Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c:\Windows\svchost.exe (Trojan.Agent)


  • Please log in to reply
19 replies to this topic

#1 geminijd

geminijd

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 04 February 2012 - 10:31 PM

My pc has been randomly restarting itself for a couple of days now. The first time it happened it rebooted and attempted to repair itself but could not. It restarted and I was able to use my PC. After a couple of random reboots, I ram MBAM and was able to scan and remove something and thought everything was fine. However, it rebooted again and this time I had to reboot in safe mode and run another scan, remove whatever it found and log on again. I then ran MBAM again and it found c:\Windows\svchost.exe (Trojan.Agent). I remove it and it keeps reappearing, what is it and how can I get rid of it?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:37 PM

Posted 05 February 2012 - 01:42 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 geminijd

geminijd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 05 February 2012 - 04:53 AM

I'm sorry if this is a stupid question, but am I to download all 3? I am not able to use the GMER, my OS is windows 7 64bit, is there an alternate?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:37 PM

Posted 05 February 2012 - 06:46 AM

ignore gmer,download other tools and run the scan

#5 geminijd

geminijd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 05 February 2012 - 09:54 AM

Here are my TDSSKiller results

Please see correct log below:

Edited by geminijd, 05 February 2012 - 10:53 AM.


#6 geminijd

geminijd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 05 February 2012 - 10:39 AM

Here are my results for aswMBR:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-05 08:32:08
-----------------------------
08:32:08.435 OS Version: Windows x64 6.1.7601 Service Pack 1
08:32:08.435 Number of processors: 4 586 0x1E05
08:32:08.450 ComputerName: OWNER-PC UserName: Owner
08:32:14.035 Initialize success
08:32:19.698 AVAST engine defs: 12020502
08:33:07.652 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:33:07.652 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
08:33:07.652 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
08:33:07.668 Disk 1 Vendor: WDC_WD4000AAKS-00A7B0 01.03B01 Size: 381554MB BusType: 3
08:33:07.668 Device \Driver\atapi -> MajorFunction fffffa8004d375c4
08:33:07.668 Disk 0 MBR read successfully
08:33:07.668 Disk 0 MBR scan
08:33:07.684 Disk 0 MBR:Pihar-C [Rtk]
08:33:07.684 Disk 0 TDL4@MBR code has been found
08:33:07.684 Disk 0 Windows 7 default MBR code found via API
08:33:07.684 Disk 0 MBR hidden
08:33:07.699 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:33:07.715 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
08:33:07.715 Disk 0 MBR [TDL4] **ROOTKIT**
08:33:07.715 Disk 0 trace - called modules:
08:33:07.730 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004d375c4]<<
08:33:07.730 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800477c060]
08:33:07.746 3 CLASSPNP.SYS[fffff880019c743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800450d060]
08:33:07.746 \Driver\atapi[0xfffffa80046969e0] -> IRP_MJ_CREATE -> 0xfffffa8004d375c4
08:33:08.588 AVAST engine scan C:\Windows
08:33:11.490 AVAST engine scan C:\Windows\system32
08:38:33.174 AVAST engine scan C:\Windows\system32\drivers
08:38:56.261 AVAST engine scan C:\Users\Owner
09:33:57.075 AVAST engine scan C:\ProgramData
09:34:46.755 File: C:\ProgramData\Microsoft\Windows\DRM\5633.tmp.dat **INFECTED** Win32:MalOb-HP [Cryp]
09:34:47.289 File: C:\ProgramData\Microsoft\Windows\DRM\E7F6.tmp **INFECTED** Win32:MalOb-HP [Cryp]
09:35:24.035 Scan finished successfully
09:36:26.928 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
09:36:26.975 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:37 PM

Posted 05 February 2012 - 10:39 AM

This is not TDSSkiller log.This is DDS log.DDS logs are not allowed in this forum.

Delete the log and run TDSSkiller (follow my instructions ).Post the TDSSkiller log which can be found in your C drive.

Edited by narenxp, 05 February 2012 - 10:40 AM.


#8 geminijd

geminijd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 05 February 2012 - 10:50 AM

I'm so sorry I accidentally posted the wrong log. Can you please delete the incorrect log from my above post? I've tried to but am unable to do so. Here is the correct log:

:03:19.0454 7152 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
08:03:20.0912 7152 ============================================================
08:03:20.0912 7152 Current date / time: 2012/02/05 08:03:20.0912
08:03:20.0912 7152 SystemInfo:
08:03:20.0912 7152
08:03:20.0912 7152 OS Version: 6.1.7601 ServicePack: 1.0
08:03:20.0912 7152 Product type: Workstation
08:03:20.0912 7152 ComputerName: OWNER-PC
08:03:20.0912 7152 UserName: Owner
08:03:20.0912 7152 Windows directory: C:\Windows
08:03:20.0912 7152 System windows directory: C:\Windows
08:03:20.0912 7152 Running under WOW64
08:03:20.0912 7152 Processor architecture: Intel x64
08:03:20.0912 7152 Number of processors: 4
08:03:20.0912 7152 Page size: 0x1000
08:03:20.0912 7152 Boot type: Normal boot
08:03:20.0912 7152 ============================================================
08:03:21.0958 7152 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
08:03:21.0970 7152 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:03:21.0973 7152 \Device\Harddisk1\DR1:
08:03:21.0974 7152 MBR used
08:03:21.0974 7152 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:03:21.0974 7152 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
08:03:21.0974 7152 \Device\Harddisk0\DR0:
08:03:21.0974 7152 MBR used
08:03:21.0974 7152 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E933DC1
08:03:22.0010 7152 Initialize success
08:03:22.0010 7152 ============================================================
08:03:44.0850 4844 ============================================================
08:03:44.0850 4844 Scan started
08:03:44.0850 4844 Mode: Manual; TDLFS;
08:03:44.0850 4844 ============================================================
08:03:48.0707 4844 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:03:48.0710 4844 1394ohci - ok
08:03:48.0754 4844 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:03:48.0758 4844 ACPI - ok
08:03:48.0794 4844 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:03:48.0795 4844 AcpiPmi - ok
08:03:48.0860 4844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:03:48.0866 4844 adp94xx - ok
08:03:48.0890 4844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:03:48.0894 4844 adpahci - ok
08:03:48.0914 4844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:03:48.0917 4844 adpu320 - ok
08:03:48.0965 4844 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
08:03:48.0970 4844 AFD - ok
08:03:49.0009 4844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:03:49.0011 4844 agp440 - ok
08:03:49.0032 4844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:03:49.0033 4844 aliide - ok
08:03:49.0052 4844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:03:49.0053 4844 amdide - ok
08:03:49.0071 4844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:03:49.0073 4844 AmdK8 - ok
08:03:49.0090 4844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:03:49.0092 4844 AmdPPM - ok
08:03:49.0115 4844 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:03:49.0117 4844 amdsata - ok
08:03:49.0138 4844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:03:49.0141 4844 amdsbs - ok
08:03:49.0180 4844 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:03:49.0181 4844 amdxata - ok
08:03:49.0233 4844 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:03:49.0234 4844 AppID - ok
08:03:49.0299 4844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:03:49.0300 4844 arc - ok
08:03:49.0313 4844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:03:49.0314 4844 arcsas - ok
08:03:49.0368 4844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:03:49.0368 4844 AsyncMac - ok
08:03:49.0407 4844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:03:49.0408 4844 atapi - ok
08:03:49.0486 4844 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
08:03:49.0488 4844 AVGIDSDriver - ok
08:03:49.0560 4844 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
08:03:49.0561 4844 AVGIDSEH - ok
08:03:49.0640 4844 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
08:03:49.0646 4844 AVGIDSFilter - ok
08:03:49.0727 4844 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
08:03:49.0738 4844 Avgldx64 - ok
08:03:49.0777 4844 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
08:03:49.0778 4844 Avgmfx64 - ok
08:03:49.0851 4844 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
08:03:49.0864 4844 Avgrkx64 - ok
08:03:49.0908 4844 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
08:03:49.0912 4844 Avgtdia - ok
08:03:49.0978 4844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:03:49.0984 4844 b06bdrv - ok
08:03:50.0042 4844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:03:50.0046 4844 b57nd60a - ok
08:03:50.0111 4844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:03:50.0112 4844 Beep - ok
08:03:50.0235 4844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:03:50.0236 4844 blbdrive - ok
08:03:50.0316 4844 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:03:50.0318 4844 bowser - ok
08:03:50.0337 4844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:03:50.0339 4844 BrFiltLo - ok
08:03:50.0351 4844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:03:50.0352 4844 BrFiltUp - ok
08:03:50.0370 4844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:03:50.0374 4844 Brserid - ok
08:03:50.0396 4844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:03:50.0398 4844 BrSerWdm - ok
08:03:50.0416 4844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:03:50.0417 4844 BrUsbMdm - ok
08:03:50.0436 4844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:03:50.0437 4844 BrUsbSer - ok
08:03:50.0453 4844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:03:50.0454 4844 BTHMODEM - ok
08:03:50.0476 4844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:03:50.0477 4844 cdfs - ok
08:03:50.0607 4844 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:03:50.0609 4844 cdrom - ok
08:03:50.0638 4844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:03:50.0639 4844 circlass - ok
08:03:50.0685 4844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:03:50.0689 4844 CLFS - ok
08:03:50.0745 4844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:03:50.0747 4844 CmBatt - ok
08:03:50.0785 4844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:03:50.0786 4844 cmdide - ok
08:03:50.0824 4844 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:03:50.0852 4844 CNG - ok
08:03:50.0871 4844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:03:50.0872 4844 Compbatt - ok
08:03:50.0925 4844 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:03:50.0926 4844 CompositeBus - ok
08:03:50.0980 4844 cpuz133 (b9be50fedb366b958ae5f3bc19a20d2b) C:\Windows\system32\drivers\cpuz133_x64.sys
08:03:50.0981 4844 cpuz133 - ok
08:03:51.0048 4844 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
08:03:51.0049 4844 cpuz135 - ok
08:03:51.0069 4844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:03:51.0070 4844 crcdisk - ok
08:03:51.0153 4844 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:03:51.0154 4844 DfsC - ok
08:03:51.0183 4844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:03:51.0184 4844 discache - ok
08:03:51.0241 4844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:03:51.0243 4844 Disk - ok
08:03:51.0295 4844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:03:51.0295 4844 drmkaud - ok
08:03:51.0350 4844 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:03:51.0362 4844 DXGKrnl - ok
08:03:51.0431 4844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:03:51.0475 4844 ebdrv - ok
08:03:51.0505 4844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:03:51.0511 4844 elxstor - ok
08:03:51.0548 4844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:03:51.0549 4844 ErrDev - ok
08:03:51.0574 4844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:03:51.0577 4844 exfat - ok
08:03:51.0592 4844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:03:51.0596 4844 fastfat - ok
08:03:51.0610 4844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:03:51.0611 4844 fdc - ok
08:03:51.0630 4844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:03:51.0631 4844 FileInfo - ok
08:03:51.0644 4844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:03:51.0645 4844 Filetrace - ok
08:03:51.0654 4844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:03:51.0655 4844 flpydisk - ok
08:03:51.0697 4844 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:03:51.0701 4844 FltMgr - ok
08:03:51.0729 4844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:03:51.0731 4844 FsDepends - ok
08:03:51.0757 4844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:03:51.0758 4844 Fs_Rec - ok
08:03:51.0798 4844 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:03:51.0800 4844 fvevol - ok
08:03:51.0816 4844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:03:51.0817 4844 gagp30kx - ok
08:03:51.0819 4844 gdrv - ok
08:03:51.0863 4844 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:03:51.0864 4844 GEARAspiWDM - ok
08:03:51.0879 4844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:03:51.0880 4844 hcw85cir - ok
08:03:51.0941 4844 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:03:51.0945 4844 HdAudAddService - ok
08:03:51.0992 4844 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:03:51.0994 4844 HDAudBus - ok
08:03:52.0010 4844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:03:52.0011 4844 HidBatt - ok
08:03:52.0026 4844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:03:52.0028 4844 HidBth - ok
08:03:52.0042 4844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:03:52.0043 4844 HidIr - ok
08:03:52.0097 4844 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:03:52.0098 4844 HidUsb - ok
08:03:52.0144 4844 HP8207_8307 (3015b37029ad15c67ebca5053c422f90) C:\Windows\system32\DRIVERS\HP8207_8307.sys
08:03:52.0145 4844 HP8207_8307 - ok
08:03:52.0164 4844 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:03:52.0166 4844 HpSAMD - ok
08:03:52.0217 4844 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:03:52.0226 4844 HTTP - ok
08:03:52.0262 4844 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:03:52.0263 4844 hwpolicy - ok
08:03:52.0316 4844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:03:52.0318 4844 i8042prt - ok
08:03:52.0362 4844 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:03:52.0367 4844 iaStorV - ok
08:03:52.0393 4844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:03:52.0394 4844 iirsp - ok
08:03:52.0492 4844 IntcAzAudAddService (f6b3b107ecc1a94e7a8245b008b9e613) C:\Windows\system32\drivers\RTKVHD64.sys
08:03:52.0545 4844 IntcAzAudAddService - ok
08:03:52.0567 4844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:03:52.0568 4844 intelide - ok
08:03:52.0623 4844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:03:52.0624 4844 intelppm - ok
08:03:52.0666 4844 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:03:52.0667 4844 IpFilterDriver - ok
08:03:52.0707 4844 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:03:52.0709 4844 IPMIDRV - ok
08:03:52.0730 4844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:03:52.0732 4844 IPNAT - ok
08:03:52.0771 4844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:03:52.0772 4844 IRENUM - ok
08:03:52.0809 4844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:03:52.0811 4844 isapnp - ok
08:03:52.0853 4844 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:03:52.0857 4844 iScsiPrt - ok
08:03:52.0900 4844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:03:52.0901 4844 kbdclass - ok
08:03:52.0949 4844 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:03:52.0950 4844 kbdhid - ok
08:03:52.0985 4844 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:03:52.0988 4844 KSecDD - ok
08:03:53.0002 4844 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:03:53.0004 4844 KSecPkg - ok
08:03:53.0027 4844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:03:53.0028 4844 ksthunk - ok
08:03:53.0098 4844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:03:53.0100 4844 lltdio - ok
08:03:53.0142 4844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:03:53.0144 4844 LSI_FC - ok
08:03:53.0162 4844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:03:53.0164 4844 LSI_SAS - ok
08:03:53.0181 4844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:03:53.0182 4844 LSI_SAS2 - ok
08:03:53.0199 4844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:03:53.0201 4844 LSI_SCSI - ok
08:03:53.0255 4844 ltmodem5 (cc5cf4bdaa6671e4f72b1b37e0a2db4a) C:\Windows\system32\DRIVERS\ltmdm64.sys
08:03:53.0261 4844 ltmodem5 - ok
08:03:53.0279 4844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:03:53.0280 4844 luafv - ok
08:03:53.0325 4844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:03:53.0326 4844 megasas - ok
08:03:53.0360 4844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:03:53.0364 4844 MegaSR - ok
08:03:53.0427 4844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:03:53.0428 4844 Modem - ok
08:03:53.0478 4844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:03:53.0479 4844 monitor - ok
08:03:53.0501 4844 MotDev (07a02f0fe55ae183843ef627feb85fe6) C:\Windows\system32\DRIVERS\motodrv.sys
08:03:53.0511 4844 MotDev - ok
08:03:53.0560 4844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:03:53.0561 4844 mouclass - ok
08:03:53.0620 4844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:03:53.0623 4844 mouhid - ok
08:03:53.0659 4844 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:03:53.0660 4844 mountmgr - ok
08:03:53.0697 4844 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:03:53.0699 4844 mpio - ok
08:03:53.0720 4844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:03:53.0722 4844 mpsdrv - ok
08:03:53.0790 4844 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:03:53.0792 4844 MRxDAV - ok
08:03:53.0837 4844 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:03:53.0839 4844 mrxsmb - ok
08:03:53.0882 4844 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:03:53.0885 4844 mrxsmb10 - ok
08:03:53.0929 4844 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:03:53.0931 4844 mrxsmb20 - ok
08:03:53.0975 4844 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:03:53.0976 4844 msahci - ok
08:03:54.0013 4844 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:03:54.0015 4844 msdsm - ok
08:03:54.0064 4844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:03:54.0065 4844 Msfs - ok
08:03:54.0106 4844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:03:54.0107 4844 mshidkmdf - ok
08:03:54.0147 4844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:03:54.0148 4844 msisadrv - ok
08:03:54.0196 4844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:03:54.0197 4844 MSKSSRV - ok
08:03:54.0246 4844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:03:54.0247 4844 MSPCLOCK - ok
08:03:54.0262 4844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:03:54.0263 4844 MSPQM - ok
08:03:54.0303 4844 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:03:54.0307 4844 MsRPC - ok
08:03:54.0321 4844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:03:54.0321 4844 mssmbios - ok
08:03:54.0335 4844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:03:54.0336 4844 MSTEE - ok
08:03:54.0348 4844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:03:54.0349 4844 MTConfig - ok
08:03:54.0364 4844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:03:54.0365 4844 Mup - ok
08:03:54.0415 4844 mv91cons (6af2640b5d7202fa0d96467318d4592e) C:\Windows\system32\DRIVERS\mv91cons.sys
08:03:54.0416 4844 mv91cons - ok
08:03:54.0461 4844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:03:54.0466 4844 NativeWifiP - ok
08:03:54.0542 4844 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:03:54.0552 4844 NDIS - ok
08:03:54.0597 4844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:03:54.0598 4844 NdisCap - ok
08:03:54.0620 4844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:03:54.0621 4844 NdisTapi - ok
08:03:54.0706 4844 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:03:54.0707 4844 Ndisuio - ok
08:03:54.0752 4844 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:03:54.0756 4844 NdisWan - ok
08:03:54.0780 4844 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:03:54.0782 4844 NDProxy - ok
08:03:54.0835 4844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:03:54.0836 4844 NetBIOS - ok
08:03:54.0884 4844 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:03:54.0887 4844 NetBT - ok
08:03:54.0963 4844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:03:54.0964 4844 nfrd960 - ok
08:03:54.0998 4844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:03:54.0999 4844 Npfs - ok
08:03:55.0021 4844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:03:55.0022 4844 nsiproxy - ok
08:03:55.0084 4844 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:03:55.0141 4844 Ntfs - ok
08:03:55.0163 4844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:03:55.0164 4844 Null - ok
08:03:55.0214 4844 nusb3hub (a61b0af4d6b934928cfd1140deea5c8d) C:\Windows\system32\DRIVERS\nusb3hub.sys
08:03:55.0216 4844 nusb3hub - ok
08:03:55.0264 4844 nusb3xhc (fa4b2f20561bdbcc6b9ac3e3bdcd7e3f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:03:55.0266 4844 nusb3xhc - ok
08:03:55.0330 4844 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
08:03:55.0332 4844 NVHDA - ok
08:03:55.0545 4844 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:03:55.0725 4844 nvlddmkm - ok
08:03:55.0768 4844 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:03:55.0770 4844 nvraid - ok
08:03:55.0811 4844 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:03:55.0813 4844 nvstor - ok
08:03:55.0897 4844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:03:55.0899 4844 nv_agp - ok
08:03:55.0944 4844 NWADI (952ab3bdef38a7391aa05bc8c6028f15) C:\Windows\system32\DRIVERS\NWADIenum.sys
08:03:55.0946 4844 NWADI - ok
08:03:55.0997 4844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:03:55.0999 4844 ohci1394 - ok
08:03:56.0053 4844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:03:56.0055 4844 Parport - ok
08:03:56.0096 4844 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:03:56.0097 4844 partmgr - ok
08:03:56.0145 4844 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:03:56.0147 4844 pci - ok
08:03:56.0166 4844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:03:56.0167 4844 pciide - ok
08:03:56.0190 4844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:03:56.0196 4844 pcmcia - ok
08:03:56.0241 4844 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
08:03:56.0243 4844 PCTINDIS5X64 - ok
08:03:56.0262 4844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:03:56.0264 4844 pcw - ok
08:03:56.0289 4844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:03:56.0297 4844 PEAUTH - ok
08:03:56.0366 4844 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:03:56.0368 4844 PptpMiniport - ok
08:03:56.0382 4844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:03:56.0384 4844 Processor - ok
08:03:56.0433 4844 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:03:56.0434 4844 Psched - ok
08:03:56.0474 4844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:03:56.0525 4844 ql2300 - ok
08:03:56.0547 4844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:03:56.0549 4844 ql40xx - ok
08:03:56.0565 4844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:03:56.0567 4844 QWAVEdrv - ok
08:03:56.0587 4844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:03:56.0588 4844 RasAcd - ok
08:03:56.0646 4844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:03:56.0647 4844 RasAgileVpn - ok
08:03:56.0694 4844 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:03:56.0696 4844 Rasl2tp - ok
08:03:56.0716 4844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:03:56.0718 4844 RasPppoe - ok
08:03:56.0776 4844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:03:56.0778 4844 RasSstp - ok
08:03:56.0826 4844 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:03:56.0830 4844 rdbss - ok
08:03:56.0848 4844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:03:56.0849 4844 rdpbus - ok
08:03:56.0868 4844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:03:56.0869 4844 RDPCDD - ok
08:03:56.0913 4844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:03:56.0914 4844 RDPENCDD - ok
08:03:56.0924 4844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:03:56.0925 4844 RDPREFMP - ok
08:03:56.0965 4844 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:03:56.0968 4844 RDPWD - ok
08:03:57.0014 4844 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:03:57.0017 4844 rdyboost - ok
08:03:57.0096 4844 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
08:03:57.0097 4844 Revoflt - ok
08:03:57.0158 4844 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
08:03:57.0159 4844 RimVSerPort - ok
08:03:57.0206 4844 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
08:03:57.0207 4844 ROOTMODEM - ok
08:03:57.0227 4844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:03:57.0229 4844 rspndr - ok
08:03:57.0286 4844 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:03:57.0290 4844 RTL8167 - ok
08:03:57.0367 4844 SASDIFSV - ok
08:03:57.0394 4844 SASKUTIL - ok
08:03:57.0425 4844 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:03:57.0427 4844 sbp2port - ok
08:03:57.0468 4844 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:03:57.0470 4844 scfilter - ok
08:03:57.0522 4844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:03:57.0523 4844 secdrv - ok
08:03:57.0574 4844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:03:57.0575 4844 Serenum - ok
08:03:57.0624 4844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:03:57.0625 4844 Serial - ok
08:03:57.0671 4844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:03:57.0672 4844 sermouse - ok
08:03:57.0720 4844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:03:57.0721 4844 sffdisk - ok
08:03:57.0733 4844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:03:57.0734 4844 sffp_mmc - ok
08:03:57.0752 4844 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:03:57.0753 4844 sffp_sd - ok
08:03:57.0776 4844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:03:57.0777 4844 sfloppy - ok
08:03:57.0828 4844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:03:57.0830 4844 SiSRaid2 - ok
08:03:57.0843 4844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:03:57.0845 4844 SiSRaid4 - ok
08:03:57.0893 4844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:03:57.0895 4844 Smb - ok
08:03:57.0938 4844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:03:57.0939 4844 spldr - ok
08:03:57.0994 4844 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:03:58.0000 4844 srv - ok
08:03:58.0045 4844 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:03:58.0050 4844 srv2 - ok
08:03:58.0068 4844 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:03:58.0071 4844 srvnet - ok
08:03:58.0133 4844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:03:58.0135 4844 stexstor - ok
08:03:58.0172 4844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:03:58.0173 4844 swenum - ok
08:03:58.0221 4844 swmsflt (d294db3e6b227ba511a454df4b9a5856) C:\Windows\System32\drivers\swmsflt.sys
08:03:58.0222 4844 swmsflt - ok
08:03:58.0293 4844 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:03:58.0322 4844 Tcpip - ok
08:03:58.0368 4844 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:03:58.0378 4844 TCPIP6 - ok
08:03:58.0432 4844 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:03:58.0433 4844 tcpipreg - ok
08:03:58.0453 4844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:03:58.0454 4844 TDPIPE - ok
08:03:58.0474 4844 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:03:58.0475 4844 TDTCP - ok
08:03:58.0522 4844 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:03:58.0525 4844 tdx - ok
08:03:58.0571 4844 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:03:58.0572 4844 TermDD - ok
08:03:58.0656 4844 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:03:58.0658 4844 tssecsrv - ok
08:03:58.0697 4844 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:03:58.0699 4844 TsUsbFlt - ok
08:03:58.0798 4844 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:03:58.0800 4844 tunnel - ok
08:03:58.0819 4844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:03:58.0820 4844 uagp35 - ok
08:03:58.0864 4844 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:03:58.0868 4844 udfs - ok
08:03:58.0925 4844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:03:58.0926 4844 uliagpkx - ok
08:03:58.0985 4844 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:03:58.0987 4844 umbus - ok
08:03:59.0002 4844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:03:59.0004 4844 UmPass - ok
08:03:59.0047 4844 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:03:59.0048 4844 usbccgp - ok
08:03:59.0105 4844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:03:59.0107 4844 usbcir - ok
08:03:59.0148 4844 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
08:03:59.0149 4844 usbehci - ok
08:03:59.0191 4844 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:03:59.0195 4844 usbhub - ok
08:03:59.0224 4844 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:03:59.0225 4844 usbohci - ok
08:03:59.0266 4844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:03:59.0267 4844 usbprint - ok
08:03:59.0297 4844 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:03:59.0298 4844 usbscan - ok
08:03:59.0347 4844 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
08:03:59.0349 4844 USBSTOR - ok
08:03:59.0390 4844 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:03:59.0392 4844 usbuhci - ok
08:03:59.0450 4844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:03:59.0451 4844 vdrvroot - ok
08:03:59.0503 4844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:03:59.0504 4844 vga - ok
08:03:59.0518 4844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:03:59.0519 4844 VgaSave - ok
08:03:59.0556 4844 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:03:59.0559 4844 vhdmp - ok
08:03:59.0598 4844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:03:59.0600 4844 viaide - ok
08:03:59.0642 4844 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:03:59.0643 4844 volmgr - ok
08:03:59.0690 4844 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:03:59.0695 4844 volmgrx - ok
08:03:59.0717 4844 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:03:59.0722 4844 volsnap - ok
08:03:59.0770 4844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:03:59.0772 4844 vsmraid - ok
08:03:59.0793 4844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:03:59.0794 4844 vwifibus - ok
08:03:59.0811 4844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:03:59.0812 4844 WacomPen - ok
08:03:59.0859 4844 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:59.0861 4844 WANARP - ok
08:03:59.0881 4844 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:03:59.0881 4844 Wanarpv6 - ok
08:03:59.0947 4844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:03:59.0949 4844 Wd - ok
08:03:59.0973 4844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:03:59.0981 4844 Wdf01000 - ok
08:04:00.0035 4844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:04:00.0036 4844 WfpLwf - ok
08:04:00.0055 4844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:04:00.0056 4844 WIMMount - ok
08:04:00.0142 4844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:04:00.0143 4844 WmiAcpi - ok
08:04:00.0166 4844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:04:00.0167 4844 ws2ifsl - ok
08:04:00.0216 4844 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:04:00.0218 4844 WudfPf - ok
08:04:00.0265 4844 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:04:00.0268 4844 WUDFRd - ok
08:04:00.0339 4844 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk1\DR1
08:04:00.0367 4844 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - infected
08:04:00.0367 4844 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.b (0)
08:04:00.0398 4844 \Device\Harddisk1\DR1 ( TDSS File System ) - warning
08:04:00.0398 4844 \Device\Harddisk1\DR1 - detected TDSS File System (1)
08:04:00.0400 4844 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:04:00.0585 4844 \Device\Harddisk0\DR0 - ok
08:04:00.0603 4844 Boot (0x1200) (05b6f97f9845f2856741224587221aa3) \Device\Harddisk1\DR1\Partition0
08:04:00.0604 4844 \Device\Harddisk1\DR1\Partition0 - ok
08:04:00.0616 4844 Boot (0x1200) (4a04b93dcc94777639ba435fc565bf68) \Device\Harddisk1\DR1\Partition1
08:04:00.0616 4844 \Device\Harddisk1\DR1\Partition1 - ok
08:04:00.0618 4844 Boot (0x1200) (908c7cc4933c8e3bb354cbf86cf78626) \Device\Harddisk0\DR0\Partition0
08:04:00.0619 4844 \Device\Harddisk0\DR0\Partition0 - ok
08:04:00.0620 4844 ============================================================
08:04:00.0620 4844 Scan finished
08:04:00.0620 4844 ============================================================
08:04:00.0626 7100 Detected object count: 2
08:04:00.0626 7100 Actual detected object count: 2
08:04:30.0610 7100 \Device\Harddisk1\DR1\# - copied to quarantine
08:04:30.0611 7100 \Device\Harddisk1\DR1 - copied to quarantine
08:04:30.0646 7100 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine
08:04:30.0650 7100 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine
08:04:30.0660 7100 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine
08:04:30.0667 7100 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine
08:04:30.0669 7100 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine
08:04:30.0671 7100 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine
08:04:30.0672 7100 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine
08:04:30.0675 7100 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine
08:04:30.0677 7100 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine
08:04:30.0679 7100 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine
08:04:30.0726 7100 \Device\Harddisk1\DR1\TDLFS\xh.dll - copied to quarantine
08:04:30.0729 7100 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
08:04:30.0730 7100 \Device\Harddisk1\DR1 - ok
08:04:30.0731 7100 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
08:04:30.0732 7100 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user
08:04:30.0732 7100 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:37 PM

Posted 05 February 2012 - 10:54 AM

geminijd

You can EDIT your post :thumbup2:

I want you to run TDSSkiller once-Delete-TDSSfile system(do not skip it)

Restart the PC,post the new aswmbr log

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#10 geminijd

geminijd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 05 February 2012 - 03:39 PM

Here is the new asMBR report:
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-05 10:12:37
-----------------------------
10:12:37.210 OS Version: Windows x64 6.1.7601 Service Pack 1
10:12:37.210 Number of processors: 4 586 0x1E05
10:12:37.226 ComputerName: OWNER-PC UserName: Owner
10:12:39.519 Initialize success
10:12:45.088 AVAST engine defs: 12020502
10:13:43.666 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:13:43.666 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
10:13:43.666 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
10:13:43.666 Disk 1 Vendor: WDC_WD4000AAKS-00A7B0 01.03B01 Size: 381554MB BusType: 3
10:13:43.682 Disk 0 MBR read successfully
10:13:43.682 Disk 0 MBR scan
10:13:43.682 Disk 0 Windows 7 default MBR code
10:13:43.697 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:13:43.713 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
10:13:43.729 Service scanning
10:13:48.112 Modules scanning
10:13:48.112 Disk 0 trace - called modules:
10:13:48.128 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
10:13:48.643 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004780060]
10:13:48.643 3 CLASSPNP.SYS[fffff8800198743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800450d060]
10:13:49.875 AVAST engine scan C:\Windows
10:13:54.071 AVAST engine scan C:\Windows\system32
10:16:54.769 AVAST engine scan C:\Windows\system32\drivers
10:17:08.279 AVAST engine scan C:\Users\Owner
10:57:57.998 AVAST engine scan C:\ProgramData
10:58:45.472 File: C:\ProgramData\Microsoft\Windows\DRM\5633.tmp.dat **INFECTED** Win32:MalOb-HP [Cryp]
10:58:46.002 File: C:\ProgramData\Microsoft\Windows\DRM\E7F6.tmp **INFECTED** Win32:MalOb-HP [Cryp]
10:59:07.934 Scan finished successfully
14:37:26.017 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
14:37:26.017 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR1.txt"

#11 geminijd

geminijd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 05 February 2012 - 05:21 PM

Here is my ESET report:

C:\Program Files (x86)\Free Download Manager\Extras\setup.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\ProgramData\Microsoft\Windows\DRM\5633.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_08.03.20\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_08.03.20\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_08.03.20\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.IQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_08.03.20\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_08.03.20\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_08.03.20\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.05.17\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.05.17\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.05.17\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.IQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.05.17\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.05.17\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.05.17\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.IQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.IQ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.02.2012_10.08.15\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-14c4519d Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\Users\Owner\Desktop\FDM_Setup.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\Owner\Downloads\NERO 8 Ultra Edition\Nero_8.1.1.0b_eng_trial.exe Win32/Toolbar.AskSBar application deleted - quarantined
D:\Documents and Settings\June\Local Settings\Temp\plugtmp-140\plugin-data-1 a variant of PDF/CVE-2010-0188 trojan cleaned by deleting - quarantined
D:\Documents and Settings\June\Local Settings\Temp\plugtmp-141\plugin-data a variant of PDF/CVE-2010-0188 trojan cleaned by deleting - quarantined
D:\Documents and Settings\June\Local Settings\Temp\plugtmp-142\plugin-data a variant of PDF/CVE-2010-0188 trojan cleaned by deleting - quarantined
D:\Documents and Settings\June\My Documents\LimeWire\Incomplete\T-3545425-nobody knows it but me country.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
D:\Documents and Settings\June\My Documents\LimeWire\Incomplete\T-3877629-cornbread j paul jr - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:37 PM

Posted 05 February 2012 - 07:00 PM

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

TFC

Launch it,it will close all running programs
click on START,it should ask for reboot

#13 geminijd

geminijd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 06 February 2012 - 09:05 AM

Here are the results from Minitoolbox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 06-02-2012 at 08:01:20
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1 localhost


46.4.179.84 youtube.com
46.4.179.84 craigslist.org
46.4.179.84 wikipedia.org
46.4.179.84 cnn.com
46.4.179.84 go.com
46.4.179.84 live.com
46.4.179.84 blogger.com
46.4.179.84 comcast.net
46.4.179.84 imdb.com
46.4.179.84 digg.com
46.4.179.84 flickr.com
46.4.179.84 Expedia.com
46.4.179.84 Monster.com
46.4.179.84 Weather.com

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 6C-F0-49-09-15-0E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8428:a1fd:3150:4f8d%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, February 05, 2012 10:10:05 AM
Lease Expires . . . . . . . . . . : Tuesday, February 07, 2012 7:52:46 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 242020425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-48-E4-84-6C-F0-49-09-15-0E
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.227.48
74.125.227.49
74.125.227.50
74.125.227.51
74.125.227.52


Pinging google.com [74.125.227.17] with 32 bytes of data:
Reply from 74.125.227.17: bytes=32 time=19ms TTL=52
Reply from 74.125.227.17: bytes=32 time=19ms TTL=52

Ping statistics for 74.125.227.17:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 19ms, Average = 19ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
72.30.2.43


Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=71ms TTL=43
Reply from 98.139.180.149: bytes=32 time=117ms TTL=43

Ping statistics for 98.139.180.149:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 71ms, Maximum = 117ms, Average = 94ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...6c f0 49 09 15 0e ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.107 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.107 276
192.168.1.107 255.255.255.255 On-link 192.168.1.107 276
192.168.1.255 255.255.255.255 On-link 192.168.1.107 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.107 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.107 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::8428:a1fd:3150:4f8d/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/05/2012 05:47:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/05/2012 05:46:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/05/2012 05:46:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/05/2012 05:46:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/05/2012 02:39:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/05/2012 02:39:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/05/2012 02:39:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/05/2012 02:39:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/05/2012 00:09:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (02/05/2012 00:09:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969


System errors:
=============
Error: (02/05/2012 00:09:27 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

Error: (02/05/2012 10:11:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/05/2012 10:11:37 AM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1053

Error: (02/05/2012 10:11:25 AM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%1053

Error: (02/05/2012 10:11:25 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

Error: (02/05/2012 10:10:55 AM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Port Sharing Service service failed to start due to the following error:
%%1053

Error: (02/05/2012 10:10:55 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.

Error: (02/05/2012 10:04:10 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (02/05/2012 10:04:02 AM) (Source: Service Control Manager) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1053

Error: (02/05/2012 10:04:02 AM) (Source: Service Control Manager) (User: )
Description: The Net.Pipe Listener Adapter service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 2.0.0)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
afreeca streamer(SBS) Á¦°Ĺ
Amazon MP3 Downloader 1.0.10
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2112)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.10)
Browser Configuration Utility (Version: 1.1.11.0)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP490 series MP Drivers
Canon MP490 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (Version: 2.30)
Coupon Printer for Windows (Version: 5.0.0.0)
CouponBar
CPUID CPU-Z 1.59
DivX Setup (Version: 2.2.1.2)
ESET Online Scanner v3
Explorer Suite III
Final Uninstaller (Version: 2.6)
Google Chrome (Version: 16.0.912.77)
InstaCodecs (Version: 1.0)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 26 (Version: 6.0.260)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Marvell MRU V4 (Version: 4.1.0.1515)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Ultimate 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.14.0)
Nero 8 (Version: 8.10.89)
neroxml (Version: 1.0.0)
NVIDIA 3D Vision Controller Driver (Version: 275.33)
NVIDIA 3D Vision Controller Driver 275.33 (Version: 275.33)
NVIDIA 3D Vision Driver 275.33 (Version: 275.33)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Endless City demo (Version: 1.0)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA HD Audio Driver 1.2.23.3 (Version: 1.2.23.3)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.7533)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009)
Realtek High Definition Audio Driver (Version: 6.0.1.5943)
Revo Uninstaller Pro 2.5.0 (Version: 2.5.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Sprint SmartView (Version: 2.25.0046.0)
The KMPlayer (remove only)
The Sims™ 3 (Version: 1.26.89)
The Sims™ 3 Ambitions (Version: 4.10.1)
The Sims™ 3 Fast Lane Stuff (Version: 5.5.4)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 High-End Loft Stuff (Version: 3.13.1)
The Sims™ 3 Late Night (Version: 6.5.1)
The Sims™ 3 Outdoor Living Stuff (Version: 7.0.55)
The Sims™ 3 Pets (Version: 10.0.96)
The Sims™ 3 Town Life Stuff (Version: 9.0.73)
The Sims™ 3 World Adventures (Version: 2.17.2)
TVAnts 1.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VCRedistSetup (Version: 1.0.0)
ViiKii Desktop Plug-in (Version: 0.4)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.1.9 (Version: 1.1.9)
Winamp (Version: 5.621 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
Yahoo! Toolbar
YouTube Downloader 2.6.3

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 4091.49 MB
Available physical RAM: 2455.09 MB
Total Pagefile: 8181.18 MB
Available Pagefile: 5799.11 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.86 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.66 GB) (Free:168.94 GB) NTFS
3 Drive d: () (Fixed) (Total:372.6 GB) (Free:132.02 GB) NTFS
4 Drive e: (Sims3EP05) (CDROM) (Total:5.3 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner
UpdatusUser


**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:37 PM

Posted 06 February 2012 - 09:19 AM

That looks good expect for your HOSTS file.

Download hosts fix

http://go.microsoft.com/?linkid=9668866

Run the fixit

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Uninstall your java update from add or remove programs and download latest from here

http://www.java.com/en/

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#15 geminijd

geminijd
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 06 February 2012 - 09:40 AM

I followed your instructions, however, I'm not sure Jave uninstalled. I have 2 entries for the same date, update 20 and update 26 (64 bit). Am I to uninstall both? I tried to uninstall update 26, assuming it was the last (I'm unsure) but it does not disappear form the list of installed programs. Am I doing something incorrectly?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users