-------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎27‎-‎2013 16:37:00 ************************************************************ 2013-08-27T14:37:00.421Z Trace session started - MpWppTracing-08272013-163700-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 2 Number of invalid entries is 0 Number of inserts issued is 2 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 0 Number of lookups is 6 Number of lookup misses is 0 Number of fast lookup misses is 4 Number of false fast lookups is 0 Number of invalidations is 0 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-27T14:37:02.796Z Verifying RTP plugin... 2013-08-27T14:37:02.812Z verified! 2013-08-27T14:37:03.937Z Loading engine... 2013-08-27T14:37:03.953Z CSignatureStatus: changed to DUE_REPORTED 2013-08-27T14:37:03.953Z loaded! 2013-08-27T14:37:03.953Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-27T14:37:03.953Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-27T14:37:04.000Z Verifying license file... 2013-08-27T14:37:04.000Z verified! 2013-08-27T14:37:04.000Z Product supports installmode: 0 2013-08-27T14:37:04.078Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 0.0.0.0 AS Signature Version: 0.0.0.0 AV Signature Version: 0.0.0.0 ************************************************************ 2013-08-27T14:37:14.484Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-27T14:38:10.328Z Calling MpUpdateStart with update options = 257 2013-08-27T14:38:10.531Z Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched 2013-08-27T14:44:17.953Z Verifying engine and signature files (source: 0) ... 2013-08-27T14:44:18.687Z verified! 2013-08-27T14:45:05.578Z Initializing SQM in engine... 2013-08-27T14:45:05.625Z SQM initialized in the engine successfully 2013-08-27T14:45:08.765Z CSignatureStatus: back to good 2013-08-27T14:45:09.000Z Initializing RTP plugin state... 2013-08-27T14:45:09.234Z initialized! ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:0 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:610 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:35089 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* Signature updated on ‎08‎-‎27‎-‎2013 16:45:09 Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.513.0 AV Signature Version: 1.157.513.0 ************************************************************ 2013-08-27T14:45:12.265Z Process scan (postsignatureupdatescan) started. 2013-08-27T14:45:13.562Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) Signature updated via MMPC on ‎08‎-‎27‎-‎2013 16:45:13 ************************************************************ 2013-08-27T14:45:15.625Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-27T14:45:17.718Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-27T14:45:19.765Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-27T14:45:21.812Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-27T14:45:23.843Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-27T14:45:27.171Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-27T14:45:29.875Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-27T14:46:23.125Z Verifying engine and signature files (source: 0) ... 2013-08-27T14:46:40.921Z verified! 2013-08-27T14:47:05.703Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-27T14:47:05.796Z Product supports installmode: 0 2013-08-27T14:47:10.203Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎27‎-‎2013 18:02:30 ************************************************************ 2013-08-27T16:02:30.984Z Trace session started - MpWppTracing-08272013-180230-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 67 Number of invalid entries is 0 Number of inserts issued is 70 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 0 Number of lookups is 1416 Number of lookup misses is 10 Number of fast lookup misses is 1395 Number of false fast lookups is 10 Number of invalidations is 3 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-27T16:02:31.390Z Verifying RTP plugin... 2013-08-27T16:02:31.390Z verified! 2013-08-27T16:02:31.390Z Loading engine... 2013-08-27T16:02:31.921Z Verifying engine and signature files (source: 1) ... 2013-08-27T16:02:35.671Z verified! 2013-08-27T16:02:38.109Z Initializing SQM in engine... 2013-08-27T16:02:38.109Z SQM initialized in the engine successfully 2013-08-27T16:02:38.359Z CSignatureStatus: back to good 2013-08-27T16:02:38.359Z Initializing RTP plugin state... 2013-08-27T16:02:38.375Z initialized! 2013-08-27T16:02:38.375Z loaded! ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:2,2,0 SetEngine:1,1,0 SetState:1,1,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:879 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:2424 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-27T16:02:38.390Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-27T16:02:38.390Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-27T16:02:38.453Z Verifying license file... 2013-08-27T16:02:38.453Z verified! 2013-08-27T16:02:38.453Z Product supports installmode: 0 2013-08-27T16:02:38.453Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.524.0 AV Signature Version: 1.157.524.0 ************************************************************ 2013-08-27T16:03:01.906Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-27T16:03:31.484Z Process scan (poststartupscan) started. 2013-08-27T16:04:22.093Z Process scan (poststartupscan) completed. BEGIN BM detection GUID:{AC6BB8D8-3928-32AA-B32718A3D15E175F} DetectionName:Informational:Behavior/ModifiedKernel SignatureID:717259538435 ProcessID:0 SessionID:0 CreationTime:‎08‎-‎27‎-‎2013 18:06:44 TargetFileName:spxc.sys END BM detection 2013-08-27T16:06:45.125Z DETECTIONEVENT Informational:Behavior/ModifiedKernel process:0; 2013-08-27T16:09:38.515Z Task(SpyNetService -RestrictPrivileges -AccessKey 5087B9C2-3835-4927-9DD6-7D52703B3F0B) launched 2013-08-27T16:12:38.453Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-27T16:12:38.453Z Product supports installmode: 0 2013-08-27T16:12:39.812Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-27T16:12:39.812Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 27683237(ms) 2013-08-27T16:12:42.375Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎27‎-‎2013 19:11:22 ************************************************************ 2013-08-27T17:11:22.859Z Trace session started - MpWppTracing-08272013-191122-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 117 Number of invalid entries is 0 Number of inserts issued is 122 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 0 Number of lookups is 9700 Number of lookup misses is 14 Number of fast lookup misses is 9500 Number of false fast lookups is 14 Number of invalidations is 5 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-27T17:11:22.968Z Verifying RTP plugin... 2013-08-27T17:11:22.968Z verified! 2013-08-27T17:11:23.015Z Loading engine... 2013-08-27T17:11:23.109Z Verifying engine and signature files (source: 1) ... 2013-08-27T17:11:23.109Z verified! 2013-08-27T17:11:25.359Z Initializing SQM in engine... 2013-08-27T17:11:25.359Z SQM initialized in the engine successfully 2013-08-27T17:11:25.453Z CSignatureStatus: back to good 2013-08-27T17:11:25.453Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:977 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:2518 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-27T17:11:25.453Z initialized! 2013-08-27T17:11:25.453Z loaded! 2013-08-27T17:11:25.468Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-27T17:11:25.468Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-27T17:11:25.515Z Verifying license file... 2013-08-27T17:11:25.515Z verified! 2013-08-27T17:11:25.515Z Product supports installmode: 0 2013-08-27T17:11:25.515Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.524.0 AV Signature Version: 1.157.524.0 ************************************************************ 2013-08-27T17:11:42.125Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-27T17:12:23.000Z Process scan (poststartupscan) started. 2013-08-27T17:12:48.531Z Process scan (poststartupscan) completed. 2013-08-27T17:13:16.453Z Task(SpyNetService -RestrictPrivileges -AccessKey 6E54AB3F-2137-B641-2274-88CAC4E0E91E) launched Begin Resource Scan Scan ID:{82548F57-834A-4841-ACE4-F49F9D09A385} Scan Source:7 Start Time:‎08‎-‎27‎-‎2013 19:13:14 End Time:‎08‎-‎27‎-‎2013 19:13:18 Explicit resource to scan Resource Schema:queryfilertsig Resource Path:C:\Documents and Settings\Tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Result Count:1 Unknown File Identifier:8293879603626246142 Number of Resources:1 Resource Schema:queryfilertsig Resource Path:C:\Documents and Settings\Tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:5864610348945 End Scan ************************************************************ DSS Timeout:Received results after timeout 2013-08-27T17:13:18.953Z Task(SubmitSamples -Auto) launched as network service 2013-08-27T17:18:25.625Z Task(SpyNetService -RestrictPrivileges -AccessKey 24AB854C-EF25-A14F-71C1-03E921EC4184) launched 2013-08-27T17:21:25.562Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-27T17:21:25.562Z Product supports installmode: 0 2013-08-27T17:21:26.437Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-27T17:21:26.437Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 22640129(ms) 2013-08-27T17:21:29.734Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎27‎-‎2013 19:35:36 ************************************************************ 2013-08-27T17:35:36.265Z Trace session started - MpWppTracing-08272013-193536-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 153 Number of invalid entries is 0 Number of inserts issued is 158 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 0 Number of lookups is 24271 Number of lookup misses is 14 Number of fast lookup misses is 23865 Number of false fast lookups is 14 Number of invalidations is 5 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-27T17:35:36.390Z Verifying RTP plugin... 2013-08-27T17:35:36.390Z verified! 2013-08-27T17:35:36.406Z Loading engine... 2013-08-27T17:35:36.531Z Verifying engine and signature files (source: 1) ... 2013-08-27T17:35:36.531Z verified! 2013-08-27T17:35:38.671Z Initializing SQM in engine... 2013-08-27T17:35:38.671Z SQM initialized in the engine successfully 2013-08-27T17:35:38.765Z CSignatureStatus: back to good 2013-08-27T17:35:38.765Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:984 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:2528 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-27T17:35:38.765Z initialized! 2013-08-27T17:35:38.765Z loaded! 2013-08-27T17:35:38.796Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-27T17:35:38.796Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-27T17:35:38.828Z Verifying license file... 2013-08-27T17:35:38.828Z verified! 2013-08-27T17:35:38.828Z Product supports installmode: 0 2013-08-27T17:35:38.828Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.524.0 AV Signature Version: 1.157.524.0 ************************************************************ 2013-08-27T17:36:00.437Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-27T17:36:36.421Z Process scan (poststartupscan) started. 2013-08-27T17:37:23.375Z Process scan (poststartupscan) completed. BEGIN BM detection GUID:{BA4C510C-DCD4-A90B-F7C91CF50E8674DD} DetectionName:Informational:Behavior/ModifiedKernel SignatureID:717259538435 ProcessID:0 SessionID:0 CreationTime:‎08‎-‎27‎-‎2013 19:39:47 TargetFileName:spgt.sys END BM detection 2013-08-27T17:39:48.218Z DETECTIONEVENT Informational:Behavior/ModifiedKernel process:0; 2013-08-27T17:42:38.859Z Task(SpyNetService -RestrictPrivileges -AccessKey 84BF664D-19E7-C080-C1C0-26301B1153BB) launched 2013-08-27T17:45:38.843Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-27T17:45:38.843Z Product supports installmode: 0 2013-08-27T17:45:39.656Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-27T17:45:39.656Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 22379967(ms) 2013-08-27T17:45:42.453Z Detection State: Finished(1) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎27‎-‎2013 19:50:48 ************************************************************ 2013-08-27T17:50:49.046Z Trace session started - MpWppTracing-08272013-195048-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 155 Number of invalid entries is 0 Number of inserts issued is 160 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 0 Number of lookups is 27556 Number of lookup misses is 14 Number of fast lookup misses is 27035 Number of false fast lookups is 14 Number of invalidations is 5 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-27T17:50:49.609Z Verifying RTP plugin... 2013-08-27T17:50:49.609Z verified! 2013-08-27T17:50:49.625Z Loading engine... 2013-08-27T17:50:49.703Z Verifying engine and signature files (source: 1) ... 2013-08-27T17:50:49.703Z verified! 2013-08-27T17:50:51.578Z Initializing SQM in engine... 2013-08-27T17:50:51.578Z SQM initialized in the engine successfully 2013-08-27T17:50:51.843Z CSignatureStatus: back to good 2013-08-27T17:50:51.859Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:1050 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:2676 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-27T17:50:52.390Z initialized! 2013-08-27T17:50:52.390Z loaded! 2013-08-27T17:50:52.421Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-27T17:50:52.421Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-27T17:50:52.546Z Verifying license file... 2013-08-27T17:50:52.546Z verified! 2013-08-27T17:50:52.546Z Product supports installmode: 0 2013-08-27T17:50:53.000Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.524.0 AV Signature Version: 1.157.524.0 ************************************************************ 2013-08-27T17:51:13.078Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-27T17:51:49.640Z Process scan (poststartupscan) started. 2013-08-27T17:52:25.984Z Process scan (poststartupscan) completed. BEGIN BM detection GUID:{64B88E3D-1C33-55A3-B319AA49026EBCB8} DetectionName:Informational:Behavior/ModifiedKernel SignatureID:717259538435 ProcessID:0 SessionID:0 CreationTime:‎08‎-‎27‎-‎2013 19:52:48 TargetFileName:spkl.sys END BM detection 2013-08-27T17:52:49.328Z DETECTIONEVENT Informational:Behavior/ModifiedKernel process:0; 2013-08-27T17:57:53.906Z Task(SpyNetService -RestrictPrivileges -AccessKey 75ACD8AF-9396-3BFA-6C58-A07141D0A057) launched 2013-08-27T18:00:53.046Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-27T18:00:53.140Z Product supports installmode: 0 2013-08-27T18:01:01.171Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-27T18:01:01.171Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 19813697(ms) 2013-08-27T18:01:21.156Z Detection State: Finished(1) Failed(0) CriticalFailed(0) Additional Actions(0) 2013-08-27T18:01:21.671Z Trace buffers written: 7, events lost: 0, buffers lost: 0, days: 0 2013-08-27T18:01:27.609Z Task(SpyNetService -RestrictPrivileges -AccessKey 104C4DC8-79F0-8E4A-D089-9CA77BCEED08) launched 2013-08-27T18:01:27.625Z Task(-UploadSQM -RestrictPrivileges) launched 2013-08-27T18:21:31.984Z Task(SpyNetService -RestrictPrivileges -AccessKey BE96D411-F0DF-89ED-BC52-CB756D4DAE54) launched Begin Resource Scan Scan ID:{4BDA2889-AF50-487F-809B-069AABE65496} Scan Source:3 Start Time:‎08‎-‎27‎-‎2013 20:21:31 End Time:‎08‎-‎27‎-‎2013 20:21:34 Explicit resource to scan Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class Result Count:1 Threat Name:Exploit:Java/CVE-2012-1723 ID:2147659851 Severity:5 Number of Resources:6 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->ors.class Extended Info:18144314042687 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class Extended Info:37826441869236 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->e.class Extended Info:18146162270216 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->d.class Extended Info:18143822463423 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->axe.class Extended Info:18142774686394 Resource Schema:containerfile Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1 Extended Info:0 End Scan ************************************************************ 2013-08-27T18:21:35.062Z DETECTIONEVENT Exploit:Java/CVE-2012-1723 file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class; 2013-08-27T18:21:35.187Z DETECTION_ADD Exploit:Java/CVE-2012-1723 file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class Begin Resource Scan Scan ID:{DBA007C3-1564-4866-866D-E822BF4A4096} Scan Source:3 Start Time:‎08‎-‎27‎-‎2013 20:21:35 End Time:‎08‎-‎27‎-‎2013 20:21:36 Explicit resource to scan Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->K.class Result Count:2 Unknown File Identifier:8304353439723290622 Number of Resources:1 Resource Schema:queryfilertsig Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6 Extended Info:5863280433558 Threat Name:TrojanDownloader:Java/Toniper ID:2147678505 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->pet.class Extended Info:18143527918481 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->K.class Extended Info:37826427592945 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->gee.class Extended Info:18145303275964 Resource Schema:containerfile Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6 Extended Info:0 End Scan ************************************************************ 2013-08-27T18:21:36.078Z DETECTIONEVENT TrojanDownloader:Java/Toniper file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->K.class; 2013-08-27T18:21:36.093Z DETECTION_ADD TrojanDownloader:Java/Toniper file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->K.class Begin Resource Scan Scan ID:{5E0D96FB-C098-40D3-93B6-22BDB3966B28} Scan Source:7 Start Time:‎08‎-‎27‎-‎2013 20:21:35 End Time:‎08‎-‎27‎-‎2013 20:21:36 Explicit resource to scan Resource Schema:queryfilertsig Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->zin.class Result Count:1 Unknown File Identifier:8304353439723290622 Number of Resources:1 Resource Schema:queryfilertsig Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6 Extended Info:5863280433558 End Scan ************************************************************ 2013-08-27T18:21:36.921Z DETECTION_MERGE Exploit:Java/CVE-2012-1723 containerfile:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1 2013-08-27T18:21:36.921Z DETECTION_MERGE Exploit:Java/CVE-2012-1723 file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->axe.class 2013-08-27T18:21:36.921Z DETECTION_MERGE Exploit:Java/CVE-2012-1723 file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->d.class 2013-08-27T18:21:36.921Z DETECTION_MERGE Exploit:Java/CVE-2012-1723 file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->e.class 2013-08-27T18:21:36.921Z DETECTION_MERGE Exploit:Java/CVE-2012-1723 file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->ors.class 2013-08-27T18:21:36.921Z DETECTIONEVENT Exploit:Java/CVE-2012-1723 containerfile:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1;file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->axe.class;file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->d.class;file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->e.class;file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class;file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->ors.class; Begin Resource Scan Scan ID:{7DF23F2E-89FB-4676-9BD5-9F219058E95A} Scan Source:6 Start Time:‎08‎-‎27‎-‎2013 20:21:36 End Time:‎08‎-‎27‎-‎2013 20:21:36 Explicit resource to scan Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class Result Count:1 Threat Name:Exploit:Java/CVE-2012-1723 ID:2147659851 Severity:5 Number of Resources:6 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->ors.class Extended Info:18144314042687 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class Extended Info:37826441869236 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->e.class Extended Info:18146162270216 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->d.class Extended Info:18143822463423 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->axe.class Extended Info:18142774686394 Resource Schema:containerfile Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1 Extended Info:0 End Scan ************************************************************ DSS Timeout:Received results after timeout 2013-08-27T18:21:41.500Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-27T18:21:55.156Z DETECTION_MERGE TrojanDownloader:Java/Toniper containerfile:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6 2013-08-27T18:21:55.156Z DETECTION_MERGE TrojanDownloader:Java/Toniper file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->gee.class 2013-08-27T18:21:55.156Z DETECTION_MERGE TrojanDownloader:Java/Toniper file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->pet.class 2013-08-27T18:21:55.171Z DETECTIONEVENT TrojanDownloader:Java/Toniper containerfile:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6;file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->gee.class;file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->K.class;file:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->pet.class; Begin Resource Scan Scan ID:{05609372-B549-4D8A-A231-AED3C5DE4868} Scan Source:6 Start Time:‎08‎-‎27‎-‎2013 20:21:37 End Time:‎08‎-‎27‎-‎2013 20:21:55 Explicit resource to scan Resource Schema:containerfile Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1 Explicit resource to scan Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->axe.class Explicit resource to scan Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->d.class Explicit resource to scan Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->e.class Explicit resource to scan Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class Explicit resource to scan Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->ors.class Explicit resource to scan Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->K.class Result Count:4 Threat Name:Exploit:Java/CVE-2012-1723 ID:2147659851 Severity:5 Number of Resources:6 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->ors.class Extended Info:18144314042687 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class Extended Info:37826441869236 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->e.class Extended Info:18146162270216 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->d.class Extended Info:18143822463423 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->axe.class Extended Info:18142774686394 Resource Schema:containerfile Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1 Extended Info:0 Unknown File Identifier:8293879603626246142 Number of Resources:2 Resource Schema:queryfilertsig Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:5864610348945 Resource Schema:startup Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:0 Unknown File Identifier:8304353439723290622 Number of Resources:1 Resource Schema:queryfilertsig Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6 Extended Info:5863280433558 Threat Name:TrojanDownloader:Java/Toniper ID:2147678505 Severity:5 Number of Resources:4 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->pet.class Extended Info:18143527918481 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->K.class Extended Info:37826427592945 Resource Schema:file Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6->gee.class Extended Info:18145303275964 Resource Schema:containerfile Resource Path:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\47\250b0b6f-4efadba6 Extended Info:0 End Scan ************************************************************ Beginning threat actions Start time:‎08‎-‎27‎-‎2013 20:21:56 Threat Name:Exploit:Java/CVE-2012-1723 Threat ID:2147659851 Action:quarantine Threat Name:Unknown Threat ID:8293879603626246142 Action:unknown Threat Name:Unknown Threat ID:8304353439723290622 Action:unknown Threat Name:TrojanDownloader:Java/Toniper Threat ID:2147678505 Action:unknown Resource action complete:Quarantine Schema:file Path:\\?\C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->ors.class Threat ID:2147659851 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class Threat ID:2147659851 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->e.class Threat ID:2147659851 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->d.class Threat ID:2147659851 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:file Path:\\?\C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->axe.class Threat ID:2147659851 Resource refcount:1 Result:0 Resource action complete:Quarantine Schema:containerfile Path:\\?\C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1 Threat ID:2147659851 Resource refcount:1 Result:0 File to act on SHA1:AF84F8D853CF2FFD21486E6175D5E4C2D61192F9 File owner:TADEK333\Admin File cleaned/removed successfully File Name:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->ors.class Resource action complete:Removal Schema:file Path:\\?\C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->ors.class Threat ID:2147659851 Resource refcount:1 Result:0 File to act on SHA1:214FB0B75A4C25B1660CAFB435EE27467A10E989 File owner:TADEK333\Admin File cleaned/removed successfully File Name:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class Resource action complete:Removal Schema:file Path:\\?\C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->m.class Threat ID:2147659851 Resource refcount:1 Result:0 File to act on SHA1:D34199EB9B998EA3D914C3413C1E8F16B205CAB1 File owner:TADEK333\Admin File cleaned/removed successfully File Name:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->e.class Resource action complete:Removal Schema:file Path:\\?\C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->e.class Threat ID:2147659851 Resource refcount:1 Result:0 File to act on SHA1:CB367FA935359109D9BE65B3E8A771F225950F50 File owner:TADEK333\Admin File cleaned/removed successfully File Name:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->d.class Resource action complete:Removal Schema:file Path:\\?\C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->d.class Threat ID:2147659851 Resource refcount:1 Result:0 File to act on SHA1:5DEF83BFFC02471EB8A1003198940B64D4838DFF File owner:TADEK333\Admin File cleaned/removed successfully File Name:C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->axe.class Resource action complete:Removal Schema:file Path:\\?\C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\30\5623a45e-2f42e2d1->axe.class Threat ID:2147659851 Resource refcount:1 Result:0 Finished threat ID:2147678505 Threat result:0 Threat status flags:0 Finished threat ID:8304353439723290622 Threat result:0 Threat status flags:0 Finished threat ID:8293879603626246142 Threat result:0 Threat status flags:0 Finished threat ID:2147659851 Threat result:0 Threat status flags:0 Finished threat actions End time:‎08‎-‎27‎-‎2013 20:21:56 Result:0 -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎27‎-‎2013 21:16:03 ************************************************************ 2013-08-27T19:16:03.453Z Trace session started - MpWppTracing-08272013-211603-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 155 Number of invalid entries is 0 Number of inserts issued is 160 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 0 Number of lookups is 27556 Number of lookup misses is 14 Number of fast lookup misses is 27035 Number of false fast lookups is 14 Number of invalidations is 5 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-27T19:16:03.734Z Verifying RTP plugin... 2013-08-27T19:16:03.734Z verified! 2013-08-27T19:16:03.765Z Loading engine... 2013-08-27T19:16:03.796Z Verifying engine and signature files (source: 1) ... 2013-08-27T19:16:03.796Z verified! 2013-08-27T19:16:05.843Z Initializing SQM in engine... 2013-08-27T19:16:05.843Z SQM initialized in the engine successfully 2013-08-27T19:16:05.937Z CSignatureStatus: back to good 2013-08-27T19:16:05.937Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:1075 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:2708 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-27T19:16:05.937Z initialized! 2013-08-27T19:16:05.937Z loaded! 2013-08-27T19:16:05.953Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-27T19:16:05.953Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-27T19:16:05.984Z Verifying license file... 2013-08-27T19:16:05.984Z verified! 2013-08-27T19:16:05.984Z Product supports installmode: 0 2013-08-27T19:16:05.984Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.524.0 AV Signature Version: 1.157.524.0 ************************************************************ 2013-08-27T19:16:37.765Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-27T19:17:03.781Z Process scan (poststartupscan) started. 2013-08-27T19:17:37.093Z Process scan (poststartupscan) completed. BEGIN BM detection GUID:{F3CBCE89-3B75-EFDF-639587167BCEAE0F} DetectionName:Informational:Behavior/ModifiedKernel SignatureID:717259538435 ProcessID:0 SessionID:0 CreationTime:‎08‎-‎27‎-‎2013 21:19:24 TargetFileName:spav.sys END BM detection 2013-08-27T19:19:24.796Z DETECTIONEVENT Informational:Behavior/ModifiedKernel process:0; 2013-08-27T19:23:06.093Z Task(SpyNetService -RestrictPrivileges -AccessKey 972D1B3E-D4BA-FA3F-63FB-3F351C6FAD3D) launched 2013-08-27T19:26:06.078Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-27T19:26:06.078Z Product supports installmode: 0 2013-08-27T19:26:07.218Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-27T19:26:07.218Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 16803606(ms) 2013-08-27T19:26:18.156Z Detection State: Finished(4) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎28‎-‎2013 08:34:59 ************************************************************ 2013-08-28T06:34:59.875Z Trace session started - MpWppTracing-08282013-083459-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 189 Number of invalid entries is 0 Number of inserts issued is 205 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 2 Number of lookups is 36074 Number of lookup misses is 41 Number of fast lookup misses is 35204 Number of false fast lookups is 41 Number of invalidations is 16 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-28T06:35:01.406Z Verifying RTP plugin... 2013-08-28T06:35:01.406Z verified! 2013-08-28T06:35:01.406Z Loading engine... 2013-08-28T06:35:01.640Z Verifying engine and signature files (source: 1) ... 2013-08-28T06:35:04.046Z verified! 2013-08-28T06:36:08.031Z Initializing SQM in engine... 2013-08-28T06:36:08.031Z SQM initialized in the engine successfully 2013-08-28T06:36:08.328Z CSignatureStatus: back to good 2013-08-28T06:36:08.328Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:1031 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:3606 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-28T06:36:08.328Z initialized! 2013-08-28T06:36:08.328Z loaded! 2013-08-28T06:36:08.328Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-28T06:36:08.328Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-28T06:36:08.375Z Verifying license file... 2013-08-28T06:36:08.375Z verified! 2013-08-28T06:36:08.375Z Product supports installmode: 0 2013-08-28T06:36:08.375Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.540.0 AV Signature Version: 1.157.540.0 ************************************************************ 2013-08-28T06:36:08.406Z Process scan (poststartupscan) started. 2013-08-28T06:36:08.453Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-28T06:36:12.453Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-28T06:36:40.171Z Process scan (poststartupscan) completed. 2013-08-28T06:43:20.734Z Task(SpyNetService -RestrictPrivileges -AccessKey ED3014D2-DDC8-D5EA-461D-BB8FC5A5D20B) launched 2013-08-28T06:46:08.406Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-28T06:46:08.406Z Product supports installmode: 0 2013-08-28T06:46:09.046Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-28T06:46:09.046Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 62278513(ms) 2013-08-28T06:46:16.375Z Detection State: Finished(4) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎28‎-‎2013 09:24:18 ************************************************************ 2013-08-28T07:24:18.906Z Trace session started - MpWppTracing-08282013-092418-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 189 Number of invalid entries is 0 Number of inserts issued is 205 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 2 Number of lookups is 36074 Number of lookup misses is 41 Number of fast lookup misses is 35204 Number of false fast lookups is 41 Number of invalidations is 16 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-28T07:24:20.265Z Verifying RTP plugin... 2013-08-28T07:24:20.312Z verified! 2013-08-28T07:24:21.546Z Loading engine... 2013-08-28T07:24:22.125Z Verifying engine and signature files (source: 1) ... 2013-08-28T07:25:18.109Z verified! 2013-08-28T07:25:20.906Z Initializing SQM in engine... 2013-08-28T07:25:20.906Z SQM initialized in the engine successfully 2013-08-28T07:25:21.250Z CSignatureStatus: back to good 2013-08-28T07:25:21.250Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:4 TotalStreamCon:926 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:5765 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-28T07:25:21.250Z initialized! 2013-08-28T07:25:21.250Z loaded! 2013-08-28T07:25:21.265Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-28T07:25:21.265Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-28T07:25:21.312Z Verifying license file... 2013-08-28T07:25:21.312Z verified! 2013-08-28T07:25:21.312Z Product supports installmode: 0 2013-08-28T07:25:21.343Z Process scan (poststartupscan) started. 2013-08-28T07:25:21.359Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.585.0 AV Signature Version: 1.157.585.0 ************************************************************ 2013-08-28T07:25:21.390Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-28T07:25:25.593Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-28T07:26:13.000Z Process scan (poststartupscan) completed. 2013-08-28T07:32:21.562Z Task(SpyNetService -RestrictPrivileges -AccessKey 514214E1-55F5-DFDC-6990-ECA9E358699C) launched BEGIN BM detection GUID:{9A9E7D6A-6280-086F-736A7408A0813808} DetectionName:Informational:Behavior/ModifiedKernel SignatureID:717259538435 ProcessID:0 SessionID:0 CreationTime:‎08‎-‎28‎-‎2013 09:33:02 TargetFileName:spus.sys END BM detection 2013-08-28T07:33:03.156Z DETECTIONEVENT Informational:Behavior/ModifiedKernel process:0; 2013-08-28T07:35:21.359Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-28T07:35:21.359Z Product supports installmode: 0 2013-08-28T07:35:22.140Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-28T07:35:22.140Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 57466812(ms) 2013-08-28T07:35:30.421Z Detection State: Finished(4) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎28‎-‎2013 13:03:38 ************************************************************ 2013-08-28T11:03:38.359Z Trace session started - MpWppTracing-08282013-130338-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 313 Number of invalid entries is 0 Number of inserts issued is 339 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 2 Number of lookups is 122337 Number of lookup misses is 66 Number of fast lookup misses is 121078 Number of false fast lookups is 66 Number of invalidations is 26 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-28T11:03:39.531Z Verifying RTP plugin... 2013-08-28T11:03:39.531Z verified! 2013-08-28T11:03:39.546Z Loading engine... 2013-08-28T11:03:39.781Z Verifying engine and signature files (source: 1) ... 2013-08-28T11:03:39.796Z verified! 2013-08-28T11:03:46.484Z Initializing SQM in engine... 2013-08-28T11:03:46.484Z SQM initialized in the engine successfully 2013-08-28T11:03:48.203Z CSignatureStatus: back to good 2013-08-28T11:03:48.250Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:858 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:3204 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-28T11:03:48.250Z initialized! 2013-08-28T11:03:48.250Z loaded! 2013-08-28T11:03:48.296Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-28T11:03:48.296Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-28T11:03:48.390Z Verifying license file... 2013-08-28T11:03:48.390Z verified! 2013-08-28T11:03:48.390Z Product supports installmode: 0 2013-08-28T11:03:48.390Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.585.0 AV Signature Version: 1.157.585.0 ************************************************************ 2013-08-28T11:03:48.703Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-28T11:03:52.437Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-28T11:04:05.140Z Task(SpyNetService -RestrictPrivileges -AccessKey 48F5BDE0-351A-376B-685A-0C115FED500D) launched Begin Resource Scan Scan ID:{D176685E-72E1-421B-9EE7-989F5B5A95E3} Scan Source:7 Start Time:‎08‎-‎28‎-‎2013 13:04:02 End Time:‎08‎-‎28‎-‎2013 13:04:08 Explicit resource to scan Resource Schema:queryfilertsig Resource Path:C:\Documents and Settings\Tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Result Count:1 Unknown File Identifier:8293879603626246142 Number of Resources:1 Resource Schema:queryfilertsig Resource Path:C:\Documents and Settings\Tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:5864610348945 End Scan ************************************************************ DSS Timeout:Received results after timeout 2013-08-28T11:04:10.265Z Task(SubmitSamples -Auto) launched as network service 2013-08-28T11:04:39.562Z Process scan (poststartupscan) started. 2013-08-28T11:06:01.109Z Process scan (poststartupscan) completed. 2013-08-28T11:10:48.390Z Task(SpyNetService -RestrictPrivileges -AccessKey 9D87A0CD-5714-33C4-AD1B-F5A75FB6A1BD) launched 2013-08-28T11:13:48.421Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-28T11:13:48.421Z Product supports installmode: 0 2013-08-28T11:13:49.765Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-28T11:13:49.765Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 44296090(ms) 2013-08-28T11:14:13.140Z Detection State: Finished(4) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎28‎-‎2013 13:43:49 ************************************************************ 2013-08-28T11:43:49.531Z Trace session started - MpWppTracing-08282013-134349-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 1002 Number of invalid entries is 0 Number of inserts issued is 1042 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 2 Number of lookups is 178102 Number of lookup misses is 108 Number of fast lookup misses is 176226 Number of false fast lookups is 108 Number of invalidations is 40 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-28T11:43:49.671Z Verifying RTP plugin... 2013-08-28T11:43:49.671Z verified! 2013-08-28T11:43:49.687Z Loading engine... 2013-08-28T11:43:49.953Z Verifying engine and signature files (source: 1) ... 2013-08-28T11:43:49.953Z verified! 2013-08-28T11:43:55.015Z Initializing SQM in engine... 2013-08-28T11:43:55.015Z SQM initialized in the engine successfully 2013-08-28T11:43:55.281Z CSignatureStatus: back to good 2013-08-28T11:43:55.281Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:4 TotalStreamCon:860 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:3199 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-28T11:43:55.281Z initialized! 2013-08-28T11:43:55.281Z loaded! 2013-08-28T11:43:55.296Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-28T11:43:55.296Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-28T11:43:55.343Z Verifying license file... 2013-08-28T11:43:55.343Z verified! 2013-08-28T11:43:55.343Z Product supports installmode: 0 2013-08-28T11:43:55.343Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.585.0 AV Signature Version: 1.157.585.0 ************************************************************ 2013-08-28T11:43:55.390Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-28T11:44:08.187Z Task(SpyNetService -RestrictPrivileges -AccessKey FEF23FF0-9FC9-28E3-6F3F-F1707FC8330D) launched 2013-08-28T11:44:10.343Z DETECTIONEVENT Trojan:Win32/Bumat!rts file:C:\WINDOWS\system32\HTXDPJ\TQO.003; 2013-08-28T11:44:10.343Z DETECTION_ADD Trojan:Win32/Bumat!rts file:C:\WINDOWS\system32\HTXDPJ\TQO.003 Begin Resource Scan Scan ID:{69233FC0-06E8-4847-AF2C-B8F685CCD36E} Scan Source:1 Start Time:‎08‎-‎28‎-‎2013 13:43:57 End Time:‎08‎-‎28‎-‎2013 13:44:10 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\HTXDPJ\TQO.003 Result Count:2 Threat Name:Trojan:Win32/Bumat!rts ID:2147626069 Severity:4 Number of Resources:1 Resource Schema:file Resource Path:C:\WINDOWS\system32\HTXDPJ\TQO.003 Extended Info:24632751058474 Unknown File Identifier:8293879603626246142 Number of Resources:2 Resource Schema:queryfilertsig Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:5864610348945 Resource Schema:startup Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:0 End Scan ************************************************************ 2013-08-28T11:44:12.390Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) Begin Resource Scan Scan ID:{AC346452-BFE5-4C21-A932-5993A628A7A9} Scan Source:6 Start Time:‎08‎-‎28‎-‎2013 13:44:13 End Time:‎08‎-‎28‎-‎2013 13:44:13 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\HTXDPJ\TQO.003 Result Count:1 Threat Name:Trojan:Win32/Bumat!rts ID:2147626069 Severity:4 Number of Resources:1 Resource Schema:file Resource Path:C:\WINDOWS\system32\HTXDPJ\TQO.003 Extended Info:24632751058474 End Scan ************************************************************ 2013-08-28T11:44:15.375Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) Begin Resource Scan Scan ID:{63AB247B-F2A4-49D0-9319-A8C5F04B4408} Scan Source:7 Start Time:‎08‎-‎28‎-‎2013 13:44:10 End Time:‎08‎-‎28‎-‎2013 13:44:25 Explicit resource to scan Resource Schema:queryfilertsig Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Explicit resource to scan Resource Schema:startup Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Result Count:1 Unknown File Identifier:8293879603626246142 Number of Resources:2 Resource Schema:queryfilertsig Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:5864610348945 Resource Schema:startup Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:0 End Scan ************************************************************ DSS Timeout:Received results after timeout 2013-08-28T11:44:25.796Z Task(SubmitSamples -Auto) launched as network service Begin Resource Scan Scan ID:{0FAD738F-4A6B-41FF-8BA7-621ACC4D6DED} Scan Source:6 Start Time:‎08‎-‎28‎-‎2013 13:44:13 End Time:‎08‎-‎28‎-‎2013 13:44:26 Explicit resource to scan Resource Schema:file Resource Path:C:\WINDOWS\system32\HTXDPJ\TQO.003 Result Count:2 Threat Name:Trojan:Win32/Bumat!rts ID:2147626069 Severity:4 Number of Resources:1 Resource Schema:file Resource Path:C:\WINDOWS\system32\HTXDPJ\TQO.003 Extended Info:24632751058474 Unknown File Identifier:8293879603626246142 Number of Resources:2 Resource Schema:queryfilertsig Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:5864610348945 Resource Schema:startup Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:0 End Scan ************************************************************ Begin Resource Scan Scan ID:{24005BC2-C9E0-4E86-89C9-AB285E0D7BA1} Scan Source:7 Start Time:‎08‎-‎28‎-‎2013 13:44:41 End Time:‎08‎-‎28‎-‎2013 13:44:41 Explicit resource to scan Resource Schema:queryfilertsig Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Explicit resource to scan Resource Schema:startup Resource Path:c:\documents and settings\tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Result Count:1 Known File Number of Resources:1 Resource Schema:file Resource Path:C:\WINDOWS\system32\rundll32.exe Extended Info:35873319024677 End Scan ************************************************************ Beginning threat actions Start time:‎08‎-‎28‎-‎2013 13:44:35 Threat Name:Trojan:Win32/Bumat!rts Threat ID:2147626069 Action:remove Threat Name:Unknown Threat ID:8293879603626246142 Action:unknown File to act on SHA1:BB0FD1F23AE1F1D225B31FECE8AE4CCE9698F97F File owner:TADEK333\Admin File cleaned/removed successfully File Name:C:\WINDOWS\system32\HTXDPJ\TQO.003 Resource action complete:Removal Schema:file Path:\\?\C:\WINDOWS\system32\HTXDPJ\TQO.003 Threat ID:2147626069 Resource refcount:1 Result:0 Finished threat ID:8293879603626246142 Threat result:0 Threat status flags:0 Finished threat ID:2147626069 Threat result:0 Threat status flags:128 Finished threat actions End time:‎08‎-‎28‎-‎2013 13:44:35 Result:0 DSS Timeout:Received results after timeout 2013-08-28T11:44:46.500Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-28T11:44:49.703Z Process scan (poststartupscan) started. 2013-08-28T11:45:40.296Z Process scan (poststartupscan) completed. 2013-08-28T11:50:55.656Z Task(SpyNetService -RestrictPrivileges -AccessKey D0B768C2-85A2-2571-966B-262AA9CEF43E) launched 2013-08-28T11:52:44.234Z Task(SignaturesUpdateService -UnmanagedUpdate) launched 2013-08-28T11:53:55.500Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-28T11:53:57.484Z Product supports installmode: 0 2013-08-28T11:53:58.046Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-28T11:53:58.046Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 42828330(ms) 2013-08-28T11:54:31.890Z Detection State: Finished(6) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎28‎-‎2013 14:39:11 ************************************************************ 2013-08-28T12:39:11.828Z Trace session started - MpWppTracing-08282013-143911-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 3311 Number of invalid entries is 0 Number of inserts issued is 3367 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 4 Number of lookups is 246717 Number of lookup misses is 217 Number of fast lookup misses is 242905 Number of false fast lookups is 217 Number of invalidations is 56 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-28T12:39:12.000Z Verifying RTP plugin... 2013-08-28T12:39:12.000Z verified! 2013-08-28T12:39:12.031Z Loading engine... 2013-08-28T12:39:12.234Z Verifying engine and signature files (source: 1) ... 2013-08-28T12:39:14.468Z verified! 2013-08-28T12:39:18.750Z Initializing SQM in engine... 2013-08-28T12:39:18.750Z SQM initialized in the engine successfully 2013-08-28T12:39:19.250Z CSignatureStatus: back to good 2013-08-28T12:39:19.250Z Initializing RTP plugin state... 2013-08-28T12:39:19.250Z initialized! ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:4 TotalStreamCon:908 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:3896 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-28T12:39:19.250Z loaded! 2013-08-28T12:39:19.250Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-28T12:39:19.250Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-28T12:39:19.281Z Verifying license file... 2013-08-28T12:39:19.281Z verified! 2013-08-28T12:39:19.281Z Product supports installmode: 0 2013-08-28T12:39:19.281Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.596.0 AV Signature Version: 1.157.596.0 ************************************************************ 2013-08-28T12:39:19.312Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-28T12:39:26.062Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) BEGIN BM detection GUID:{F49FBE26-8FA8-25C9-0B10205B3D819BF3} DetectionName:Informational:Behavior/ModifiedKernel SignatureID:717259538435 ProcessID:0 SessionID:0 CreationTime:‎08‎-‎28‎-‎2013 14:39:59 TargetFileName:spkf.sys END BM detection 2013-08-28T12:40:00.671Z DETECTIONEVENT Informational:Behavior/ModifiedKernel process:0; 2013-08-28T12:40:12.062Z Process scan (poststartupscan) started. 2013-08-28T12:40:22.187Z Process scan (poststartupscan) completed. 2013-08-28T12:42:37.578Z Task(SpyNetService -RestrictPrivileges -AccessKey 0344F76D-DAD6-62BC-1922-7610EB517AFF) launched Begin Resource Scan Scan ID:{18BEFB64-2BD1-4335-A85C-C91BD53ABC78} Scan Source:7 Start Time:‎08‎-‎28‎-‎2013 14:42:35 End Time:‎08‎-‎28‎-‎2013 14:42:44 Explicit resource to scan Resource Schema:queryfilertsig Resource Path:C:\DOCUME~1\Tadek\MENUST~1\Programy\AUTOST~1\BPGIRH~1.LNK Result Count:1 Unknown File Identifier:8293879603626246142 Number of Resources:1 Resource Schema:queryfilertsig Resource Path:C:\Documents and Settings\Tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:5864610348945 End Scan ************************************************************ DSS Timeout:Received results after timeout 2013-08-28T12:42:47.000Z Task(SubmitSamples -Auto) launched as network service 2013-08-28T12:46:25.671Z Task(SpyNetService -RestrictPrivileges -AccessKey B0C85D2A-E1AD-AE81-C7FE-98F2687339B9) launched 2013-08-28T12:49:19.500Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-28T12:49:19.500Z Product supports installmode: 0 2013-08-28T12:49:22.906Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-28T12:49:22.906Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 40873472(ms) 2013-08-28T12:51:03.656Z Detection State: Finished(6) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎28‎-‎2013 17:39:44 ************************************************************ 2013-08-28T15:39:44.968Z Trace session started - MpWppTracing-08282013-173944-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 11578 Number of invalid entries is 0 Number of inserts issued is 12486 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 5 Number of lookups is 456338 Number of lookup misses is 10483 Number of fast lookup misses is 425579 Number of false fast lookups is 10483 Number of invalidations is 88 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-28T15:39:45.171Z Verifying RTP plugin... 2013-08-28T15:39:45.171Z verified! 2013-08-28T15:39:45.218Z Loading engine... 2013-08-28T15:39:45.484Z Verifying engine and signature files (source: 1) ... 2013-08-28T15:39:45.484Z verified! 2013-08-28T15:39:50.453Z Initializing SQM in engine... 2013-08-28T15:39:50.453Z SQM initialized in the engine successfully 2013-08-28T15:39:50.890Z CSignatureStatus: back to good 2013-08-28T15:39:50.890Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:4 TotalStreamCon:777 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:3358 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-28T15:39:50.890Z initialized! 2013-08-28T15:39:50.906Z loaded! 2013-08-28T15:39:50.906Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-28T15:39:50.906Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-28T15:39:50.937Z Verifying license file... 2013-08-28T15:39:50.937Z verified! 2013-08-28T15:39:50.937Z Product supports installmode: 0 2013-08-28T15:39:50.937Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.596.0 AV Signature Version: 1.157.596.0 ************************************************************ 2013-08-28T15:39:50.984Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-28T15:39:55.484Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-28T15:40:45.203Z Process scan (poststartupscan) started. 2013-08-28T15:40:49.609Z Process scan (poststartupscan) completed. BEGIN BM detection GUID:{8FE0EA63-11A1-D3EE-FF50C1B480156DA8} DetectionName:Informational:Behavior/ModifiedKernel SignatureID:717259538435 ProcessID:0 SessionID:0 CreationTime:‎08‎-‎28‎-‎2013 17:41:35 TargetFileName:spce.sys END BM detection 2013-08-28T15:41:36.515Z DETECTIONEVENT Informational:Behavior/ModifiedKernel process:0; 2013-08-28T15:46:51.031Z Task(SpyNetService -RestrictPrivileges -AccessKey 6A3334D0-227C-CF11-E984-B1DF389F41BB) launched 2013-08-28T15:49:50.953Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-28T15:49:50.968Z Product supports installmode: 0 2013-08-28T15:49:51.515Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-28T15:49:51.515Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 28005214(ms) 2013-08-28T15:50:10.796Z Detection State: Finished(6) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎28‎-‎2013 18:20:59 ************************************************************ 2013-08-28T16:20:59.421Z Trace session started - MpWppTracing-08282013-182059-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 11742 Number of invalid entries is 0 Number of inserts issued is 12907 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 5 Number of lookups is 462458 Number of lookup misses is 11213 Number of fast lookup misses is 429406 Number of false fast lookups is 11213 Number of invalidations is 94 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-28T16:20:59.687Z Verifying RTP plugin... 2013-08-28T16:20:59.687Z verified! 2013-08-28T16:20:59.734Z Loading engine... 2013-08-28T16:20:59.812Z Verifying engine and signature files (source: 1) ... 2013-08-28T16:20:59.812Z verified! 2013-08-28T16:21:01.843Z Initializing SQM in engine... 2013-08-28T16:21:01.843Z SQM initialized in the engine successfully 2013-08-28T16:21:02.453Z CSignatureStatus: back to good 2013-08-28T16:21:02.453Z Initializing RTP plugin state... 2013-08-28T16:21:02.453Z initialized! ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:4 TotalStreamCon:780 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:2816 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-28T16:21:02.468Z loaded! 2013-08-28T16:21:02.484Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-28T16:21:02.484Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-28T16:21:02.531Z Verifying license file... 2013-08-28T16:21:02.531Z verified! 2013-08-28T16:21:02.531Z Product supports installmode: 0 2013-08-28T16:21:02.531Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.596.0 AV Signature Version: 1.157.596.0 ************************************************************ 2013-08-28T16:21:02.781Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-28T16:21:06.984Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-28T16:21:59.703Z Process scan (poststartupscan) started. 2013-08-28T16:22:05.437Z Process scan (poststartupscan) completed. 2013-08-28T16:28:02.625Z Task(SpyNetService -RestrictPrivileges -AccessKey 7CCB127E-17FD-006F-CC7A-1C15EAC122EB) launched 2013-08-28T16:31:02.546Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-28T16:31:02.546Z Product supports installmode: 0 2013-08-28T16:31:03.328Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-28T16:31:03.328Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 25265891(ms) 2013-08-28T16:31:15.578Z Detection State: Finished(6) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎28‎-‎2013 19:13:33 ************************************************************ 2013-08-28T17:13:33.218Z Trace session started - MpWppTracing-08282013-191333-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 12800 Each Bucket has max capacity of -> 1 entries number of Entries is 11742 Number of invalid entries is 0 Number of inserts issued is 12907 Number of replaces issued is 0 Number of insert failures is 0 Number of inserts with duplicate entries is 5 Number of lookups is 462458 Number of lookup misses is 11213 Number of fast lookup misses is 429406 Number of false fast lookups is 11213 Number of invalidations is 94 Number of maintenance invalidations is 0 Current File Size is 319488 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-28T17:13:33.484Z Verifying RTP plugin... 2013-08-28T17:13:33.484Z verified! 2013-08-28T17:13:33.531Z Loading engine... 2013-08-28T17:13:33.625Z Verifying engine and signature files (source: 1) ... 2013-08-28T17:13:33.625Z verified! 2013-08-28T17:13:35.765Z Initializing SQM in engine... 2013-08-28T17:13:35.765Z SQM initialized in the engine successfully 2013-08-28T17:13:37.046Z CSignatureStatus: back to good 2013-08-28T17:13:37.046Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:4 TotalStreamCon:907 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:3025 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-28T17:13:37.062Z initialized! 2013-08-28T17:13:37.062Z loaded! 2013-08-28T17:13:37.078Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-28T17:13:37.078Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-28T17:13:37.125Z Verifying license file... 2013-08-28T17:13:37.125Z verified! 2013-08-28T17:13:37.125Z Product supports installmode: 0 2013-08-28T17:13:37.125Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.596.0 AV Signature Version: 1.157.596.0 ************************************************************ 2013-08-28T17:13:37.203Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-28T17:13:41.593Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-28T17:14:33.500Z Process scan (poststartupscan) started. 2013-08-28T17:14:36.781Z Process scan (poststartupscan) completed. 2013-08-28T17:20:18.546Z Task(SpyNetService -RestrictPrivileges -AccessKey 88958024-BF5A-93BD-FE75-6003706252E3) launched Begin Resource Scan Scan ID:{CF60C744-FE14-4E86-8586-7FB908BD37BD} Scan Source:7 Start Time:‎08‎-‎28‎-‎2013 19:20:18 End Time:‎08‎-‎28‎-‎2013 19:20:23 Explicit resource to scan Resource Schema:queryfilertsig Resource Path:C:\Documents and Settings\Tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Result Count:1 Unknown File Identifier:8293879603626246142 Number of Resources:1 Resource Schema:queryfilertsig Resource Path:C:\Documents and Settings\Tadek\Menu Start\Programy\Autostart\bpgirhcddrcbnihebso.lnk Extended Info:5864610348945 End Scan ************************************************************ DSS Timeout:Received results after timeout 2013-08-28T17:20:24.156Z Task(SubmitSamples -Auto) launched as network service 2013-08-28T17:23:37.140Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-28T17:23:37.140Z Product supports installmode: 0 2013-08-28T17:23:40.656Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-28T17:23:40.656Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 25080952(ms) 2013-08-28T17:24:27.093Z Detection State: Finished(6) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎28‎-‎2013 21:00:54 ************************************************************ 2013-08-28T19:00:54.875Z Trace session started - MpWppTracing-08282013-210054-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 20000 Each Bucket has max capacity of -> 1 entries number of Entries is 15941 Number of invalid entries is 0 Number of inserts issued is 46774 Number of replaces issued is 0 Number of insert failures is 2 Number of inserts with duplicate entries is 313 Number of lookups is 555866 Number of lookup misses is 24570 Number of fast lookup misses is 490752 Number of false fast lookups is 24570 Number of invalidations is 100 Number of maintenance invalidations is 0 Current File Size is 495616 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-28T19:00:55.031Z Verifying RTP plugin... 2013-08-28T19:00:55.031Z verified! 2013-08-28T19:00:55.078Z Loading engine... 2013-08-28T19:00:55.187Z Verifying engine and signature files (source: 1) ... 2013-08-28T19:00:55.187Z verified! 2013-08-28T19:00:57.296Z Initializing SQM in engine... 2013-08-28T19:00:57.296Z SQM initialized in the engine successfully 2013-08-28T19:00:57.953Z CSignatureStatus: back to good 2013-08-28T19:00:57.953Z Initializing RTP plugin state... 2013-08-28T19:00:57.953Z initialized! ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:2,2,0 SetEngine:1,1,0 SetState:1,1,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:1021 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:3144 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-28T19:00:57.953Z loaded! 2013-08-28T19:00:57.968Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-28T19:00:57.968Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-28T19:00:58.046Z Verifying license file... 2013-08-28T19:00:58.046Z verified! 2013-08-28T19:00:58.046Z Product supports installmode: 0 2013-08-28T19:00:58.062Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.596.0 AV Signature Version: 1.157.596.0 ************************************************************ 2013-08-28T19:00:58.171Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-28T19:01:02.625Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-28T19:01:55.046Z Process scan (poststartupscan) started. 2013-08-28T19:02:01.859Z Process scan (poststartupscan) completed. 2013-08-28T19:07:58.234Z Task(SpyNetService -RestrictPrivileges -AccessKey 12B48620-17A0-2288-93D5-DA4484B48F1F) launched 2013-08-28T19:10:58.093Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-28T19:10:58.109Z Product supports installmode: 0 2013-08-28T19:10:58.968Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-28T19:10:58.968Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 19026314(ms) 2013-08-28T19:11:38.828Z Detection State: Finished(2) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎29‎-‎2013 07:19:48 ************************************************************ 2013-08-29T05:19:49.140Z Trace session started - MpWppTracing-08292013-071948-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 20000 Each Bucket has max capacity of -> 1 entries number of Entries is 15941 Number of invalid entries is 0 Number of inserts issued is 46775 Number of replaces issued is 0 Number of insert failures is 2 Number of inserts with duplicate entries is 313 Number of lookups is 558452 Number of lookup misses is 24855 Number of fast lookup misses is 492011 Number of false fast lookups is 24855 Number of invalidations is 101 Number of maintenance invalidations is 0 Current File Size is 495616 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-29T05:19:51.640Z Verifying RTP plugin... 2013-08-29T05:19:51.640Z verified! 2013-08-29T05:19:51.640Z Loading engine... 2013-08-29T05:19:51.687Z Verifying engine and signature files (source: 1) ... 2013-08-29T05:19:51.687Z verified! 2013-08-29T05:20:00.515Z Initializing SQM in engine... 2013-08-29T05:20:00.515Z SQM initialized in the engine successfully 2013-08-29T05:20:00.953Z CSignatureStatus: back to good 2013-08-29T05:20:00.953Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:0 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:991 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:2711 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-29T05:20:00.953Z initialized! 2013-08-29T05:20:00.953Z loaded! 2013-08-29T05:20:00.984Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-29T05:20:00.984Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-29T05:20:01.031Z Verifying license file... 2013-08-29T05:20:01.031Z verified! 2013-08-29T05:20:01.031Z Product supports installmode: 0 2013-08-29T05:20:01.031Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.596.0 AV Signature Version: 1.157.596.0 ************************************************************ 2013-08-29T05:20:16.078Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-29T05:20:51.625Z Process scan (poststartupscan) started. 2013-08-29T05:20:52.484Z Process scan (poststartupscan) completed. 2013-08-29T05:27:01.140Z Task(SpyNetService -RestrictPrivileges -AccessKey 63DD7B06-63CC-BEDC-CB68-8972E5A4AD78) launched 2013-08-29T05:30:01.062Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-29T05:30:01.062Z Product supports installmode: 0 2013-08-29T05:30:02.046Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-29T05:30:02.046Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 68007293(ms) 2013-08-29T05:30:17.734Z Detection State: Finished(2) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎29‎-‎2013 10:58:55 ************************************************************ 2013-08-29T08:58:55.312Z Trace session started - MpWppTracing-08292013-105855-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 20000 Each Bucket has max capacity of -> 1 entries number of Entries is 15943 Number of invalid entries is 0 Number of inserts issued is 46797 Number of replaces issued is 0 Number of insert failures is 2 Number of inserts with duplicate entries is 460 Number of lookups is 594262 Number of lookup misses is 28481 Number of fast lookup misses is 510506 Number of false fast lookups is 28481 Number of invalidations is 121 Number of maintenance invalidations is 0 Current File Size is 495616 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-29T08:58:56.015Z Verifying RTP plugin... 2013-08-29T08:58:56.015Z verified! 2013-08-29T08:58:56.031Z Loading engine... 2013-08-29T08:58:56.390Z Verifying engine and signature files (source: 1) ... 2013-08-29T08:59:30.109Z verified! 2013-08-29T08:59:39.140Z Initializing SQM in engine... 2013-08-29T08:59:39.140Z SQM initialized in the engine successfully 2013-08-29T08:59:39.812Z CSignatureStatus: back to good 2013-08-29T08:59:39.812Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:(null) First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:936 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:14760 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-29T08:59:39.812Z initialized! 2013-08-29T08:59:39.812Z loaded! 2013-08-29T08:59:39.828Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-29T08:59:39.828Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-29T08:59:39.890Z Verifying license file... 2013-08-29T08:59:39.890Z verified! 2013-08-29T08:59:39.890Z Product supports installmode: 0 2013-08-29T08:59:39.890Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.683.0 AV Signature Version: 1.157.683.0 ************************************************************ 2013-08-29T08:59:39.921Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-29T08:59:44.375Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-29T08:59:56.078Z Process scan (poststartupscan) started. 2013-08-29T08:59:58.828Z Process scan (poststartupscan) completed. 2013-08-29T09:06:40.078Z Task(SpyNetService -RestrictPrivileges -AccessKey E5E13B93-1736-2E9F-E63C-7B7915A50F41) launched 2013-08-29T09:09:39.968Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-29T09:09:39.968Z Product supports installmode: 0 2013-08-29T09:09:41.500Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-29T09:09:41.500Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 52374369(ms) 2013-08-29T09:10:39.906Z Detection State: Finished(2) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎29‎-‎2013 15:11:19 ************************************************************ 2013-08-29T13:11:19.734Z Trace session started - MpWppTracing-08292013-151119-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 20000 Each Bucket has max capacity of -> 1 entries number of Entries is 15943 Number of invalid entries is 0 Number of inserts issued is 46797 Number of replaces issued is 0 Number of insert failures is 2 Number of inserts with duplicate entries is 460 Number of lookups is 594262 Number of lookup misses is 28481 Number of fast lookup misses is 510506 Number of false fast lookups is 28481 Number of invalidations is 121 Number of maintenance invalidations is 0 Current File Size is 495616 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-29T13:11:22.406Z Verifying RTP plugin... 2013-08-29T13:11:22.406Z verified! 2013-08-29T13:11:22.453Z Loading engine... 2013-08-29T13:11:22.703Z Verifying engine and signature files (source: 1) ... 2013-08-29T13:11:22.703Z verified! 2013-08-29T13:11:36.781Z Initializing SQM in engine... 2013-08-29T13:11:36.781Z SQM initialized in the engine successfully 2013-08-29T13:11:39.781Z CSignatureStatus: back to good 2013-08-29T13:11:39.781Z Initializing RTP plugin state... 2013-08-29T13:11:39.781Z initialized! 2013-08-29T13:11:39.781Z loaded! ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:(null) First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:2,2,0 SetEngine:1,1,0 SetState:1,1,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:0 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:536 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:2714 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-29T13:11:39.796Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-29T13:11:39.796Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-29T13:11:39.859Z Verifying license file... 2013-08-29T13:11:39.859Z verified! 2013-08-29T13:11:39.859Z Product supports installmode: 0 2013-08-29T13:11:39.859Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.683.0 AV Signature Version: 1.157.683.0 ************************************************************ 2013-08-29T13:11:39.921Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-29T13:11:45.031Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-29T13:12:22.468Z Process scan (poststartupscan) started. 2013-08-29T13:12:23.171Z Process scan (poststartupscan) completed. 2013-08-29T13:17:46.359Z Task(SignaturesUpdateService -UnmanagedUpdate) launched 2013-08-29T13:18:40.015Z Task(SpyNetService -RestrictPrivileges -AccessKey 5C3FE84C-F2FD-BB69-79A6-5113B03DF8D0) launched 2013-08-29T13:21:39.968Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-29T13:21:39.968Z Product supports installmode: 0 2013-08-29T13:21:46.781Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-29T13:21:46.781Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 37583360(ms) 2013-08-29T13:22:37.078Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎29‎-‎2013 16:02:33 ************************************************************ 2013-08-29T14:02:33.843Z Trace session started - MpWppTracing-08292013-160233-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 20000 Each Bucket has max capacity of -> 1 entries number of Entries is 15943 Number of invalid entries is 0 Number of inserts issued is 46797 Number of replaces issued is 0 Number of insert failures is 2 Number of inserts with duplicate entries is 460 Number of lookups is 594262 Number of lookup misses is 28481 Number of fast lookup misses is 510506 Number of false fast lookups is 28481 Number of invalidations is 121 Number of maintenance invalidations is 0 Current File Size is 495616 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-29T14:02:34.156Z Verifying RTP plugin... 2013-08-29T14:02:34.156Z verified! 2013-08-29T14:02:34.156Z Loading engine... 2013-08-29T14:02:34.250Z Verifying engine and signature files (source: 1) ... 2013-08-29T14:02:43.218Z verified! 2013-08-29T14:03:26.812Z Initializing SQM in engine... 2013-08-29T14:03:26.812Z SQM initialized in the engine successfully 2013-08-29T14:03:30.234Z CSignatureStatus: back to good 2013-08-29T14:03:30.234Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:N/A First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:812 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:14100 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-29T14:03:30.234Z initialized! 2013-08-29T14:03:33.328Z loaded! 2013-08-29T14:03:33.437Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-29T14:03:33.437Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-29T14:03:34.234Z Verifying license file... 2013-08-29T14:03:34.250Z verified! 2013-08-29T14:03:34.250Z Product supports installmode: 0 2013-08-29T14:03:34.250Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.683.0 AV Signature Version: 1.157.683.0 ************************************************************ 2013-08-29T14:03:34.296Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-29T14:03:36.312Z Process scan (poststartupscan) started. 2013-08-29T14:03:43.468Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-29T14:03:48.578Z Process scan (poststartupscan) completed. 2013-08-29T14:07:35.093Z Task(SpyNetService -RestrictPrivileges -AccessKey D64876A8-40D7-8BDF-C13E-5DA3317D6705) launched 2013-08-29T14:13:34.359Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-29T14:13:34.359Z Product supports installmode: 0 2013-08-29T14:13:35.640Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-29T14:13:35.640Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 35744034(ms) 2013-08-29T14:13:51.484Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎29‎-‎2013 20:09:19 ************************************************************ 2013-08-29T18:09:19.234Z Trace session started - MpWppTracing-08292013-200919-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 20000 Each Bucket has max capacity of -> 1 entries number of Entries is 15943 Number of invalid entries is 0 Number of inserts issued is 46797 Number of replaces issued is 0 Number of insert failures is 2 Number of inserts with duplicate entries is 460 Number of lookups is 594262 Number of lookup misses is 28481 Number of fast lookup misses is 510506 Number of false fast lookups is 28481 Number of invalidations is 121 Number of maintenance invalidations is 0 Current File Size is 495616 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-29T18:09:19.531Z Verifying RTP plugin... 2013-08-29T18:09:19.531Z verified! 2013-08-29T18:09:19.546Z Loading engine... 2013-08-29T18:09:19.687Z Verifying engine and signature files (source: 1) ... 2013-08-29T18:09:19.687Z verified! 2013-08-29T18:10:25.328Z Initializing SQM in engine... 2013-08-29T18:10:25.328Z SQM initialized in the engine successfully 2013-08-29T18:10:28.515Z CSignatureStatus: back to good 2013-08-29T18:10:30.343Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:(null) First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:845 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:15386 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-29T18:10:30.359Z initialized! 2013-08-29T18:10:30.359Z loaded! 2013-08-29T18:10:30.468Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-29T18:10:30.468Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-29T18:10:33.171Z Verifying license file... 2013-08-29T18:10:33.171Z verified! 2013-08-29T18:10:33.171Z Product supports installmode: 0 2013-08-29T18:10:33.187Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.683.0 AV Signature Version: 1.157.683.0 ************************************************************ 2013-08-29T18:10:33.265Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-29T18:10:33.453Z Process scan (poststartupscan) started. 2013-08-29T18:10:47.140Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-29T18:11:24.890Z Process scan (poststartupscan) completed. 2013-08-29T18:17:30.625Z Task(SpyNetService -RestrictPrivileges -AccessKey E2985A97-EA56-7BFE-41A5-F2D8272F1178) launched 2013-08-29T18:20:33.234Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-29T18:20:33.234Z Product supports installmode: 0 2013-08-29T18:20:33.859Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-29T18:20:33.859Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 18947979(ms) 2013-08-29T18:21:07.171Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎29‎-‎2013 21:17:14 ************************************************************ 2013-08-29T19:17:15.031Z Trace session started - MpWppTracing-08292013-211714-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 20000 Each Bucket has max capacity of -> 1 entries number of Entries is 15943 Number of invalid entries is 0 Number of inserts issued is 46797 Number of replaces issued is 0 Number of insert failures is 2 Number of inserts with duplicate entries is 460 Number of lookups is 594262 Number of lookup misses is 28481 Number of fast lookup misses is 510506 Number of false fast lookups is 28481 Number of invalidations is 121 Number of maintenance invalidations is 0 Current File Size is 495616 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-29T19:17:15.234Z Verifying RTP plugin... 2013-08-29T19:17:15.234Z verified! 2013-08-29T19:17:15.250Z Loading engine... 2013-08-29T19:17:15.375Z Verifying engine and signature files (source: 1) ... 2013-08-29T19:17:15.375Z verified! 2013-08-29T19:17:53.250Z Initializing SQM in engine... 2013-08-29T19:17:53.250Z SQM initialized in the engine successfully 2013-08-29T19:17:53.734Z CSignatureStatus: back to good 2013-08-29T19:17:53.734Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:(null) First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:592 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:14121 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-29T19:17:53.734Z initialized! 2013-08-29T19:17:53.734Z loaded! 2013-08-29T19:17:53.734Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-29T19:17:53.734Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-29T19:17:53.765Z Verifying license file... 2013-08-29T19:17:53.765Z verified! 2013-08-29T19:17:53.765Z Product supports installmode: 0 2013-08-29T19:17:53.765Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.683.0 AV Signature Version: 1.157.683.0 ************************************************************ 2013-08-29T19:17:53.796Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-29T19:17:58.156Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-29T19:18:15.265Z Process scan (poststartupscan) started. 2013-08-29T19:18:16.218Z Process scan (poststartupscan) completed. 2013-08-29T19:24:53.984Z Task(SpyNetService -RestrictPrivileges -AccessKey 248EDC42-663C-0E2D-6FDB-A61E8C8628F0) launched 2013-08-29T19:27:53.796Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-29T19:27:53.796Z Product supports installmode: 0 2013-08-29T19:27:54.609Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-29T19:27:54.609Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 15272088(ms) 2013-08-29T19:28:13.515Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎29‎-‎2013 21:41:57 ************************************************************ 2013-08-29T19:41:57.421Z Trace session started - MpWppTracing-08292013-214157-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 20000 Each Bucket has max capacity of -> 1 entries number of Entries is 15943 Number of invalid entries is 0 Number of inserts issued is 46797 Number of replaces issued is 0 Number of insert failures is 2 Number of inserts with duplicate entries is 460 Number of lookups is 594262 Number of lookup misses is 28481 Number of fast lookup misses is 510506 Number of false fast lookups is 28481 Number of invalidations is 121 Number of maintenance invalidations is 0 Current File Size is 495616 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-29T19:41:57.703Z Verifying RTP plugin... 2013-08-29T19:41:57.703Z verified! 2013-08-29T19:41:57.703Z Loading engine... 2013-08-29T19:41:57.812Z Verifying engine and signature files (source: 1) ... 2013-08-29T19:41:57.812Z verified! 2013-08-29T19:42:34.781Z Initializing SQM in engine... 2013-08-29T19:42:34.781Z SQM initialized in the engine successfully 2013-08-29T19:42:35.671Z CSignatureStatus: back to good 2013-08-29T19:42:35.671Z Initializing RTP plugin state... 2013-08-29T19:42:35.671Z initialized! ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:(null) First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:2,2,0 SetEngine:1,1,0 SetState:1,1,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:569 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:14113 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-29T19:42:35.687Z loaded! 2013-08-29T19:42:35.703Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-29T19:42:35.703Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-29T19:42:35.796Z Verifying license file... 2013-08-29T19:42:35.796Z verified! 2013-08-29T19:42:35.796Z Product supports installmode: 0 2013-08-29T19:42:35.906Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.683.0 AV Signature Version: 1.157.683.0 ************************************************************ 2013-08-29T19:42:36.000Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-29T19:42:41.062Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-29T19:42:57.890Z Process scan (poststartupscan) started. 2013-08-29T19:43:03.406Z Process scan (poststartupscan) completed. 2013-08-29T19:49:35.937Z Task(SpyNetService -RestrictPrivileges -AccessKey D1AB73F2-77E7-321A-47D8-29EB7604DBC7) launched 2013-08-29T19:52:35.984Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-29T19:52:35.984Z Product supports installmode: 0 2013-08-29T19:52:36.609Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-29T19:52:36.609Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 13948544(ms) 2013-08-29T19:52:54.796Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎30‎-‎2013 08:03:00 ************************************************************ 2013-08-30T06:03:01.484Z Trace session started - MpWppTracing-08302013-080300-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 20000 Each Bucket has max capacity of -> 1 entries number of Entries is 15943 Number of invalid entries is 0 Number of inserts issued is 46798 Number of replaces issued is 0 Number of insert failures is 2 Number of inserts with duplicate entries is 460 Number of lookups is 596423 Number of lookup misses is 28754 Number of fast lookup misses is 511792 Number of false fast lookups is 28754 Number of invalidations is 122 Number of maintenance invalidations is 0 Current File Size is 495616 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-30T06:03:04.093Z Verifying RTP plugin... 2013-08-30T06:03:04.093Z verified! 2013-08-30T06:03:04.093Z Loading engine... 2013-08-30T06:03:04.156Z Verifying engine and signature files (source: 1) ... 2013-08-30T06:03:04.156Z verified! 2013-08-30T06:04:06.765Z Initializing SQM in engine... 2013-08-30T06:04:06.765Z SQM initialized in the engine successfully 2013-08-30T06:04:21.359Z CSignatureStatus: back to good 2013-08-30T06:04:34.359Z Initializing RTP plugin state... ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:(null) First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:1,1,0 SetEngine:1,1,0 SetState:0,0,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:0 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:1009 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:16396 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-30T06:04:34.546Z initialized! 2013-08-30T06:04:35.515Z loaded! 2013-08-30T06:04:35.734Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-30T06:04:35.734Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-30T06:04:37.125Z Process scan (poststartupscan) started. 2013-08-30T06:04:39.046Z Verifying license file... 2013-08-30T06:04:39.046Z verified! 2013-08-30T06:04:39.046Z Product supports installmode: 0 2013-08-30T06:04:41.078Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.683.0 AV Signature Version: 1.157.683.0 ************************************************************ 2013-08-30T06:04:51.421Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-30T06:05:08.890Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-30T06:05:20.031Z Process scan (poststartupscan) completed. 2013-08-30T06:11:36.812Z Task(SpyNetService -RestrictPrivileges -AccessKey D219EFC1-2054-1663-902C-824A341D2380) launched 2013-08-30T06:14:41.000Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-30T06:14:41.015Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 65148726(ms) 2013-08-30T06:14:41.218Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-30T06:14:41.234Z Product supports installmode: 0 2013-08-30T06:15:25.968Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0) -------------------------------------------------------------------------------- Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log Started On ‎08‎-‎30‎-‎2013 08:20:11 ************************************************************ 2013-08-30T06:20:11.593Z Trace session started - MpWppTracing-08302013-082011-00000003-ffffffff.bin**********Cache stats************ No. Of buckets -> 20000 Each Bucket has max capacity of -> 1 entries number of Entries is 15943 Number of invalid entries is 0 Number of inserts issued is 46798 Number of replaces issued is 0 Number of insert failures is 2 Number of inserts with duplicate entries is 460 Number of lookups is 596423 Number of lookup misses is 28754 Number of fast lookup misses is 511792 Number of false fast lookups is 28754 Number of invalidations is 122 Number of maintenance invalidations is 0 Current File Size is 495616 Journal ID = 1cea32f81b3c71a Trusted image state = 1 USN = 0 Setup boot count = 0 2013-08-30T06:20:11.890Z Verifying RTP plugin... 2013-08-30T06:20:11.890Z verified! 2013-08-30T06:20:11.906Z Loading engine... 2013-08-30T06:20:12.015Z Verifying engine and signature files (source: 1) ... 2013-08-30T06:20:12.015Z verified! 2013-08-30T06:20:51.156Z Initializing SQM in engine... 2013-08-30T06:20:51.156Z SQM initialized in the engine successfully 2013-08-30T06:20:52.296Z CSignatureStatus: back to good 2013-08-30T06:20:52.296Z Initializing RTP plugin state... 2013-08-30T06:20:52.312Z initialized! ****************************RTP Perf Log*************************** RTP Start:N/A Last Perf:(null) First RTP Scan:N/A Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2 Process Exclusions: Path Exclusions: Ext Exclusions: Worker Threads: AM:16 Async:4 Cache Flushes: RTP:0 System File Cache: Hits:0 Misses:0 BM Queue:0,0,0 Proc:0,0,0 File:0,0,0 Plugin Queue:0,0,0 Threat:0,0,0 Susp:0,0,0 Unknown:0,0,0 Error:0,0,0 Request Queue:2,2,0 SetEngine:1,1,0 SetState:1,1,0 SetUser:0,0,0 Config:0,0,0 ProcExcl:0,0,0 FilterReload:0,0,0 FilterUnload:0,0,0 MpFilter: Scans:0 Pending:0 RegSize:0 AsyncQNotif:0 AsyncQMissed:0 AsyncQTotalSent:286 AsyncQCurrent:0 BMFlags:0 ServiceMaj:0 ServiceMin:0 ProcBitmap:0 NumInstance:3 TotalStreamCon:586 TotalBitmap:86920 NTFS Cache Statistics: TotalMisses:14151 TotalHits:0 InstanceCacheHits:0 CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 REFS Cache Statistics (Type:GenericTable, Policy:WriteBack): TotalMisses:0 TotalHits:0 InstanceCacheInserts:0 InstanceCacheUpdates:0 InstanceCacheDeletes:0 InstanceCacheHits:0 InstanceCacheMisses:0 InstanceCacheOverflows:0 **************************END RTP Perf Log************************* 2013-08-30T06:20:52.328Z loaded! 2013-08-30T06:20:52.343Z NisUpdate from SignatureDropLocation returns S_OK 2013-08-30T06:20:52.343Z NisUpdate from SignatureDefaultLocation returns S_OK 2013-08-30T06:20:52.468Z Verifying license file... 2013-08-30T06:20:52.468Z verified! 2013-08-30T06:20:52.468Z Product supports installmode: 0 2013-08-30T06:20:52.640Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms) Product Version: 4.3.216.0 Service Version: 4.3.216.0 Engine Version: 1.1.9800.0 AS Signature Version: 1.157.683.0 AV Signature Version: 1.157.683.0 ************************************************************ 2013-08-30T06:20:52.718Z Error retrieving instance AntiSpywareProduct:0x80041002 2013-08-30T06:20:57.796Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1) 2013-08-30T06:21:11.921Z Process scan (poststartupscan) started. 2013-08-30T06:21:12.953Z Process scan (poststartupscan) completed. 2013-08-30T06:27:52.515Z Task(SpyNetService -RestrictPrivileges -AccessKey 4BFF6817-7481-3BD6-E69D-C8F689A5A8C2) launched 2013-08-30T06:30:52.765Z AutoPurgeWorker triggered with dwWork=0x3 2013-08-30T06:30:53.875Z Product supports installmode: 0 2013-08-30T06:30:54.156Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms) 2013-08-30T06:30:54.156Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 61391242(ms) 2013-08-30T06:31:44.578Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)