Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef-PL virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 hailog

hailog

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 26 September 2013 - 09:08 PM

Hi there,

 

I believe my laptop is infected with the below threat:

 

Threat: Win32:Sirefef-PL [rtk]

 

Strangely, it started with a call from my internet provider saying that one of my home devices is infected and that they will disconnect my internet connection if I don't take action in 48 hrs. I came home, ran the avast and mbam scans and found that the laptop at home was infected with the above virus. Below is the sequence of events:

- Ran avast scan, tried to remove the threat

- Ram mbam scan, tried to remove threat, asked for a reboot

- At the start of the reboot, I got the virus threat notification

- I skipped 'scan' prior to/ during boot as I don't know how that will go

- Once in windows, ran mbam again. No threats found

- Ran avast scan again, same threat along with few others showed up

 

Any help getting rid of this would be greatly appreciated!

 

Thank you.

 

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:13 AM

Posted 26 September 2013 - 10:21 PM

Hello hailog

Lets do these.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.



  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


  • Please download aswMBR ( 4.5MB ) to your desktop.
    [list]
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
  • [/LIST

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hailog

hailog
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 27 September 2013 - 12:42 AM

Hi boopme,

 

Thanks for your reply. Here are the requested logs:

 

1) MiniToolBox results:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Nisha (administrator) on 26-09-2013 at 23:50:50
Running from "C:\Users\Nisha\Desktop\Virus removal\26s13_1"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Dell Wireless 1702 802.11b/g/n = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Nisha-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
   Physical Address. . . . . . . . . : 00-FF-30-54-12-04
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 7C-E9-D3-30-2B-60
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Dell Wireless 1702 802.11b/g/n
   Physical Address. . . . . . . . . : 7C-E9-D3-30-2B-5F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::75b4:7630:6d4b:dea2%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.14(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : September-26-13 7:07:24 PM
   Lease Expires . . . . . . . . . . : October-03-13 11:50:11 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 310176211
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-BE-81-1E-24-B6-FD-1E-02-24
   DNS Servers . . . . . . . . . . . : 64.71.255.204
                                       64.71.255.198
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 24-B6-FD-1E-02-24
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9190CAA6-8C25-4365-A54C-364BCA09A242}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  64.71.255.204

Name:    google.com
Addresses:  2607:f8b0:4004:801::1008
      24.156.153.39
      24.156.153.35
      24.156.153.20
      24.156.153.45
      24.156.153.49
      24.156.153.34
      24.156.153.29
      24.156.153.50
      24.156.153.40
      24.156.153.24
      24.156.153.25
      24.156.153.54
      24.156.153.55
      24.156.153.30
      24.156.153.59
      24.156.153.44


Pinging google.com [24.156.153.20] with 32 bytes of data:
Reply from 24.156.153.20: bytes=32 time=14ms TTL=59
Reply from 24.156.153.20: bytes=32 time=9ms TTL=59

Ping statistics for 24.156.153.20:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 14ms, Average = 11ms
Server:  UnKnown
Address:  64.71.255.204

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=110ms TTL=52
Reply from 206.190.36.45: bytes=32 time=130ms TTL=52

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 110ms, Maximum = 130ms, Average = 120ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...00 ff 30 54 12 04 ......Juniper Network Connect Virtual Adapter
 13...7c e9 d3 30 2b 60 ......Bluetooth Device (Personal Area Network)
 12...7c e9 d3 30 2b 5f ......Dell Wireless 1702 802.11b/g/n
 11...24 b6 fd 1e 02 24 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.14     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.14    281
     192.168.0.14  255.255.255.255         On-link      192.168.0.14    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.14    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.14    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.14    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::75b4:7630:6d4b:dea2/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 02 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 03 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 06 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 07 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 08 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 09 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 10 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 11 mswsock.dll [File not found] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 02 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 03 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 04 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 05 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 06 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 07 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 08 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 09 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 10 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 11 mswsock.dll [File Not found] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/26/2013 07:18:37 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (09/26/2013 07:08:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2013 06:09:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7493c9f5
Faulting process id: 0x14e4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/26/2013 05:52:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7493c9f5
Faulting process id: 0x834
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/26/2013 05:31:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7493c9f5
Faulting process id: 0xa24
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/26/2013 05:18:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7493c9f5
Faulting process id: 0xedc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/26/2013 05:07:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb164a
Exception code: 0xc0000005
Fault offset: 0x000000000005883e
Faulting process id: 0x5b8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (09/26/2013 04:41:06 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (09/26/2013 04:32:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2013 04:19:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/26/2013 09:37:05 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0x8000002a171\??\Volume{71bba2c7-4ef2-11e1-a96c-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A37C94E5-E74E-4C5E-BD88-CE91A53BDEF5}

Error: (09/26/2013 07:10:46 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/26/2013 07:09:42 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/26/2013 07:09:42 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/26/2013 07:08:01 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/26/2013 07:08:00 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (09/26/2013 07:07:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/26/2013 04:33:14 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/26/2013 04:30:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/26/2013 04:30:48 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (09/26/2013 07:18:37 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (09/26/2013 07:08:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2013 06:09:34 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057493c9f514e401cebb0512f99b32C:\windows\SysWOW64\svchost.exeunknown5323e82e-26f8-11e3-9e0b-7ce9d3302b60

Error: (09/26/2013 05:52:29 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057493c9f583401cebb02b08be57cC:\windows\SysWOW64\svchost.exeunknownf02abb17-26f5-11e3-9e0b-7ce9d3302b60

Error: (09/26/2013 05:31:25 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057493c9f5a2401cebaffbce0cc97C:\windows\SysWOW64\svchost.exeunknownfe69c569-26f2-11e3-9e0b-7ce9d3302b60

Error: (09/26/2013 05:18:18 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057493c9f5edc01cebafdea0e85dcC:\windows\SysWOW64\svchost.exeunknown293a4e4b-26f1-11e3-9e0b-7ce9d3302b60

Error: (09/26/2013 05:07:08 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.1822951fb164ac0000005000000000005883e5b801cebaf747cb1ae0C:\windows\Explorer.EXEC:\windows\SYSTEM32\ntdll.dll9a3d228c-26ef-11e3-9e0b-7ce9d3302b60

Error: (09/26/2013 04:41:06 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (09/26/2013 04:32:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/26/2013 04:19:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2012-12-27 13:49:45.559
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-27 13:49:45.543
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

Adobe AIR (Version: 2.6.0.19120)
Adobe Connect Add-in
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.8) MUI (Version: 10.1.8)
Advanced Audio FX Engine (Version: 1.12.05)
avast! Free Antivirus (Version: 8.0.1497.0)
Bing Bar (Version: 7.2.241.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blio (Version: 2.3.7140)
Bluetooth Win7 Suite (64) (Version: 7.2.0.83)
CCleaner (Version: 3.26)
Citrix Presentation Server Client (Version: 10.00.52110)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.47)
Dell DataSafe Online (Version: 2.1.19634)
Dell Digital Delivery (Version: 1.7.4502.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell MusicStage (Version: 1.5.201.0)
Dell PhotoStage (Version: 1.5.0.65)
Dell Stage (Version: 1.5.201.0)
Dell Stage Remote (Version: 2.0.0.43)
Dell Support Center (Version: 3.1.5803.11)
Dell Touchpad (Version: 7.1207.101.225)
Dell VideoStage  (Version: 1.2.0.1712)
Dell Webcam Central (Version: 2.00.44)
Dell WLAN and Bluetooth Client Installation (Version: 9.0)
DirectX 9 Runtime (Version: 1.00.0000)
Dropbox (Version: 2.0.26)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Google Talk Plugin (Version: 4.6.3.15268)
High-Definition Video Playback (Version: 7.3.10000.0.0)
IDT Audio (Version: 1.0.6341.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2342)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Java 7 Update 10 (Version: 7.0.100)
Java Auto Updater (Version: 2.1.9.0)
Java™ 7 Update 1 (64-bit) (Version: 7.0.10)
Juniper Networks Network Connect 6.5.0 (Version: 6.5.0.17087)
Juniper Networks Network Connect 7.1.8 (Version: 7.1.8.20737)
Juniper Networks, Inc. Setup Client (Version: 7.1.8.19851)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 10 Movie ThemePack Basic (Version: 10.2.10200.0.0)
Nero Control Center 10 (Version: 10.6.12500.0.5)
Nero ControlCenter 10 Help (CHM) (Version: 10.2.10800)
Nero Core Components 10 (Version: 2.0.20000.9.12)
Nero Update (Version: 11.0.11500.28.0)
PhotoShowExpress (Version: 2.0.063)
Picasa 3 (Version: 3.9)
PlayReady PC Runtime x86 (Version: 1.3.0)
Quickset64 (Version: 10.09.25)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek Ethernet Controller Driver (Version: 7.45.516.2011)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30126)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Skype Click to Call (Version: 6.12.13601)
Skype™ 6.6 (Version: 6.6.106)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SyncUP (Version: 1.10.11100.8.106)
SyncUP (Version: 10.2.15400)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zinio Reader 4 (Version: 4.2.4164)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 4004.27 MB
Available physical RAM: 2546.17 MB
Total Pagefile: 8006.73 MB
Available Pagefile: 6574.47 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.48 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451 GB) (Free:400.49 GB) NTFS

========================= Users: ========================================

User accounts for \\NISHA-PC

Administrator            Guest                    Nisha                    


**** End of log ****
 

 

2) TDSKiller log:

 

23:51:47.0838 0x0bd4  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
23:51:48.0369 0x0bd4  ============================================================
23:51:48.0369 0x0bd4  Current date / time: 2013/09/26 23:51:48.0369
23:51:48.0369 0x0bd4  SystemInfo:
23:51:48.0369 0x0bd4  
23:51:48.0369 0x0bd4  OS Version: 6.1.7601 ServicePack: 1.0
23:51:48.0369 0x0bd4  Product type: Workstation
23:51:48.0369 0x0bd4  ComputerName: NISHA-PC
23:51:48.0369 0x0bd4  UserName: Nisha
23:51:48.0369 0x0bd4  Windows directory: C:\windows
23:51:48.0369 0x0bd4  System windows directory: C:\windows
23:51:48.0369 0x0bd4  Running under WOW64
23:51:48.0369 0x0bd4  Processor architecture: Intel x64
23:51:48.0369 0x0bd4  Number of processors: 4
23:51:48.0369 0x0bd4  Page size: 0x1000
23:51:48.0369 0x0bd4  Boot type: Normal boot
23:51:48.0369 0x0bd4  ============================================================
23:51:48.0805 0x0bd4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:51:48.0821 0x0bd4  ============================================================
23:51:48.0821 0x0bd4  \Device\Harddisk0\DR0:
23:51:48.0821 0x0bd4  MBR partitions:
23:51:48.0821 0x0bd4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
23:51:48.0821 0x0bd4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38600030
23:51:48.0821 0x0bd4  ============================================================
23:51:48.0868 0x0bd4  C: <-> \Device\Harddisk0\DR0\Partition2
23:51:48.0868 0x0bd4  ============================================================
23:51:48.0868 0x0bd4  Initialize success
23:51:48.0868 0x0bd4  ============================================================
23:51:51.0613 0x116c  ============================================================
23:51:51.0613 0x116c  Scan started
23:51:51.0613 0x116c  Mode: Manual;
23:51:51.0613 0x116c  ============================================================
23:51:51.0832 0x116c  ================ Scan system memory ========================
23:51:51.0832 0x116c  System memory - ok
23:51:51.0832 0x116c  ================ Scan services =============================
23:51:52.0113 0x116c  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
23:51:52.0128 0x116c  1394ohci - ok
23:51:52.0159 0x116c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
23:51:52.0175 0x116c  ACPI - ok
23:51:52.0206 0x116c  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
23:51:52.0206 0x116c  AcpiPmi - ok
23:51:52.0331 0x116c  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:51:52.0331 0x116c  AdobeARMservice - ok
23:51:52.0471 0x116c  [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:51:52.0471 0x116c  AdobeFlashPlayerUpdateSvc - ok
23:51:52.0518 0x116c  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
23:51:52.0534 0x116c  adp94xx - ok
23:51:52.0596 0x116c  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
23:51:52.0612 0x116c  adpahci - ok
23:51:52.0643 0x116c  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
23:51:52.0643 0x116c  adpu320 - ok
23:51:52.0690 0x116c  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
23:51:52.0690 0x116c  AeLookupSvc - ok
23:51:52.0783 0x116c  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
23:51:52.0783 0x116c  AESTFilters - ok
23:51:52.0830 0x116c  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
23:51:52.0846 0x116c  AFD - ok
23:51:52.0893 0x116c  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
23:51:52.0893 0x116c  agp440 - ok
23:51:52.0955 0x116c  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
23:51:52.0955 0x116c  ALG - ok
23:51:53.0002 0x116c  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
23:51:53.0002 0x116c  aliide - ok
23:51:53.0033 0x116c  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
23:51:53.0033 0x116c  amdide - ok
23:51:53.0080 0x116c  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
23:51:53.0080 0x116c  AmdK8 - ok
23:51:53.0080 0x116c  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
23:51:53.0095 0x116c  AmdPPM - ok
23:51:53.0127 0x116c  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
23:51:53.0127 0x116c  amdsata - ok
23:51:53.0158 0x116c  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
23:51:53.0158 0x116c  amdsbs - ok
23:51:53.0173 0x116c  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
23:51:53.0173 0x116c  amdxata - ok
23:51:53.0236 0x116c  [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService  C:\windows\system32\DRIVERS\Apfiltr.sys
23:51:53.0251 0x116c  ApfiltrService - ok
23:51:53.0298 0x116c  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
23:51:53.0314 0x116c  AppID - ok
23:51:53.0329 0x116c  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
23:51:53.0329 0x116c  AppIDSvc - ok
23:51:53.0376 0x116c  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
23:51:53.0392 0x116c  Appinfo - ok
23:51:53.0423 0x116c  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
23:51:53.0423 0x116c  arc - ok
23:51:53.0439 0x116c  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
23:51:53.0439 0x116c  arcsas - ok
23:51:53.0563 0x116c  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:51:53.0563 0x116c  aspnet_state - ok
23:51:53.0610 0x116c  [ A83C9C15680BB9E270ACF7172068E287 ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
23:51:53.0610 0x116c  aswFsBlk - ok
23:51:53.0688 0x116c  [ 890918D53B80B474CFAFB48995B85AF3 ] aswKbd          C:\windows\system32\drivers\aswKbd.sys
23:51:53.0688 0x116c  aswKbd - ok
23:51:53.0751 0x116c  [ 5C40B8D77EBEE1DE0E7A8CDD0CD75773 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
23:51:53.0751 0x116c  aswMonFlt - ok
23:51:53.0782 0x116c  [ 997F6977294B9ACB7F400431DF8E3A4A ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
23:51:53.0782 0x116c  aswRdr - ok
23:51:53.0829 0x116c  [ 286193DC28CFB4CEB8D378E20A0850A9 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
23:51:53.0829 0x116c  aswRvrt - ok
23:51:53.0907 0x116c  [ 58B93BA20D4693D0800D2B0A62B8059D ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
23:51:53.0938 0x116c  aswSnx - ok
23:51:53.0969 0x116c  [ EC7148DB4D126C81426A67602822E62C ] aswSP           C:\windows\system32\drivers\aswSP.sys
23:51:53.0985 0x116c  aswSP - ok
23:51:54.0000 0x116c  [ 0E422E9CB7CD9C0AA6D4DFEAFA086EAA ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
23:51:54.0000 0x116c  aswTdi - ok
23:51:54.0094 0x116c  [ 9FE455C916C656144B004E3EB48507CE ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
23:51:54.0109 0x116c  aswVmm - ok
23:51:54.0141 0x116c  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
23:51:54.0141 0x116c  AsyncMac - ok
23:51:54.0187 0x116c  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
23:51:54.0187 0x116c  atapi - ok
23:51:54.0265 0x116c  [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort       C:\windows\system32\DRIVERS\btath_flt.sys
23:51:54.0265 0x116c  AthBTPort - ok
23:51:54.0328 0x116c  [ 650F111D5CDA64C10AE4B9D1BA9D4FFF ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
23:51:54.0328 0x116c  Atheros Bt&Wlan Coex Agent - ok
23:51:54.0343 0x116c  [ 44FB485B94A8332D877F659366CEDBC8 ] AtherosSvc      C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
23:51:54.0343 0x116c  AtherosSvc - ok
23:51:54.0453 0x116c  [ 5493ED5D300AFC7A9A0A87FCA08E5381 ] athr            C:\windows\system32\DRIVERS\athrx.sys
23:51:54.0531 0x116c  athr - ok
23:51:54.0562 0x116c  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
23:51:54.0577 0x116c  AudioEndpointBuilder - ok
23:51:54.0593 0x116c  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
23:51:54.0593 0x116c  AudioSrv - ok
23:51:54.0655 0x116c  [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:51:54.0655 0x116c  avast! Antivirus - ok
23:51:54.0718 0x116c  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
23:51:54.0733 0x116c  AxInstSV - ok
23:51:54.0796 0x116c  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
23:51:54.0796 0x116c  b06bdrv - ok
23:51:54.0843 0x116c  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
23:51:54.0843 0x116c  b57nd60a - ok
23:51:54.0936 0x116c  [ 369C1928C9BBED65C9E347448BD376B0 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
23:51:54.0952 0x116c  BBSvc - ok
23:51:55.0014 0x116c  [ 54949AFAC5CE6FA2E4D7846D4362BAB3 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
23:51:55.0014 0x116c  BBUpdate - ok
23:51:55.0061 0x116c  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
23:51:55.0061 0x116c  BDESVC - ok
23:51:55.0092 0x116c  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
23:51:55.0108 0x116c  Beep - ok
23:51:55.0155 0x116c  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
23:51:55.0155 0x116c  blbdrive - ok
23:51:55.0217 0x116c  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
23:51:55.0217 0x116c  bowser - ok
23:51:55.0264 0x116c  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
23:51:55.0264 0x116c  BrFiltLo - ok
23:51:55.0264 0x116c  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
23:51:55.0279 0x116c  BrFiltUp - ok
23:51:55.0295 0x116c  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
23:51:55.0295 0x116c  BridgeMP - ok
23:51:55.0342 0x116c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
23:51:55.0357 0x116c  Browser - ok
23:51:55.0389 0x116c  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
23:51:55.0389 0x116c  Brserid - ok
23:51:55.0404 0x116c  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
23:51:55.0404 0x116c  BrSerWdm - ok
23:51:55.0420 0x116c  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
23:51:55.0420 0x116c  BrUsbMdm - ok
23:51:55.0435 0x116c  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
23:51:55.0435 0x116c  BrUsbSer - ok
23:51:55.0482 0x116c  [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP      C:\windows\system32\drivers\btath_a2dp.sys
23:51:55.0498 0x116c  BTATH_A2DP - ok
23:51:55.0560 0x116c  [ A9DF22429E8D69ED849B0BBBE16BD327 ] BTATH_BUS       C:\windows\system32\DRIVERS\btath_bus.sys
23:51:55.0560 0x116c  BTATH_BUS - ok
23:51:55.0623 0x116c  [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP      C:\windows\system32\DRIVERS\btath_hcrp.sys
23:51:55.0623 0x116c  BTATH_HCRP - ok
23:51:55.0654 0x116c  [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT     C:\windows\system32\DRIVERS\btath_lwflt.sys
23:51:55.0654 0x116c  BTATH_LWFLT - ok
23:51:55.0669 0x116c  [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP       C:\windows\system32\DRIVERS\btath_rcp.sys
23:51:55.0685 0x116c  BTATH_RCP - ok
23:51:55.0732 0x116c  [ FF59EE1DDAC776246F43BF434194650F ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
23:51:55.0747 0x116c  BtFilter - ok
23:51:55.0779 0x116c  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
23:51:55.0779 0x116c  BthEnum - ok
23:51:55.0841 0x116c  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
23:51:55.0841 0x116c  BTHMODEM - ok
23:51:55.0872 0x116c  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
23:51:55.0872 0x116c  BthPan - ok
23:51:55.0919 0x116c  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
23:51:55.0935 0x116c  BTHPORT - ok
23:51:55.0997 0x116c  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
23:51:55.0997 0x116c  bthserv - ok
23:51:56.0044 0x116c  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
23:51:56.0059 0x116c  BTHUSB - ok
23:51:56.0106 0x116c  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
23:51:56.0106 0x116c  cdfs - ok
23:51:56.0153 0x116c  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
23:51:56.0169 0x116c  cdrom - ok
23:51:56.0200 0x116c  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
23:51:56.0215 0x116c  CertPropSvc - ok
23:51:56.0231 0x116c  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
23:51:56.0231 0x116c  circlass - ok
23:51:56.0278 0x116c  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
23:51:56.0293 0x116c  CLFS - ok
23:51:56.0356 0x116c  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:51:56.0356 0x116c  clr_optimization_v2.0.50727_32 - ok
23:51:56.0418 0x116c  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:51:56.0418 0x116c  clr_optimization_v2.0.50727_64 - ok
23:51:56.0481 0x116c  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:51:56.0481 0x116c  clr_optimization_v4.0.30319_32 - ok
23:51:56.0527 0x116c  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:51:56.0527 0x116c  clr_optimization_v4.0.30319_64 - ok
23:51:56.0559 0x116c  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
23:51:56.0559 0x116c  CmBatt - ok
23:51:56.0590 0x116c  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
23:51:56.0605 0x116c  cmdide - ok
23:51:56.0637 0x116c  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
23:51:56.0652 0x116c  CNG - ok
23:51:56.0668 0x116c  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
23:51:56.0668 0x116c  Compbatt - ok
23:51:56.0699 0x116c  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
23:51:56.0699 0x116c  CompositeBus - ok
23:51:56.0715 0x116c  COMSysApp - ok
23:51:56.0746 0x116c  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
23:51:56.0746 0x116c  crcdisk - ok
23:51:56.0808 0x116c  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\windows\system32\cryptsvc.dll
23:51:56.0808 0x116c  CryptSvc - ok
23:51:56.0871 0x116c  [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt        C:\windows\system32\DRIVERS\CtClsFlt.sys
23:51:56.0871 0x116c  CtClsFlt - ok
23:51:56.0980 0x116c  [ FD557A50A65E44041CD2FCEF4BEB04DB ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:51:56.0995 0x116c  cvhsvc - ok
23:51:57.0042 0x116c  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
23:51:57.0058 0x116c  DcomLaunch - ok
23:51:57.0105 0x116c  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
23:51:57.0120 0x116c  defragsvc - ok
23:51:57.0183 0x116c  [ 2050309BAB03DFCEE455DBF913BF91B1 ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
23:51:57.0183 0x116c  DellDigitalDelivery - ok
23:51:57.0214 0x116c  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
23:51:57.0229 0x116c  DfsC - ok
23:51:57.0276 0x116c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
23:51:57.0276 0x116c  Dhcp - ok
23:51:57.0307 0x116c  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
23:51:57.0323 0x116c  discache - ok
23:51:57.0354 0x116c  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
23:51:57.0354 0x116c  Disk - ok
23:51:57.0385 0x116c  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
23:51:57.0401 0x116c  Dnscache - ok
23:51:57.0417 0x116c  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
23:51:57.0432 0x116c  dot3svc - ok
23:51:57.0448 0x116c  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
23:51:57.0448 0x116c  DPS - ok
23:51:57.0479 0x116c  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
23:51:57.0479 0x116c  drmkaud - ok
23:51:57.0526 0x116c  [ 0040A0132AAC1004E50055F8FBB14C08 ] dsNcAdpt        C:\windows\system32\DRIVERS\dsNcAdpt.sys
23:51:57.0541 0x116c  dsNcAdpt - ok
23:51:57.0619 0x116c  [ 299172F56F1ADA804473A3A523FFD84E ] dsNcService     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
23:51:57.0635 0x116c  dsNcService - ok
23:51:57.0682 0x116c  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
23:51:57.0697 0x116c  DXGKrnl - ok
23:51:57.0729 0x116c  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
23:51:57.0729 0x116c  EapHost - ok
23:51:57.0822 0x116c  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
23:51:57.0885 0x116c  ebdrv - ok
23:51:57.0931 0x116c  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
23:51:57.0931 0x116c  EFS - ok
23:51:57.0963 0x116c  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
23:51:57.0978 0x116c  ehRecvr - ok
23:51:58.0009 0x116c  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
23:51:58.0009 0x116c  ehSched - ok
23:51:58.0072 0x116c  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
23:51:58.0087 0x116c  elxstor - ok
23:51:58.0103 0x116c  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
23:51:58.0103 0x116c  ErrDev - ok
23:51:58.0134 0x116c  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
23:51:58.0150 0x116c  EventSystem - ok
23:51:58.0181 0x116c  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
23:51:58.0181 0x116c  exfat - ok
23:51:58.0197 0x116c  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
23:51:58.0212 0x116c  fastfat - ok
23:51:58.0259 0x116c  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
23:51:58.0259 0x116c  Fax - ok
23:51:58.0259 0x116c  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
23:51:58.0275 0x116c  fdc - ok
23:51:58.0290 0x116c  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
23:51:58.0306 0x116c  fdPHost - ok
23:51:58.0321 0x116c  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
23:51:58.0321 0x116c  FDResPub - ok
23:51:58.0337 0x116c  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
23:51:58.0337 0x116c  FileInfo - ok
23:51:58.0353 0x116c  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
23:51:58.0353 0x116c  Filetrace - ok
23:51:58.0384 0x116c  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
23:51:58.0384 0x116c  flpydisk - ok
23:51:58.0415 0x116c  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
23:51:58.0415 0x116c  FltMgr - ok
23:51:58.0477 0x116c  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
23:51:58.0493 0x116c  FontCache - ok
23:51:58.0540 0x116c  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:51:58.0540 0x116c  FontCache3.0.0.0 - ok
23:51:58.0571 0x116c  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
23:51:58.0571 0x116c  FsDepends - ok
23:51:58.0618 0x116c  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
23:51:58.0618 0x116c  Fs_Rec - ok
23:51:58.0680 0x116c  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
23:51:58.0680 0x116c  fvevol - ok
23:51:58.0711 0x116c  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
23:51:58.0711 0x116c  gagp30kx - ok
23:51:58.0758 0x116c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
23:51:58.0774 0x116c  gpsvc - ok
23:51:58.0836 0x116c  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:51:58.0836 0x116c  gusvc - ok
23:51:58.0867 0x116c  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
23:51:58.0867 0x116c  hcw85cir - ok
23:51:58.0899 0x116c  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
23:51:58.0899 0x116c  HdAudAddService - ok
23:51:58.0930 0x116c  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
23:51:58.0930 0x116c  HDAudBus - ok
23:51:58.0945 0x116c  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
23:51:58.0945 0x116c  HidBatt - ok
23:51:58.0961 0x116c  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
23:51:58.0961 0x116c  HidBth - ok
23:51:58.0961 0x116c  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
23:51:58.0977 0x116c  HidIr - ok
23:51:58.0992 0x116c  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
23:51:58.0992 0x116c  hidserv - ok
23:51:59.0023 0x116c  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
23:51:59.0023 0x116c  HidUsb - ok
23:51:59.0070 0x116c  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
23:51:59.0070 0x116c  hkmsvc - ok
23:51:59.0101 0x116c  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
23:51:59.0117 0x116c  HomeGroupListener - ok
23:51:59.0148 0x116c  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
23:51:59.0164 0x116c  HomeGroupProvider - ok
23:51:59.0179 0x116c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
23:51:59.0179 0x116c  HpSAMD - ok
23:51:59.0211 0x116c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
23:51:59.0226 0x116c  HTTP - ok
23:51:59.0242 0x116c  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
23:51:59.0242 0x116c  hwpolicy - ok
23:51:59.0273 0x116c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
23:51:59.0273 0x116c  i8042prt - ok
23:51:59.0320 0x116c  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
23:51:59.0320 0x116c  iaStor - ok
23:51:59.0398 0x116c  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:51:59.0398 0x116c  IAStorDataMgrSvc - ok
23:51:59.0429 0x116c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
23:51:59.0445 0x116c  iaStorV - ok
23:51:59.0491 0x116c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:51:59.0507 0x116c  idsvc - ok
23:51:59.0772 0x116c  [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
23:52:00.0006 0x116c  igfx - ok
23:52:00.0037 0x116c  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
23:52:00.0037 0x116c  iirsp - ok
23:52:00.0100 0x116c  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
23:52:00.0115 0x116c  IKEEXT - ok
23:52:00.0162 0x116c  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
23:52:00.0162 0x116c  IntcDAud - ok
23:52:00.0193 0x116c  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
23:52:00.0193 0x116c  intelide - ok
23:52:00.0240 0x116c  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
23:52:00.0240 0x116c  intelppm - ok
23:52:00.0303 0x116c  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
23:52:00.0303 0x116c  IPBusEnum - ok
23:52:00.0334 0x116c  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
23:52:00.0349 0x116c  IpFilterDriver - ok
23:52:00.0349 0x116c  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
23:52:00.0365 0x116c  IPMIDRV - ok
23:52:00.0365 0x116c  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
23:52:00.0381 0x116c  IPNAT - ok
23:52:00.0412 0x116c  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
23:52:00.0412 0x116c  IRENUM - ok
23:52:00.0427 0x116c  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
23:52:00.0427 0x116c  isapnp - ok
23:52:00.0459 0x116c  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
23:52:00.0459 0x116c  iScsiPrt - ok
23:52:00.0490 0x116c  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
23:52:00.0490 0x116c  kbdclass - ok
23:52:00.0490 0x116c  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
23:52:00.0490 0x116c  kbdhid - ok
23:52:00.0505 0x116c  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
23:52:00.0521 0x116c  KeyIso - ok
23:52:00.0537 0x116c  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
23:52:00.0537 0x116c  KSecDD - ok
23:52:00.0552 0x116c  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
23:52:00.0552 0x116c  KSecPkg - ok
23:52:00.0583 0x116c  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
23:52:00.0583 0x116c  ksthunk - ok
23:52:00.0630 0x116c  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
23:52:00.0646 0x116c  KtmRm - ok
23:52:00.0693 0x116c  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
23:52:00.0693 0x116c  LanmanServer - ok
23:52:00.0724 0x116c  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
23:52:00.0739 0x116c  LanmanWorkstation - ok
23:52:00.0786 0x116c  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
23:52:00.0786 0x116c  lltdio - ok
23:52:00.0817 0x116c  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
23:52:00.0833 0x116c  lltdsvc - ok
23:52:00.0849 0x116c  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
23:52:00.0849 0x116c  lmhosts - ok
23:52:00.0911 0x116c  [ 98B16E756243BEA9410E32025B19C06F ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:52:00.0911 0x116c  LMS - ok
23:52:00.0942 0x116c  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
23:52:00.0942 0x116c  LSI_FC - ok
23:52:00.0973 0x116c  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
23:52:00.0973 0x116c  LSI_SAS - ok
23:52:00.0989 0x116c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
23:52:00.0989 0x116c  LSI_SAS2 - ok
23:52:01.0005 0x116c  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
23:52:01.0005 0x116c  LSI_SCSI - ok
23:52:01.0036 0x116c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
23:52:01.0036 0x116c  luafv - ok
23:52:01.0098 0x116c  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
23:52:01.0098 0x116c  MBAMProtector - ok
23:52:01.0161 0x116c  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:52:01.0161 0x116c  MBAMScheduler - ok
23:52:01.0192 0x116c  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:52:01.0192 0x116c  MBAMService - ok
23:52:01.0223 0x116c  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
23:52:01.0239 0x116c  Mcx2Svc - ok
23:52:01.0254 0x116c  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
23:52:01.0254 0x116c  megasas - ok
23:52:01.0285 0x116c  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
23:52:01.0285 0x116c  MegaSR - ok
23:52:01.0317 0x116c  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
23:52:01.0317 0x116c  MEIx64 - ok
23:52:01.0348 0x116c  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
23:52:01.0363 0x116c  MMCSS - ok
23:52:01.0363 0x116c  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
23:52:01.0363 0x116c  Modem - ok
23:52:01.0395 0x116c  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
23:52:01.0395 0x116c  monitor - ok
23:52:01.0410 0x116c  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
23:52:01.0426 0x116c  mouclass - ok
23:52:01.0441 0x116c  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
23:52:01.0441 0x116c  mouhid - ok
23:52:01.0457 0x116c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
23:52:01.0457 0x116c  mountmgr - ok
23:52:01.0519 0x116c  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:52:01.0535 0x116c  MozillaMaintenance - ok
23:52:01.0551 0x116c  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
23:52:01.0566 0x116c  mpio - ok
23:52:01.0582 0x116c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
23:52:01.0582 0x116c  mpsdrv - ok
23:52:01.0582 0x116c  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
23:52:01.0582 0x116c  MRxDAV - ok
23:52:01.0613 0x116c  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
23:52:01.0613 0x116c  mrxsmb - ok
23:52:01.0644 0x116c  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
23:52:01.0644 0x116c  mrxsmb10 - ok
23:52:01.0675 0x116c  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
23:52:01.0675 0x116c  mrxsmb20 - ok
23:52:01.0707 0x116c  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
23:52:01.0707 0x116c  msahci - ok
23:52:01.0722 0x116c  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
23:52:01.0722 0x116c  msdsm - ok
23:52:01.0753 0x116c  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
23:52:01.0753 0x116c  MSDTC - ok
23:52:01.0769 0x116c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
23:52:01.0785 0x116c  Msfs - ok
23:52:01.0800 0x116c  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
23:52:01.0800 0x116c  mshidkmdf - ok
23:52:01.0831 0x116c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
23:52:01.0831 0x116c  msisadrv - ok
23:52:01.0863 0x116c  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
23:52:01.0878 0x116c  MSiSCSI - ok
23:52:01.0878 0x116c  msiserver - ok
23:52:01.0909 0x116c  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
23:52:01.0909 0x116c  MSKSSRV - ok
23:52:01.0909 0x116c  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
23:52:01.0909 0x116c  MSPCLOCK - ok
23:52:01.0925 0x116c  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
23:52:01.0925 0x116c  MSPQM - ok
23:52:01.0941 0x116c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
23:52:01.0956 0x116c  MsRPC - ok
23:52:01.0972 0x116c  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
23:52:01.0972 0x116c  mssmbios - ok
23:52:02.0003 0x116c  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
23:52:02.0003 0x116c  MSTEE - ok
23:52:02.0019 0x116c  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
23:52:02.0034 0x116c  MTConfig - ok
23:52:02.0065 0x116c  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
23:52:02.0065 0x116c  Mup - ok
23:52:02.0097 0x116c  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
23:52:02.0112 0x116c  napagent - ok
23:52:02.0159 0x116c  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
23:52:02.0175 0x116c  NativeWifiP - ok
23:52:02.0253 0x116c  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
23:52:02.0268 0x116c  NAUpdate - ok
23:52:02.0346 0x116c  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
23:52:02.0362 0x116c  NDIS - ok
23:52:02.0409 0x116c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
23:52:02.0409 0x116c  NdisCap - ok
23:52:02.0440 0x116c  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
23:52:02.0440 0x116c  NdisTapi - ok
23:52:02.0471 0x116c  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
23:52:02.0471 0x116c  Ndisuio - ok
23:52:02.0487 0x116c  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
23:52:02.0487 0x116c  NdisWan - ok
23:52:02.0502 0x116c  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
23:52:02.0502 0x116c  NDProxy - ok
23:52:02.0533 0x116c  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
23:52:02.0533 0x116c  NetBIOS - ok
23:52:02.0549 0x116c  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
23:52:02.0565 0x116c  NetBT - ok
23:52:02.0580 0x116c  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
23:52:02.0580 0x116c  Netlogon - ok
23:52:02.0611 0x116c  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
23:52:02.0611 0x116c  Netman - ok
23:52:02.0643 0x116c  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:52:02.0643 0x116c  NetMsmqActivator - ok
23:52:02.0658 0x116c  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:52:02.0674 0x116c  NetPipeActivator - ok
23:52:02.0689 0x116c  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
23:52:02.0689 0x116c  netprofm - ok
23:52:02.0689 0x116c  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:52:02.0689 0x116c  NetTcpActivator - ok
23:52:02.0705 0x116c  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:52:02.0705 0x116c  NetTcpPortSharing - ok
23:52:02.0721 0x116c  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
23:52:02.0736 0x116c  nfrd960 - ok
23:52:02.0767 0x116c  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
23:52:02.0783 0x116c  NlaSvc - ok
23:52:02.0939 0x116c  [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU            C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
23:52:02.0970 0x116c  NOBU - ok
23:52:02.0986 0x116c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
23:52:02.0986 0x116c  Npfs - ok
23:52:03.0001 0x116c  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
23:52:03.0001 0x116c  nsi - ok
23:52:03.0033 0x116c  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
23:52:03.0033 0x116c  nsiproxy - ok
23:52:03.0111 0x116c  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
23:52:03.0126 0x116c  Ntfs - ok
23:52:03.0142 0x116c  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
23:52:03.0142 0x116c  Null - ok
23:52:03.0173 0x116c  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
23:52:03.0173 0x116c  nvraid - ok
23:52:03.0189 0x116c  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
23:52:03.0204 0x116c  nvstor - ok
23:52:03.0220 0x116c  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
23:52:03.0220 0x116c  nv_agp - ok
23:52:03.0235 0x116c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
23:52:03.0235 0x116c  ohci1394 - ok
23:52:03.0282 0x116c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:52:03.0282 0x116c  ose - ok
23:52:03.0438 0x116c  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:52:03.0532 0x116c  osppsvc - ok
23:52:03.0579 0x116c  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
23:52:03.0579 0x116c  p2pimsvc - ok
23:52:03.0625 0x116c  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
23:52:03.0641 0x116c  p2psvc - ok
23:52:03.0657 0x116c  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
23:52:03.0672 0x116c  Parport - ok
23:52:03.0688 0x116c  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
23:52:03.0688 0x116c  partmgr - ok
23:52:03.0703 0x116c  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
23:52:03.0719 0x116c  pci - ok
23:52:03.0735 0x116c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
23:52:03.0735 0x116c  pciide - ok
23:52:03.0766 0x116c  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
23:52:03.0766 0x116c  pcmcia - ok
23:52:03.0797 0x116c  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
23:52:03.0797 0x116c  pcw - ok
23:52:03.0813 0x116c  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
23:52:03.0828 0x116c  PEAUTH - ok
23:52:03.0922 0x116c  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
23:52:03.0922 0x116c  PerfHost - ok
23:52:04.0000 0x116c  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
23:52:04.0015 0x116c  pla - ok
23:52:04.0062 0x116c  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
23:52:04.0062 0x116c  PlugPlay - ok
23:52:04.0093 0x116c  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
23:52:04.0109 0x116c  PNRPAutoReg - ok
23:52:04.0125 0x116c  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
23:52:04.0125 0x116c  PNRPsvc - ok
23:52:04.0140 0x116c  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\windows\system32\umpo.dll
23:52:04.0140 0x116c  Power - ok
23:52:04.0171 0x116c  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
23:52:04.0171 0x116c  PptpMiniport - ok
23:52:04.0203 0x116c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
23:52:04.0203 0x116c  Processor - ok
23:52:04.0234 0x116c  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
23:52:04.0234 0x116c  ProfSvc - ok
23:52:04.0265 0x116c  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
23:52:04.0265 0x116c  ProtectedStorage - ok
23:52:04.0296 0x116c  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
23:52:04.0296 0x116c  Psched - ok
23:52:04.0359 0x116c  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\windows\system32\Drivers\PxHlpa64.sys
23:52:04.0359 0x116c  PxHlpa64 - ok
23:52:04.0437 0x116c  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
23:52:04.0468 0x116c  ql2300 - ok
23:52:04.0468 0x116c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
23:52:04.0468 0x116c  ql40xx - ok
23:52:04.0483 0x116c  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
23:52:04.0499 0x116c  QWAVE - ok
23:52:04.0515 0x116c  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
23:52:04.0530 0x116c  QWAVEdrv - ok
23:52:04.0546 0x116c  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
23:52:04.0546 0x116c  RasAcd - ok
23:52:04.0593 0x116c  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
23:52:04.0593 0x116c  RasAgileVpn - ok
23:52:04.0608 0x116c  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
23:52:04.0608 0x116c  RasAuto - ok
23:52:04.0624 0x116c  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
23:52:04.0624 0x116c  Rasl2tp - ok
23:52:04.0655 0x116c  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
23:52:04.0671 0x116c  RasMan - ok
23:52:04.0686 0x116c  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
23:52:04.0686 0x116c  RasPppoe - ok
23:52:04.0702 0x116c  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
23:52:04.0717 0x116c  RasSstp - ok
23:52:04.0717 0x116c  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
23:52:04.0733 0x116c  rdbss - ok
23:52:04.0749 0x116c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
23:52:04.0749 0x116c  rdpbus - ok
23:52:04.0764 0x116c  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
23:52:04.0764 0x116c  RDPCDD - ok
23:52:04.0795 0x116c  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
23:52:04.0795 0x116c  RDPENCDD - ok
23:52:04.0811 0x116c  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
23:52:04.0811 0x116c  RDPREFMP - ok
23:52:04.0842 0x116c  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
23:52:04.0858 0x116c  RDPWD - ok
23:52:04.0873 0x116c  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
23:52:04.0889 0x116c  rdyboost - ok
23:52:04.0920 0x116c  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
23:52:04.0936 0x116c  RemoteRegistry - ok
23:52:04.0967 0x116c  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
23:52:04.0967 0x116c  RFCOMM - ok
23:52:05.0092 0x116c  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:52:05.0107 0x116c  RoxMediaDB12OEM - ok
23:52:05.0139 0x116c  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:52:05.0139 0x116c  RoxWatch12 - ok
23:52:05.0170 0x116c  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
23:52:05.0185 0x116c  RpcEptMapper - ok
23:52:05.0217 0x116c  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
23:52:05.0232 0x116c  RpcLocator - ok
23:52:05.0263 0x116c  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
23:52:05.0279 0x116c  RpcSs - ok
23:52:05.0310 0x116c  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
23:52:05.0310 0x116c  rspndr - ok
23:52:05.0357 0x116c  [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
23:52:05.0357 0x116c  RSUSBSTOR - ok
23:52:05.0388 0x116c  [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
23:52:05.0404 0x116c  RTL8167 - ok
23:52:05.0419 0x116c  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
23:52:05.0419 0x116c  SamSs - ok
23:52:05.0435 0x116c  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
23:52:05.0435 0x116c  sbp2port - ok
23:52:05.0482 0x116c  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
23:52:05.0497 0x116c  SCardSvr - ok
23:52:05.0513 0x116c  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
23:52:05.0513 0x116c  scfilter - ok
23:52:05.0560 0x116c  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
23:52:05.0575 0x116c  Schedule - ok
23:52:05.0607 0x116c  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
23:52:05.0607 0x116c  SCPolicySvc - ok
23:52:05.0653 0x116c  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
23:52:05.0653 0x116c  SDRSVC - ok
23:52:05.0700 0x116c  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
23:52:05.0700 0x116c  secdrv - ok
23:52:05.0716 0x116c  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
23:52:05.0716 0x116c  seclogon - ok
23:52:05.0731 0x116c  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
23:52:05.0747 0x116c  SENS - ok
23:52:05.0778 0x116c  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
23:52:05.0778 0x116c  SensrSvc - ok
23:52:05.0809 0x116c  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
23:52:05.0809 0x116c  Serenum - ok
23:52:05.0825 0x116c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
23:52:05.0825 0x116c  Serial - ok
23:52:05.0841 0x116c  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
23:52:05.0856 0x116c  sermouse - ok
23:52:05.0887 0x116c  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
23:52:05.0887 0x116c  SessionEnv - ok
23:52:05.0887 0x116c  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
23:52:05.0887 0x116c  sffdisk - ok
23:52:05.0887 0x116c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
23:52:05.0903 0x116c  sffp_mmc - ok
23:52:05.0903 0x116c  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
23:52:05.0903 0x116c  sffp_sd - ok
23:52:05.0903 0x116c  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
23:52:05.0903 0x116c  sfloppy - ok
23:52:05.0965 0x116c  [ 2046AA7491DE7EFA4D70E615D9BC9D09 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
23:52:05.0981 0x116c  Sftfs - ok
23:52:06.0059 0x116c  [ 77C5A741A7452812F278EF2C18478862 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:52:06.0059 0x116c  sftlist - ok
23:52:06.0121 0x116c  [ 0E0446BC4D51BE4263ACB7E33491191C ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
23:52:06.0121 0x116c  Sftplay - ok
23:52:06.0153 0x116c  [ C5FB982CD266E604ED3142102C26D62C ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
23:52:06.0153 0x116c  Sftredir - ok
23:52:06.0199 0x116c  [ E1974A92AC0914A3859359A0A8C82C68 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
23:52:06.0215 0x116c  SftService - ok
23:52:06.0231 0x116c  [ 2575511AF67AA1FA068CCC4918E2C2A3 ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
23:52:06.0246 0x116c  Sftvol - ok
23:52:06.0277 0x116c  [ 39B1D0A636A400304565D4521FAD6D77 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:52:06.0277 0x116c  sftvsa - ok
23:52:06.0324 0x116c  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
23:52:06.0324 0x116c  ShellHWDetection - ok
23:52:06.0355 0x116c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
23:52:06.0355 0x116c  SiSRaid2 - ok
23:52:06.0371 0x116c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
23:52:06.0371 0x116c  SiSRaid4 - ok
23:52:06.0527 0x116c  [ 73E3B5D1F1EB5FDC51A5C3437EEE3348 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:52:06.0543 0x116c  Skype C2C Service - ok
23:52:06.0636 0x116c  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:52:06.0652 0x116c  SkypeUpdate - ok
23:52:06.0667 0x116c  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
23:52:06.0683 0x116c  Smb - ok
23:52:06.0730 0x116c  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
23:52:06.0730 0x116c  SNMPTRAP - ok
23:52:06.0761 0x116c  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
23:52:06.0761 0x116c  spldr - ok
23:52:06.0808 0x116c  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
23:52:06.0823 0x116c  Spooler - ok
23:52:06.0917 0x116c  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
23:52:06.0933 0x116c  sppsvc - ok
23:52:06.0948 0x116c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
23:52:06.0948 0x116c  sppuinotify - ok
23:52:06.0995 0x116c  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
23:52:06.0995 0x116c  srv - ok
23:52:07.0026 0x116c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
23:52:07.0026 0x116c  srv2 - ok
23:52:07.0042 0x116c  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
23:52:07.0042 0x116c  srvnet - ok
23:52:07.0089 0x116c  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
23:52:07.0089 0x116c  SSDPSRV - ok
23:52:07.0120 0x116c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
23:52:07.0120 0x116c  SstpSvc - ok
23:52:07.0213 0x116c  [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
23:52:07.0229 0x116c  STacSV - ok
23:52:07.0245 0x116c  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
23:52:07.0245 0x116c  stexstor - ok
23:52:07.0291 0x116c  [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA           C:\windows\system32\DRIVERS\stwrt64.sys
23:52:07.0307 0x116c  STHDA - ok
23:52:07.0338 0x116c  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
23:52:07.0369 0x116c  stisvc - ok
23:52:07.0401 0x116c  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:52:07.0416 0x116c  stllssvr - ok
23:52:07.0432 0x116c  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
23:52:07.0432 0x116c  swenum - ok
23:52:07.0479 0x116c  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
23:52:07.0510 0x116c  swprv - ok
23:52:07.0557 0x116c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
23:52:07.0588 0x116c  SysMain - ok
23:52:07.0619 0x116c  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
23:52:07.0619 0x116c  TabletInputService - ok
23:52:07.0650 0x116c  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
23:52:07.0650 0x116c  TapiSrv - ok
23:52:07.0666 0x116c  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
23:52:07.0666 0x116c  TBS - ok
23:52:07.0775 0x116c  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
23:52:07.0791 0x116c  Tcpip - ok
23:52:07.0837 0x116c  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
23:52:07.0837 0x116c  TCPIP6 - ok
23:52:07.0869 0x116c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
23:52:07.0869 0x116c  tcpipreg - ok
23:52:07.0915 0x116c  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
23:52:07.0915 0x116c  TDPIPE - ok
23:52:07.0947 0x116c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
23:52:07.0947 0x116c  TDTCP - ok
23:52:07.0978 0x116c  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
23:52:07.0978 0x116c  tdx - ok
23:52:08.0009 0x116c  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
23:52:08.0009 0x116c  TermDD - ok
23:52:08.0040 0x116c  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
23:52:08.0040 0x116c  TermService - ok
23:52:08.0056 0x116c  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
23:52:08.0071 0x116c  Themes - ok
23:52:08.0103 0x116c  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
23:52:08.0103 0x116c  THREADORDER - ok
23:52:08.0118 0x116c  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
23:52:08.0118 0x116c  TrkWks - ok
23:52:08.0181 0x116c  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
23:52:08.0181 0x116c  TrustedInstaller - ok
23:52:08.0227 0x116c  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
23:52:08.0227 0x116c  tssecsrv - ok
23:52:08.0259 0x116c  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
23:52:08.0259 0x116c  TsUsbFlt - ok
23:52:08.0290 0x116c  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
23:52:08.0290 0x116c  TsUsbGD - ok
23:52:08.0321 0x116c  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
23:52:08.0321 0x116c  tunnel - ok
23:52:08.0337 0x116c  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
23:52:08.0337 0x116c  uagp35 - ok
23:52:08.0352 0x116c  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
23:52:08.0352 0x116c  udfs - ok
23:52:08.0399 0x116c  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
23:52:08.0399 0x116c  UI0Detect - ok
23:52:08.0430 0x116c  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
23:52:08.0430 0x116c  uliagpkx - ok
23:52:08.0446 0x116c  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
23:52:08.0446 0x116c  umbus - ok
23:52:08.0461 0x116c  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
23:52:08.0461 0x116c  UmPass - ok
23:52:08.0602 0x116c  [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:52:08.0617 0x116c  UNS - ok
23:52:08.0649 0x116c  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
23:52:08.0649 0x116c  upnphost - ok
23:52:08.0680 0x116c  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
23:52:08.0680 0x116c  usbccgp - ok
23:52:08.0711 0x116c  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
23:52:08.0727 0x116c  usbcir - ok
23:52:08.0742 0x116c  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
23:52:08.0742 0x116c  usbehci - ok
23:52:08.0789 0x116c  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
23:52:08.0805 0x116c  usbhub - ok
23:52:08.0820 0x116c  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
23:52:08.0820 0x116c  usbohci - ok
23:52:08.0836 0x116c  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys
23:52:08.0836 0x116c  usbprint - ok
23:52:08.0851 0x116c  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
23:52:08.0867 0x116c  USBSTOR - ok
23:52:08.0867 0x116c  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
23:52:08.0867 0x116c  usbuhci - ok
23:52:08.0914 0x116c  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
23:52:08.0914 0x116c  usbvideo - ok
23:52:08.0961 0x116c  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
23:52:08.0976 0x116c  UxSms - ok
23:52:08.0992 0x116c  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
23:52:08.0992 0x116c  VaultSvc - ok
23:52:09.0007 0x116c  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
23:52:09.0007 0x116c  vdrvroot - ok
23:52:09.0039 0x116c  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
23:52:09.0039 0x116c  vds - ok
23:52:09.0070 0x116c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
23:52:09.0070 0x116c  vga - ok
23:52:09.0085 0x116c  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
23:52:09.0101 0x116c  VgaSave - ok
23:52:09.0117 0x116c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
23:52:09.0117 0x116c  vhdmp - ok
23:52:09.0148 0x116c  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
23:52:09.0148 0x116c  viaide - ok
23:52:09.0179 0x116c  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
23:52:09.0179 0x116c  volmgr - ok
23:52:09.0195 0x116c  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
23:52:09.0210 0x116c  volmgrx - ok
23:52:09.0210 0x116c  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys
23:52:09.0226 0x116c  volsnap - ok
23:52:09.0257 0x116c  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
23:52:09.0257 0x116c  vsmraid - ok
23:52:09.0335 0x116c  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
23:52:09.0351 0x116c  VSS - ok
23:52:09.0382 0x116c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
23:52:09.0382 0x116c  vwifibus - ok
23:52:09.0413 0x116c  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
23:52:09.0413 0x116c  vwififlt - ok
23:52:09.0460 0x116c  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
23:52:09.0475 0x116c  W32Time - ok
23:52:09.0491 0x116c  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
23:52:09.0491 0x116c  WacomPen - ok
23:52:09.0522 0x116c  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
23:52:09.0522 0x116c  WANARP - ok
23:52:09.0538 0x116c  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
23:52:09.0538 0x116c  Wanarpv6 - ok
23:52:09.0616 0x116c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
23:52:09.0631 0x116c  WatAdminSvc - ok
23:52:09.0709 0x116c  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
23:52:09.0725 0x116c  wbengine - ok
23:52:09.0741 0x116c  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
23:52:09.0756 0x116c  WbioSrvc - ok
23:52:09.0772 0x116c  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
23:52:09.0787 0x116c  wcncsvc - ok
23:52:09.0819 0x116c  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
23:52:09.0819 0x116c  WcsPlugInService - ok
23:52:09.0850 0x116c  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
23:52:09.0850 0x116c  Wd - ok
23:52:09.0897 0x116c  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
23:52:09.0912 0x116c  Wdf01000 - ok
23:52:09.0943 0x116c  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
23:52:09.0943 0x116c  WdiServiceHost - ok
23:52:09.0943 0x116c  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
23:52:09.0943 0x116c  WdiSystemHost - ok
23:52:09.0990 0x116c  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
23:52:10.0006 0x116c  WebClient - ok
23:52:10.0021 0x116c  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
23:52:10.0053 0x116c  Wecsvc - ok
23:52:10.0068 0x116c  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
23:52:10.0068 0x116c  wercplsupport - ok
23:52:10.0099 0x116c  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
23:52:10.0115 0x116c  WerSvc - ok
23:52:10.0146 0x116c  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
23:52:10.0146 0x116c  WfpLwf - ok
23:52:10.0193 0x116c  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\windows\system32\DRIVERS\wimfltr.sys
23:52:10.0209 0x116c  WimFltr - ok
23:52:10.0240 0x116c  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
23:52:10.0240 0x116c  WIMMount - ok
23:52:10.0271 0x116c  WinHttpAutoProxySvc - ok
23:52:10.0318 0x116c  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
23:52:10.0333 0x116c  Winmgmt - ok
23:52:10.0411 0x116c  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
23:52:10.0443 0x116c  WinRM - ok
23:52:10.0505 0x116c  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
23:52:10.0505 0x116c  WinUsb - ok
23:52:10.0552 0x116c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
23:52:10.0583 0x116c  Wlansvc - ok
23:52:10.0630 0x116c  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:52:10.0630 0x116c  wlcrasvc - ok
23:52:10.0708 0x116c  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:52:10.0723 0x116c  wlidsvc - ok
23:52:10.0770 0x116c  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
23:52:10.0770 0x116c  WmiAcpi - ok
23:52:10.0833 0x116c  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
23:52:10.0848 0x116c  wmiApSrv - ok
23:52:10.0911 0x116c  WMPNetworkSvc - ok
23:52:10.0942 0x116c  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
23:52:10.0942 0x116c  WPCSvc - ok
23:52:10.0957 0x116c  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
23:52:10.0973 0x116c  WPDBusEnum - ok
23:52:10.0989 0x116c  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
23:52:11.0004 0x116c  ws2ifsl - ok
23:52:11.0004 0x116c  WSearch - ok
23:52:11.0035 0x116c  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
23:52:11.0035 0x116c  WudfPf - ok
23:52:11.0082 0x116c  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
23:52:11.0082 0x116c  WUDFRd - ok
23:52:11.0098 0x116c  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
23:52:11.0098 0x116c  wudfsvc - ok
23:52:11.0145 0x116c  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
23:52:11.0145 0x116c  WwanSvc - ok
23:52:11.0223 0x116c  etadpug ( Rootkit.Win32.PMax.gen ) - infected
23:52:11.0223 0x116c  etadpug - detected Rootkit.Win32.PMax.gen (0)
23:52:11.0223 0x116c  ================ Scan global ===============================
23:52:11.0254 0x116c  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
23:52:11.0316 0x116c  [ 88EDD0B34EED542745931E581AD21A32 ] C:\windows\system32\winsrv.dll
23:52:11.0332 0x116c  [ 88EDD0B34EED542745931E581AD21A32 ] C:\windows\system32\winsrv.dll
23:52:11.0347 0x116c  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
23:52:11.0394 0x116c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
23:52:11.0394 0x116c  [Global] - ok
23:52:11.0394 0x116c  ================ Scan MBR ==================================
23:52:11.0410 0x116c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:52:11.0597 0x116c  \Device\Harddisk0\DR0 - ok
23:52:11.0597 0x116c  ================ Scan VBR ==================================
23:52:11.0597 0x116c  [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
23:52:11.0597 0x116c  \Device\Harddisk0\DR0\Partition1 - ok
23:52:11.0613 0x116c  [ 2A54B23487CFB982C16606B54CEB95F0 ] \Device\Harddisk0\DR0\Partition2
23:52:11.0613 0x116c  \Device\Harddisk0\DR0\Partition2 - ok
23:52:11.0613 0x116c  ============================================================
23:52:11.0613 0x116c  Scan finished
23:52:11.0613 0x116c  ============================================================
23:52:11.0628 0x0adc  Detected object count: 1
23:52:11.0628 0x0adc  Actual detected object count: 1
23:52:48.0959 0x0adc  HKLM\SYSTEM\ControlSet001\services\etadpug - will be deleted on reboot
23:52:49.0006 0x0adc  HKLM\SYSTEM\ControlSet002\services\etadpug - will be deleted on reboot
23:52:49.0209 0x0adc  C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\GoogleUpdate.exe - will be deleted on reboot
23:52:49.0209 0x0adc  etadpug ( Rootkit.Win32.PMax.gen ) - User select action: Delete
23:52:58.0225 0x0aac  Deinitialize success
 

 

3) ESET Scan log:

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
 

 

4) aswMBR log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-27 01:26:33
-----------------------------
01:26:33.037    OS Version: Windows x64 6.1.7601 Service Pack 1
01:26:33.037    Number of processors: 4 586 0x2A07
01:26:33.037    ComputerName: NISHA-PC  UserName: Nisha
01:26:34.815    Initialize success
01:26:36.110    AVAST engine defs: 13092602
01:27:03.145    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:27:03.160    Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 3
01:27:03.348    Disk 0 MBR read successfully
01:27:03.348    Disk 0 MBR scan
01:27:03.363    Disk 0 Windows 7 default MBR code
01:27:03.379    Disk 0 Partition 1 00     DE Dell Utility DELL 8.0      100 MB offset 2048
01:27:03.394    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 206848
01:27:03.410    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461824 MB offset 30926848
01:27:03.457    Disk 0 scanning C:\windows\system32\drivers
01:27:15.141    Service scanning
01:27:36.186    Modules scanning
01:27:36.201    Disk 0 trace - called modules:
01:27:36.217    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
01:27:36.763    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800439b060]
01:27:36.763    3 CLASSPNP.SYS[fffff88001b6243f] -> nt!IofCallDriver -> [0xfffffa80040c3e40]
01:27:36.779    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040c7050]
01:27:37.871    AVAST engine scan C:\windows
01:27:40.476    AVAST engine scan C:\windows\system32
01:29:06.416    File: C:\windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
01:29:08.054    File: C:\windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
01:29:48.895    AVAST engine scan C:\windows\system32\drivers
01:29:59.129    AVAST engine scan C:\Users\Nisha
01:36:30.623    Disk 0 MBR has been saved successfully to "C:\Users\Nisha\Desktop\Virus removal\26s13_1\MBR.dat"
01:36:30.638    The log file has been saved successfully to "C:\Users\Nisha\Desktop\Virus removal\26s13_1\aswMBRlog.txt"

 

Thank you.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:13 AM

Posted 27 September 2013 - 02:01 PM

You're welcome.. Fix the Winsock
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process
 
 
Re-Run aswMBR
  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix. Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 hailog

hailog
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 27 September 2013 - 07:06 PM

Hi boopme - I executed all the steps as requested. After clicking FixMBR, I didn't receive the message "Infection fixed successfully". Instead, I see the message "Disk 0 601 MBR fixed successfully". Is that the same? Please advise what I should do next?

 

Thank you.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:13 AM

Posted 27 September 2013 - 07:47 PM

OK, that should be good.

Now these are outdated and exploitable.
In Control Panel // Uninstall ....remove
Adobe Reader X (10.1.8) MUI (Version: 10.1.8)
Java 7 Update 10 (Version: 7.0.100)
Java™ 7 Update 1 (64-bit) (Version: 7.0.10)

Reboot
 
 
ADW Cleaner
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
Install
Adobe Reader XI
Un check ,,
Optional offer:


Yes, install Google Chrome as my


 
Java Version 7 Update 40

Edited by boopme, 27 September 2013 - 09:25 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 hailog

hailog
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 27 September 2013 - 09:16 PM

Hi boopme.

 

Here is the aswMBR log from your previous request. I ran the aswMBR scan again after the FIXMBR action. But the same infections still showed up. Not sure if that's expected or of this scan + FIXMBR was supposed to remove it.

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-27 19:40:06
-----------------------------
19:40:06.463    OS Version: Windows x64 6.1.7601 Service Pack 1
19:40:06.463    Number of processors: 4 586 0x2A07
19:40:06.463    ComputerName: NISHA-PC  UserName: Nisha
19:40:07.181    Initialize success
19:40:07.290    AVAST engine defs: 13092702
19:40:10.160    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:40:10.176    Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 3
19:40:10.348    Disk 0 MBR read successfully
19:40:10.348    Disk 0 MBR scan
19:40:10.363    Disk 0 Windows 7 default MBR code
19:40:10.379    Disk 0 Partition 1 00     DE Dell Utility DELL 8.0      100 MB offset 2048
19:40:10.379    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 206848
19:40:10.410    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461824 MB offset 30926848
19:40:10.504    Disk 0 scanning C:\windows\system32\drivers
19:40:19.770    Service scanning
19:40:38.724    Modules scanning
19:40:38.740    Disk 0 trace - called modules:
19:40:38.771    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:40:39.286    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045f6060]
19:40:39.286    3 CLASSPNP.SYS[fffff88000dc943f] -> nt!IofCallDriver -> [0xfffffa80040d0b20]
19:40:39.301    5 ACPI.sys[fffff88000fa77a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040d6050]
19:40:39.988    AVAST engine scan C:\windows
19:40:43.311    AVAST engine scan C:\windows\system32
19:42:24.631    File: C:\windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
19:42:26.145    File: C:\windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
19:43:07.282    AVAST engine scan C:\windows\system32\drivers
19:43:16.860    AVAST engine scan C:\Users\Nisha
19:43:17.703    File: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\???\???\???\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@  **INFECTED** Win32:Malware-gen
19:58:41.443    AVAST engine scan C:\ProgramData
19:59:53.452    Scan finished successfully
20:01:56.365    Disk 0 MBR has been saved successfully to "C:\Users\Nisha\Desktop\Virus removal\26s13_1\MBR.dat"
20:01:56.365    The log file has been saved successfully to "C:\Users\Nisha\Desktop\Virus removal\26s13_1\aswMBRlog2.txt"
20:02:24.977    Verifying
20:02:35.039    Disk 0 Windows 601 MBR fixed successfully
20:51:32.946    Disk 0 MBR has been saved successfully to "C:\Users\Nisha\Desktop\Virus removal\26s13_1\MBR.dat"
20:51:32.961    The log file has been saved successfully to "C:\Users\Nisha\Desktop\Virus removal\26s13_1\aswMBRlog3.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-27 20:54:17
-----------------------------
20:54:17.856    OS Version: Windows x64 6.1.7601 Service Pack 1
20:54:17.856    Number of processors: 4 586 0x2A07
20:54:17.856    ComputerName: NISHA-PC  UserName: Nisha
20:54:18.995    Initialize success
20:54:19.136    AVAST engine defs: 13092702
20:54:25.391    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:54:25.407    Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 3
20:54:25.594    Disk 0 MBR read successfully
20:54:25.610    Disk 0 MBR scan
20:54:25.625    Disk 0 Windows 7 default MBR code
20:54:25.641    Disk 0 Partition 1 00     DE Dell Utility DELL 8.0      100 MB offset 2048
20:54:25.672    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 206848
20:54:25.797    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461824 MB offset 30926848
20:54:26.000    Disk 0 scanning C:\windows\system32\drivers
20:54:42.115    Service scanning
20:55:07.621    Modules scanning
20:55:07.636    Disk 0 trace - called modules:
20:55:07.667    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:55:07.730    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004392060]
20:55:07.730    3 CLASSPNP.SYS[fffff8800105143f] -> nt!IofCallDriver -> [0xfffffa80040f0670]
20:55:07.745    5 ACPI.sys[fffff88000f637a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040f4050]
20:55:08.557    AVAST engine scan C:\windows
20:55:11.255    AVAST engine scan C:\windows\system32
20:56:47.008    File: C:\windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
20:56:48.553    File: C:\windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
20:57:28.224    AVAST engine scan C:\windows\system32\drivers
20:57:37.537    AVAST engine scan C:\Users\Nisha
20:57:38.426    File: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\???\???\???\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@  **INFECTED** Win32:Malware-gen
21:14:20.073    AVAST engine scan C:\ProgramData
21:15:31.209    Scan finished successfully
21:15:47.005    Verifying
21:15:57.062    Disk 0 Windows 601 MBR fixed successfully
21:16:09.760    Disk 0 MBR has been saved successfully to "C:\Users\Nisha\Desktop\Virus removal\26s13_1\MBR.dat"
21:16:09.807    The log file has been saved successfully to "C:\Users\Nisha\Desktop\Virus removal\26s13_1\aswMBRlog3.txt"

Following your instructions from above post, I successfully uninstalled the adobe and java programs. However, I have some clarifications regarding your other two requests from above post:

 

1) Adwcleaner: Is some step missing in between below two? I double clicked the .exe file and I don't see any 'Delete' button. I only see 'Scan'. After I scan, the 'Clean' button becomes enabled. However, there is nothing listed and I don't know what to/how to perform this 'Delete'

  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.

2) TFC: From the requested steps below, I am not sure what the "install your game" means?

  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
  • Install your game.

 

Can you please clarify?

 

Thank you.

 



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:13 AM

Posted 27 September 2013 - 09:23 PM

Looks like its another.
EDIT.. The game line as in error..

That was an odd occurrence with ADWcleaner.. Try
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .
    .
  • Download Malwarebytes Anti-Rootkit from HERE to your Desktop.
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • DO NOT click on the Cleanup button. Simply exit the program.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
    .
    .
    ..
    .Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

Edited by boopme, 27 September 2013 - 09:28 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 hailog

hailog
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 27 September 2013 - 09:57 PM

Here are the requested logs. Thank you!

 

(1A) mbar-log-xxxx.txt

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nisha :: NISHA-PC [administrator]

27/09/2013 10:33:36 PM
mbar-log-2013-09-27 (22-33-36).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 226365
Time elapsed: 10 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 14
C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙ (Trojan.0Access) -> No action taken.
C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> No action taken.
C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛ (Trojan.0Access) -> No action taken.
C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} (Trojan.0Access) -> No action taken.
C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L (Trojan.0Access) -> No action taken.
C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U (Trojan.0Access) -> No action taken.
C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\    (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \... (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛ (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\l (Trojan.0Access) -> No action taken.
c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\u (Trojan.0Access) -> No action taken.
C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} (Trojan.0Access) -> No action taken.

Files Detected: 10
C:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> No action taken.
C:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> No action taken.
C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ (Trojan.0Access) -> No action taken.
C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ (Trojan.0Access) -> No action taken.
C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\76603ac3 (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ (Trojan.0Access) -> No action taken.
c:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ (Trojan.0Access) -> No action taken.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

(1B) system-log.txt

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4198785024, free: 2652372992

Downloaded database version: v2013.09.28.01
Downloaded database version: v2013.09.23.01
=======================================
Initializing...
------------ Kernel report ------------
     09/27/2013 22:33:32
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\aswKbd.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\btath_bus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btath_rcp.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\system32\DRIVERS\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\aswMonFlt.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ole32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\imagehlp.dll
\Windows\System32\msctf.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\wininet.dll
\Windows\System32\oleaut32.dll
\Windows\System32\sechost.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80046f5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80040cf050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80046f5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80043239d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80046f5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80040cbe40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80040cf050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2F0A1E11

Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848  Numsec = 30720000
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 30926848  Numsec = 945815600

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: C:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]
Infected: C:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]
Infected: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} --> [Trojan.0Access]
Infected: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ --> [Trojan.0Access]
Infected: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L --> [Trojan.0Access]
Infected: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U --> [Trojan.0Access]
Infected: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ --> [Trojan.0Access]
Infected: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ --> [Trojan.0Access]
Infected: C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\    --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\l --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\76603ac3 --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\u --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ --> [Trojan.0Access]
Infected: C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} --> [Trojan.0Access]
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_206848_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 

2) rKill.txt log

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/27/2013 10:47:17 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ [ZA Dir]
     * C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ [ZA Dir]
     * C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\ [ZA Dir]
     * C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
     * C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
     * C:\Users\Nisha\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ [ZA Dir]
     * C:\windows\assembly\GAC_32\Desktop.ini [ZA File]
     * C:\windows\assembly\GAC_64\Desktop.ini [ZA File]

 * ALERT: ZEROACCESS Reparse Point/Junction found!

     * C:\Program Files\Windows Defender\en-US => c:\windows\system32\config\ [Dir]
     * C:\Program Files\Windows Defender\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpClient.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpCommu.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpOAV.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpRTP.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MpSvc.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MSASCui.exe => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\Program Files\Windows Defender\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea\MpEvMsg.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpOAV.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpRTP.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MSASCui.exe => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpClient.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpCommu.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpOAV.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpRTP.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MSASCui.exe => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MsMpRes.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpAsDesc.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpCmdRun.exe => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpOAV.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpRTP.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MSASCui.exe => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpCom.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpLics.dll => c:\windows\system32\config [File]
     * C:\windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MsMpRes.dll => c:\windows\system32\config [File]

Checking Windows Service Integrity:

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * BITS [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * PcaSvc [Missing Service]
 * PolicyAgent [Missing Service]
 * RemoteAccess [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 * wuauserv [Missing Service]

 * SharedAccess [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 09/27/2013 10:48:22 PM
Execution time: 0 hours(s), 1 minute(s), and 5 seconds(s)
 



#10 hailog

hailog
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 27 September 2013 - 10:03 PM

Just noticed your revised instructions re: Adwcleaner. I followed it and here is the log results for that one as well. Thank you!

 

# AdwCleaner v3.005 - Report created 27/09/2013 at 22:59:41
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nisha - NISHA-PC
# Running from : C:\Users\Nisha\Desktop\Virus removal\26s13_1\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Nisha\AppData\Roaming\Mozilla\Firefox\Profiles\e57rqc5r.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1501 octets] - [27/09/2013 21:28:33]
AdwCleaner[R1].txt - [1561 octets] - [27/09/2013 21:41:12]
AdwCleaner[R2].txt - [1621 octets] - [27/09/2013 22:59:08]
AdwCleaner[S0].txt - [1544 octets] - [27/09/2013 22:59:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1604 octets] ##########
 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:13 AM

Posted 27 September 2013 - 10:09 PM

Excellent!

Ok

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall

You're welcome
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 hailog

hailog
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 28 September 2013 - 06:36 AM

Hi boopme,

 

I ran the mbar scan and rkill again. Still getting the same results as posted above. Also, Rkill doesn't prompt me to rebook after generating the log. Domn't know if I am doing something wrong. Please help.

 

Thank you!



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:13 AM

Posted 01 October 2013 - 09:16 AM

OK, sorry but w had an emergency.. If you still have the Rootkit .. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 hailog

hailog
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 06 October 2013 - 10:39 PM

Thank you boopme. As requested, I have posted a new topic in the other forum. Appreciate your help!



#15 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:11:13 PM

Posted 06 October 2013 - 11:08 PM

Now that you have posted in MRL and are receiving help there this topic is closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users