3.63.0)
IZArc 4.1.6 (Version: 4.1.6)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
JDownloader 0.9 (Version: 0.9)
LAME v3.99.3 (for Windows)
LibreOffice 3.3 (Version: 3.3.401)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MediaMonkey 4.0 (Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MiniTool Partition Wizard Home Edition 7.5
Mobipocket Creator 4.2 (Version: 4.2.41)
Mp3tag v2.50 (Version: v2.50)
Mumble 1.2.3 (Version: 1.2.3)
MusicBrainz Picard (Version: 0.16)
NirSoft BlueScreenView
NirSoft Wireless Network Watcher
Notepad++ (Version: 5.9.8)
NVIDIA 3D Vision Controller Driver 306.23 (Version: 306.23)
NVIDIA 3D Vision Driver 306.23 (Version: 306.23)
NVIDIA Control Panel 306.23 (Version: 306.23)
NVIDIA Graphics Driver 306.23 (Version: 306.23)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0623)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Origin (Version: 8.5.0.4554)
Personal Video Database 0.9.9.21
PunkBuster Services (Version: 0.991)
Radio Fr Solo 2.1
Real Alternative 2.0.2 (Version: 2.0.2)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Reason 5.0 (Version: 5.0)
Songbird 1.10.2 (Build 2199)
SopCast 3.5.0 (Version: 3.5.0)
Spotify (Version: 0.8.4.124.ga3559d86)
Sublight 3.3.0 (Version: 3.3.0)
Subtitle Workshop 2.51
Synchredible v4.0
TeamSpeak 3 Client
The Walking Dead © 3 version 1 (Version: 1)
TreeSize Free V2.5 (Version: 2.5)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VirtualCloneDrive
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.2 (Version: 2.0.2)
Vols RAM
WebEx
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
X-Proxy (Version: 3.1.0.0)
Xvid MPEG-4 Video Codec

**** End of log ****


Log FSS:

Farbar Service Scanner Version: 19-09-2012
Ran by Gyom (administrator) on 22-09-2012 at 10:14:52
Running from "C:\Users\Gyom\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Log ADWARE:

# AdwCleaner v2.002 - Logfile created 09/22/2012 at 10:21:21
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Gyom - GYOM-PC
# Boot Mode : Normal
# Running from : C:\Users\Gyom\Desktop\adwcleaner1.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Gyom\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [896 octets] - [22/09/2012 10:15:47]
AdwCleaner[R2].txt - [835 octets] - [22/09/2012 10:19:43]
AdwCleaner[S2].txt - [894 octets] - [22/09/2012 10:19:51]
AdwCleaner[R3].txt - [826 octets] - [22/09/2012 10:21:21]

########## EOF - C:\AdwCleaner[R3].txt - [885 octets] ##########

Edited by deazo, 22 September 2012 - 03:22 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 PM

Posted 22 September 2012 - 07:57 AM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#7 deazo

deazo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 22 September 2012 - 09:46 AM

FSS LOG:

Farbar Service Scanner Version: 19-09-2012
Ran by Gyom (administrator) on 22-09-2012 at 15:36:43
Running from "C:\Users\Gyom\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


RKILL LOG:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/22/2012 03:37:04 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\DAODx.exe (PID: 2112) [WD-HEUR]
* C:\Users\Gyom\Desktop\FSS.exe (PID: 5056) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: DisallowRun [HKCU]
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Gyom\Desktop\rkill\rkill-09-22-2012-03-37-10.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$95f2732c6754393eece83b32ee8b3b77\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$95f2732c6754393eece83b32ee8b3b77\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$95f2732c6754393eece83b32ee8b3b77\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$95f2732c6754393eece83b32ee8b3b77\L\00000004.@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$95f2732c6754393eece83b32ee8b3b77\L\201d3dde [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$95f2732c6754393eece83b32ee8b3b77\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3257054755-177651071-420096671-1000\$95f2732c6754393eece83b32ee8b3b77\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3257054755-177651071-420096671-1000\$95f2732c6754393eece83b32ee8b3b77\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-3257054755-177651071-420096671-1000\$95f2732c6754393eece83b32ee8b3b77\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3257054755-177651071-420096671-1000\$95f2732c6754393eece83b32ee8b3b77\U\ [ZA Dir]

Checking Windows Service Integrity:

* (BFE) is not Running.
Startup Type set to:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/22/2012 03:37:15 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)


AUTORUNS:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "RTHDVCPL" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rtkngui64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ASUS AiChargerPlus Execute" "AiChargerPlus MFC Application" "ASUSTek Computer Inc." "c:\program files (x86)\installshield installation information\{e6931688-da2b-4e16-8539-3d323d69c677}\aichargerplus.exe"
+ "AVG_UI" "AVG User Interface" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgui.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "VirtualCloneDrive" "Virtual CloneDrive Daemon" "Elaborate Bytes AG" "c:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Akamai NetSession Interface" "" "" "File not found: C:\Users\Gyom\AppData\Local\Akamai\netsession_win.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\gyom\appdata\local\google\update\googleupdate.exe"
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "Sofervise" "" "" "File not found: C:\Program Files (x86)\Sofervise\Sofervise.exe"
+ "Spotify" "Spotify" "Spotify Ltd" "c:\users\gyom\appdata\roaming\spotify\spotify.exe"
+ "Spotify Web Helper" "" "" "c:\users\gyom\appdata\roaming\spotify\data\spotifywebhelper.exe"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgsea.dll"
+ "IZArcCM" "IZArcCM64 Shell Context Menu for x64 Windows" "" "c:\program files (x86)\izarc\izarccm64.dll"
+ "Mp3tagShell" "Shell Extension Mp3tag - the universal Tag editor" "Florian Heidenreich" "c:\program files (x86)\mp3tag\mp3tagshell64.dll"
+ "Notepad++64" "ShellHandler for Notepad++ (64 bit)" "" "c:\program files (x86)\notepad++\nppshell_04.dll"
+ "VirtualCloneDrive" "CloseTray" "Elaborate Bytes AG" "c:\program files (x86)\elaborate bytes\virtualclonedrive\elbyvcdshell.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgse.dll"
+ "IZArcCM" "IZArcCM64 Shell Context Menu for x64 Windows" "" "c:\program files (x86)\izarc\izarccm64.dll"
+ "Mp3tagShell" "Shell Extension Mp3tag - the universal Tag editor" "Florian Heidenreich" "c:\program files (x86)\mp3tag\mp3tagshell32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "IZArcCM" "IZArcCM64 Shell Context Menu for x64 Windows" "" "c:\program files (x86)\izarc\izarccm64.dll"
+ "Mp3tagShell" "Shell Extension Mp3tag - the universal Tag editor" "Florian Heidenreich" "c:\program files (x86)\mp3tag\mp3tagshell64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "IZArcCM" "IZArcCM64 Shell Context Menu for x64 Windows" "" "c:\program files (x86)\izarc\izarccm64.dll"
+ "Mp3tagShell" "Shell Extension Mp3tag - the universal Tag editor" "Florian Heidenreich" "c:\program files (x86)\mp3tag\mp3tagshell32.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext_64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "" "File not found: C:\Program Files (x86)\LibreOffice 3\Basis\program\shlxthdl\shlxthdl_x64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "The Document Foundation" "c:\program files (x86)\libreoffice 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgse.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\ASUS\ASUS AI Suite II Execute" "ASUS Routine Controller" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\ai suite ii\asroutinecontroller.exe"
+ "\ASUS\ASUS DigiVRM Help" "Digi+VRM Help" "ASUSTeK Computer Inc." "c:\program files (x86)\asus\ai suite ii\digi+ vrm\vrmhelp.exe"
+ "\ASUS\RunDAOD" "" "" "c:\windows\daodx.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3257054755-177651071-420096671-1000Core" "Google Installer" "Google Inc." "c:\users\gyom\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3257054755-177651071-420096671-1000UA" "Google Installer" "Google Inc." "c:\users\gyom\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "\Synchredible-Gyom" "Backup & Synchronisation" "ASCOMP Software GmbH" "c:\program files (x86)\ascomp software\synchredible\synchredible.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "asComSvc" "" "" "c:\program files (x86)\asus\axsp\1.00.14\atkexcomsvc.exe"
+ "asHmComSvc" "" "" "c:\program files (x86)\asus\aahm\1.00.14\aahmsvc.exe"
+ "AsSysCtrlService" "" "" "c:\program files (x86)\asus\assysctrlservice\1.00.11\assysctrlservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgwdsvc.exe"
+ "Intel® PROSet Monitoring Service" "The Intel® PROSet Monitoring Service actively monitors changes to the system and updates affected network devices to keep them running in optimal condition. Stopping this service may negatively affect the performance of the network devices on the system." "Intel Corporation" "c:\windows\system32\iprosetmonitor.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "nvUpdatusService" "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server." "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe"
+ "PnkBstrA" "PunkBuster Service Component [v1036] http://www.evenbalance.com" "" "c:\windows\syswow64\pnkbstra.exe"
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe"
+ "WinDefend" "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "AiChargerPlus" "ASUS Charger driver" "ASUSTek Computer Inc." "c:\windows\system32\drivers\aichargerplus.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "ALSysIO" "" "" "File not found: C:\Users\Gyom\AppData\Local\Temp\ALSysIO64.sys"
+ "amd_sata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_sata.sys"
+ "amd_xata" "Stor Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_xata.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "asahci64" "Asmedia 106x SATA Host Controller Driver" "Asmedia Technology" "c:\windows\system32\drivers\asahci64.sys"
+ "AsIO" "" "" "c:\windows\syswow64\drivers\asio.sys"
+ "AsUpIO" "" "" "c:\windows\syswow64\drivers\asupio.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdrivera.sys"
+ "AVGIDSHA" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsha.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgloga" "AVG Logging Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgloga.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "cpuz135" "CPUID Driver" "CPUID" "c:\windows\system32\drivers\cpuz135_x64.sys"
+ "e1qexpress" "Intel® Gigabit Adapter NDIS 6.x driver" "Intel Corporation" "c:\windows\system32\drivers\e1q62x64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "ElbyCDIO" "ElbyCD Windows x64 I/O driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\elbycdio.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "epmntdrv" "" "" "c:\windows\system32\epmntdrv.sys"
+ "EuGdiDrv" "" "" "c:\windows\system32\eugdidrv.sys"
+ "GEARAspiWDM" "" "" "File not found: System32\Drivers\GEARAspiWDM.sys"
+ "GLCKIO" "" "" "File not found: C:\Users\Gyom\Desktop\ASUS SATA Verifier 1.00.04\690b33e1-0462-4e84-9bea-c7552b45432a.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NVHDA" "NVIDIA HDMI Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvhda64v.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 306.23 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "pwdrvio" "" "" "c:\windows\system32\pwdrvio.sys"
+ "pwdspio" "" "" "c:\windows\system32\pwdspio.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "Syncbox" "Dokan Filesystem Driver" "Windows ® Win 7 DDK provider" "c:\users\gyom\appdata\roaming\syncboxserver\driver\syncbox.sys"
+ "Synth3dVsc" "" "" "File not found: System32\drivers\synth3dvsc.sys"
+ "tsusbhub" "@%SystemRoot%\system32\drivers\tsusbhub.sys,-2" "" "File not found: system32\drivers\tsusbhub.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "VClone" "VirtualCloneCD Driver" "Elaborate Bytes AG" "c:\windows\system32\drivers\vclone.sys"
+ "VGPU" "" "" "File not found: System32\drivers\rdvgkmd.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.XVID" "" "" "c:\windows\syswow64\xvidvfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MPC - RealAudio Decoder" "RealMedia Splitter" "MPC-HC Team" "c:\program files (x86)\real alternative\realmediasplitter.ax"
+ "MPC - RealMedia Source" "RealMedia Splitter" "MPC-HC Team" "c:\program files (x86)\real alternative\realmediasplitter.ax"
+ "MPC - RealMedia Splitter" "RealMedia Splitter" "MPC-HC Team" "c:\program files (x86)\real alternative\realmediasplitter.ax"
+ "MPC - RealVideo Decoder" "RealMedia Splitter" "MPC-HC Team" "c:\program files (x86)\real alternative\realmediasplitter.ax"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\syswow64\xvid.ax"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgrsa.exe"
"C:\Users\Gyom\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "AVG" "AVG" "AVG Technologies" "C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\\Gadget.xml"

Edited by deazo, 22 September 2012 - 09:47 AM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 PM

Posted 22 September 2012 - 09:49 AM

Please run Farbar service scanner in normal mode and post the new log


Run RKILL again and post the new log

Edited by narenxp, 22 September 2012 - 12:34 PM.


#9 deazo

deazo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 22 September 2012 - 12:04 PM

FSS log:

Farbar Service Scanner Version: 19-09-2012
Ran by Gyom (administrator) on 22-09-2012 at 19:01:15
Running from "C:\Users\Gyom\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by deazo, 22 September 2012 - 12:51 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 PM

Posted 22 September 2012 - 12:35 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Edited by narenxp, 22 September 2012 - 01:12 PM.


#11 deazo

deazo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 22 September 2012 - 12:52 PM

Sorry here it is

RKILL LOG:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/22/2012 07:51:29 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* (BFE) is not Running.
Startup Type set to:

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/22/2012 07:51:34 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 PM

Posted 22 September 2012 - 01:13 PM

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the new FSS log

#13 deazo

deazo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 22 September 2012 - 03:53 PM

Here is the log:

Farbar Service Scanner Version: 19-09-2012
Ran by Gyom (administrator) on 22-09-2012 at 22:53:31
Running from "C:\Users\Gyom\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:44 PM

Posted 22 September 2012 - 03:55 PM

Press windows+R key and type

services.msc and click ok

Right click on

Security center
Windows updates


start them.Let me know if that works

#15 deazo

deazo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 23 September 2012 - 02:58 AM

Yes, they were actually already started.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users