Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware - Trojan Horse Win32:Sirefef found in system

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 14th, 2013, 9:56 am

There have been a file run on our family computer to "update codex", and guess what... :shock: :? :roll:

I think i have found the file by running it on https://www.virustotal.com
Result: BackDoor.HydraLoader.origin / Win32.Troj.Undef.(kcloud) / TROJ_GEN.F47V0501


And my virus program (Avast freeware) are showing information that files are being blocked
Seems to be c:\Windows\System32\services.exe that is the big problem as it cant be removed, and i think it might cause the other warnings as well
(Trojan: Win32:Sirefef-ZT[Trj])



Here are the requested data



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by Johan at 15:52:33 on 2013-06-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1033.18.16337.12009 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\MSI\OTPService\OTPService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe
C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\QPAD\QPAD MK-85 Gaming Keyboard Software\HID.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
D:\Program\Spyder3Express\Spyder3Express\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe"
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -update plugin
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ione] C:\Program Files (x86)\QPAD\QPAD MK-85 Gaming Keyboard Software\HID.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - D:\Program\Spyder3Express\Spyder3Express\Utility\Spyder3Utility.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 8.8.8.8 192.168.0.1 195.67.199.24
TCP: Interfaces\{3CEBF187-6429-4DA0-B127-7F61A891F08D} : DHCPNameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{8DCAF5A5-151F-4B80-B037-F8BE8C5EE4C6} : DHCPNameServer = 8.8.8.8 192.168.0.1 195.67.199.24
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
x64-Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Device Center\ipoint.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\173a9p2n.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dll
FF - plugin: C:\Users\Johan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\173a9p2n.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-21 10:37; {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}; C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\173a9p2n.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 189936]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-14 16152]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-22 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-22 378432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-6 235520]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-22 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-22 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-31 46808]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-14 189608]
R2 MSI_OTPService;MSI_OTPService;C:\Program Files (x86)\MSI\OTPService\OTPService.exe [2012-8-14 252432]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 I1KBFLTR;Gaming Keyboard;C:\Windows\System32\drivers\I1KBFLTR.sys [2012-6-11 29440]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-14 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-14 787736]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-8-14 32344]
R3 NTIOLib_1_0_T;NTIOLib_1_0_T;C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys [2012-8-14 14136]
R3 SaiK0CD7;SaiK0CD7;C:\Windows\System32\drivers\SaiK0CD7.sys [2012-9-20 180544]
R3 SaiU0CD7;SaiU0CD7;C:\Windows\System32\drivers\SaiU0CD7.sys [2012-9-20 47168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-8-14 160256]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-5-11 1103392]
S3 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-5-11 1369624]
S3 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-5-11 168384]
S3 Spyder3;Datacolor Spyder3;C:\Windows\System32\drivers\Spyder3.sys [2008-9-8 15360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-22 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Johan\Desktop\RealTemp_370\WinRing0x64.sys [2008-7-26 14544]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
.
=============== Created Last 30 ================
.
2013-06-07 15:03:13 225280 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-06-07 15:03:05 -------- d-----w- C:\Program Files (x86)\x264 Video Codec
2013-06-05 02:14:01 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{897977DD-55E1-461C-B43E-35FFBA326220}\mpengine.dll
2013-05-31 18:33:56 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-30 16:12:33 -------- d-----w- C:\Users\Johan\.gstreamer-0.10
2013-05-30 16:11:46 -------- d-----w- C:\Users\Johan\.mp3splt-gtk
2013-05-30 16:11:41 -------- d-----w- C:\Program Files (x86)\mp3splt-gtk
2013-05-15 22:08:48 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
==================== Find3M ====================
.
2013-06-13 17:14:40 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-06-13 17:14:40 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-06-13 17:14:31 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-06-12 18:39:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 18:39:29 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-31 18:33:56 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 14:22:58 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-10 14:22:58 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 03:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2006-05-03 10:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 22:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 15:52:42,49 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2012-01-21 15:04:56
System Uptime: 2013-06-09 10:30:20 (125 hours ago)
.
Motherboard: MSI | | Z77A-GD65 (MS-7751)
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz | SOCKET 0 | 3080/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 31,226 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1618,391 GiB free.
E: is CDROM (UDF)
F: is FIXED (NTFS) - 466 GiB total, 216,092 GiB free.
M: is FIXED (NTFS) - 1397 GiB total, 250,401 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP198: 2013-06-05 04:13:44 - Windows Update
RP199: 2013-06-07 17:40:14 - Removed Nero 7 Demo
RP200: 2013-06-07 17:40:49 - Removed UGS NX 6.0.
RP201: 2013-06-07 17:41:43 - Removed UGSLicensing.
RP202: 2013-06-07 17:43:11 - Revo Uninstaller's restore point - Nero 7 Demo
RP203: 2013-06-07 17:59:16 - Microsoft Office Professional Edition 2003 togs bort
RP204: 2013-06-07 18:10:40 - Revo Uninstaller's restore point - Add or Remove Adobe Creative Suite 3 Master Collection
.
==== Installed Programs ======================
.
4Videosoft Video Converter 5.0.22
Adobe Connect 9 Add-in
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03) - Svenska
Akamai NetSession Interface
AMD APP SDK Runtime
AMD Media Foundation Decoders
Asmedia ASM106x SATA Host Controller Driver
AutoIt v3.3.8.1
AutoIt v3.3.9.4 (Beta)
avast! Free Antivirus
BankID säkerhetsprogram
Battlefield 1942™
Battlefield 3™
Battlelog Web Plugins
Canon MP640 series MP Drivers
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDex - Open Source Digital Audio CD Extractor
Compatibility Pack for the 2007 Office system
ControlCenter
ConvertHelper 2.2
Core Temp version 0.99.7
dBpoweramp DSP Effects
dBpoweramp Music Converter
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ERUNT 1.1j
ESET Online Scanner v3
ESN Sonar
FileZilla Client 3.6.0.2
Fraps
Funtime Gazelle III
Garmin BaseCamp
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Garmin Friluftskartan Pro v2 - Götaland
Garmin MapSource
Garmin USB Drivers
Geeks3D.com FurMark 1.9.2
GnuPG For Windows
ifolor Designer
Intel(R) Management Engine Components
Intel(R) Network Connections 16.8.46.0
Intel(R) USB 3.0 eXtensible Host Controller Driver
iPodder 2.2b1
jAlbum
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 30
JavaFX 2.1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 21.0 (x86 sv-SE)
Mozilla Maintenance Service
mp3splt-gtk
Mp3tag v2.52
MSI Afterburner 2.2.3
MSI Kombustor 2.3.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
NVIDIA 3D Vision Controller Driver 306.23
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Origin
OTPService
Pirateplayer
PunkBuster Services
QPAD MK-85
Realtek High Definition Audio Driver
Recuva
RegiStax 6
RegiStax 6.1.0.8 update
RetroShare
Revo Uninstaller 1.93
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Smart Technology Programming Software 7.0.13.22
Spotify
Spybot - Search & Destroy
Spyder3Express
Steam
SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil
TeamSpeak 3 Client
TechPowerUp GPU-Z
UltraISO V7.65 SR-2
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Winki
WinRAR archiver
VLC media player 2.0.5
XMedia Recode version 3.1.2.2
.
==== Event Viewer Messages From Past Week ========
.
2013-06-14 15:39:56, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
2013-06-14 15:39:56, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
2013-06-09 10:34:38, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2013-06-09 10:33:41, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
2013-06-09 10:33:38, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
2013-06-09 10:33:38, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
2013-06-09 10:33:26, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
2013-06-08 09:38:31, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
2013-06-08 09:37:58, Error: Service Control Manager [7022] - The Server service hung on starting.
.
==== End Of File ===========================
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am
Advertisement
Register to Remove

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Cypher » June 15th, 2013, 12:09 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


I see you posted at Safer-Networking Forums requesting help.
http://forums.spybot.info/showthread.ph ... -in-system

That topic has been closed at my request, as you are receiving help here.


I have bad news, your logs show signs of a Remote Access Infection on your computer.

LSP: mswsock.dll


This indicates that you are infected with ......

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2FSirefef


Please take time to carefully read THIS topic, then let me know how you want to proceed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 16th, 2013, 9:25 am

Hello Cypher

Nice of you to close my spybot issue, no i didn't have to :-)
(they seem to have to much to do, so i looked after a new support after 7 days in Que. And found YOU!)
8)

Yes, that wasn't good news. But at least thats forces me to format the disc and do a new installation. :lol:
Is it a good idea to scan the system after i have formated the system disc and send you a new logfile or is it all clear after the new installation? :?:

I will start the cleanup now and read your answer later.
Thanks for the quick response

/Joshen
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Cypher » June 16th, 2013, 10:19 am

Hi Joshen,
Is it a good idea to scan the system after i have formated the system disc and send you a new logfile or is it all clear after the new installation?
I will start the cleanup now and read your answer later.

When you reformat you will return your computer to a factory state, that will leave you with a clean, secure, computer.
But if you wish we can run a couple of checks to be sure, if that's the case post a new set of DDS logs when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 16th, 2013, 1:22 pm

That sounds good

Is it any risk that this have spread to the other pc on our net?
In any case i hope you can be so kind to take a look at it as well, it seams to have some type un issue (shall i create a new post for it?)

Here are the latest result for the new installation
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 16th, 2013, 1:23 pm

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Admin at 19:16:32 on 2013-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1033.18.16337.14323 [GMT 2:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun: [StereoLinksInstall] "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 8.8.8.8 192.168.0.1 195.67.199.24
TCP: Interfaces\{F2788EAB-0A65-47E4-AE87-EA9F5C95DCC1} : DHCPNameServer = 8.8.8.8 192.168.0.1 195.67.199.24
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-22 828072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-06-17 02:33:51 -------- d-----w- C:\Windows\Panther
2013-06-16 17:02:17 -------- d-----w- C:\Windows\PCHEALTH
2013-06-16 17:01:06 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-06-16 17:01:02 -------- d-----w- C:\Users\Admin\AppData\Local\Microsoft Help
2013-06-16 16:51:36 -------- d-----w- C:\Users\Admin\AppData\Roaming\CheckPoint
2013-06-16 16:51:35 -------- d-----w- C:\Program Files\CheckPoint
2013-06-16 16:51:34 458584 ----a-w- C:\Windows\System32\drivers\kl1.sys
2013-06-16 16:51:33 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-06-16 16:49:06 884152 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-16 16:49:06 63928 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-16 16:49:06 6382008 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-16 16:49:06 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-16 16:49:06 2923201 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-16 16:49:06 2558392 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-06-16 16:49:06 118712 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-16 16:49:00 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-06-16 16:49:00 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-06-16 16:48:58 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-06-16 16:48:57 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-06-16 16:48:57 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-06-16 16:45:39 -------- d-----w- C:\Program Files (x86)\CheckPoint
2013-06-16 16:45:35 -------- d-----w- C:\ProgramData\CheckPoint
2013-06-16 16:44:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-06-16 16:44:49 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-06-16 16:44:49 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-06-16 16:44:49 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-06-16 16:42:49 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-06-16 16:42:48 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-06-16 16:42:48 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-06-16 16:42:48 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-06-16 16:42:08 523136 ----a-r- C:\Windows\System32\PROUnstl.exe
2013-06-16 16:41:41 72360 ----a-w- C:\Windows\System32\e1cmsg.dll
2013-06-16 16:41:41 514736 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys
2013-06-16 16:41:41 36472 ----a-w- C:\Windows\System32\NicCo36.dll
2013-06-16 16:41:39 99520 ----a-w- C:\Windows\System32\NicInstC.dll
2013-06-16 16:40:40 -------- d-sh--w- C:\Windows\Installer
.
==================== Find3M ====================
.
.
============= FINISH: 19:16:41,68 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2013-06-16 18:39:29
System Uptime: 2013-06-16 19:10:35 (0 hours ago)
.
Motherboard: MSI | | Z77A-GD65 (MS-7751)
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz | SOCKET 0 | 3501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 70,183 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 62,675 GiB free.
E: is FIXED (NTFS) - 1863 GiB total, 1766,992 GiB free.
F: is FIXED (NTFS) - 1397 GiB total, 250,401 GiB free.
G: is CDROM ()
H: is CDROM (CDFS)
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_77511462&REV_04\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_77511462&REV_04\3&11583659&0&FB
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_77511462&REV_04\3&11583659&0&A0
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_77511462&REV_04\3&11583659&0&A0
Service:
.
==== System Restore Points ===================
.
RP3: 2013-06-16 18:41:28 - Installed Intel(R) Network Connections.
RP4: 2013-06-16 18:42:45 - Windows Update
RP5: 2013-06-16 18:48:46 - Windows Update
RP6: 2013-06-16 19:00:46 - Installed Microsoft Office Home and Student 2010
.
==== Installed Programs ======================
.
Definition update for Microsoft Office 2010 (KB982726)
Intel(R) Network Connections 17.2.154.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
NVIDIA Control Panel 310.90
NVIDIA Graphics Driver 310.90
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 1.11.3
NVIDIA Update Components
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
2013-06-16 19:11:27, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR7.
2013-06-16 18:51:39, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2013-06-16 18:39:47, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Cypher » June 16th, 2013, 1:37 pm

Hi Joshen,
Is it any risk that this have spread to the other pc on our net?
In any case i hope you can be so kind to take a look at it as well, it seams to have some type un issue (shall i create a new post for it?)

It's unlikely but possible, once we check this computer i can check out the other one for you.
Here are the latest result for the new installation

That log looks good, please run this scan for me and post the resulting log.

Please download TDSSKiller and save it to your Desktop.

  • Right click TDSSKiller.exe and select " Run as administrator " to run it.
  • Under Additional Options check Verify file digital signatures
  • IMPORTANT: Ensure Detect TDLFS file system remains UNchecked.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected then click Continue

    DO NOT change the default actions.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 16th, 2013, 2:30 pm

Finally the Windows update is done.

Did run the file as requested, nothing reported, here comes the Report

20:26:58.0268 4588 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:26:58.0424 4588 ============================================================
20:26:58.0424 4588 Current date / time: 2013/06/16 20:26:58.0424
20:26:58.0424 4588 SystemInfo:
20:26:58.0424 4588
20:26:58.0424 4588 OS Version: 6.1.7601 ServicePack: 1.0
20:26:58.0424 4588 Product type: Workstation
20:26:58.0424 4588 ComputerName: HOMER
20:26:58.0424 4588 UserName: Admin
20:26:58.0424 4588 Windows directory: C:\Windows
20:26:58.0424 4588 System windows directory: C:\Windows
20:26:58.0424 4588 Running under WOW64
20:26:58.0424 4588 Processor architecture: Intel x64
20:26:58.0424 4588 Number of processors: 8
20:26:58.0424 4588 Page size: 0x1000
20:26:58.0424 4588 Boot type: Normal boot
20:26:58.0424 4588 ============================================================
20:26:58.0595 4588 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:26:58.0595 4588 Drive \Device\Harddisk1\DR1 - Size: 0x7470800000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:26:58.0595 4588 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:26:58.0595 4588 Drive \Device\Harddisk3\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:26:58.0595 4588 Drive \Device\Harddisk4\DR4 - Size: 0x1DF3FFE00 (7.49 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:26:58.0595 4588 ============================================================
20:26:58.0595 4588 \Device\Harddisk0\DR0:
20:26:58.0595 4588 MBR partitions:
20:26:58.0595 4588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:26:58.0595 4588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
20:26:58.0595 4588 \Device\Harddisk1\DR1:
20:26:58.0595 4588 MBR partitions:
20:26:58.0595 4588 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A382800
20:26:58.0595 4588 \Device\Harddisk2\DR2:
20:26:58.0595 4588 GPT partitions:
20:26:58.0595 4588 \Device\Harddisk2\DR2\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {80E773A7-6EFD-47F2-8500-1B320749DF4A}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
20:26:58.0595 4588 \Device\Harddisk2\DR2\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {32A25D5F-A3AB-4FE6-BF3D-0C434B98F32A}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
20:26:58.0595 4588 MBR partitions:
20:26:58.0595 4588 \Device\Harddisk3\DR3:
20:26:58.0595 4588 MBR partitions:
20:26:58.0595 4588 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
20:26:58.0595 4588 \Device\Harddisk4\DR4:
20:26:58.0595 4588 MBR partitions:
20:26:58.0595 4588 \Device\Harddisk4\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
20:26:58.0595 4588 ============================================================
20:26:58.0595 4588 C: <-> \Device\Harddisk0\DR0\Partition2
20:26:58.0595 4588 D: <-> \Device\Harddisk1\DR1\Partition1
20:26:58.0595 4588 E: <-> \Device\Harddisk2\DR2\Partition2
20:26:58.0611 4588 F: <-> \Device\Harddisk3\DR3\Partition1
20:26:58.0611 4588 ============================================================
20:26:58.0611 4588 Initialize success
20:26:58.0611 4588 ============================================================
20:27:31.0090 3184 ============================================================
20:27:31.0090 3184 Scan started
20:27:31.0090 3184 Mode: Manual; SigCheck;
20:27:31.0090 3184 ============================================================
20:27:31.0262 3184 ================ Scan system memory ========================
20:27:31.0262 3184 System memory - ok
20:27:31.0262 3184 ================ Scan services =============================
20:27:31.0277 3184 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:27:31.0324 3184 1394ohci - ok
20:27:31.0324 3184 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:27:31.0324 3184 ACPI - ok
20:27:31.0340 3184 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:27:31.0340 3184 AcpiPmi - ok
20:27:31.0355 3184 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:27:31.0355 3184 adp94xx - ok
20:27:31.0355 3184 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:27:31.0371 3184 adpahci - ok
20:27:31.0371 3184 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:27:31.0387 3184 adpu320 - ok
20:27:31.0387 3184 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:27:31.0402 3184 AeLookupSvc - ok
20:27:31.0418 3184 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:27:31.0418 3184 AFD - ok
20:27:31.0418 3184 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:27:31.0433 3184 agp440 - ok
20:27:31.0433 3184 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:27:31.0449 3184 ALG - ok
20:27:31.0449 3184 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:27:31.0449 3184 aliide - ok
20:27:31.0449 3184 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:27:31.0465 3184 amdide - ok
20:27:31.0465 3184 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:27:31.0465 3184 AmdK8 - ok
20:27:31.0480 3184 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:27:31.0480 3184 AmdPPM - ok
20:27:31.0480 3184 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:27:31.0496 3184 amdsata - ok
20:27:31.0496 3184 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:27:31.0511 3184 amdsbs - ok
20:27:31.0511 3184 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:27:31.0511 3184 amdxata - ok
20:27:31.0511 3184 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:27:31.0527 3184 AppID - ok
20:27:31.0543 3184 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:27:31.0558 3184 AppIDSvc - ok
20:27:31.0558 3184 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
20:27:31.0574 3184 Appinfo - ok
20:27:31.0574 3184 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:27:31.0574 3184 arc - ok
20:27:31.0574 3184 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:27:31.0589 3184 arcsas - ok
20:27:31.0589 3184 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:27:31.0605 3184 AsyncMac - ok
20:27:31.0605 3184 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:27:31.0621 3184 atapi - ok
20:27:31.0621 3184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:27:31.0652 3184 AudioEndpointBuilder - ok
20:27:31.0652 3184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:27:31.0667 3184 AudioSrv - ok
20:27:31.0683 3184 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:27:31.0683 3184 AxInstSV - ok
20:27:31.0699 3184 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:27:31.0699 3184 b06bdrv - ok
20:27:31.0714 3184 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:27:31.0714 3184 b57nd60a - ok
20:27:31.0714 3184 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:27:31.0730 3184 BDESVC - ok
20:27:31.0730 3184 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:27:31.0745 3184 Beep - ok
20:27:31.0761 3184 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:27:31.0777 3184 BFE - ok
20:27:31.0792 3184 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:27:31.0808 3184 BITS - ok
20:27:31.0808 3184 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:27:31.0823 3184 blbdrive - ok
20:27:31.0823 3184 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:27:31.0839 3184 bowser - ok
20:27:31.0839 3184 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:27:31.0855 3184 BrFiltLo - ok
20:27:31.0855 3184 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:27:31.0855 3184 BrFiltUp - ok
20:27:31.0855 3184 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:27:31.0870 3184 Browser - ok
20:27:31.0870 3184 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:27:31.0886 3184 Brserid - ok
20:27:31.0886 3184 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:27:31.0901 3184 BrSerWdm - ok
20:27:31.0901 3184 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:27:31.0901 3184 BrUsbMdm - ok
20:27:31.0901 3184 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:27:31.0933 3184 BrUsbSer - ok
20:27:31.0933 3184 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:27:31.0948 3184 BTHMODEM - ok
20:27:31.0948 3184 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:27:31.0964 3184 bthserv - ok
20:27:31.0964 3184 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:27:31.0995 3184 cdfs - ok
20:27:31.0995 3184 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:27:31.0995 3184 cdrom - ok
20:27:31.0995 3184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:27:32.0026 3184 CertPropSvc - ok
20:27:32.0026 3184 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:27:32.0026 3184 circlass - ok
20:27:32.0042 3184 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:27:32.0042 3184 CLFS - ok
20:27:32.0057 3184 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:27:32.0057 3184 clr_optimization_v2.0.50727_32 - ok
20:27:32.0057 3184 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:27:32.0073 3184 clr_optimization_v2.0.50727_64 - ok
20:27:32.0073 3184 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:27:32.0073 3184 CmBatt - ok
20:27:32.0073 3184 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:27:32.0089 3184 cmdide - ok
20:27:32.0089 3184 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:27:32.0104 3184 CNG - ok
20:27:32.0104 3184 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:27:32.0120 3184 Compbatt - ok
20:27:32.0120 3184 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:27:32.0120 3184 CompositeBus - ok
20:27:32.0120 3184 COMSysApp - ok
20:27:32.0135 3184 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:27:32.0135 3184 crcdisk - ok
20:27:32.0135 3184 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:27:32.0151 3184 CryptSvc - ok
20:27:32.0151 3184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:27:32.0182 3184 DcomLaunch - ok
20:27:32.0182 3184 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:27:32.0198 3184 defragsvc - ok
20:27:32.0213 3184 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:27:32.0229 3184 DfsC - ok
20:27:32.0229 3184 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:27:32.0245 3184 Dhcp - ok
20:27:32.0245 3184 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:27:32.0260 3184 discache - ok
20:27:32.0260 3184 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:27:32.0276 3184 Disk - ok
20:27:32.0276 3184 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:27:32.0276 3184 Dnscache - ok
20:27:32.0291 3184 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:27:32.0307 3184 dot3svc - ok
20:27:32.0307 3184 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:27:32.0323 3184 DPS - ok
20:27:32.0338 3184 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:27:32.0338 3184 drmkaud - ok
20:27:32.0354 3184 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:27:32.0369 3184 DXGKrnl - ok
20:27:32.0369 3184 [ E53D32044F4A03D64D6C91CF0A22A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
20:27:32.0385 3184 e1cexpress - ok
20:27:32.0385 3184 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:27:32.0401 3184 EapHost - ok
20:27:32.0416 3184 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:27:32.0447 3184 ebdrv - ok
20:27:32.0463 3184 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:27:32.0463 3184 EFS - ok
20:27:32.0479 3184 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:27:32.0479 3184 ehRecvr - ok
20:27:32.0494 3184 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:27:32.0494 3184 ehSched - ok
20:27:32.0494 3184 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:27:32.0510 3184 elxstor - ok
20:27:32.0510 3184 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:27:32.0525 3184 ErrDev - ok
20:27:32.0525 3184 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:27:32.0557 3184 EventSystem - ok
20:27:32.0557 3184 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:27:32.0572 3184 exfat - ok
20:27:32.0572 3184 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:27:32.0603 3184 fastfat - ok
20:27:32.0603 3184 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:27:32.0619 3184 Fax - ok
20:27:32.0619 3184 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:27:32.0635 3184 fdc - ok
20:27:32.0635 3184 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:27:32.0650 3184 fdPHost - ok
20:27:32.0650 3184 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:27:32.0666 3184 FDResPub - ok
20:27:32.0666 3184 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:27:32.0681 3184 FileInfo - ok
20:27:32.0681 3184 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:27:32.0697 3184 Filetrace - ok
20:27:32.0697 3184 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:27:32.0713 3184 flpydisk - ok
20:27:32.0713 3184 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:27:32.0728 3184 FltMgr - ok
20:27:32.0728 3184 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:27:32.0744 3184 FontCache - ok
20:27:32.0744 3184 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:27:32.0759 3184 FontCache3.0.0.0 - ok
20:27:32.0759 3184 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:27:32.0759 3184 FsDepends - ok
20:27:32.0775 3184 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:27:32.0775 3184 Fs_Rec - ok
20:27:32.0775 3184 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:27:32.0791 3184 fvevol - ok
20:27:32.0791 3184 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:27:32.0791 3184 gagp30kx - ok
20:27:32.0806 3184 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:27:32.0822 3184 gpsvc - ok
20:27:32.0837 3184 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:27:32.0837 3184 hcw85cir - ok
20:27:32.0837 3184 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:27:32.0853 3184 HdAudAddService - ok
20:27:32.0853 3184 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:27:32.0869 3184 HDAudBus - ok
20:27:32.0869 3184 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:27:32.0869 3184 HidBatt - ok
20:27:32.0884 3184 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:27:32.0884 3184 HidBth - ok
20:27:32.0884 3184 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:27:32.0900 3184 HidIr - ok
20:27:32.0900 3184 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:27:32.0915 3184 hidserv - ok
20:27:32.0931 3184 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:27:32.0931 3184 HidUsb - ok
20:27:32.0931 3184 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:27:32.0947 3184 hkmsvc - ok
20:27:32.0962 3184 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:27:32.0962 3184 HomeGroupListener - ok
20:27:32.0978 3184 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:27:32.0978 3184 HomeGroupProvider - ok
20:27:32.0978 3184 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:27:32.0993 3184 HpSAMD - ok
20:27:32.0993 3184 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:27:33.0025 3184 HTTP - ok
20:27:33.0025 3184 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:27:33.0025 3184 hwpolicy - ok
20:27:33.0025 3184 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:27:33.0040 3184 i8042prt - ok
20:27:33.0040 3184 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:27:33.0056 3184 iaStorV - ok
20:27:33.0056 3184 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:27:33.0071 3184 idsvc - ok
20:27:33.0071 3184 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:27:33.0087 3184 iirsp - ok
20:27:33.0087 3184 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:27:33.0118 3184 IKEEXT - ok
20:27:33.0118 3184 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:27:33.0118 3184 intelide - ok
20:27:33.0118 3184 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:27:33.0134 3184 intelppm - ok
20:27:33.0134 3184 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:27:33.0149 3184 IPBusEnum - ok
20:27:33.0149 3184 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:27:33.0181 3184 IpFilterDriver - ok
20:27:33.0181 3184 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:27:33.0196 3184 iphlpsvc - ok
20:27:33.0196 3184 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:27:33.0212 3184 IPMIDRV - ok
20:27:33.0212 3184 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:27:33.0227 3184 IPNAT - ok
20:27:33.0227 3184 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:27:33.0243 3184 IRENUM - ok
20:27:33.0243 3184 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:27:33.0259 3184 isapnp - ok
20:27:33.0259 3184 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:27:33.0259 3184 iScsiPrt - ok
20:27:33.0274 3184 [ BE72D2B3A99615F84E270C80F0A18448 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
20:27:33.0274 3184 ISWKL - ok
20:27:33.0274 3184 [ D9A4C1353CC653F8E2FE4D2C6A490E96 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
20:27:33.0290 3184 IswSvc - ok
20:27:33.0290 3184 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:27:33.0305 3184 kbdclass - ok
20:27:33.0305 3184 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:27:33.0305 3184 kbdhid - ok
20:27:33.0321 3184 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:27:33.0321 3184 KeyIso - ok
20:27:33.0321 3184 [ 18DCDF2DFDCCEB2EEF9E641F39D17BC7 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
20:27:33.0337 3184 KL1 - ok
20:27:33.0352 3184 [ 2CB6342329B118D9C2CD7551B1CF7002 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
20:27:33.0352 3184 KLIF - ok
20:27:33.0352 3184 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:27:33.0368 3184 KSecDD - ok
20:27:33.0368 3184 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:27:33.0383 3184 KSecPkg - ok
20:27:33.0383 3184 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:27:33.0399 3184 ksthunk - ok
20:27:33.0399 3184 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:27:33.0430 3184 KtmRm - ok
20:27:33.0430 3184 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:27:33.0446 3184 LanmanServer - ok
20:27:33.0446 3184 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:27:33.0477 3184 LanmanWorkstation - ok
20:27:33.0477 3184 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:27:33.0493 3184 lltdio - ok
20:27:33.0493 3184 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:27:33.0524 3184 lltdsvc - ok
20:27:33.0524 3184 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:27:33.0539 3184 lmhosts - ok
20:27:33.0539 3184 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:27:33.0555 3184 LSI_FC - ok
20:27:33.0555 3184 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:27:33.0555 3184 LSI_SAS - ok
20:27:33.0571 3184 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:27:33.0571 3184 LSI_SAS2 - ok
20:27:33.0571 3184 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:27:33.0586 3184 LSI_SCSI - ok
20:27:33.0586 3184 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:27:33.0602 3184 luafv - ok
20:27:33.0602 3184 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:27:33.0617 3184 Mcx2Svc - ok
20:27:33.0617 3184 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:27:33.0617 3184 megasas - ok
20:27:33.0633 3184 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:27:33.0633 3184 MegaSR - ok
20:27:33.0633 3184 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:27:33.0649 3184 MEIx64 - ok
20:27:33.0649 3184 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:27:33.0664 3184 MMCSS - ok
20:27:33.0664 3184 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:27:33.0695 3184 Modem - ok
20:27:33.0695 3184 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:27:33.0695 3184 monitor - ok
20:27:33.0695 3184 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:27:33.0711 3184 mouclass - ok
20:27:33.0711 3184 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:27:33.0711 3184 mouhid - ok
20:27:33.0727 3184 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:27:33.0727 3184 mountmgr - ok
20:27:33.0727 3184 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:27:33.0742 3184 mpio - ok
20:27:33.0742 3184 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:27:33.0758 3184 mpsdrv - ok
20:27:33.0758 3184 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:27:33.0789 3184 MpsSvc - ok
20:27:33.0789 3184 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:27:33.0805 3184 MRxDAV - ok
20:27:33.0805 3184 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:27:33.0820 3184 mrxsmb - ok
20:27:33.0820 3184 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:27:33.0820 3184 mrxsmb10 - ok
20:27:33.0836 3184 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:27:33.0836 3184 mrxsmb20 - ok
20:27:33.0836 3184 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:27:33.0851 3184 msahci - ok
20:27:33.0851 3184 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:27:33.0851 3184 msdsm - ok
20:27:33.0867 3184 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:27:33.0867 3184 MSDTC - ok
20:27:33.0867 3184 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:27:33.0898 3184 Msfs - ok
20:27:33.0898 3184 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:27:33.0914 3184 mshidkmdf - ok
20:27:33.0914 3184 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:27:33.0914 3184 msisadrv - ok
20:27:33.0929 3184 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:27:33.0945 3184 MSiSCSI - ok
20:27:33.0945 3184 msiserver - ok
20:27:33.0945 3184 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:27:33.0961 3184 MSKSSRV - ok
20:27:33.0976 3184 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:27:33.0992 3184 MSPCLOCK - ok
20:27:33.0992 3184 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:27:34.0007 3184 MSPQM - ok
20:27:34.0007 3184 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:27:34.0023 3184 MsRPC - ok
20:27:34.0023 3184 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:27:34.0039 3184 mssmbios - ok
20:27:34.0039 3184 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:27:34.0054 3184 MSTEE - ok
20:27:34.0054 3184 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:27:34.0070 3184 MTConfig - ok
20:27:34.0070 3184 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:27:34.0070 3184 Mup - ok
20:27:34.0070 3184 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:27:34.0101 3184 napagent - ok
20:27:34.0101 3184 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:27:34.0117 3184 NativeWifiP - ok
20:27:34.0117 3184 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:27:34.0132 3184 NDIS - ok
20:27:34.0132 3184 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:27:34.0163 3184 NdisCap - ok
20:27:34.0163 3184 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:27:34.0179 3184 NdisTapi - ok
20:27:34.0179 3184 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:27:34.0195 3184 Ndisuio - ok
20:27:34.0210 3184 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:27:34.0226 3184 NdisWan - ok
20:27:34.0226 3184 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:27:34.0241 3184 NDProxy - ok
20:27:34.0241 3184 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:27:34.0273 3184 NetBIOS - ok
20:27:34.0273 3184 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:27:34.0288 3184 NetBT - ok
20:27:34.0288 3184 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:27:34.0304 3184 Netlogon - ok
20:27:34.0304 3184 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:27:34.0319 3184 Netman - ok
20:27:34.0335 3184 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:27:34.0351 3184 netprofm - ok
20:27:34.0351 3184 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:27:34.0366 3184 NetTcpPortSharing - ok
20:27:34.0366 3184 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:27:34.0366 3184 nfrd960 - ok
20:27:34.0366 3184 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:27:34.0382 3184 NlaSvc - ok
20:27:34.0382 3184 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:27:34.0397 3184 Npfs - ok
20:27:34.0413 3184 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:27:34.0429 3184 nsi - ok
20:27:34.0429 3184 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:27:34.0444 3184 nsiproxy - ok
20:27:34.0460 3184 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:27:34.0475 3184 Ntfs - ok
20:27:34.0491 3184 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
20:27:34.0491 3184 NuidFltr - ok
20:27:34.0491 3184 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:27:34.0507 3184 Null - ok
20:27:34.0507 3184 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:27:34.0522 3184 NVHDA - ok
20:27:34.0585 3184 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:27:34.0678 3184 nvlddmkm - ok
20:27:34.0678 3184 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:27:34.0694 3184 nvraid - ok
20:27:34.0694 3184 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:27:34.0694 3184 nvstor - ok
20:27:34.0709 3184 [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:27:34.0725 3184 nvsvc - ok
20:27:34.0725 3184 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:27:34.0741 3184 nvUpdatusService - ok
20:27:34.0741 3184 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:27:34.0756 3184 nv_agp - ok
20:27:34.0756 3184 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:27:34.0756 3184 ohci1394 - ok
20:27:34.0772 3184 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:27:34.0772 3184 ose - ok
20:27:34.0803 3184 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:27:34.0850 3184 osppsvc - ok
20:27:34.0865 3184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:27:34.0865 3184 p2pimsvc - ok
20:27:34.0881 3184 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:27:34.0881 3184 p2psvc - ok
20:27:34.0897 3184 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:27:34.0897 3184 Parport - ok
20:27:34.0897 3184 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:27:34.0912 3184 partmgr - ok
20:27:34.0912 3184 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:27:34.0928 3184 PcaSvc - ok
20:27:34.0928 3184 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:27:34.0928 3184 pci - ok
20:27:34.0928 3184 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:27:34.0943 3184 pciide - ok
20:27:34.0943 3184 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:27:34.0959 3184 pcmcia - ok
20:27:34.0959 3184 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:27:34.0959 3184 pcw - ok
20:27:34.0959 3184 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:27:34.0990 3184 PEAUTH - ok
20:27:35.0006 3184 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:27:35.0006 3184 PerfHost - ok
20:27:35.0021 3184 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:27:35.0053 3184 pla - ok
20:27:35.0053 3184 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:27:35.0068 3184 PlugPlay - ok
20:27:35.0068 3184 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:27:35.0084 3184 PNRPAutoReg - ok
20:27:35.0084 3184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:27:35.0099 3184 PNRPsvc - ok
20:27:35.0099 3184 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:27:35.0115 3184 PolicyAgent - ok
20:27:35.0131 3184 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:27:35.0146 3184 Power - ok
20:27:35.0146 3184 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:27:35.0162 3184 PptpMiniport - ok
20:27:35.0162 3184 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:27:35.0177 3184 Processor - ok
20:27:35.0177 3184 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:27:35.0193 3184 ProfSvc - ok
20:27:35.0193 3184 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:27:35.0193 3184 ProtectedStorage - ok
20:27:35.0209 3184 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:27:35.0224 3184 Psched - ok
20:27:35.0240 3184 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:27:35.0255 3184 ql2300 - ok
20:27:35.0255 3184 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:27:35.0271 3184 ql40xx - ok
20:27:35.0271 3184 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:27:35.0287 3184 QWAVE - ok
20:27:35.0287 3184 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:27:35.0302 3184 QWAVEdrv - ok
20:27:35.0302 3184 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:27:35.0318 3184 RasAcd - ok
20:27:35.0318 3184 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:27:35.0349 3184 RasAgileVpn - ok
20:27:35.0349 3184 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:27:35.0365 3184 RasAuto - ok
20:27:35.0365 3184 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:27:35.0380 3184 Rasl2tp - ok
20:27:35.0396 3184 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:27:35.0411 3184 RasMan - ok
20:27:35.0411 3184 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:27:35.0427 3184 RasPppoe - ok
20:27:35.0443 3184 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:27:35.0458 3184 RasSstp - ok
20:27:35.0458 3184 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:27:35.0474 3184 rdbss - ok
20:27:35.0489 3184 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:27:35.0489 3184 rdpbus - ok
20:27:35.0489 3184 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:27:35.0521 3184 RDPCDD - ok
20:27:35.0521 3184 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:27:35.0536 3184 RDPENCDD - ok
20:27:35.0536 3184 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:27:35.0552 3184 RDPREFMP - ok
20:27:35.0567 3184 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:27:35.0567 3184 RDPWD - ok
20:27:35.0567 3184 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:27:35.0583 3184 rdyboost - ok
20:27:35.0583 3184 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:27:35.0599 3184 RemoteAccess - ok
20:27:35.0599 3184 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:27:35.0630 3184 RemoteRegistry - ok
20:27:35.0630 3184 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:27:35.0645 3184 RpcEptMapper - ok
20:27:35.0645 3184 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:27:35.0661 3184 RpcLocator - ok
20:27:35.0661 3184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:27:35.0692 3184 RpcSs - ok
20:27:35.0692 3184 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:27:35.0708 3184 rspndr - ok
20:27:35.0708 3184 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:27:35.0723 3184 SamSs - ok
20:27:35.0723 3184 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:27:35.0723 3184 sbp2port - ok
20:27:35.0723 3184 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:27:35.0755 3184 SCardSvr - ok
20:27:35.0755 3184 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:27:35.0770 3184 scfilter - ok
20:27:35.0786 3184 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:27:35.0801 3184 Schedule - ok
20:27:35.0801 3184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:27:35.0833 3184 SCPolicySvc - ok
20:27:35.0833 3184 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:27:35.0833 3184 SDRSVC - ok
20:27:35.0848 3184 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:27:35.0864 3184 secdrv - ok
20:27:35.0864 3184 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:27:35.0879 3184 seclogon - ok
20:27:35.0879 3184 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:27:35.0895 3184 SENS - ok
20:27:35.0911 3184 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:27:35.0911 3184 SensrSvc - ok
20:27:35.0911 3184 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
20:27:35.0926 3184 Serenum - ok
20:27:35.0926 3184 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
20:27:35.0942 3184 Serial - ok
20:27:35.0942 3184 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:27:35.0942 3184 sermouse - ok
20:27:35.0957 3184 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:27:35.0973 3184 SessionEnv - ok
20:27:35.0973 3184 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:27:35.0989 3184 sffdisk - ok
20:27:35.0989 3184 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:27:35.0989 3184 sffp_mmc - ok
20:27:35.0989 3184 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:27:36.0004 3184 sffp_sd - ok
20:27:36.0004 3184 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:27:36.0020 3184 sfloppy - ok
20:27:36.0020 3184 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:27:36.0035 3184 SharedAccess - ok
20:27:36.0051 3184 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:27:36.0067 3184 ShellHWDetection - ok
20:27:36.0067 3184 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:27:36.0082 3184 SiSRaid2 - ok
20:27:36.0082 3184 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:27:36.0082 3184 SiSRaid4 - ok
20:27:36.0082 3184 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:27:36.0113 3184 Smb - ok
20:27:36.0113 3184 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:27:36.0113 3184 SNMPTRAP - ok
20:27:36.0113 3184 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:27:36.0129 3184 spldr - ok
20:27:36.0129 3184 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:27:36.0145 3184 Spooler - ok
20:27:36.0160 3184 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:27:36.0207 3184 sppsvc - ok
20:27:36.0207 3184 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:27:36.0223 3184 sppuinotify - ok
20:27:36.0238 3184 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:27:36.0238 3184 srv - ok
20:27:36.0238 3184 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:27:36.0254 3184 srv2 - ok
20:27:36.0254 3184 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:27:36.0269 3184 srvnet - ok
20:27:36.0269 3184 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:27:36.0285 3184 SSDPSRV - ok
20:27:36.0301 3184 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:27:36.0316 3184 SstpSvc - ok
20:27:36.0316 3184 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:27:36.0316 3184 stexstor - ok
20:27:36.0332 3184 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:27:36.0347 3184 stisvc - ok
20:27:36.0347 3184 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:27:36.0347 3184 swenum - ok
20:27:36.0363 3184 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:27:36.0379 3184 swprv - ok
20:27:36.0394 3184 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:27:36.0410 3184 SysMain - ok
20:27:36.0410 3184 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:27:36.0425 3184 TabletInputService - ok
20:27:36.0425 3184 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:27:36.0457 3184 TapiSrv - ok
20:27:36.0457 3184 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:27:36.0472 3184 TBS - ok
20:27:36.0488 3184 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:27:36.0519 3184 Tcpip - ok
20:27:36.0519 3184 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:27:36.0550 3184 TCPIP6 - ok
20:27:36.0550 3184 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:27:36.0550 3184 tcpipreg - ok
20:27:36.0566 3184 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:27:36.0566 3184 TDPIPE - ok
20:27:36.0566 3184 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:27:36.0581 3184 TDTCP - ok
20:27:36.0581 3184 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:27:36.0597 3184 tdx - ok
20:27:36.0597 3184 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:27:36.0613 3184 TermDD - ok
20:27:36.0613 3184 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:27:36.0644 3184 TermService - ok
20:27:36.0644 3184 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:27:36.0644 3184 Themes - ok
20:27:36.0659 3184 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:27:36.0675 3184 THREADORDER - ok
20:27:36.0675 3184 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:27:36.0691 3184 TrkWks - ok
20:27:36.0691 3184 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:27:36.0722 3184 TrustedInstaller - ok
20:27:36.0722 3184 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:36.0737 3184 tssecsrv - ok
20:27:36.0737 3184 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:27:36.0753 3184 TsUsbFlt - ok
20:27:36.0753 3184 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:27:36.0753 3184 TsUsbGD - ok
20:27:36.0753 3184 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:27:36.0784 3184 tunnel - ok
20:27:36.0784 3184 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:27:36.0784 3184 uagp35 - ok
20:27:36.0784 3184 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:27:36.0815 3184 udfs - ok
20:27:36.0815 3184 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:27:36.0831 3184 UI0Detect - ok
20:27:36.0831 3184 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:27:36.0831 3184 uliagpkx - ok
20:27:36.0831 3184 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:27:36.0847 3184 umbus - ok
20:27:36.0847 3184 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:27:36.0847 3184 UmPass - ok
20:27:36.0862 3184 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:27:36.0878 3184 upnphost - ok
20:27:36.0878 3184 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:36.0893 3184 usbccgp - ok
20:27:36.0893 3184 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:27:36.0909 3184 usbcir - ok
20:27:36.0909 3184 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:27:36.0909 3184 usbehci - ok
20:27:36.0909 3184 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:27:36.0925 3184 usbhub - ok
20:27:36.0925 3184 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:27:36.0940 3184 usbohci - ok
20:27:36.0940 3184 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:27:36.0940 3184 usbprint - ok
20:27:36.0956 3184 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:36.0956 3184 USBSTOR - ok
20:27:36.0956 3184 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:27:36.0971 3184 usbuhci - ok
20:27:36.0971 3184 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:27:36.0987 3184 UxSms - ok
20:27:36.0987 3184 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:27:37.0003 3184 VaultSvc - ok
20:27:37.0003 3184 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:27:37.0003 3184 vdrvroot - ok
20:27:37.0018 3184 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:27:37.0034 3184 vds - ok
20:27:37.0034 3184 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:37.0049 3184 vga - ok
20:27:37.0049 3184 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:27:37.0065 3184 VgaSave - ok
20:27:37.0065 3184 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:27:37.0081 3184 vhdmp - ok
20:27:37.0081 3184 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:27:37.0081 3184 viaide - ok
20:27:37.0096 3184 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:27:37.0096 3184 volmgr - ok
20:27:37.0096 3184 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:27:37.0112 3184 volmgrx - ok
20:27:37.0112 3184 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:27:37.0127 3184 volsnap - ok
20:27:37.0127 3184 [ 1065A957523ED51AAFFF737CC63010A6 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
20:27:37.0143 3184 Vsdatant - ok
20:27:37.0143 3184 vsmon - ok
20:27:37.0143 3184 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:27:37.0159 3184 vsmraid - ok
20:27:37.0159 3184 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:27:37.0190 3184 VSS - ok
20:27:37.0221 3184 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:27:37.0237 3184 vwifibus - ok
20:27:37.0252 3184 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:27:37.0268 3184 W32Time - ok
20:27:37.0283 3184 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:27:37.0299 3184 WacomPen - ok
20:27:37.0299 3184 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:27:37.0315 3184 WANARP - ok
20:27:37.0315 3184 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:27:37.0346 3184 Wanarpv6 - ok
20:27:37.0361 3184 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:27:37.0408 3184 WatAdminSvc - ok
20:27:37.0424 3184 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:27:37.0455 3184 wbengine - ok
20:27:37.0455 3184 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:27:37.0471 3184 WbioSrvc - ok
20:27:37.0471 3184 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:27:37.0486 3184 wcncsvc - ok
20:27:37.0486 3184 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:27:37.0502 3184 WcsPlugInService - ok
20:27:37.0502 3184 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:27:37.0502 3184 Wd - ok
20:27:37.0517 3184 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:27:37.0533 3184 Wdf01000 - ok
20:27:37.0533 3184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:27:37.0533 3184 WdiServiceHost - ok
20:27:37.0549 3184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:27:37.0549 3184 WdiSystemHost - ok
20:27:37.0549 3184 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:27:37.0564 3184 WebClient - ok
20:27:37.0564 3184 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:27:37.0595 3184 Wecsvc - ok
20:27:37.0595 3184 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:27:37.0611 3184 wercplsupport - ok
20:27:37.0627 3184 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:27:37.0642 3184 WerSvc - ok
20:27:37.0642 3184 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:27:37.0658 3184 WfpLwf - ok
20:27:37.0658 3184 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:27:37.0673 3184 WIMMount - ok
20:27:37.0673 3184 WinDefend - ok
20:27:37.0673 3184 WinHttpAutoProxySvc - ok
20:27:37.0673 3184 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:27:37.0705 3184 Winmgmt - ok
20:27:37.0720 3184 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:27:37.0751 3184 WinRM - ok
20:27:37.0751 3184 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:27:37.0767 3184 Wlansvc - ok
20:27:37.0783 3184 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:27:37.0783 3184 WmiAcpi - ok
20:27:37.0783 3184 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:27:37.0798 3184 wmiApSrv - ok
20:27:37.0798 3184 WMPNetworkSvc - ok
20:27:37.0798 3184 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:27:37.0814 3184 WPCSvc - ok
20:27:37.0814 3184 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:27:37.0814 3184 WPDBusEnum - ok
20:27:37.0829 3184 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:27:37.0845 3184 ws2ifsl - ok
20:27:37.0845 3184 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:27:37.0861 3184 wscsvc - ok
20:27:37.0861 3184 WSearch - ok
20:27:37.0876 3184 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:27:37.0907 3184 wuauserv - ok
20:27:37.0907 3184 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:27:37.0907 3184 WudfPf - ok
20:27:37.0923 3184 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:27:37.0923 3184 WUDFRd - ok
20:27:37.0923 3184 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:27:37.0939 3184 wudfsvc - ok
20:27:37.0939 3184 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:27:37.0954 3184 WwanSvc - ok
20:27:37.0954 3184 ================ Scan global ===============================
20:27:37.0954 3184 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:27:37.0954 3184 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:27:37.0970 3184 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:27:37.0970 3184 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:27:37.0970 3184 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:27:37.0970 3184 [Global] - ok
20:27:37.0970 3184 ================ Scan MBR ==================================
20:27:37.0970 3184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:27:38.0032 3184 \Device\Harddisk0\DR0 - ok
20:27:38.0032 3184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:27:38.0032 3184 \Device\Harddisk1\DR1 - ok
20:27:38.0032 3184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
20:27:38.0048 3184 \Device\Harddisk2\DR2 - ok
20:27:38.0048 3184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
20:27:38.0048 3184 \Device\Harddisk3\DR3 - ok
20:27:38.0048 3184 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
20:27:38.0048 3184 \Device\Harddisk4\DR4 - ok
20:27:38.0048 3184 ================ Scan VBR ==================================
20:27:38.0048 3184 [ 2B86EE6B2DDF2065F738301748056D82 ] \Device\Harddisk0\DR0\Partition1
20:27:38.0048 3184 \Device\Harddisk0\DR0\Partition1 - ok
20:27:38.0063 3184 [ 0651050A182BB48CE622B43C6FB5A575 ] \Device\Harddisk0\DR0\Partition2
20:27:38.0063 3184 \Device\Harddisk0\DR0\Partition2 - ok
20:27:38.0063 3184 [ 38A66D8E3779FC28D0FB44CD193B6EAF ] \Device\Harddisk1\DR1\Partition1
20:27:38.0063 3184 \Device\Harddisk1\DR1\Partition1 - ok
20:27:38.0063 3184 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk2\DR2\Partition1
20:27:38.0063 3184 \Device\Harddisk2\DR2\Partition1 - ok
20:27:38.0063 3184 [ 0F56C2A1F3B9CA736195AA60A25A252E ] \Device\Harddisk2\DR2\Partition2
20:27:38.0063 3184 \Device\Harddisk2\DR2\Partition2 - ok
20:27:38.0063 3184 [ 8F08D343741813B3C46086715DD21FBE ] \Device\Harddisk3\DR3\Partition1
20:27:38.0063 3184 \Device\Harddisk3\DR3\Partition1 - ok
20:27:38.0063 3184 [ F3AE9ABD60AF1B194CA5D1496AD92E83 ] \Device\Harddisk4\DR4\Partition1
20:27:38.0063 3184 \Device\Harddisk4\DR4\Partition1 - ok
20:27:38.0063 3184 ============================================================
20:27:38.0063 3184 Scan finished
20:27:38.0063 3184 ============================================================
20:27:38.0079 2368 Detected object count: 0
20:27:38.0079 2368 Actual detected object count: 0
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Cypher » June 17th, 2013, 5:00 am

Hi Joshen,
That log looks good to no sign of the infection :thumbright: You can remove DDS and TDSSKiller your computer now.
Would you like me to check your other computer? if so post a set of DDS logs from it please.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 17th, 2013, 9:56 am

I like the sound of that!

Now onto the second computer
This one is more used for simple online games, and im sad to say not always with the same care when installing new stuff.

Issues:
- saw a malware warning the other day
- it sometimes freezes for up to 10 sec before continuing. But no BSOD so far.
Its 4-5 years so some of it might be due to old age as well.

but ok, lets have a look. Sending logs soon
/J
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 17th, 2013, 9:58 am

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 1.6.0_39
Run by TOJ at 15:56:52 on 2013-06-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.1785 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\PLFSetI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... nsa_5635zg
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live inloggningshjälpen: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 8.8.8.8 192.168.0.1 195.67.199.24
TCP: Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1} : DHCPNameServer = 8.8.8.8 192.168.0.1 195.67.199.24
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\3556D636F6E6F57457563747 : DHCPNameServer = 193.15.96.31 193.15.96.40
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\4556C6562394E6475627E65647D27334444413 : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\google\google~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toj\appdata\roaming\mozilla\firefox\profiles\j7e01a9x.default-1354682357637\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\toj\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2013-05-18 13:42; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-18 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-18 174664]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-7 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-18 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-18 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-18 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-18 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-18 46808]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-9-4 727584]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-17 47640]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-5-16 237568]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-5 73216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2012-5-5 246112]
S2 ugiipqd;Unigraphics Plot Server (ugiipqd);c:\ugs180\plot\ugiipqd.exe --> c:\ugs180\plot\ugiipqd.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-5 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-5-5 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-5 349184]
S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-16 30192]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\drivers\ewusbmdm.sys [2012-5-5 194816]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-11-18 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2013-06-13 17:51:42 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-13 17:51:41 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-12 15:36:58 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 15:36:53 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 15:36:52 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 15:36:51 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 15:36:46 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 15:36:41 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 15:36:34 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 15:36:33 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 15:36:33 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 15:36:33 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 15:36:33 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 15:36:27 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-08 07:29:51 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-20 19:07:16 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
.
==================== Find3M ====================
.
2013-06-12 15:30:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:30:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-20 19:07:16 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-05-09 08:59:10 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59:10 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59:10 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 15:57:20,17 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2010-02-05 22:54:57
System Uptime: 2013-06-17 10:47:28 (5 hours ago)
.
Motherboard: Acer | | BA50-MV
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 125,978 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP465: 2013-05-05 08:21:27 - Schemalagd kontrollpunkt
RP466: 2013-05-12 09:12:42 - Schemalagd kontrollpunkt
RP467: 2013-05-18 11:09:10 - Windows Update
RP468: 2013-05-18 13:28:47 - avast! Free Antivirus Konfiguration
RP469: 2013-05-18 13:35:04 - avast! Free Antivirus Konfiguration
RP470: 2013-05-18 13:35:17 - avast! Free Antivirus Konfiguration
RP471: 2013-05-18 13:41:41 - avast! Free Antivirus Konfiguration
RP472: 2013-05-20 21:03:42 - Windows Update
RP473: 2013-05-29 14:05:22 - Schemalagd kontrollpunkt
RP474: 2013-06-05 21:30:13 - Schemalagd kontrollpunkt
RP476: 2013-06-13 19:45:16 - Installationsprogram för Windows-moduler
.
==== Installed Programs ======================
.
AAC Decoder
AC3Filter (remove only)
Acer Crystal Eye Webcam
Acer ePower Management
Acer GridVista
Acer Product Registration
Acer ScreenSaver
Acer VCM
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02) - Svenska
Adobe Setup
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AutoUpdate
avast! Free Antivirus
BankID säkerhetsprogram
Bonjour
C:\Program Files\Acer GameZone\GameConsole
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CoffeeCup Free FTP
Compatibility Pack för Office 2007-systemet
Conexant HD Audio
ConvertHelper 2.2
Definition update for Microsoft Office 2010 (KB982726)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DivX Version Checker
Easy GIF Animator 5.21
ERUNT 1.1j
ESET Online Scanner v3
FastImageResizer (remove only)
Funtime Gazelle III
Galapago
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Groundspeak Wherigo Builder
H.264 Decoder
Hjälpfiler för installation av Microsoft SQL Server (engelska)
ifolor Designer
ifolor Pärm- och sidmallar för bröllopsböcker
ifolor Pärm- och sidmallar för semesterböcker
Intel® Matrix Storage Manager
InterVideo WinDVD 8
Jalbum
Java Auto Updater
Java(TM) 6 Update 39
Junk Mail filter update
Launch Manager
LogMeIn
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile Language Pack - SVE
Microsoft .NET Framework 4 Client Profile SVE Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server VSS-skrivare
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MKV Splitter
Mobile Partner
Mozilla Firefox 21.0 (x86 sv-SE)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Drivers
Ocean Express
Open Disk CleanUp Tools
QuickTime
Rainbow Web
Realtek USB 2.0 Card Reader
Revo Uninstaller Pro 2.5.9
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2518870)
sentinelsystemdriver
Skype Toolbars
Skype™ 5.2
Speccy
Spotify
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Spybot - Search & Destroy
swMSM
Synaptics Pointing Device Driver
Undelete 360
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Upgrade Kit
VC80CRTRedist - 8.0.50727.4053
Winamp
Windows-drivrutinspaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Live Communications Platform
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinPatrol
WinRAR 4.00 (32-bit)
VLC media player 1.0.0
Xvid 1.2.2 final uninstall
.
==== End Of File ===========================
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Cypher » June 17th, 2013, 10:37 am

Hi Joshen,
Issues:
saw a malware warning the other day

Can you give me more details about this warning, was it from avast for example?

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
Next.

Please download TDSSKiller and save it to your Desktop.

  • Right click TDSSKiller.exe and select " Run as administrator " to run it.
  • Under Additional Options check Verify file digital signatures
  • IMPORTANT: Ensure Detect TDLFS file system remains UNchecked.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected then click Continue
    DO NOT change the default actions.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply

Logs/Information to Post in your Next Reply

  • Can you give me more details about this warning?
  • OTL.txt and Extra.txt contents.
  • TDSSKiller log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 17th, 2013, 11:52 pm

Tried to find where the malware warning was reported but i cant find any reports in Avast. Only saw that there had been some web warnings.
Here are the logs anyway

OTL logfile created on: 2013-06-17 18:45:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = I:\Malware Jakt\program filer
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,67% Memory free
5,99 Gb Paging File | 4,64 Gb Available in Paging File | 77,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 125,97 Gb Free Space | 56,52% Space Free | Partition Type: NTFS
Drive E: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 7,47 Gb Total Space | 6,90 Gb Free Space | 92,28% Space Free | Partition Type: FAT32

Computer Name: MAGGIE2 | User Name: TOJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-17 18:39:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\Malware Jakt\program filer\OTL.exe
PRC - [2013-06-08 09:29:49 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program\Mozilla Firefox\firefox.exe
PRC - [2013-05-17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe
PRC - [2013-05-09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program\AVAST Software\Avast\AvastUI.exe
PRC - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-12-18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-11-23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-11-15 14:11:48 | 001,358,784 | ---- | M] (Technology Nexus AB) -- C:\Program\Personal\bin\Personal.exe
PRC - [2012-09-17 13:41:58 | 000,508,336 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Common Files\Java\Java Update\jucheck.exe
PRC - [2012-05-05 20:12:12 | 000,246,112 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
PRC - [2011-12-07 19:21:44 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011-09-16 15:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011-03-14 17:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe
PRC - [2009-08-28 21:05:34 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009-08-28 21:05:32 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Program\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009-08-28 21:05:30 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009-07-01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program\Winamp\winampa.exe
PRC - [2009-06-04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009-06-04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009-03-05 09:43:32 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Program\Launch Manager\LManager.exe
PRC - [2009-02-05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program\Acer\Acer VCM\RS_Service.exe
PRC - [2008-11-05 13:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Program\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2008-07-29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006-04-14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe


========== Modules (No Company Name) ==========

MOD - [2013-06-08 09:29:48 | 003,128,728 | ---- | M] () -- C:\Program\Mozilla Firefox\mozjs.dll
MOD - [2011-03-02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program\WinRAR\RarExt.dll
MOD - [2010-08-02 10:35:57 | 000,034,816 | ---- | M] () -- C:\Program\Google\Google Desktop Search\gzlib.dll
MOD - [2009-07-01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program\Winamp\winampa.exe
MOD - [2008-07-29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\UGS180\plot\ugiipqd.exe -- (ugiipqd)
SRV - [2013-06-12 17:30:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-06-08 09:29:49 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-12-18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-05-05 20:12:12 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2011-12-07 19:21:50 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011-12-07 19:21:44 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011-09-16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011-05-27 07:57:58 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010-11-20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010-05-21 06:28:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-01-09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010-01-09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009-08-28 21:05:32 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-06-04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009-02-05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007-07-24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007-01-04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006-04-14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2006-04-14 10:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006-04-14 10:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005-10-14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\TOJ\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - [2013-05-09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013-05-09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013-05-09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013-05-09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013-05-09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013-05-09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013-05-09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013-05-09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013-03-07 01:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012-05-05 20:12:15 | 000,349,184 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012-05-05 20:12:15 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012-05-05 20:12:15 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012-05-05 20:12:15 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012-05-05 20:12:15 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2012-01-21 14:28:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011-12-07 19:22:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011-09-16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011-09-16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010-11-20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009-12-30 12:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009-11-13 09:47:50 | 000,058,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009-10-05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009-07-28 00:26:00 | 009,791,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-07-14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009-07-14 02:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-06-23 10:27:14 | 000,487,936 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007-04-17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2001-06-22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... nsa_5635zg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_svSE343SE344
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_svSE343SE344&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=euQ92N0O ... RLsToWw?q={searchTerms}
IE - HKCU\..\SearchScopes\{E57F2A3A-7949-4355-A3B6-9EE3ED34F160}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_svSE343SE344
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: dictionary-switcher%40design-noir.de:1.3.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\TOJ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-18 13:42:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-06-08 09:29:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-04-25 18:13:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-06-08 09:29:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-04-25 18:13:41 | 000,000,000 | ---D | M]

[2010-02-05 23:31:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TOJ\AppData\Roaming\mozilla\Extensions
[2013-06-08 09:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TOJ\AppData\Roaming\mozilla\Firefox\Profiles\j7e01a9x.default-1354682357637\extensions
[2013-06-08 09:30:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\TOJ\AppData\Roaming\mozilla\Firefox\Profiles\j7e01a9x.default-1354682357637\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-12-05 07:18:03 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\TOJ\AppData\Roaming\mozilla\Firefox\Profiles\j7e01a9x.default-1354682357637\extensions\dictionary-switcher@design-noir.de
[2013-03-23 21:24:51 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\TOJ\AppData\Roaming\mozilla\Firefox\Profiles\j7e01a9x.default-1354682357637\extensions\en-US@dictionaries.addons.mozilla.org
[2012-12-05 06:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TOJ\AppData\Roaming\mozilla\Firefox\Profiles\omj2hlen.default\extensions
[2012-12-05 06:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TOJ\AppData\Roaming\mozilla\Firefox\Profiles\omj2hlen.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013-05-09 08:35:45 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\TOJ\AppData\Roaming\mozilla\firefox\profiles\j7e01a9x.default-1354682357637\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-06-08 09:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2013-04-11 21:28:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013-04-11 21:28:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013-06-08 09:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\browser\extensions
[2013-06-08 09:29:51 | 000,000,000 | ---D | M] (Default) -- C:\Program\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-05-18 13:42:43 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files\Personal\bin\np_prsnl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\TOJ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Docs = C:\Users\TOJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: avast! Online Security = C:\Users\TOJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0\
CHR - Extension: Gmail = C:\Users\TOJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\TOJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)
O4 - Startup: C:\Users\TOJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\MagicDisc.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 192.168.0.1 195.67.199.24
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27}: NameServer = 80.251.201.177 80.251.201.178
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}: DhcpNameServer = 8.8.8.8 192.168.0.1 195.67.199.24
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Program\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008-05-06 14:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{82e4a43f-9680-11e1-9d53-00238bec4beb}\Shell - "" = AutoRun
O33 - MountPoints2\{82e4a43f-9680-11e1-9d53-00238bec4beb}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{82e4a44f-9680-11e1-9d53-00238bec4beb}\Shell - "" = AutoRun
O33 - MountPoints2\{82e4a44f-9680-11e1-9d53-00238bec4beb}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8cf87d67-b173-11de-971b-00238bec4beb}\Shell - "" = AutoRun
O33 - MountPoints2\{8cf87d67-b173-11de-971b-00238bec4beb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007-10-23 09:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007-10-23 09:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========


========== Files - Modified Within 30 Days ==========

[2013-06-17 18:49:00 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-06-17 18:37:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-17 18:37:56 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-17 16:00:08 | 000,000,273 | ---- | M] () -- C:\Users\TOJ\Desktop\Malware - Trojan Horse Win32Sirefef found in system • MalWare Removal Forum.URL
[2013-06-17 15:52:37 | 000,673,320 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2013-06-17 15:52:37 | 000,662,950 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-06-17 15:52:37 | 000,144,058 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2013-06-17 15:52:37 | 000,124,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-06-17 15:51:07 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-06-15 10:41:22 | 000,019,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-15 10:41:22 | 000,019,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-14 18:02:21 | 000,000,254 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013-06-14 18:01:14 | 2411,929,600 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-05 22:54:00 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013-05-20 21:08:22 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013-05-20 06:33:15 | 317,079,909 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2013-06-17 16:00:08 | 000,000,273 | ---- | C] () -- C:\Users\TOJ\Desktop\Malware - Trojan Horse Win32Sirefef found in system • MalWare Removal Forum.URL
[2013-05-20 21:08:22 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013-05-18 13:43:42 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013-05-18 13:43:40 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012-12-13 21:28:34 | 000,000,017 | ---- | C] () -- C:\Users\TOJ\AppData\Local\resmon.resmoncfg
[2011-07-09 22:11:07 | 000,068,113 | ---- | C] () -- C:\Users\TOJ\AppData\Local\RAContactHistory.xml
[2010-04-01 20:49:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-02-05 23:55:00 | 000,000,254 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009-12-11 21:11:50 | 000,000,125 | ---- | C] () -- C:\Users\TOJ\.java.policy
[2009-10-13 11:37:41 | 000,000,667 | ---- | C] () -- C:\Users\TOJ\.jalbum-recent-projects.properties
[2009-10-13 11:28:51 | 000,000,875 | ---- | C] () -- C:\Users\TOJ\.jalbum-defaults.jap
[2009-10-13 11:28:51 | 000,000,777 | ---- | C] () -- C:\Users\TOJ\.jalbum-ftp-accounts.xml
[2009-09-22 10:02:24 | 000,153,600 | ---- | C] () -- C:\Users\TOJ\AppData\Roaming\SharedSettings.ccs

========== ZeroAccess Check ==========

[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010-10-25 21:06:51 | 000,000,000 | -HSD | M] -- C:\Users\TOJ\AppData\Roaming\.#
[2010-04-01 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\Acer
[2010-02-05 23:31:01 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\Acer GameZone Console
[2010-02-05 23:31:04 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\Agency9
[2011-05-27 08:05:06 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\Autodesk
[2012-11-29 06:32:09 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\Azureus
[2010-02-05 23:31:05 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\Canon
[2010-02-05 23:31:05 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\CoffeeCup Software
[2011-07-24 18:56:29 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\Dropbox
[2010-02-05 23:31:05 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\eSobi
[2010-06-01 17:22:56 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\GARMIN
[2010-08-09 23:20:39 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\Music Recognition
[2010-02-05 23:31:24 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\Notepad++
[2011-07-09 22:10:57 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\PeerNetworking
[2012-12-11 19:34:14 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\Personal
[2010-02-05 23:31:24 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\PlayFirst
[2011-04-17 20:38:09 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\PTC
[2012-04-18 19:45:20 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\Spotify
[2013-03-03 15:51:40 | 000,000,000 | ---D | M] -- C:\Users\TOJ\AppData\Roaming\WinPatrol

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 2013-06-17 18:45:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = I:\Malware Jakt\program filer
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,67% Memory free
5,99 Gb Paging File | 4,64 Gb Available in Paging File | 77,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 125,97 Gb Free Space | 56,52% Space Free | Partition Type: NTFS
Drive E: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 7,47 Gb Total Space | 6,90 Gb Free Space | 92,28% Space Free | Partition Type: FAT32

Computer Name: MAGGIE2 | User Name: TOJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CB55B46-48A3-4419-95EF-C7C65F5DBA72}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{279A4510-C44E-4EF2-80A8-33CA778AC80A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{361BAA5B-F18D-40DE-82FB-3FE4602B79AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4600E6C3-1B8E-46A2-9A0B-8867BD7711DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DB3D386-576C-4081-888E-53F3C7F5CBF4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4E5A247A-E826-48BC-80BE-CA38C3F8E55A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EFB5BD9-3901-40AE-84F3-B24AC4B36F1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78118E1D-0BA5-4B4A-8595-B644A6FDE9AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5496112-E518-4250-B2F0-303AC0B621B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C62AD9BE-0997-4D47-9366-B24D7E97E4F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBB73B97-0412-4599-99F6-6FC0E9A22FC4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04420348-2916-4D67-A856-AD79FDCDD0A1}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{0CE612C2-A2CD-4D28-BF2F-1D1E158EB4C8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0D951B94-D9F6-4361-BF08-CD98A20E7764}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{113BE80F-64BA-4CC1-8C5B-B731078A308B}" = protocol=6 | dir=in | app=c:\users\toj\appdata\local\temp\7zs770a.tmp\symnrt.exe |
"{261D9923-FA4E-482D-96B3-59BCAD285E9F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2BBC9B73-22A4-4F0B-85E0-FE5B6C865025}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{3152DBC2-B71D-4AA8-831A-CEFB53051E6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4236D7FE-BCF5-480C-91C7-8EE721FADD99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{437F0EC9-9559-455A-B774-33EBAA6B4C33}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{616B71D0-F9CB-4AD7-9D97-A0E2499C129F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{755C198A-DB68-421A-ABEE-D16D2ADAA04D}" = protocol=58 | dir=in | app=system |
"{7A9131ED-AED7-4D27-9273-32EF3D03BA21}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{7B068E84-14A7-4F69-95DA-A14BF5DBEF16}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7E83CC1B-A736-4321-9311-DB064C2A4F66}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C7CE881-50BD-4F76-89F5-CFC4C06C06A6}" = protocol=17 | dir=in | app=c:\users\toj\appdata\local\temp\7zs770a.tmp\symnrt.exe |
"{9035F836-9982-4D70-8562-2E020868D91F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{925E37C7-6F50-4159-9C23-62F30926082B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2C47460-D1FE-404C-86B9-B22799B162DA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A98F4B75-E9F8-449D-8245-2E5C5092C48A}" = protocol=17 | dir=in | app=c:\users\toj\appdata\roaming\dropbox\bin\dropbox.exe |
"{C2BBCEA3-84FB-472A-9FE0-D19A31489EE7}" = protocol=6 | dir=out | app=system |
"{D5B3FAE1-C702-4A36-877C-BA01C27BE73A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D9B279C8-056B-42EF-A7C8-87604953B6FF}" = protocol=6 | dir=in | app=c:\users\toj\appdata\roaming\dropbox\bin\dropbox.exe |
"{DCA7C069-5E8A-4BC0-BD9D-EB7F91714693}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4C3DFF3-90D3-49F3-9981-3CB6D53052BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0D6985-0E4C-4B27-A63B-2311F6D6E97B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD36554C-5D55-4D8F-8C6C-FC06BD2FA9C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{18360A3A-CBA8-4F0B-88F5-02EE71CDB232}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{216A3C0A-D6E7-42F5-A2DC-A2689C20A4EF}C:\program files\notepad++\notepad++.exe" = protocol=6 | dir=in | app=c:\program files\notepad++\notepad++.exe |
"TCP Query User{27CF3B9E-86FF-4A79-85A9-FA75DA951296}C:\users\toj\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\toj\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2D6C3E09-5EF1-4CCD-8464-372C70F7B876}C:\program files\proewildfire 4.0\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 4.0\i486_nt\nms\nmsd.exe |
"TCP Query User{35EE091B-7B8C-4896-A1B4-C68225B07753}C:\program files\proewildfire 4.0\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 4.0\i486_nt\obj\pro_comm_msg.exe |
"TCP Query User{427A2783-9ED4-4F6F-89FD-29BABC523510}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{68294907-E941-48C4-8403-84C4FD5F2570}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{82187B9F-EF4B-4602-A9B0-D80B925A9F49}C:\program files\proewildfire 4.0\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proewildfire 4.0\i486_nt\obj\xtop.exe |
"TCP Query User{889E2224-3E85-4761-97A2-47E6A2FE06EA}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{B37B9A79-9970-4874-9176-F0AE7B169ABF}C:\program files\coffeecup software\free ftp\freeftp.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\free ftp\freeftp.exe |
"TCP Query User{C185158F-FEE8-435B-96A1-8710F132BBCA}C:\users\toj\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\toj\appdata\roaming\spotify\spotify.exe |
"UDP Query User{0E568EFB-EF00-431D-AFDE-BAB2AC280944}C:\program files\notepad++\notepad++.exe" = protocol=17 | dir=in | app=c:\program files\notepad++\notepad++.exe |
"UDP Query User{40B177A3-ADB7-4AD8-A4A5-1C497C9704FF}C:\program files\coffeecup software\free ftp\freeftp.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\free ftp\freeftp.exe |
"UDP Query User{460FF283-2DC1-482C-92E0-68485C65A12C}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{530AFE0E-9E12-4B6A-90D8-35381518D625}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{83547215-E986-49F8-9826-7EB3BA006727}C:\program files\proewildfire 4.0\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 4.0\i486_nt\obj\pro_comm_msg.exe |
"UDP Query User{92EA398E-086F-47C2-BE9C-E2C1CBBDCDE5}C:\users\toj\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\toj\appdata\roaming\spotify\spotify.exe |
"UDP Query User{9FA08CF6-2143-4071-8A65-8DDD3FDCB5B5}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{BA556560-F086-4EF2-936E-53F253B37137}C:\users\toj\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\toj\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D4EF7810-5DFC-4379-8FBF-97390A41E0DC}C:\program files\proewildfire 4.0\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 4.0\i486_nt\nms\nmsd.exe |
"UDP Query User{F5097610-B647-440C-A4EA-6F0D6DC9607C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FDD112CA-C0FC-4B42-9DC4-0896A5061A73}C:\program files\proewildfire 4.0\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proewildfire 4.0\i486_nt\obj\xtop.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17F79200-3FDB-4A9F-BE52-3C98EA6C4B66}" = Jalbum
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 39
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EDE9D4A-02A5-4B73-989A-DAB900102044}" = Windows Live Writer
"{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}" = Cisco EAP-FAST Module
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4EE3649E-8ED7-49B3-A16F-E7C91199BC25}" = Windows Live Mail
"{523D8C1B-3309-4F8E-A15B-6C0E8A0B7D72}" = Groundspeak Wherigo Builder
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.2
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5BF90C8E-159F-495A-B637-08831A74AD58}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}" = sentinelsystemdriver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{842DA718-881F-43C6-84A6-8F1EE3C2F714}" = Funtime Gazelle III
"{87F6173E-66E9-4188-9BC9-AD81610ABEE4}" = Microsoft SQL Server Native Client
"{885DE773-CC47-4B94-97A3-C692C9AF1B05}" = Hjälpfiler för installation av Microsoft SQL Server (engelska)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-041D-0000-0000000FF1CE}" = Compatibility Pack för Office 2007-systemet
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{929E7499-4B50-4C7A-8F15-D21E4061E046}" = BankID säkerhetsprogram
"{934B3B19-8193-467A-B356-E73F82647D38}" = Cisco LEAP Module
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FBECAEE-A7BE-42B0-8445-AD92EDD75867}" = Funtime Gazelle III
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC47C0EE-B581-4F3C-96F6-099B2863AC9F}" = Windows Live Photo Gallery
"{AC76BA86-7AD7-1053-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Svenska
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD1449B-DF0C-4118-B76D-68C54009576C}" = Cisco PEAP Module
"{C0CE77E6-3CB9-4C81-8B10-A47E3D716010}" = Microsoft SQL Server VSS-skrivare
"{C60AAF4C-A72C-36E0-8CA4-41FF753D74F6}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack
"{CF4C44DF-F66D-4F69-8215-EE122A96CA60}" = Windows Live inloggningsassistenten
"{D1BA3A1E-3D31-47F0-B0AC-EADA7D5EDBA9}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0455AB9-7681-4CB3-9204-16E957A64CB2}" = Windows Live Essentials
"{E79826E6-752A-4ABD-8CC7-A6908973FE2F}" = Open Disk CleanUp Tools
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FCEA59CC-5A80-4680-9F7F-6E75174E884C}" = Windows Live Messenger
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2DC0AA065FA83047D7ECD51C7000C1620D79A4C5" = Windows-drivrutinspaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"51A4D522DD31538335EF5736F0E7F588C70BCB12" = Windows-drivrutinspaket - FTDI CDM Driver Package (02/17/2009 2.04.16)
"AC3Filter" = AC3Filter (remove only)
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"avast" = avast! Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CoffeeCup Free FTP 4.2" = CoffeeCup Free FTP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy GIF Animator_is1" = Easy GIF Animator 5.21
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FastImageResizer" = FastImageResizer (remove only)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"Ifolor-Baby-Plugin" = ifolor Pärm- och sidmallar för bröllopsböcker
"Ifolor-Designer" = ifolor Designer
"Ifolor-Holiday-Plugin" = ifolor Pärm- och sidmallar för semesterböcker
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - sve" = Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 21.0 (x86 sv-SE)" = Mozilla Firefox 21.0 (x86 sv-SE)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Speccy" = Speccy
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Undelete 360_is1" = Undelete 360
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"VLC media player" = VLC media player 1.0.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013-05-26 14:17:14 | Computer Name = Maggie2 | Source = SideBySide | ID = 16842815
Description = Det gick inte att skapa aktiveringskontext för c:\program files\spybot
- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen
c:\program files\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet
language i elementet assemblyIdentity är felaktigt.

Error - 2013-06-05 15:25:58 | Computer Name = Maggie2 | Source = SideBySide | ID = 16842815
Description = Det gick inte att skapa aktiveringskontext för c:\program files\spybot
- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen
c:\program files\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet
language i elementet assemblyIdentity är felaktigt.

Error - 2013-06-05 18:32:59 | Computer Name = Maggie2 | Source = SideBySide | ID = 16842815
Description = Det gick inte att skapa aktiveringskontext för c:\program files\spybot
- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen
c:\program files\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet
language i elementet assemblyIdentity är felaktigt.

Error - 2013-06-07 13:18:22 | Computer Name = Maggie2 | Source = SideBySide | ID = 16842815
Description = Det gick inte att skapa aktiveringskontext för c:\program files\spybot
- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen
c:\program files\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet
language i elementet assemblyIdentity är felaktigt.

Error - 2013-06-08 03:29:33 | Computer Name = Maggie2 | Source = WinMgmt | ID = 10
Description =

Error - 2013-06-13 13:44:56 | Computer Name = Maggie2 | Source = System Restore | ID = 8193
Description =

Error - 2013-06-14 12:02:37 | Computer Name = Maggie2 | Source = WinMgmt | ID = 10
Description =

Error - 2013-06-15 04:41:17 | Computer Name = Maggie2 | Source = Application Error | ID = 1000
Description = Felet uppstod i programmet med namn: WinPatrol.exe, version 25.6.2012.1,
tidsstämpel 0x505a953f , felet uppstod i modulen med namn: RPCRT4.dll, version 6.1.7601.17514,
tidsstämpel 0x4ce7b9a2 Undantagskod: 0xc0020043 Felförskjutning: 0x000622d3 Process-ID:
0x854 Programmets starttid: 0x01ce691891b03f58 Sökväg till program: C:\Program Files\BillP
Studios\WinPatrol\WinPatrol.exe Sökväg till modul: C:\Windows\system32\RPCRT4.dll
Rapport-ID:
57fd6ba0-d597-11e2-8e3e-00238bec4beb

Error - 2013-06-16 12:33:09 | Computer Name = Maggie2 | Source = SideBySide | ID = 16842785
Description = Det gick inte att skapa aktiveringskontext för C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL.
Den
beroende sammansättningen Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
kunde inte hittas. Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error - 2013-06-17 12:45:38 | Computer Name = Maggie2 | Source = Application Hang | ID = 1002
Description = Programmet OTL.exe, version 3.2.69.0, avslutades eftersom det slutade
att samverka med Windows. Ytterligare information kan finnas i problemhistoriken
på kontrollpanelen för Åtgärdscentret och lösningar. Process-ID: 5ec Starttid: 01ce6b7987bc2130

Avslutningstid:
15 Programsökväg: I:\Malware Jakt\program filer\OTL.exe Rapport-ID:

[ System Events ]
Error - 2013-06-14 12:03:08 | Computer Name = Maggie2 | Source = DCOM | ID = 10016
Description =

Error - 2013-06-15 04:41:17 | Computer Name = Maggie2 | Source = Service Control Manager | ID = 7034
Description = Tjänsten Tjänsten Google Update (gupdate) avslutades oväntat. Detta
har skett 1 gånger.

Error - 2013-06-15 04:41:47 | Computer Name = Maggie2 | Source = DCOM | ID = 10010
Description =

Error - 2013-06-16 10:53:45 | Computer Name = Maggie2 | Source = Disk | ID = 262155
Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk1\DR1.

Error - 2013-06-16 10:53:47 | Computer Name = Maggie2 | Source = Disk | ID = 262155
Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk1\DR1.

Error - 2013-06-17 09:51:18 | Computer Name = Maggie2 | Source = Disk | ID = 262155
Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk1\DR3.

Error - 2013-06-17 09:51:19 | Computer Name = Maggie2 | Source = Disk | ID = 262155
Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk1\DR3.

Error - 2013-06-17 09:51:19 | Computer Name = Maggie2 | Source = Disk | ID = 262155
Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk1\DR3.

Error - 2013-06-17 12:38:59 | Computer Name = Maggie2 | Source = Disk | ID = 262155
Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk1\DR4.

Error - 2013-06-17 12:39:01 | Computer Name = Maggie2 | Source = Disk | ID = 262155
Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk1\DR4.


< End of report >
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Joshen74 » June 17th, 2013, 11:53 pm

05:38:37.0396 5000 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
05:38:37.0708 5000 ============================================================
05:38:37.0708 5000 Current date / time: 2013/06/18 05:38:37.0708
05:38:37.0708 5000 SystemInfo:
05:38:37.0708 5000
05:38:37.0723 5000 OS Version: 6.1.7601 ServicePack: 1.0
05:38:37.0723 5000 Product type: Workstation
05:38:37.0723 5000 ComputerName: MAGGIE2
05:38:37.0723 5000 UserName: TOJ
05:38:37.0723 5000 Windows directory: C:\Windows
05:38:37.0723 5000 System windows directory: C:\Windows
05:38:37.0723 5000 Processor architecture: Intel x86
05:38:37.0723 5000 Number of processors: 2
05:38:37.0723 5000 Page size: 0x1000
05:38:37.0723 5000 Boot type: Normal boot
05:38:37.0723 5000 ============================================================
05:38:38.0223 5000 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
05:38:38.0223 5000 Drive \Device\Harddisk1\DR5 - Size: 0x1DF3FFE00 (7.49 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:38:38.0223 5000 ============================================================
05:38:38.0223 5000 \Device\Harddisk0\DR0:
05:38:38.0223 5000 MBR partitions:
05:38:38.0223 5000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1BDC4800
05:38:38.0223 5000 \Device\Harddisk1\DR5:
05:38:38.0223 5000 MBR partitions:
05:38:38.0223 5000 \Device\Harddisk1\DR5\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
05:38:38.0223 5000 ============================================================
05:38:38.0254 5000 C: <-> \Device\Harddisk0\DR0\Partition1
05:38:38.0254 5000 ============================================================
05:38:38.0254 5000 Initialize success
05:38:38.0254 5000 ============================================================
05:40:23.0554 1156 ============================================================
05:40:23.0554 1156 Scan started
05:40:23.0554 1156 Mode: Manual; SigCheck;
05:40:23.0554 1156 ============================================================
05:40:24.0116 1156 ================ Scan system memory ========================
05:40:24.0116 1156 System memory - ok
05:40:24.0116 1156 ================ Scan services =============================
05:40:24.0396 1156 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
05:40:24.0490 1156 1394ohci - ok
05:40:24.0537 1156 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
05:40:24.0552 1156 ACPI - ok
05:40:24.0615 1156 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
05:40:24.0630 1156 AcpiPmi - ok
05:40:24.0771 1156 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
05:40:24.0802 1156 AdobeARMservice - ok
05:40:24.0880 1156 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
05:40:24.0896 1156 AdobeFlashPlayerUpdateSvc - ok
05:40:24.0958 1156 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
05:40:24.0974 1156 adp94xx - ok
05:40:25.0005 1156 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
05:40:25.0020 1156 adpahci - ok
05:40:25.0052 1156 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
05:40:25.0067 1156 adpu320 - ok
05:40:25.0114 1156 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
05:40:25.0130 1156 AeLookupSvc - ok
05:40:25.0192 1156 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
05:40:25.0223 1156 AFD - ok
05:40:25.0270 1156 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
05:40:25.0286 1156 agp440 - ok
05:40:25.0332 1156 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
05:40:25.0348 1156 aic78xx - ok
05:40:25.0395 1156 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
05:40:25.0410 1156 ALG - ok
05:40:25.0442 1156 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
05:40:25.0457 1156 aliide - ok
05:40:25.0488 1156 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
05:40:25.0504 1156 amdagp - ok
05:40:25.0551 1156 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
05:40:25.0566 1156 amdide - ok
05:40:25.0629 1156 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
05:40:25.0660 1156 AmdK8 - ok
05:40:25.0676 1156 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
05:40:25.0691 1156 AmdPPM - ok
05:40:25.0738 1156 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
05:40:25.0754 1156 amdsata - ok
05:40:25.0785 1156 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
05:40:25.0800 1156 amdsbs - ok
05:40:25.0832 1156 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
05:40:25.0847 1156 amdxata - ok
05:40:25.0894 1156 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
05:40:25.0925 1156 AppID - ok
05:40:25.0972 1156 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
05:40:26.0034 1156 AppIDSvc - ok
05:40:26.0066 1156 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
05:40:26.0097 1156 Appinfo - ok
05:40:26.0175 1156 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
05:40:26.0206 1156 Apple Mobile Device - ok
05:40:26.0253 1156 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
05:40:26.0284 1156 arc - ok
05:40:26.0300 1156 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
05:40:26.0315 1156 arcsas - ok
05:40:26.0378 1156 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
05:40:26.0409 1156 aswFsBlk - ok
05:40:26.0440 1156 [ 4691B3FE3717F9D9C64A5282C8543D4D ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
05:40:26.0456 1156 aswKbd - ok
05:40:26.0502 1156 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
05:40:26.0518 1156 aswMonFlt - ok
05:40:26.0534 1156 [ FFE9A993B3EC2908FECB1DF2C39148BB ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
05:40:26.0549 1156 aswRdr - ok
05:40:26.0596 1156 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
05:40:26.0612 1156 aswRvrt - ok
05:40:26.0658 1156 [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
05:40:26.0690 1156 aswSnx - ok
05:40:26.0752 1156 [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP C:\Windows\system32\drivers\aswSP.sys
05:40:26.0768 1156 aswSP - ok
05:40:26.0799 1156 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
05:40:26.0814 1156 aswTdi - ok
05:40:26.0877 1156 [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
05:40:26.0908 1156 aswVmm - ok
05:40:26.0939 1156 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
05:40:26.0970 1156 AsyncMac - ok
05:40:27.0033 1156 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
05:40:27.0048 1156 atapi - ok
05:40:27.0126 1156 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
05:40:27.0158 1156 athr - ok
05:40:27.0220 1156 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
05:40:27.0267 1156 AudioEndpointBuilder - ok
05:40:27.0282 1156 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
05:40:27.0314 1156 Audiosrv - ok
05:40:27.0392 1156 [ 32A5DEFDDC3562BF89D73586F5915B34 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
05:40:27.0423 1156 Autodesk Licensing Service - ok
05:40:27.0516 1156 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
05:40:27.0532 1156 avast! Antivirus - ok
05:40:27.0610 1156 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
05:40:27.0626 1156 AxInstSV - ok
05:40:27.0672 1156 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
05:40:27.0719 1156 b06bdrv - ok
05:40:27.0750 1156 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
05:40:27.0766 1156 b57nd60x - ok
05:40:27.0813 1156 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
05:40:27.0844 1156 BDESVC - ok
05:40:27.0875 1156 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
05:40:27.0922 1156 Beep - ok
05:40:27.0969 1156 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
05:40:28.0016 1156 BFE - ok
05:40:28.0062 1156 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
05:40:28.0109 1156 BITS - ok
05:40:28.0140 1156 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
05:40:28.0156 1156 blbdrive - ok
05:40:28.0218 1156 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
05:40:28.0250 1156 Bonjour Service - ok
05:40:28.0281 1156 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
05:40:28.0296 1156 bowser - ok
05:40:28.0328 1156 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
05:40:28.0343 1156 BrFiltLo - ok
05:40:28.0374 1156 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
05:40:28.0406 1156 BrFiltUp - ok
05:40:28.0452 1156 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
05:40:28.0468 1156 Browser - ok
05:40:28.0499 1156 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
05:40:28.0515 1156 Brserid - ok
05:40:28.0530 1156 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
05:40:28.0562 1156 BrSerWdm - ok
05:40:28.0562 1156 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
05:40:28.0593 1156 BrUsbMdm - ok
05:40:28.0593 1156 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
05:40:28.0624 1156 BrUsbSer - ok
05:40:28.0624 1156 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
05:40:28.0655 1156 BTHMODEM - ok
05:40:28.0718 1156 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
05:40:28.0780 1156 bthserv - ok
05:40:28.0827 1156 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
05:40:28.0858 1156 cdfs - ok
05:40:28.0920 1156 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
05:40:28.0952 1156 cdrom - ok
05:40:29.0014 1156 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
05:40:29.0061 1156 CertPropSvc - ok
05:40:29.0076 1156 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
05:40:29.0092 1156 circlass - ok
05:40:29.0139 1156 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
05:40:29.0154 1156 CLFS - ok
05:40:29.0279 1156 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:40:29.0295 1156 clr_optimization_v2.0.50727_32 - ok
05:40:29.0373 1156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:40:29.0404 1156 clr_optimization_v4.0.30319_32 - ok
05:40:29.0451 1156 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
05:40:29.0482 1156 CmBatt - ok
05:40:29.0498 1156 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
05:40:29.0513 1156 cmdide - ok
05:40:29.0560 1156 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
05:40:29.0591 1156 CNG - ok
05:40:29.0638 1156 [ 2FBEA8AAAD105B93F1EF93F206664245 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
05:40:29.0654 1156 CnxtHdAudService - ok
05:40:29.0716 1156 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
05:40:29.0732 1156 Compbatt - ok
05:40:29.0794 1156 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
05:40:29.0825 1156 CompositeBus - ok
05:40:29.0841 1156 COMSysApp - ok
05:40:29.0856 1156 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
05:40:29.0872 1156 crcdisk - ok
05:40:29.0934 1156 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
05:40:29.0966 1156 CryptSvc - ok
05:40:30.0012 1156 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
05:40:30.0044 1156 DcomLaunch - ok
05:40:30.0090 1156 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
05:40:30.0122 1156 defragsvc - ok
05:40:30.0184 1156 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
05:40:30.0215 1156 DfsC - ok
05:40:30.0262 1156 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
05:40:30.0278 1156 Dhcp - ok
05:40:30.0324 1156 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
05:40:30.0371 1156 discache - ok
05:40:30.0418 1156 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
05:40:30.0434 1156 Disk - ok
05:40:30.0480 1156 [ C701324C9E0C25DD9D60311BD87FBC84 ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
05:40:30.0496 1156 DKbFltr - ok
05:40:30.0527 1156 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
05:40:30.0558 1156 Dnscache - ok
05:40:30.0590 1156 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
05:40:30.0636 1156 dot3svc - ok
05:40:30.0668 1156 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
05:40:30.0730 1156 DPS - ok
05:40:30.0777 1156 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
05:40:30.0808 1156 drmkaud - ok
05:40:30.0839 1156 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
05:40:30.0870 1156 DXGKrnl - ok
05:40:30.0917 1156 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
05:40:30.0948 1156 EapHost - ok
05:40:31.0073 1156 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
05:40:31.0182 1156 ebdrv - ok
05:40:31.0229 1156 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
05:40:31.0245 1156 EFS - ok
05:40:31.0354 1156 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
05:40:31.0385 1156 ehRecvr - ok
05:40:31.0416 1156 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
05:40:31.0448 1156 ehSched - ok
05:40:31.0494 1156 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
05:40:31.0526 1156 elxstor - ok
05:40:31.0619 1156 [ DBF61970B07BE81A19F9CC0F5B28F8AF ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
05:40:31.0650 1156 ePowerSvc - ok
05:40:31.0697 1156 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
05:40:31.0713 1156 ErrDev - ok
05:40:31.0791 1156 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
05:40:31.0822 1156 EventSystem - ok
05:40:31.0884 1156 [ 58C54CF72D1B8518A14695B46CA26C90 ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
05:40:31.0916 1156 ewusbmbb - ok
05:40:31.0947 1156 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
05:40:31.0978 1156 ew_hwusbdev - ok
05:40:31.0994 1156 [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
05:40:32.0025 1156 ew_usbenumfilter - ok
05:40:32.0072 1156 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
05:40:32.0118 1156 exfat - ok
05:40:32.0134 1156 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
05:40:32.0165 1156 fastfat - ok
05:40:32.0228 1156 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
05:40:32.0243 1156 Fax - ok
05:40:32.0290 1156 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
05:40:32.0306 1156 fdc - ok
05:40:32.0352 1156 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
05:40:32.0384 1156 fdPHost - ok
05:40:32.0415 1156 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
05:40:32.0446 1156 FDResPub - ok
05:40:32.0446 1156 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
05:40:32.0477 1156 FileInfo - ok
05:40:32.0493 1156 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
05:40:32.0524 1156 Filetrace - ok
05:40:32.0571 1156 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
05:40:32.0602 1156 flpydisk - ok
05:40:32.0633 1156 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
05:40:32.0649 1156 FltMgr - ok
05:40:32.0711 1156 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
05:40:32.0742 1156 FontCache - ok
05:40:32.0820 1156 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
05:40:32.0852 1156 FontCache3.0.0.0 - ok
05:40:32.0883 1156 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
05:40:32.0898 1156 FsDepends - ok
05:40:32.0930 1156 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
05:40:32.0945 1156 Fs_Rec - ok
05:40:32.0992 1156 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
05:40:33.0023 1156 fvevol - ok
05:40:33.0054 1156 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
05:40:33.0070 1156 gagp30kx - ok
05:40:33.0164 1156 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
05:40:33.0179 1156 GoogleDesktopManager-051210-111108 - ok
05:40:33.0226 1156 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
05:40:33.0288 1156 gpsvc - ok
05:40:33.0366 1156 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
05:40:33.0382 1156 gupdate - ok
05:40:33.0398 1156 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
05:40:33.0413 1156 gupdatem - ok
05:40:33.0444 1156 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
05:40:33.0460 1156 gusvc - ok
05:40:33.0522 1156 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
05:40:33.0538 1156 hcw85cir - ok
05:40:33.0585 1156 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
05:40:33.0600 1156 HDAudBus - ok
05:40:33.0616 1156 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
05:40:33.0647 1156 HidBatt - ok
05:40:33.0663 1156 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
05:40:33.0694 1156 HidBth - ok
05:40:33.0725 1156 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
05:40:33.0741 1156 HidIr - ok
05:40:33.0772 1156 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
05:40:33.0803 1156 hidserv - ok
05:40:33.0834 1156 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
05:40:33.0850 1156 HidUsb - ok
05:40:33.0897 1156 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
05:40:33.0944 1156 hkmsvc - ok
05:40:33.0959 1156 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
05:40:33.0975 1156 HomeGroupListener - ok
05:40:34.0022 1156 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
05:40:34.0053 1156 HomeGroupProvider - ok
05:40:34.0115 1156 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
05:40:34.0131 1156 HpSAMD - ok
05:40:34.0193 1156 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
05:40:34.0240 1156 HTTP - ok
05:40:34.0287 1156 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
05:40:34.0318 1156 huawei_enumerator - ok
05:40:34.0334 1156 [ B50E1D8627354BA8E4DF83470F1272C8 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
05:40:34.0365 1156 hwdatacard - ok
05:40:34.0458 1156 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe
05:40:34.0474 1156 HWDeviceService.exe - ok
05:40:34.0521 1156 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
05:40:34.0536 1156 hwpolicy - ok
05:40:34.0599 1156 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
05:40:34.0614 1156 i8042prt - ok
05:40:34.0677 1156 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
05:40:34.0708 1156 IAANTMON - ok
05:40:34.0755 1156 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
05:40:34.0770 1156 iaStor - ok
05:40:34.0802 1156 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
05:40:34.0817 1156 iaStorV - ok
05:40:34.0895 1156 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:40:34.0958 1156 idsvc - ok
05:40:35.0004 1156 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
05:40:35.0036 1156 iirsp - ok
05:40:35.0082 1156 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
05:40:35.0145 1156 IKEEXT - ok
05:40:35.0176 1156 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
05:40:35.0192 1156 intelide - ok
05:40:35.0238 1156 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
05:40:35.0254 1156 intelppm - ok
05:40:35.0316 1156 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
05:40:35.0348 1156 IPBusEnum - ok
05:40:35.0363 1156 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:40:35.0394 1156 IpFilterDriver - ok
05:40:35.0472 1156 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
05:40:35.0488 1156 iphlpsvc - ok
05:40:35.0535 1156 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
05:40:35.0550 1156 IPMIDRV - ok
05:40:35.0597 1156 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
05:40:35.0628 1156 IPNAT - ok
05:40:35.0660 1156 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
05:40:35.0675 1156 IRENUM - ok
05:40:35.0706 1156 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
05:40:35.0722 1156 isapnp - ok
05:40:35.0753 1156 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
05:40:35.0784 1156 iScsiPrt - ok
05:40:35.0831 1156 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
05:40:35.0847 1156 IviRegMgr - ok
05:40:35.0894 1156 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
05:40:35.0925 1156 kbdclass - ok
05:40:35.0972 1156 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
05:40:35.0987 1156 kbdhid - ok
05:40:36.0003 1156 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
05:40:36.0034 1156 KeyIso - ok
05:40:36.0065 1156 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
05:40:36.0081 1156 KSecDD - ok
05:40:36.0096 1156 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
05:40:36.0112 1156 KSecPkg - ok
05:40:36.0159 1156 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
05:40:36.0206 1156 KtmRm - ok
05:40:36.0252 1156 [ 3705B2273E8EFC9A707864AB7324B614 ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
05:40:36.0268 1156 L1C - ok
05:40:36.0330 1156 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
05:40:36.0377 1156 LanmanServer - ok
05:40:36.0408 1156 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
05:40:36.0440 1156 LanmanWorkstation - ok
05:40:36.0502 1156 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
05:40:36.0549 1156 lltdio - ok
05:40:36.0596 1156 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
05:40:36.0642 1156 lltdsvc - ok
05:40:36.0642 1156 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
05:40:36.0674 1156 lmhosts - ok
05:40:36.0752 1156 [ BEDA81549FCE5FE29FAE11DD9A616541 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
05:40:36.0783 1156 LMIGuardianSvc - ok
05:40:36.0798 1156 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
05:40:36.0814 1156 LMIInfo - ok
05:40:36.0830 1156 [ 47D56618AFCDF08C4F154B57BD70BC61 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
05:40:36.0845 1156 LMIMaint - ok
05:40:36.0861 1156 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
05:40:36.0876 1156 lmimirr - ok
05:40:36.0892 1156 LMIRfsClientNP - ok
05:40:36.0923 1156 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
05:40:36.0939 1156 LMIRfsDriver - ok
05:40:36.0954 1156 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
05:40:36.0986 1156 LogMeIn - ok
05:40:37.0017 1156 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
05:40:37.0032 1156 LSI_FC - ok
05:40:37.0064 1156 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
05:40:37.0079 1156 LSI_SAS - ok
05:40:37.0110 1156 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
05:40:37.0126 1156 LSI_SAS2 - ok
05:40:37.0142 1156 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
05:40:37.0157 1156 LSI_SCSI - ok
05:40:37.0188 1156 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
05:40:37.0220 1156 luafv - ok
05:40:37.0235 1156 mcdbus - ok
05:40:37.0298 1156 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
05:40:37.0313 1156 Mcx2Svc - ok
05:40:37.0344 1156 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
05:40:37.0360 1156 megasas - ok
05:40:37.0391 1156 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
05:40:37.0407 1156 MegaSR - ok
05:40:37.0438 1156 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
05:40:37.0469 1156 MMCSS - ok
05:40:37.0578 1156 [ 1CE0621B591913C12BECAA5B50E88BB2 ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
05:40:37.0610 1156 Mobile Partner. RunOuc - ok
05:40:37.0625 1156 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
05:40:37.0656 1156 Modem - ok
05:40:37.0703 1156 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
05:40:37.0734 1156 monitor - ok
05:40:37.0766 1156 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
05:40:37.0797 1156 mouclass - ok
05:40:37.0812 1156 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
05:40:37.0844 1156 mouhid - ok
05:40:37.0875 1156 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
05:40:37.0890 1156 mountmgr - ok
05:40:37.0953 1156 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
05:40:37.0968 1156 MozillaMaintenance - ok
05:40:38.0031 1156 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
05:40:38.0046 1156 mpio - ok
05:40:38.0078 1156 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
05:40:38.0124 1156 mpsdrv - ok
05:40:38.0187 1156 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
05:40:38.0234 1156 MpsSvc - ok
05:40:38.0280 1156 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
05:40:38.0296 1156 MRxDAV - ok
05:40:38.0358 1156 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
05:40:38.0390 1156 mrxsmb - ok
05:40:38.0436 1156 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:40:38.0452 1156 mrxsmb10 - ok
05:40:38.0468 1156 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:40:38.0483 1156 mrxsmb20 - ok
05:40:38.0530 1156 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
05:40:38.0561 1156 msahci - ok
05:40:38.0608 1156 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
05:40:38.0624 1156 msdsm - ok
05:40:38.0670 1156 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
05:40:38.0702 1156 MSDTC - ok
05:40:38.0764 1156 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
05:40:38.0811 1156 Msfs - ok
05:40:38.0826 1156 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
05:40:38.0858 1156 mshidkmdf - ok
05:40:38.0889 1156 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
05:40:38.0904 1156 msisadrv - ok
05:40:38.0951 1156 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
05:40:38.0982 1156 MSiSCSI - ok
05:40:38.0982 1156 msiserver - ok
05:40:39.0014 1156 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
05:40:39.0060 1156 MSKSSRV - ok
05:40:39.0060 1156 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
05:40:39.0107 1156 MSPCLOCK - ok
05:40:39.0123 1156 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
05:40:39.0170 1156 MSPQM - ok
05:40:39.0201 1156 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
05:40:39.0216 1156 MsRPC - ok
05:40:39.0279 1156 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
05:40:39.0294 1156 mssmbios - ok
05:40:39.0357 1156 MSSQL$MSSMLBIZ - ok
05:40:39.0388 1156 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
05:40:39.0404 1156 MSSQLServerADHelper - ok
05:40:39.0450 1156 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
05:40:39.0513 1156 MSTEE - ok
05:40:39.0513 1156 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
05:40:39.0528 1156 MTConfig - ok
05:40:39.0560 1156 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
05:40:39.0575 1156 Mup - ok
05:40:39.0622 1156 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
05:40:39.0684 1156 napagent - ok
05:40:39.0716 1156 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
05:40:39.0747 1156 NativeWifiP - ok
05:40:39.0778 1156 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
05:40:39.0809 1156 NDIS - ok
05:40:39.0856 1156 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
05:40:39.0887 1156 NdisCap - ok
05:40:39.0903 1156 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
05:40:39.0934 1156 NdisTapi - ok
05:40:39.0996 1156 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
05:40:40.0028 1156 Ndisuio - ok
05:40:40.0059 1156 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
05:40:40.0106 1156 NdisWan - ok
05:40:40.0152 1156 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
05:40:40.0184 1156 NDProxy - ok
05:40:40.0215 1156 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
05:40:40.0262 1156 NetBIOS - ok
05:40:40.0308 1156 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
05:40:40.0355 1156 NetBT - ok
05:40:40.0371 1156 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
05:40:40.0386 1156 Netlogon - ok
05:40:40.0449 1156 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
05:40:40.0496 1156 Netman - ok
05:40:40.0527 1156 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
05:40:40.0574 1156 netprofm - ok
05:40:40.0605 1156 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:40:40.0620 1156 NetTcpPortSharing - ok
05:40:40.0652 1156 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
05:40:40.0683 1156 nfrd960 - ok
05:40:40.0730 1156 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
05:40:40.0761 1156 NlaSvc - ok
05:40:40.0776 1156 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
05:40:40.0808 1156 Npfs - ok
05:40:40.0839 1156 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
05:40:40.0901 1156 nsi - ok
05:40:40.0917 1156 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
05:40:40.0948 1156 nsiproxy - ok
05:40:41.0010 1156 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
05:40:41.0057 1156 Ntfs - ok
05:40:41.0135 1156 [ 973DCB15731339FCA176E534055CF115 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
05:40:41.0151 1156 NTIBackupSvc - ok
05:40:41.0182 1156 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
05:40:41.0198 1156 NTIDrvr - ok
05:40:41.0213 1156 [ 58751F9248D50BCE1053976C9E2F0859 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
05:40:41.0229 1156 NTISchedulerSvc - ok
05:40:41.0260 1156 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
05:40:41.0291 1156 Null - ok
05:40:41.0541 1156 [ 9A55250A7EDC9EA12DC3495F5E9F8703 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
05:40:41.0681 1156 nvlddmkm - ok
05:40:41.0806 1156 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
05:40:41.0837 1156 nvraid - ok
05:40:41.0868 1156 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
05:40:41.0884 1156 nvstor - ok
05:40:41.0900 1156 [ A52F94B75368B0C22A4E38334E2EFB4B ] nvsvc C:\Windows\system32\nvvsvc.exe
05:40:41.0931 1156 nvsvc - ok
05:40:41.0962 1156 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
05:40:41.0978 1156 nv_agp - ok
05:40:42.0024 1156 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
05:40:42.0040 1156 ohci1394 - ok
05:40:42.0102 1156 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:40:42.0134 1156 ose - ok
05:40:42.0290 1156 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
05:40:42.0477 1156 osppsvc - ok
05:40:42.0524 1156 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
05:40:42.0555 1156 p2pimsvc - ok
05:40:42.0586 1156 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
05:40:42.0617 1156 p2psvc - ok
05:40:42.0648 1156 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
05:40:42.0664 1156 Parport - ok
05:40:42.0711 1156 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
05:40:42.0742 1156 partmgr - ok
05:40:42.0758 1156 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
05:40:42.0773 1156 Parvdm - ok
05:40:42.0820 1156 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
05:40:42.0836 1156 PcaSvc - ok
05:40:42.0898 1156 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
05:40:42.0929 1156 pci - ok
05:40:42.0945 1156 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
05:40:42.0960 1156 pciide - ok
05:40:42.0992 1156 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
05:40:43.0023 1156 pcmcia - ok
05:40:43.0023 1156 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
05:40:43.0054 1156 pcw - ok
05:40:43.0085 1156 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
05:40:43.0132 1156 PEAUTH - ok
05:40:43.0241 1156 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
05:40:43.0304 1156 pla - ok
05:40:43.0350 1156 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
05:40:43.0397 1156 PlugPlay - ok
05:40:43.0428 1156 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
05:40:43.0460 1156 PNRPAutoReg - ok
05:40:43.0491 1156 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
05:40:43.0522 1156 PNRPsvc - ok
05:40:43.0553 1156 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
05:40:43.0600 1156 PolicyAgent - ok
05:40:43.0647 1156 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
05:40:43.0694 1156 Power - ok
05:40:43.0740 1156 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
05:40:43.0787 1156 PptpMiniport - ok
05:40:43.0803 1156 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
05:40:43.0818 1156 Processor - ok
05:40:43.0865 1156 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
05:40:43.0881 1156 ProfSvc - ok
05:40:43.0896 1156 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
05:40:43.0912 1156 ProtectedStorage - ok
05:40:43.0943 1156 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
05:40:43.0974 1156 Psched - ok
05:40:44.0037 1156 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
05:40:44.0052 1156 PSI_SVC_2 - ok
05:40:44.0115 1156 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
05:40:44.0162 1156 ql2300 - ok
05:40:44.0177 1156 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
05:40:44.0208 1156 ql40xx - ok
05:40:44.0240 1156 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
05:40:44.0286 1156 QWAVE - ok
05:40:44.0333 1156 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
05:40:44.0364 1156 QWAVEdrv - ok
05:40:44.0380 1156 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
05:40:44.0427 1156 RasAcd - ok
05:40:44.0474 1156 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
05:40:44.0520 1156 RasAgileVpn - ok
05:40:44.0536 1156 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
05:40:44.0583 1156 RasAuto - ok
05:40:44.0583 1156 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
05:40:44.0630 1156 Rasl2tp - ok
05:40:44.0676 1156 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
05:40:44.0739 1156 RasMan - ok
05:40:44.0770 1156 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
05:40:44.0801 1156 RasPppoe - ok
05:40:44.0848 1156 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
05:40:44.0879 1156 RasSstp - ok
05:40:44.0895 1156 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
05:40:44.0926 1156 rdbss - ok
05:40:44.0942 1156 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
05:40:44.0973 1156 rdpbus - ok
05:40:45.0004 1156 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
05:40:45.0035 1156 RDPCDD - ok
05:40:45.0051 1156 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
05:40:45.0098 1156 RDPENCDD - ok
05:40:45.0113 1156 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
05:40:45.0144 1156 RDPREFMP - ok
05:40:45.0176 1156 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
05:40:45.0191 1156 RDPWD - ok
05:40:45.0238 1156 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
05:40:45.0269 1156 rdyboost - ok
05:40:45.0300 1156 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
05:40:45.0316 1156 regi - ok
05:40:45.0347 1156 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
05:40:45.0378 1156 RemoteAccess - ok
05:40:45.0425 1156 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
05:40:45.0488 1156 RemoteRegistry - ok
05:40:45.0519 1156 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
05:40:45.0534 1156 Revoflt - ok
05:40:45.0550 1156 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
05:40:45.0597 1156 RpcEptMapper - ok
05:40:45.0644 1156 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
05:40:45.0659 1156 RpcLocator - ok
05:40:45.0690 1156 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
05:40:45.0722 1156 RpcSs - ok
05:40:45.0784 1156 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
05:40:45.0846 1156 rspndr - ok
05:40:45.0909 1156 [ 8E250687E5F020CD337CC9D8252C0B56 ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
05:40:45.0924 1156 RS_Service ( UnsignedFile.Multi.Generic ) - warning
05:40:45.0924 1156 RS_Service - detected UnsignedFile.Multi.Generic (1)
05:40:45.0971 1156 [ 05FF3C3100F163558E37D0A975BEF05C ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
05:40:46.0002 1156 RTSTOR - ok
05:40:46.0018 1156 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
05:40:46.0034 1156 SamSs - ok
05:40:46.0096 1156 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
05:40:46.0112 1156 sbp2port - ok
05:40:46.0158 1156 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
05:40:46.0205 1156 SCardSvr - ok
05:40:46.0221 1156 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
05:40:46.0252 1156 scfilter - ok
05:40:46.0299 1156 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
05:40:46.0346 1156 Schedule - ok
05:40:46.0392 1156 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
05:40:46.0424 1156 SCPolicySvc - ok
05:40:46.0470 1156 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
05:40:46.0502 1156 SDRSVC - ok
05:40:46.0533 1156 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
05:40:46.0564 1156 secdrv - ok
05:40:46.0595 1156 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
05:40:46.0642 1156 seclogon - ok
05:40:46.0673 1156 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
05:40:46.0704 1156 SENS - ok
05:40:46.0736 1156 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
05:40:46.0767 1156 SensrSvc - ok
05:40:46.0798 1156 [ 8627C992B8A80504FC477B2E8FF8EC4F ] Sentinel C:\Windows\System32\Drivers\SENTINEL.SYS
05:40:46.0814 1156 Sentinel ( UnsignedFile.Multi.Generic ) - warning
05:40:46.0814 1156 Sentinel - detected UnsignedFile.Multi.Generic (1)
05:40:46.0829 1156 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
05:40:46.0845 1156 Serenum - ok
05:40:46.0892 1156 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
05:40:46.0907 1156 Serial - ok
05:40:46.0970 1156 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
05:40:47.0001 1156 sermouse - ok
05:40:47.0063 1156 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
05:40:47.0094 1156 SessionEnv - ok
05:40:47.0126 1156 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
05:40:47.0141 1156 sffdisk - ok
05:40:47.0157 1156 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
05:40:47.0172 1156 sffp_mmc - ok
05:40:47.0188 1156 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
05:40:47.0204 1156 sffp_sd - ok
05:40:47.0250 1156 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
05:40:47.0266 1156 sfloppy - ok
05:40:47.0328 1156 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
05:40:47.0375 1156 SharedAccess - ok
05:40:47.0422 1156 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
05:40:47.0469 1156 ShellHWDetection - ok
05:40:47.0516 1156 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
05:40:47.0531 1156 sisagp - ok
05:40:47.0594 1156 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
05:40:47.0609 1156 SiSRaid2 - ok
05:40:47.0625 1156 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
05:40:47.0656 1156 SiSRaid4 - ok
05:40:47.0672 1156 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
05:40:47.0703 1156 Smb - ok
05:40:47.0750 1156 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
05:40:47.0781 1156 SNMPTRAP - ok
05:40:47.0812 1156 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
05:40:47.0828 1156 spldr - ok
05:40:47.0890 1156 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
05:40:47.0937 1156 Spooler - ok
05:40:48.0046 1156 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
05:40:48.0171 1156 sppsvc - ok
05:40:48.0218 1156 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
05:40:48.0280 1156 sppuinotify - ok
05:40:48.0374 1156 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
05:40:48.0374 1156 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
05:40:48.0374 1156 sptd ( LockedFile.Multi.Generic ) - warning
05:40:48.0374 1156 sptd - detected LockedFile.Multi.Generic (1)
05:40:48.0389 1156 [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
05:40:48.0405 1156 SQLBrowser - ok
05:40:48.0436 1156 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
05:40:48.0452 1156 SQLWriter - ok
05:40:48.0498 1156 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
05:40:48.0514 1156 srv - ok
05:40:48.0576 1156 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
05:40:48.0592 1156 srv2 - ok
05:40:48.0608 1156 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
05:40:48.0623 1156 srvnet - ok
05:40:48.0670 1156 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
05:40:48.0717 1156 SSDPSRV - ok
05:40:48.0717 1156 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
05:40:48.0764 1156 SstpSvc - ok
05:40:48.0810 1156 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
05:40:48.0826 1156 stexstor - ok
05:40:48.0904 1156 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
05:40:48.0935 1156 StiSvc - ok
05:40:48.0966 1156 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
05:40:48.0982 1156 swenum - ok
05:40:49.0029 1156 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
05:40:49.0091 1156 swprv - ok
05:40:49.0138 1156 [ 60CD166AE4261920B4008A1A114AE97C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
05:40:49.0154 1156 SynTP - ok
05:40:49.0200 1156 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
05:40:49.0263 1156 SysMain - ok
05:40:49.0294 1156 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
05:40:49.0341 1156 TabletInputService - ok
05:40:49.0388 1156 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
05:40:49.0419 1156 TapiSrv - ok
05:40:49.0466 1156 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
05:40:49.0497 1156 TBS - ok
05:40:49.0559 1156 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
05:40:49.0606 1156 Tcpip - ok
05:40:49.0668 1156 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
05:40:49.0715 1156 TCPIP6 - ok
05:40:49.0778 1156 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
05:40:49.0793 1156 tcpipreg - ok
05:40:49.0824 1156 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
05:40:49.0840 1156 TDPIPE - ok
05:40:49.0887 1156 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
05:40:49.0902 1156 TDTCP - ok
05:40:49.0934 1156 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
05:40:49.0965 1156 tdx - ok
05:40:50.0012 1156 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
05:40:50.0043 1156 TermDD - ok
05:40:50.0090 1156 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
05:40:50.0136 1156 TermService - ok
05:40:50.0168 1156 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
05:40:50.0183 1156 Themes - ok
05:40:50.0199 1156 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
05:40:50.0230 1156 THREADORDER - ok
05:40:50.0261 1156 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
05:40:50.0308 1156 TrkWks - ok
05:40:50.0370 1156 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
05:40:50.0417 1156 TrustedInstaller - ok
05:40:50.0433 1156 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
05:40:50.0480 1156 tssecsrv - ok
05:40:50.0526 1156 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
05:40:50.0542 1156 TsUsbFlt - ok
05:40:50.0604 1156 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
05:40:50.0651 1156 tunnel - ok
05:40:50.0682 1156 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
05:40:50.0698 1156 uagp35 - ok
05:40:50.0729 1156 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
05:40:50.0745 1156 UBHelper - ok
05:40:50.0792 1156 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
05:40:50.0838 1156 udfs - ok
05:40:50.0885 1156 ugiipqd - ok
05:40:50.0932 1156 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
05:40:50.0963 1156 UI0Detect - ok
05:40:51.0010 1156 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
05:40:51.0026 1156 uliagpkx - ok
05:40:51.0072 1156 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
05:40:51.0104 1156 umbus - ok
05:40:51.0150 1156 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
05:40:51.0182 1156 UmPass - ok
05:40:51.0213 1156 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
05:40:51.0260 1156 upnphost - ok
05:40:51.0275 1156 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
05:40:51.0306 1156 usbccgp - ok
05:40:51.0338 1156 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
05:40:51.0353 1156 usbcir - ok
05:40:51.0400 1156 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
05:40:51.0416 1156 usbehci - ok
05:40:51.0447 1156 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
05:40:51.0478 1156 usbhub - ok
05:40:51.0494 1156 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
05:40:51.0509 1156 usbohci - ok
05:40:51.0556 1156 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
05:40:51.0587 1156 usbprint - ok
05:40:51.0603 1156 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:40:51.0618 1156 USBSTOR - ok
05:40:51.0665 1156 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
05:40:51.0696 1156 usbuhci - ok
05:40:51.0743 1156 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
05:40:51.0774 1156 usbvideo - ok
05:40:51.0806 1156 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
05:40:51.0852 1156 UxSms - ok
05:40:51.0868 1156 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
05:40:51.0884 1156 VaultSvc - ok
05:40:51.0930 1156 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
05:40:51.0962 1156 vdrvroot - ok
05:40:51.0993 1156 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
05:40:52.0040 1156 vds - ok
05:40:52.0071 1156 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
05:40:52.0102 1156 vga - ok
05:40:52.0118 1156 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
05:40:52.0149 1156 VgaSave - ok
05:40:52.0196 1156 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
05:40:52.0211 1156 vhdmp - ok
05:40:52.0274 1156 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
05:40:52.0289 1156 viaagp - ok
05:40:52.0305 1156 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
05:40:52.0320 1156 ViaC7 - ok
05:40:52.0352 1156 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
05:40:52.0367 1156 viaide - ok
05:40:52.0383 1156 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
05:40:52.0398 1156 volmgr - ok
05:40:52.0445 1156 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
05:40:52.0461 1156 volmgrx - ok
05:40:52.0492 1156 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
05:40:52.0523 1156 volsnap - ok
05:40:52.0554 1156 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
05:40:52.0570 1156 vsmraid - ok
05:40:52.0632 1156 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
05:40:52.0679 1156 VSS - ok
05:40:52.0695 1156 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
05:40:52.0726 1156 vwifibus - ok
05:40:52.0788 1156 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
05:40:52.0820 1156 vwififlt - ok
05:40:52.0835 1156 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
05:40:52.0866 1156 vwifimp - ok
05:40:52.0913 1156 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
05:40:52.0960 1156 W32Time - ok
05:40:52.0991 1156 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
05:40:53.0007 1156 WacomPen - ok
05:40:53.0069 1156 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
05:40:53.0116 1156 WANARP - ok
05:40:53.0116 1156 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
05:40:53.0147 1156 Wanarpv6 - ok
05:40:53.0210 1156 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
05:40:53.0256 1156 WatAdminSvc - ok
05:40:53.0303 1156 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
05:40:53.0350 1156 wbengine - ok
05:40:53.0397 1156 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
05:40:53.0428 1156 WbioSrvc - ok
05:40:53.0475 1156 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
05:40:53.0506 1156 wcncsvc - ok
05:40:53.0522 1156 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
05:40:53.0537 1156 WcsPlugInService - ok
05:40:53.0584 1156 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
05:40:53.0615 1156 Wd - ok
05:40:53.0662 1156 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
05:40:53.0709 1156 Wdf01000 - ok
05:40:53.0740 1156 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
05:40:53.0787 1156 WdiServiceHost - ok
05:40:53.0787 1156 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
05:40:53.0818 1156 WdiSystemHost - ok
05:40:53.0865 1156 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
05:40:53.0896 1156 WebClient - ok
05:40:53.0912 1156 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
05:40:53.0958 1156 Wecsvc - ok
05:40:53.0974 1156 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
05:40:54.0005 1156 wercplsupport - ok
05:40:54.0052 1156 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
05:40:54.0099 1156 WerSvc - ok
05:40:54.0146 1156 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
05:40:54.0177 1156 WfpLwf - ok
05:40:54.0192 1156 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
05:40:54.0208 1156 WIMMount - ok
05:40:54.0286 1156 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
05:40:54.0317 1156 WinDefend - ok
05:40:54.0333 1156 WinHttpAutoProxySvc - ok
05:40:54.0426 1156 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
05:40:54.0473 1156 Winmgmt - ok
05:40:54.0536 1156 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
05:40:54.0598 1156 WinRM - ok
05:40:54.0676 1156 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
05:40:54.0723 1156 Wlansvc - ok
05:40:54.0770 1156 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
05:40:54.0801 1156 WmiAcpi - ok
05:40:54.0848 1156 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
05:40:54.0879 1156 wmiApSrv - ok
05:40:54.0988 1156 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
05:40:55.0035 1156 WMPNetworkSvc - ok
05:40:55.0082 1156 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
05:40:55.0113 1156 WPCSvc - ok
05:40:55.0144 1156 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
05:40:55.0191 1156 WPDBusEnum - ok
05:40:55.0238 1156 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
05:40:55.0269 1156 ws2ifsl - ok
05:40:55.0300 1156 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
05:40:55.0331 1156 wscsvc - ok
05:40:55.0362 1156 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
05:40:55.0378 1156 WSDPrintDevice - ok
05:40:55.0409 1156 [ 7DC0270CFD4A05B4112E3EBBF083B595 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
05:40:55.0425 1156 WSDScan - ok
05:40:55.0425 1156 WSearch - ok
05:40:55.0550 1156 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
05:40:55.0612 1156 wuauserv - ok
05:40:55.0659 1156 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
05:40:55.0690 1156 WudfPf - ok
05:40:55.0721 1156 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
05:40:55.0737 1156 WUDFRd - ok
05:40:55.0768 1156 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
05:40:55.0799 1156 wudfsvc - ok
05:40:55.0830 1156 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
05:40:55.0846 1156 WwanSvc - ok
05:40:55.0908 1156 ================ Scan global ===============================
05:40:55.0955 1156 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
05:40:55.0986 1156 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
05:40:56.0002 1156 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
05:40:56.0049 1156 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
05:40:56.0111 1156 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
05:40:56.0127 1156 [Global] - ok
05:40:56.0127 1156 ================ Scan MBR ==================================
05:40:56.0142 1156 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
05:40:56.0361 1156 \Device\Harddisk0\DR0 - ok
05:40:56.0376 1156 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR5
05:40:56.0376 1156 \Device\Harddisk1\DR5 - ok
05:40:56.0376 1156 ================ Scan VBR ==================================
05:40:56.0392 1156 [ 3B77E1D9BEFA253567723E11E014A452 ] \Device\Harddisk0\DR0\Partition1
05:40:56.0392 1156 \Device\Harddisk0\DR0\Partition1 - ok
05:40:56.0408 1156 [ 383FCC6A9DA80896D69343A34173D31A ] \Device\Harddisk1\DR5\Partition1
05:40:56.0408 1156 \Device\Harddisk1\DR5\Partition1 - ok
05:40:56.0408 1156 ============================================================
05:40:56.0408 1156 Scan finished
05:40:56.0408 1156 ============================================================
05:40:56.0470 3080 Detected object count: 3
05:40:56.0470 3080 Actual detected object count: 3
05:41:23.0037 3080 RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:23.0037 3080 RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:23.0037 3080 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
05:41:23.0037 3080 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:41:23.0053 3080 sptd ( LockedFile.Multi.Generic ) - skipped by user
05:41:23.0053 3080 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Joshen74
Active Member
 
Posts: 13
Joined: June 14th, 2013, 7:09 am

Re: Malware - Trojan Horse Win32:Sirefef found in system

Unread postby Cypher » June 18th, 2013, 10:41 am

Hi Joshen,
Nothing of real concern in your logs, just a few things that need to be cleaned up.
Do the following then let me know how the computer is running.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Java(TM) 6 Update 39

Next.

Download and install Java 7 Update 21 from Here

Next.

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the words Code: Select all

    Code: Select all
    :commands
    [createrestorepoint]
    
    :otl
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q= {searchTerms}&src={referrer:source?}
    IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=euQ92N0O ... RLsToWw?q= {searchTerms}
    [2013-04-11 21:28:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlus ... 1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{82e4a43f-9680-11e1-9d53-00238bec4beb}\Shell - "" = AutoRun
    O33 - MountPoints2\{82e4a43f-9680-11e1-9d53-00238bec4beb}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{82e4a44f-9680-11e1-9d53-00238bec4beb}\Shell - "" = AutoRun
    O33 - MountPoints2\{82e4a44f-9680-11e1-9d53-00238bec4beb}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{8cf87d67-b173-11de-971b-00238bec4beb}\Shell - "" = AutoRun
    O33 - MountPoints2\{8cf87d67-b173-11de-971b-00238bec4beb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007-10-23 09:45:39 | 001,336,632 | R--- | M] ()
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2007-10-23 09:45:39 | 001,336,632 | R--- | M] ()
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
     
        

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 112 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware