Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cant update & error no 80096001


  • Please log in to reply
7 replies to this topic

#1 M.H

M.H

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 09 June 2012 - 02:55 AM

hi everybody

I think that i'm infected by some malware which affected the ability of my laptop to run Windows 7 Updates. evertime i try to update the window i got error code no 80096001. also i can't download .net framework 4.0 due to this problem as i think.

so plz anybody can help & thinks

im using window 7 Home Premium service pack 1

Edited by hamluis, 09 June 2012 - 07:33 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 09 June 2012 - 01:16 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 M.H

M.H
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 10 June 2012 - 02:10 AM

thx broni for helping me



checkup.txt file:

Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Panda Antivirus Pro 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.5
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-GB)
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
CCleaner (remove only)
PC Cleaners
JavaFX 2.0.3
Java™ 7 Update 3
Java™ SE Development Kit 7
Out of date Java installed!
Adobe Flash Player 11.2.202.233
````````````````````````````````
Process Check:
objlist.exe by Laurent

WinPatrol winpatrol.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
BillP Studios WinPatrol WinPatrol.exe
``````````End of Log````````````







FSS.txt file :

Farbar Service Scanner Version: 09-06-2012
Ran by User (administrator) on 10-06-2012 at 12:41:03
Running from "C:\Users\User\Desktop\New folder (3)"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****









MiniToolBox output:

MiniToolBox by Farbar Version: 09-06-2012
Ran by User (administrator) on 10-06-2012 at 15:02:03
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
127.0.0.1 mirror3.internetdownloadmanager.com

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Disconnected)
Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global taskoffload=enabled
set subinterface interface=? subinterface=ethernet_9 mtu=1477
set subinterface interface=? subinterface=ethernet_10 mtu=1477
set subinterface interface=? subinterface=ethernet_11 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : HAJI-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=7ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 7ms, Average = 4ms
===========================================================================
Interface List
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 56 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 57 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/09/2012 09:47:49 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].


Operation:
Obtain a callable interface for this provider
Obtaining provider management interface

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: -1
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/09/2012 09:47:49 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Obtain a callable interface for this provider
Obtaining provider management interface

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: -1
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/09/2012 09:47:49 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].


Operation:
Obtain a callable interface for this provider
Obtaining provider management interface

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: -1
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/09/2012 09:47:49 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Obtain a callable interface for this provider
Obtaining provider management interface

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: -1
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/09/2012 09:47:47 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].


Operation:
Obtain a callable interface for this provider
Obtaining provider management interface

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: -1
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/09/2012 09:47:47 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Obtain a callable interface for this provider
Obtaining provider management interface

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: -1
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/09/2012 09:47:47 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].


Operation:
Obtain a callable interface for this provider
Obtaining provider management interface

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: -1
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/09/2012 09:47:47 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Obtain a callable interface for this provider
Obtaining provider management interface

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: -1
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/09/2012 09:47:47 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].


Operation:
Obtain a callable interface for this provider
Obtaining provider management interface

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: -1
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (06/09/2012 09:47:47 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
Obtain a callable interface for this provider
Obtaining provider management interface

Context:
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Class ID: {00000000-0000-0000-0000-000000000000}
Snapshot Context: -1
Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}


System errors:
=============
Error: (06/10/2012 02:59:49 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer USER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DECB147F-73CA-4C37-B992-C342CB8A65.
The master browser is stopping or an election is being forced.

Error: (06/10/2012 02:35:50 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer USER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DECB147F-73CA-4C37-B992-C342CB8A65.
The master browser is stopping or an election is being forced.

Error: (06/10/2012 02:34:20 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (06/10/2012 02:34:20 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (06/10/2012 02:34:19 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (06/10/2012 02:34:19 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (06/10/2012 02:34:18 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (06/10/2012 02:23:50 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer USER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DECB147F-73CA-4C37-B992-C342CB8A65.
The master browser is stopping or an election is being forced.

Error: (06/10/2012 02:14:01 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (06/10/2012 02:14:01 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


Microsoft Office Sessions:
=========================
Error: (12/13/2011 11:29:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 257 seconds with 60 seconds of active time. This session ended with a crash.

Error: (08/18/2011 04:21:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/18/2011 04:20:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 743 seconds with 60 seconds of active time. This session ended with a crash.

Error: (06/24/2010 00:46:01 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20320 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

المكتبة الشاملة
µTorrent (Version: 3.1.3)
7-Zip 9.13 beta
Active Desktop Calendar 7.93
Adobe AIR (Version: 2.7.0.19530)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Community Help (Version: 3.4.980)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Download Assistant (Version: 1.0.2)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.2.202.233)
Adobe Fonts All (Version: 2.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player (Version: 11.5.1.601)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advanced SystemCare 3 (Version: 3.8.0)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 9.2)
ATI Catalyst Install Manager (Version: 3.0.812.0)
ATI Stream SDK v2 Developer (Version: 2.3.0.0)
Audacity 1.2.6
avast! Free Antivirus (Version: 7.0.1426.0)
BitTorrent (Version: 7.6.1)
Broadcom InConcert Maestro (Version: 1.0.1.1300)
Cambridge Advanced Learner's Dictionary
CamStudio
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0225.1742.31671)
Catalyst Control Center Graphics Full Existing (Version: 2010.0225.1742.31671)
Catalyst Control Center Graphics Full New (Version: 2010.0225.1742.31671)
Catalyst Control Center Graphics Light (Version: 2010.0225.1742.31671)
Catalyst Control Center Graphics Previews Common (Version: 2010.0225.1742.31671)
Catalyst Control Center Graphics Previews Common (Version: 2011.0126.1749.31909)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0225.1742.31671)
Catalyst Control Center InstallProxy (Version: 2009.1124.2131.38610)
Catalyst Control Center InstallProxy (Version: 2010.0225.1742.31671)
Catalyst Control Center InstallProxy (Version: 2011.0126.1749.31909)
Catalyst Control Center Localization All (Version: 2010.0225.1742.31671)
Catalyst Control Center Localization All (Version: 2011.0126.1749.31909)
ccc-core-static (Version: 2010.0225.1742.31671)
ccc-core-static (Version: 2011.0126.1749.31909)
ccc-utility (Version: 2010.0225.1742.31671)
ccc-utility (Version: 2011.0126.1749.31909)
CCC Help Chinese Standard (Version: 2010.0225.1741.31671)
CCC Help Chinese Traditional (Version: 2010.0225.1741.31671)
CCC Help Czech (Version: 2010.0225.1741.31671)
CCC Help Danish (Version: 2010.0225.1741.31671)
CCC Help Dutch (Version: 2010.0225.1741.31671)
CCC Help English (Version: 2010.0225.1741.31671)
CCC Help English (Version: 2011.0126.1748.31909)
CCC Help Finnish (Version: 2010.0225.1741.31671)
CCC Help French (Version: 2010.0225.1741.31671)
CCC Help German (Version: 2010.0225.1741.31671)
CCC Help Greek (Version: 2010.0225.1741.31671)
CCC Help Hungarian (Version: 2010.0225.1741.31671)
CCC Help Italian (Version: 2010.0225.1741.31671)
CCC Help Japanese (Version: 2010.0225.1741.31671)
CCC Help Korean (Version: 2010.0225.1741.31671)
CCC Help Norwegian (Version: 2010.0225.1741.31671)
CCC Help Polish (Version: 2010.0225.1741.31671)
CCC Help Portuguese (Version: 2010.0225.1741.31671)
CCC Help Russian (Version: 2010.0225.1741.31671)
CCC Help Spanish (Version: 2010.0225.1741.31671)
CCC Help Swedish (Version: 2010.0225.1741.31671)
CCC Help Thai (Version: 2010.0225.1741.31671)
CCC Help Turkish (Version: 2010.0225.1741.31671)
CCleaner (remove only)
Cisco PEAP Module (Version: 1.0.13)
CyberLink DVD Suite (Version: 7.0.2216)
CyberLink MediaShow (Version: 4.1.3419)
CyberLink PowerDVD 8 (Version: 8.0.1.1110)
CyberLink YouCam (Version: 3.0.2423)
D3DX10 (Version: 15.4.2368.0902)
Driver Checker v2.7.5 (Version: 2.7.5)
Dropbox (Version: 1.2.51)
DVD Architect Studio 5.0 (Version: 5.0.128)
EAP-GTC (Version: 1.8.0.0)
ESU for Microsoft Windows 7 (Version: 1.0.0)
Fences
Fences (Version: 1.0)
ffdshow [rev 3154] [2009-12-09] (Version: 1.0)
Firebird SQL Server - MAGIX Edition (Version: 2.1.31.0)
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.2.0603
Foxit Reader 5.1 (Version: 5.1.4.104)
Game Booster 3 (Version: 3.5)
GOM Player (Version: 2.1.40.5106)
Google Chrome (Version: 18.0.1025.162)
Google Talk (remove only)
Google Talk Plugin (Version: 2.6.1.5251)
Google Update Helper (Version: 1.3.21.111)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HiJackThis (Version: 1.0.0)
HP Advisor (Version: 3.3.9512.3162)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Integrated Module with Bluetooth wireless technology (Version: 6.2.1.500)
HP Product Detection (Version: 11.14.0001)
HP Quick Launch Buttons (Version: 6.50.9.1)
HP Setup (Version: 1.2.3560.3170)
HP Update (Version: 5.001.000.014)
HP User Guides 0179 (Version: 1.01.0004)
HP Wireless Assistant (Version: 3.50.12.1)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.5.6.1001)
Intel® Turbo Boost Technology Driver (Version: 01.00.01.1002)
Internet Download Manager
ISO Recorder (Version: 3.0.0)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 3 (Version: 7.0.30)
Java™ SE Development Kit 7 (Version: 1.7.0.0)
JavaFX 2.0.3 (Version: 2.0.3)
Junk Mail filter update (Version: 15.4.3502.0922)
kuler (Version: 2.0)
LabelPrint (Version: 2.5.2215)
LightScribe System Software (Version: 1.18.9.1)
Macromedia Extension Manager (Version: 1.7.240)
MAGIX Screenshare (Version: 4.3.6.1987)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27)
MAGIX Video Pro X4 (Version: 11.0.5.26)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Media Player Classic - Home Cinema 1.6.0.4014 (Version: 1.6.0.4014)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Browser (Version: 10.50.1600.1)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31119)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Move Media Player
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
muvee Reveal (Version: 7.0.43.11502)
My MP4Box GUI 0.5.6.0 (Version: 0.5.6.0)
MySQL Connector/ODBC 5.1 (Version: 5.1.9)
MySQL Workbench 5.2 CE (Version: 5.2.37)
Nokia Connectivity Cable Driver (Version: 7.1.69.0)
Nokia PC Suite (Version: 7.1.62.1)
Notepad++ (Version: 5.9.5)
NSS (remove only) (Version: 1.0.38.15)
Oracle Data Provider for .NET Help (Version: 10.2.000)
Oracle Database 10g Express Edition (Version: 10.2.1015)
Panda Antivirus Pro 2012 (Version: 11.00.00)
PC Cleaners
PC Connectivity Solution (Version: 11.5.22.0)
PC Security Tweaker
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Power2Go (Version: 6.0.3415)
PowerDirector (Version: 7.0.3420)
Privacy SafeGuard version 1.0 (Version: 1.0)
Pro Evolution Soccer 2012 (Version: 1.01.0000)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.71.80.42)
Real Checkers (Version: 1.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek Ethernet Controller Driver (Version: 7.25.824.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6206)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30105)
RealUpgrade 1.0 (Version: 1.0.0)
Recovery Manager (Version: 5.5.2214)
Revo Uninstaller 1.91 (Version: 1.91)
RtVOsd (Version: 1.0.6)
SanDiskSecureAccess_Manager.exe (Version: 1.1.19269)
SES Driver (Version: 1.0.0)
Skype™ 5.5 (Version: 5.5.119)
SoftStylus (Version: 2.2.112.0)
SpywareBlaster 4.5 (Version: 4.5.0)
StarUML 5.0.2.1570
Suite Shared Configuration CS4 (Version: 1.0)
Sunplus Spca536
Synaptics Pointing Device Driver (Version: 15.0.7.0)
The KMPlayer (remove only)
TuneUp Utilities 2012 (Version: 12.0.3010.5)
TuneUp Utilities Language Pack (en-GB) (Version: 9.0.4300.10)
TuneUp Utilities Language Pack (en-US) (Version: 12.0.3010.5)
TypingMaster Pro (Version: 7.00)
Ubuntu (Version: 11.04-rev211)
Unlocker 1.9.0 (Version: 1.9.0)
VBA (2627.01) (Version: 6.03.00.9402)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Vegas Movie Studio HD Platinum 11.0 (Version: 11.0.231)
VLC media player 2.0.1 (Version: 2.0.1)
WebEx Support Manager for Internet Explorer (Version: 6.5.47)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (Version: 06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
WinPatrol (Version: 24.0.2012.1)
WinRAR archiver
WMV9/VC-1 Video Playback (Version: 1.0.60126.1801)
XAMPP 1.7.7
Yahoo! Messenger

========================= Devices: ================================

Name: MpKsl72f7d073
Description: MpKsl72f7d073
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl72f7d073
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Atheros AR9285 802.11b/g/n WiFi Adapter
Description: Atheros AR9285 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 1973.86 MB
Available physical RAM: 582.61 MB
Total Pagefile: 3947.72 MB
Available Pagefile: 2235.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.09 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:155.84 GB) (Free:26.89 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:11.48 GB) (Free:1.89 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
5 Drive g: (HAJI) (Fixed) (Total:130.48 GB) (Free:6.37 GB) NTFS
7 Drive j: () (Removable) (Total:14.91 GB) (Free:11.39 GB) NTFS

========================= Users: ========================================

User accounts for \\HAJI-PC

Administrator Guest User


**** End of log ****








MBAM output:


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: HAJI-PC [administrator]

Protection: Enabled

10-Jun-12 12:55:36 PM
mbam-log-2012-06-10 (12-55-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281012
Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)









aswMBR.txt output :


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-10 13:49:16
-----------------------------
13:49:16.161 OS Version: Windows 6.1.7601 Service Pack 1
13:49:16.161 Number of processors: 2 586 0x2502
13:49:16.161 ComputerName: HAJI-PC UserName: User
13:49:28.625 Initialize success
13:49:28.797 AVAST engine defs: 12060901
13:49:57.423 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:49:57.423 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
13:49:57.438 Disk 0 MBR read successfully
13:49:57.438 Disk 0 MBR scan
13:49:57.438 Disk 0 unknown MBR code
13:49:57.454 Disk 0 Partition 1 00 42 SFS 0 MB offset 63
13:49:57.454 Disk 0 Partition 2 80 (A) 42 SFS NTFS 199 MB offset 2048
13:49:57.470 Disk 0 Partition 3 00 42 SFS NTFS 159577 MB offset 409600
13:49:57.485 Disk 0 Partition 4 00 42 SFS NTFS 145467 MB offset 327223296
13:49:57.501 Disk 0 scanning sectors +625140400
13:49:57.563 Disk 0 scanning C:\Windows\system32\drivers
13:49:57.579 Service scanning
13:50:25.815 Modules scanning
13:50:27.110 Disk 0 trace - called modules:
13:50:27.141 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
13:50:27.157 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89604230]
13:50:27.157 3 CLASSPNP.SYS[8460459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x87740028]
13:50:28.030 AVAST engine scan C:\Windows
13:50:28.030 AVAST engine scan C:\Windows\system32
13:50:28.030 AVAST engine scan C:\Windows\system32\drivers
13:50:28.046 AVAST engine scan C:\Users\User
13:50:28.046 AVAST engine scan C:\ProgramData
13:50:28.061 Scan finished successfully
13:51:52.470 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\New folder (3)\MBR.dat"
13:51:52.470 The log file has been saved successfully to "C:\Users\User\Desktop\New folder (3)\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 10 June 2012 - 10:40 AM

You're running two AV programs:
avast! Free Antivirus
Panda Antivirus Pro 2012

You must uninstall one of them.

Then...

I strongly suggest you uninstall TuneUp Utilities.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


==========================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

======================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 M.H

M.H
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 12 June 2012 - 09:26 AM

boot cleaner report :

Bootkit Remover
© 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...





Gmer report:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-12 21:54:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0
Running: gmer.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldipod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90256DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90F0FA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9025785E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9025C2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9025C330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9025C422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9025C252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9025C374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9025C29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9025C3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90256E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90F0FB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90256AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90256E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90259D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90257B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9025C30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9025C352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9025C446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9025C278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9025C3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9025C2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9025C400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90F0FCA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x902579CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90256EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90256F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90256B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90256CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90256C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90256D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90F0FD60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90256F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90F0FBE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90F25D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 84055369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8408ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 84095D80 4 Bytes [F8, 6D, 25, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 84095DA8 4 Bytes [5A, FA, F0, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 84095E08 4 Bytes [5E, 78, 25, 90] {POP ESI; JS 0x28; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 84095E5C 2 Bytes [E4, C2] {IN AL, 0xc2}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AA 84095E5F 5 Bytes [90, 30, C3, 25, 90]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 84222BE8 5 Bytes JMP 90F22C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8423B1D0 5 Bytes JMP 90F24764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 84250317 4 Bytes CALL 902581B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8426A0E9 4 Bytes CALL 902581CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 842F3F30 7 Bytes JMP 90F25D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9141E000, 0x3BEEC5, 0xE8000020]
.text kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[128] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[128] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[128] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[428] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[428] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[428] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\CISVC.EXE[440] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\CISVC.EXE[440] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\CISVC.EXE[440] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\CISVC.EXE[440] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00130A08
.text C:\Windows\system32\CISVC.EXE[440] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001303FC
.text C:\Windows\system32\CISVC.EXE[440] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00130804
.text C:\Windows\system32\CISVC.EXE[440] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001301F8
.text C:\Windows\system32\CISVC.EXE[440] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00130600
.text C:\Windows\system32\csrss.exe[520] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Prey\platform\windows\cronsvc.exe[584] KERNEL32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[592] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[592] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[592] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[592] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[592] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[592] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[592] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[592] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00050600
.text C:\Windows\system32\csrss.exe[604] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\services.exe[648] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[648] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[648] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[672] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[672] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[680] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[680] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[756] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[756] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[756] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[756] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\winlogon.exe[756] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001003FC
.text C:\Windows\system32\winlogon.exe[756] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00100804
.text C:\Windows\system32\winlogon.exe[756] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\winlogon.exe[756] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[928] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[928] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[928] user32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00410A08
.text C:\Windows\system32\svchost.exe[928] user32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 004103FC
.text C:\Windows\system32\svchost.exe[928] user32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00410804
.text C:\Windows\system32\svchost.exe[928] user32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 004101F8
.text C:\Windows\system32\svchost.exe[928] user32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00410600
.text C:\Windows\system32\atiesrxx.exe[976] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\atiesrxx.exe[976] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\atiesrxx.exe[976] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[976] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atiesrxx.exe[976] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atiesrxx.exe[976] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atiesrxx.exe[976] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atiesrxx.exe[976] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1100] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00130A08
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001303FC
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00130804
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001301F8
.text C:\Windows\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00130600
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1144] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00400A08
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 004003FC
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00400804
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 004001F8
.text C:\Windows\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00400600
.text C:\Windows\system32\SearchProtocolHost.exe[1152] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchProtocolHost.exe[1152] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchProtocolHost.exe[1152] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[1152] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchProtocolHost.exe[1152] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchProtocolHost.exe[1152] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchProtocolHost.exe[1152] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchProtocolHost.exe[1152] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00880A08
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 008803FC
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00880804
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 008801F8
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00880600
.text C:\Windows\system32\AUDIODG.EXE[1252] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1292] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00630A08
.text C:\Windows\system32\svchost.exe[1292] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 006303FC
.text C:\Windows\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00630804
.text C:\Windows\system32\svchost.exe[1292] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 006301F8
.text C:\Windows\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00630600
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1380] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00740A08
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 007403FC
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00740804
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 007401F8
.text C:\Windows\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00740600
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1448] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 001603FC
.text C:\Windows\system32\atieclxx.exe[1448] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 001601F8
.text C:\Windows\system32\atieclxx.exe[1448] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1448] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\atieclxx.exe[1448] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\atieclxx.exe[1448] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\atieclxx.exe[1448] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\atieclxx.exe[1448] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1468] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1468] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1468] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1468] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1468] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1468] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1468] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1468] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\svchost.exe[1648] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1648] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00580A08
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 005803FC
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00580804
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 005801F8
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00580600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1688] kernel32.dll!SetUnhandledExceptionFilter 7685F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1688] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1696] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\WLANExt.exe[1696] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\WLANExt.exe[1696] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1696] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00110A08
.text C:\Windows\system32\WLANExt.exe[1696] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001103FC
.text C:\Windows\system32\WLANExt.exe[1696] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00110804
.text C:\Windows\system32\WLANExt.exe[1696] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001101F8
.text C:\Windows\system32\WLANExt.exe[1696] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00110600
.text C:\Windows\system32\conhost.exe[1704] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000303FC
.text C:\Windows\system32\conhost.exe[1704] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000301F8
.text C:\Windows\system32\conhost.exe[1704] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\conhost.exe[1704] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 000C0A08
.text C:\Windows\system32\conhost.exe[1704] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 000C03FC
.text C:\Windows\system32\conhost.exe[1704] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 000C0804
.text C:\Windows\system32\conhost.exe[1704] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 000C01F8
.text C:\Windows\system32\conhost.exe[1704] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 000C0600
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1852] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1852] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\spoolsv.exe[1852] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001903FC
.text C:\Windows\System32\spoolsv.exe[1852] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00190804
.text C:\Windows\System32\spoolsv.exe[1852] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\spoolsv.exe[1852] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00190600
.text C:\Windows\system32\taskeng.exe[1864] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\taskeng.exe[1864] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\taskeng.exe[1864] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1864] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[1864] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[1864] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[1864] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[1864] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\Dwm.exe[2404] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2404] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2404] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2404] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00110A08
.text C:\Windows\system32\Dwm.exe[2404] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001103FC
.text C:\Windows\system32\Dwm.exe[2404] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00110804
.text C:\Windows\system32\Dwm.exe[2404] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001101F8
.text C:\Windows\system32\Dwm.exe[2404] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00110600
.text C:\Windows\Explorer.EXE[2416] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[2416] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[2416] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[2416] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 001A0A08
.text C:\Windows\Explorer.EXE[2416] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001A03FC
.text C:\Windows\Explorer.EXE[2416] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 001A0804
.text C:\Windows\Explorer.EXE[2416] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001A01F8
.text C:\Windows\Explorer.EXE[2416] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 001A0600
.text C:\Windows\system32\taskeng.exe[2428] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\taskeng.exe[2428] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\taskeng.exe[2428] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2428] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2428] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2428] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2428] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2428] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00080600
.text C:\Program Files\Internet Download Manager\IDMan.exe[2516] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\PC Security Tweaker\newlock.exe[2520] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\PC Security Tweaker\newlock.exe[2520] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 001601F8
.text C:\Program Files\PC Security Tweaker\newlock.exe[2520] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\PC Security Tweaker\newlock.exe[2520] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\PC Security Tweaker\newlock.exe[2520] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001F03FC
.text C:\Program Files\PC Security Tweaker\newlock.exe[2520] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 001F0804
.text C:\Program Files\PC Security Tweaker\newlock.exe[2520] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\PC Security Tweaker\newlock.exe[2520] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2584] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2588] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2588] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2588] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2588] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2588] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 002003FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2588] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00200804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2588] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2588] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00200600
.text C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe[2748] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 001503FC
.text C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe[2748] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 001501F8
.text C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe[2748] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe[2748] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 001F0A08
.text C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe[2748] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001F03FC
.text C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe[2748] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 001F0804
.text C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe[2748] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001F01F8
.text C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wjk8cltn.default\extensions\startup.service@mozilla.com\svc.exe[2748] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2768] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2768] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2768] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2768] ADVAPI32.dll!RegOpenKeyExA 75784907 5 Bytes JMP 00D73EEE C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Windows Live Family Safety Service/Microsoft Corporation)
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2768] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2768] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2768] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00090804
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2768] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[2768] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00090600
.text C:\Windows\system32\svchost.exe[2792] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2792] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2792] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\inetsrv\inetinfo.exe[2812] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\inetsrv\inetinfo.exe[2812] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\inetsrv\inetinfo.exe[2812] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\inetsrv\inetinfo.exe[2812] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\inetsrv\inetinfo.exe[2812] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001403FC
.text C:\Windows\system32\inetsrv\inetinfo.exe[2812] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00140804
.text C:\Windows\system32\inetsrv\inetinfo.exe[2812] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\inetsrv\inetinfo.exe[2812] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00140600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2932] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2932] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2932] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2932] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00110A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2932] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001103FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2932] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00110804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2932] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001101F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2932] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00110600
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2952] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2952] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2952] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2952] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2952] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 002003FC
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2952] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00200804
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2952] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 002001F8
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2952] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\svchost.exe[2976] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2976] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2976] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\mqsvc.exe[2996] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\mqsvc.exe[2996] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\mqsvc.exe[2996] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\mqsvc.exe[2996] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\mqsvc.exe[2996] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\mqsvc.exe[2996] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\mqsvc.exe[2996] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\mqsvc.exe[2996] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 000E0600
.text c:\xampp\mysql\bin\mysqld.exe[3100] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text c:\xampp\mysql\bin\mysqld.exe[3100] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text c:\xampp\mysql\bin\mysqld.exe[3100] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text c:\xampp\mysql\bin\mysqld.exe[3100] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00100A08
.text c:\xampp\mysql\bin\mysqld.exe[3100] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001003FC
.text c:\xampp\mysql\bin\mysqld.exe[3100] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00100804
.text c:\xampp\mysql\bin\mysqld.exe[3100] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001001F8
.text c:\xampp\mysql\bin\mysqld.exe[3100] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00100600
.text C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe[3132] KERNEL32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3244] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[3244] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[3244] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3244] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 001D0A08
.text C:\Windows\system32\svchost.exe[3244] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001D03FC
.text C:\Windows\system32\svchost.exe[3244] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 001D0804
.text C:\Windows\system32\svchost.exe[3244] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001D01F8
.text C:\Windows\system32\svchost.exe[3244] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 001D0600
.text C:\Windows\System32\tcpsvcs.exe[3288] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\tcpsvcs.exe[3288] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\tcpsvcs.exe[3288] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\System32\snmp.exe[3312] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\snmp.exe[3312] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\snmp.exe[3312] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3344] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3344] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3344] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3384] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3384] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3384] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3404] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[3404] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[3404] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3404] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00340A08
.text C:\Windows\System32\svchost.exe[3404] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 003403FC
.text C:\Windows\System32\svchost.exe[3404] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00340804
.text C:\Windows\System32\svchost.exe[3404] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 003401F8
.text C:\Windows\System32\svchost.exe[3404] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00340600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00140A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00140804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3488] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\mqtgsvc.exe[3568] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000503FC
.text C:\Windows\system32\mqtgsvc.exe[3568] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000501F8
.text C:\Windows\system32\mqtgsvc.exe[3568] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\mqtgsvc.exe[3568] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\mqtgsvc.exe[3568] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001003FC
.text C:\Windows\system32\mqtgsvc.exe[3568] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00100804
.text C:\Windows\system32\mqtgsvc.exe[3568] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\mqtgsvc.exe[3568] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3680] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3680] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3680] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3680] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00240A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3680] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 002403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3680] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00240804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3680] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 002401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3680] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00240600
.text C:\Windows\system32\SearchFilterHost.exe[4172] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchFilterHost.exe[4172] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchFilterHost.exe[4172] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\SearchFilterHost.exe[4172] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchFilterHost.exe[4172] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchFilterHost.exe[4172] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchFilterHost.exe[4172] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchFilterHost.exe[4172] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00100600
.text C:\Program Files\Google\Update\GoogleUpdate.exe[4568] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4668] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Users\User\Desktop\New folder (3)\gmer.exe[5188] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5208] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5208] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5208] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5208] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00270A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5208] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 002703FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5208] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00270804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5208] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 002701F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5208] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00270600
.text C:\Windows\system32\SearchIndexer.exe[5236] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[5236] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[5236] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[5236] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\SearchIndexer.exe[5236] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[5236] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 00090804
.text C:\Windows\system32\SearchIndexer.exe[5236] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\SearchIndexer.exe[5236] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 00090600
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[5244] ntdll.dll!LdrUnloadDll 76F4C8DE 5 Bytes JMP 001603FC
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[5244] ntdll.dll!LdrLoadDll 76F522B8 5 Bytes JMP 001601F8
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[5244] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[5244] USER32.dll!UnhookWindowsHookEx 754AADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[5244] USER32.dll!UnhookWinEvent 754AB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[5244] USER32.dll!SetWindowsHookExW 754AE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[5244] USER32.dll!SetWinEventHook 754B24DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Hp\HP Software Update\hpwuschd2.exe[5244] USER32.dll!SetWindowsHookExA 754D6D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[5392] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[5612] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[5940] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]
.text C:\Windows\system32\sppsvc.exe[5960] kernel32.dll!GetBinaryTypeW + 70 768769F4 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1688] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [70BAF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Windows\Explorer.EXE[2416] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [74F7FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2416] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F7FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2416] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F7FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F7FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2416] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F7FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2416] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [710B11EB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2416] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74F7FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2416] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74F7FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2416] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74F7FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2584] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [70BAF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\ACPI_HAL \Device\0000007b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713bf32f9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713bf4639
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713bf4639@001c3566d083 0x91 0xBF 0x7B 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713bf4639@307c30b1eca0 0x09 0x47 0x28 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713bf4639@0022fd4620ca 0x91 0x49 0x1E 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713bf4639@a04e04bd833d 0x8E 0x37 0x02 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713bf4639@0015def799af 0x4B 0x14 0x6C 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713bf4639@347e391ebadb 0x27 0x1C 0x09 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713bf4639@d4206d348cc0 0x0F 0xFF 0x87 0x48 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713bf4639@0026ff0b159b 0x8E 0x3C 0x8D 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713bf4639@a06cec8acd32 0xF6 0xAB 0xA1 0xC9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713bf32f9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713bf4639 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713bf4639@001c3566d083 0x91 0xBF 0x7B 0x69 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713bf4639@307c30b1eca0 0x09 0x47 0x28 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713bf4639@0022fd4620ca 0x91 0x49 0x1E 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713bf4639@a04e04bd833d 0x8E 0x37 0x02 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713bf4639@0015def799af 0x4B 0x14 0x6C 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713bf4639@347e391ebadb 0x27 0x1C 0x09 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713bf4639@d4206d348cc0 0x0F 0xFF 0x87 0x48 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713bf4639@0026ff0b159b 0x8E 0x3C 0x8D 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713bf4639@a06cec8acd32 0xF6 0xAB 0xA1 0xC9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF07C61A-306D-450E-9657-E3982F18B3CF}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF07C61A-306D-450E-9657-E3982F18B3CF}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF07C61A-306D-450E-9657-E3982F18B3CF}@Path \Microsoft\Windows Defender\MpIdleTask
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF07C61A-306D-450E-9657-E3982F18B3CF}@Hash 0x12 0x2C 0xF5 0x7C ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF07C61A-306D-450E-9657-E3982F18B3CF}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF07C61A-306D-450E-9657-E3982F18B3CF}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MpIdleTask@Id {FF07C61A-306D-450E-9657-E3982F18B3CF}

---- Files - GMER 1.0.15 ----

File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-3631552745-2103473267-2274662419-1000 0 bytes
File C:\avast! sandbox\S-1-5-21-3631552745-2103473267-2274662419-1000\r92 0 bytes
File C:\avast! sandbox\S-1-5-21-3631552745-2103473267-2274662419-1000\r92\ZiggyTV.exe_{a07c9f78-a49d-11e1-bc54-002713bf4639} 0 bytes
File C:\avast! sandbox\S-1-5-21-3631552745-2103473267-2274662419-1000\r92\ZiggyTV.exe_{a07c9f78-a49d-11e1-bc54-002713bf4639}\C 0 bytes
File C:\avast! sandbox\S-1-5-21-3631552745-2103473267-2274662419-1000\r92\ZiggyTV.exe_{a07c9f78-a49d-11e1-bc54-002713bf4639}\C\Users 0 bytes
File C:\avast! sandbox\S-1-5-21-3631552745-2103473267-2274662419-1000\r92\ZiggyTV.exe_{a07c9f78-a49d-11e1-bc54-002713bf4639}\C\Users\User 0 bytes
File C:\avast! sandbox\S-1-5-21-3631552745-2103473267-2274662419-1000\r92\ZiggyTV.exe_{a07c9f78-a49d-11e1-bc54-002713bf4639}\C\Users\User\AppData 0 bytes
File C:\avast! sandbox\S-1-5-21-3631552745-2103473267-2274662419-1000\r92\ZiggyTV.exe_{a07c9f78-a49d-11e1-bc54-002713bf4639}\C\Users\User\AppData\Roaming 0 bytes
File C:\avast! sandbox\S-1-5-21-3631552745-2103473267-2274662419-1000\r92\ZiggyTV.exe_{a07c9f78-a49d-11e1-bc54-002713bf4639}\C\Users\User\AppData\Roaming\ZiggyTV 0 bytes
File C:\avast! sandbox\S-1-5-21-3631552745-2103473267-2274662419-1000\r92\ZiggyTV.exe_{a07c9f78-a49d-11e1-bc54-002713bf4639}\C\Users\User\AppData\Roaming\ZiggyTV\.AppSpecialShare 0 bytes

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 12 June 2012 - 07:38 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 M.H

M.H
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 13 June 2012 - 07:49 PM

08:47:11.0375 1964 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:47:12.0686 1964 ============================================================
08:47:12.0686 1964 Current date / time: 2012/06/14 08:47:12.0686
08:47:12.0686 1964 SystemInfo:
08:47:12.0686 1964
08:47:12.0686 1964 OS Version: 6.1.7601 ServicePack: 1.0
08:47:12.0686 1964 Product type: Workstation
08:47:12.0686 1964 ComputerName: HAJI-PC
08:47:12.0686 1964 UserName: User
08:47:12.0686 1964 Windows directory: C:\Windows
08:47:12.0686 1964 System windows directory: C:\Windows
08:47:12.0686 1964 Processor architecture: Intel x86
08:47:12.0686 1964 Number of processors: 2
08:47:12.0686 1964 Page size: 0x1000
08:47:12.0686 1964 Boot type: Normal boot
08:47:12.0686 1964 ============================================================
08:47:14.0105 1964 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:47:14.0121 1964 ============================================================
08:47:14.0121 1964 \Device\Harddisk0\DR0:
08:47:14.0121 1964 MBR partitions:
08:47:14.0121 1964 Initialize success
08:47:14.0121 1964 ============================================================
08:47:49.0093 5240 ============================================================
08:47:49.0093 5240 Scan started
08:47:49.0093 5240 Mode: Manual;
08:47:49.0093 5240 ============================================================
08:47:49.0187 5240 1394ohci - ok
08:47:49.0202 5240 ACPI - ok
08:47:49.0202 5240 AcpiPmi - ok
08:47:49.0202 5240 AdobeFlashPlayerUpdateSvc - ok
08:47:49.0218 5240 adp94xx - ok
08:47:49.0218 5240 adpahci - ok
08:47:49.0218 5240 adpu320 - ok
08:47:49.0233 5240 AeLookupSvc - ok
08:47:49.0233 5240 AERTFilters - ok
08:47:49.0233 5240 AFD - ok
08:47:49.0233 5240 agp440 - ok
08:47:49.0249 5240 aic78xx - ok
08:47:49.0249 5240 ALG - ok
08:47:49.0249 5240 aliide - ok
08:47:49.0265 5240 AMD External Events Utility - ok
08:47:49.0265 5240 amdagp - ok
08:47:49.0265 5240 amdide - ok
08:47:49.0265 5240 AmdK8 - ok
08:47:49.0280 5240 amdkmdag - ok
08:47:49.0280 5240 amdkmdap - ok
08:47:49.0280 5240 AmdPPM - ok
08:47:49.0296 5240 amdsata - ok
08:47:49.0296 5240 amdsbs - ok
08:47:49.0296 5240 amdxata - ok
08:47:49.0296 5240 AppHostSvc - ok
08:47:49.0311 5240 AppID - ok
08:47:49.0311 5240 AppIDSvc - ok
08:47:49.0311 5240 Appinfo - ok
08:47:49.0327 5240 arc - ok
08:47:49.0327 5240 arcsas - ok
08:47:49.0327 5240 aspnet_state - ok
08:47:49.0343 5240 aswFsBlk - ok
08:47:49.0343 5240 aswMonFlt - ok
08:47:49.0343 5240 aswRdr - ok
08:47:49.0358 5240 aswSnx - ok
08:47:49.0358 5240 aswSP - ok
08:47:49.0358 5240 aswTdi - ok
08:47:49.0358 5240 AsyncMac - ok
08:47:49.0374 5240 atapi - ok
08:47:49.0374 5240 athr - ok
08:47:49.0374 5240 AtiHdmiService - ok
08:47:49.0389 5240 atikmdag - ok
08:47:49.0389 5240 AudioEndpointBuilder - ok
08:47:49.0389 5240 Audiosrv - ok
08:47:49.0389 5240 avast! Antivirus - ok
08:47:49.0405 5240 avchv - ok
08:47:49.0405 5240 AxInstSV - ok
08:47:49.0405 5240 b06bdrv - ok
08:47:49.0421 5240 b57nd60x - ok
08:47:49.0421 5240 BDESVC - ok
08:47:49.0421 5240 bdsandbox - ok
08:47:49.0436 5240 Beep - ok
08:47:49.0436 5240 BFE - ok
08:47:49.0436 5240 BITS - ok
08:47:49.0452 5240 blbdrive - ok
08:47:49.0452 5240 bowser - ok
08:47:49.0452 5240 BrFiltLo - ok
08:47:49.0452 5240 BrFiltUp - ok
08:47:49.0467 5240 BridgeMP - ok
08:47:49.0467 5240 Browser - ok
08:47:49.0467 5240 Brserid - ok
08:47:49.0483 5240 BrSerWdm - ok
08:47:49.0483 5240 BrUsbMdm - ok
08:47:49.0483 5240 BrUsbSer - ok
08:47:49.0499 5240 BthEnum - ok
08:47:49.0499 5240 BTHMODEM - ok
08:47:49.0499 5240 BthPan - ok
08:47:49.0514 5240 BTHPORT - ok
08:47:49.0545 5240 bthserv - ok
08:47:49.0545 5240 BTHUSB - ok
08:47:49.0545 5240 btwaudio - ok
08:47:49.0561 5240 btwavdt - ok
08:47:49.0561 5240 btwdins - ok
08:47:49.0561 5240 BTWDPAN - ok
08:47:49.0577 5240 btwl2cap - ok
08:47:49.0577 5240 btwrchid - ok
08:47:49.0577 5240 catchme - ok
08:47:49.0592 5240 cdfs - ok
08:47:49.0592 5240 cdrom - ok
08:47:49.0592 5240 CertPropSvc - ok
08:47:49.0608 5240 circlass - ok
08:47:49.0608 5240 CISVC - ok
08:47:49.0608 5240 CLFS - ok
08:47:49.0623 5240 clr_optimization_v2.0.50727_32 - ok
08:47:49.0623 5240 CmBatt - ok
08:47:49.0639 5240 cmdide - ok
08:47:49.0639 5240 CNG - ok
08:47:49.0639 5240 Com4QLBEx - ok
08:47:49.0639 5240 Compbatt - ok
08:47:49.0655 5240 CompositeBus - ok
08:47:49.0655 5240 COMSysApp - ok
08:47:49.0686 5240 CpqDfw - ok
08:47:49.0686 5240 crcdisk - ok
08:47:49.0686 5240 CronService - ok
08:47:49.0701 5240 CryptSvc - ok
08:47:49.0701 5240 DcomLaunch - ok
08:47:49.0717 5240 defragsvc - ok
08:47:49.0717 5240 DeskSaverService - ok
08:47:49.0717 5240 DfsC - ok
08:47:49.0733 5240 Dhcp - ok
08:47:49.0733 5240 discache - ok
08:47:49.0748 5240 Disk - ok
08:47:49.0748 5240 Dnscache - ok
08:47:49.0748 5240 dot3svc - ok
08:47:49.0764 5240 DPS - ok
08:47:49.0764 5240 drmkaud - ok
08:47:49.0764 5240 DXGKrnl - ok
08:47:49.0779 5240 EapHost - ok
08:47:49.0779 5240 ebdrv - ok
08:47:49.0779 5240 EFS - ok
08:47:49.0795 5240 ehRecvr - ok
08:47:49.0795 5240 ehSched - ok
08:47:49.0795 5240 elxstor - ok
08:47:49.0811 5240 ErrDev - ok
08:47:49.0826 5240 EventSystem - ok
08:47:49.0826 5240 ewusbnet - ok
08:47:49.0842 5240 exfat - ok
08:47:49.0842 5240 Fabs - ok
08:47:49.0842 5240 fastfat - ok
08:47:49.0857 5240 Fax - ok
08:47:49.0857 5240 fdc - ok
08:47:49.0857 5240 fdPHost - ok
08:47:49.0873 5240 FDResPub - ok
08:47:49.0873 5240 FileInfo - ok
08:47:49.0873 5240 Filetrace - ok
08:47:49.0889 5240 FileZilla Server - ok
08:47:49.0889 5240 FirebirdServerMAGIXInstance - ok
08:47:49.0904 5240 Firefox Service - ok
08:47:49.0904 5240 FLEXnet Licensing Service - ok
08:47:49.0904 5240 flpydisk - ok
08:47:49.0920 5240 FltMgr - ok
08:47:49.0920 5240 FontCache - ok
08:47:49.0920 5240 FontCache3.0.0.0 - ok
08:47:49.0935 5240 FsDepends - ok
08:47:49.0935 5240 fssfltr - ok
08:47:49.0935 5240 fsssvc - ok
08:47:49.0951 5240 Fs_Rec - ok
08:47:49.0967 5240 ftpsvc - ok
08:47:49.0982 5240 fvevol - ok
08:47:49.0982 5240 gagp30kx - ok
08:47:49.0982 5240 gpsvc - ok
08:47:49.0998 5240 gupdate - ok
08:47:49.0998 5240 gupdatem - ok
08:47:49.0998 5240 hcw85cir - ok
08:47:50.0013 5240 HdAudAddService - ok
08:47:50.0013 5240 HDAudBus - ok
08:47:50.0029 5240 HDDlife HDD Access service - ok
08:47:50.0029 5240 HECI - ok
08:47:50.0029 5240 HidBatt - ok
08:47:50.0045 5240 HidBth - ok
08:47:50.0045 5240 HidIr - ok
08:47:50.0045 5240 hidserv - ok
08:47:50.0060 5240 HidUsb - ok
08:47:50.0060 5240 hkmsvc - ok
08:47:50.0076 5240 HomeGroupListener - ok
08:47:50.0076 5240 HomeGroupProvider - ok
08:47:50.0076 5240 HP Health Check Service - ok
08:47:50.0091 5240 HP Support Assistant Service - ok
08:47:50.0091 5240 HpqKbFiltr - ok
08:47:50.0091 5240 hpqwmiex - ok
08:47:50.0107 5240 HpSAMD - ok
08:47:50.0107 5240 HTTP - ok
08:47:50.0123 5240 hwdatacard - ok
08:47:50.0123 5240 hwpolicy - ok
08:47:50.0138 5240 hwusbdev - ok
08:47:50.0154 5240 i8042prt - ok
08:47:50.0154 5240 iaStor - ok
08:47:50.0154 5240 iaStorV - ok
08:47:50.0169 5240 IDMWFP - ok
08:47:50.0169 5240 IDriverT - ok
08:47:50.0169 5240 idsvc - ok
08:47:50.0185 5240 igfx - ok
08:47:50.0185 5240 iirsp - ok
08:47:50.0201 5240 IISADMIN - ok
08:47:50.0201 5240 IKEEXT - ok
08:47:50.0201 5240 Impcd - ok
08:47:50.0216 5240 IntcAzAudAddService - ok
08:47:50.0232 5240 intelide - ok
08:47:50.0232 5240 intelppm - ok
08:47:50.0247 5240 IPBusEnum - ok
08:47:50.0247 5240 IpFilterDriver - ok
08:47:50.0263 5240 iphlpsvc - ok
08:47:50.0263 5240 IPMIDRV - ok
08:47:50.0263 5240 IPNAT - ok
08:47:50.0279 5240 IRENUM - ok
08:47:50.0279 5240 isapnp - ok
08:47:50.0294 5240 iScsiPrt - ok
08:47:50.0294 5240 kbdclass - ok
08:47:50.0310 5240 kbdhid - ok
08:47:50.0310 5240 KeyIso - ok
08:47:50.0325 5240 KMService - ok
08:47:50.0325 5240 KSecDD - ok
08:47:50.0325 5240 KSecPkg - ok
08:47:50.0341 5240 KtmRm - ok
08:47:50.0341 5240 LanmanServer - ok
08:47:50.0357 5240 LanmanWorkstation - ok
08:47:50.0357 5240 LightScribeService - ok
08:47:50.0372 5240 lltdio - ok
08:47:50.0372 5240 lltdsvc - ok
08:47:50.0372 5240 lmhosts - ok
08:47:50.0388 5240 LMS - ok
08:47:50.0403 5240 LPDSVC - ok
08:47:50.0419 5240 LSI_FC - ok
08:47:50.0419 5240 LSI_SAS - ok
08:47:50.0419 5240 LSI_SAS2 - ok
08:47:50.0435 5240 LSI_SCSI - ok
08:47:50.0435 5240 luafv - ok
08:47:50.0450 5240 MBAMProtector - ok
08:47:50.0450 5240 MBAMService - ok
08:47:50.0466 5240 MBAMSwissArmy - ok
08:47:50.0481 5240 Mcx2Svc - ok
08:47:50.0481 5240 megasas - ok
08:47:50.0497 5240 MegaSR - ok
08:47:50.0497 5240 Microsoft Office Groove Audit Service - ok
08:47:50.0497 5240 MMCSS - ok
08:47:50.0513 5240 Modem - ok
08:47:50.0528 5240 monitor - ok
08:47:50.0528 5240 mouclass - ok
08:47:50.0528 5240 mouhid - ok
08:47:50.0544 5240 mountmgr - ok
08:47:50.0544 5240 mpio - ok
08:47:50.0559 5240 MpKsl72f7d073 - ok
08:47:50.0559 5240 mpsdrv - ok
08:47:50.0559 5240 MpsSvc - ok
08:47:50.0575 5240 MQAC - ok
08:47:50.0591 5240 MRxDAV - ok
08:47:50.0591 5240 mrxsmb - ok
08:47:50.0606 5240 mrxsmb10 - ok
08:47:50.0606 5240 mrxsmb20 - ok
08:47:50.0622 5240 msahci - ok
08:47:50.0622 5240 msdsm - ok
08:47:50.0622 5240 MSDTC - ok
08:47:50.0637 5240 Msfs - ok
08:47:50.0653 5240 mshidkmdf - ok
08:47:50.0653 5240 msisadrv - ok
08:47:50.0669 5240 MSiSCSI - ok
08:47:50.0669 5240 msiserver - ok
08:47:50.0684 5240 MSKSSRV - ok
08:47:50.0684 5240 MSMQ - ok
08:47:50.0684 5240 MSMQTriggers - ok
08:47:50.0700 5240 MSPCLOCK - ok
08:47:50.0715 5240 MSPQM - ok
08:47:50.0715 5240 MsRPC - ok
08:47:50.0731 5240 mssmbios - ok
08:47:50.0731 5240 MSSQLServerADHelper - ok
08:47:50.0731 5240 MSTEE - ok
08:47:50.0747 5240 MTConfig - ok
08:47:50.0747 5240 Mup - ok
08:47:50.0762 5240 mysql - ok
08:47:50.0762 5240 napagent - ok
08:47:50.0778 5240 NativeWifiP - ok
08:47:50.0778 5240 NDIS - ok
08:47:50.0793 5240 NdisCap - ok
08:47:50.0793 5240 NdisTapi - ok
08:47:50.0809 5240 Ndisuio - ok
08:47:50.0809 5240 NdisWan - ok
08:47:50.0825 5240 NDProxy - ok
08:47:50.0825 5240 NetBIOS - ok
08:47:50.0840 5240 NetBT - ok
08:47:50.0856 5240 Netlogon - ok
08:47:50.0856 5240 Netman - ok
08:47:50.0871 5240 NetMsmqActivator - ok
08:47:50.0871 5240 NetPipeActivator - ok
08:47:50.0887 5240 netprofm - ok
08:47:50.0887 5240 NetTcpActivator - ok
08:47:50.0903 5240 NetTcpPortSharing - ok
08:47:50.0903 5240 netw5v32 - ok
08:47:50.0918 5240 nfrd960 - ok
08:47:50.0918 5240 NlaSvc - ok
08:47:50.0934 5240 nmwcd - ok
08:47:50.0949 5240 nmwcdc - ok
08:47:50.0949 5240 Npfs - ok
08:47:50.0965 5240 nsi - ok
08:47:50.0965 5240 nsiproxy - ok
08:47:50.0981 5240 Ntfs - ok
08:47:50.0996 5240 Null - ok
08:47:50.0996 5240 nvraid - ok
08:47:51.0012 5240 nvstor - ok
08:47:51.0012 5240 nv_agp - ok
08:47:51.0027 5240 odserv - ok
08:47:51.0027 5240 ohci1394 - ok
08:47:51.0043 5240 OracleJobSchedulerXE - ok
08:47:51.0043 5240 OracleMTSRecoveryService - ok
08:47:51.0059 5240 OracleServiceXE - ok
08:47:51.0059 5240 OracleXEClrAgent - ok
08:47:51.0074 5240 OracleXETNSListener - ok
08:47:51.0074 5240 ose - ok
08:47:51.0090 5240 p2pimsvc - ok
08:47:51.0090 5240 p2psvc - ok
08:47:51.0105 5240 Parport - ok
08:47:51.0121 5240 partmgr - ok
08:47:51.0121 5240 Parvdm - ok
08:47:51.0137 5240 PcaSvc - ok
08:47:51.0137 5240 pccsmcfd - ok
08:47:51.0152 5240 pci - ok
08:47:51.0152 5240 pciide - ok
08:47:51.0168 5240 pcmcia - ok
08:47:51.0168 5240 pcw - ok
08:47:51.0183 5240 PEAUTH - ok
08:47:51.0215 5240 pla - ok
08:47:51.0230 5240 PlugPlay - ok
08:47:51.0230 5240 PNRPAutoReg - ok
08:47:51.0246 5240 PNRPsvc - ok
08:47:51.0246 5240 PolicyAgent - ok
08:47:51.0261 5240 Power - ok
08:47:51.0277 5240 PptpMiniport - ok
08:47:51.0277 5240 Processor - ok
08:47:51.0293 5240 PRODIGY - ok
08:47:51.0293 5240 ProfSvc - ok
08:47:51.0308 5240 ProtectedStorage - ok
08:47:51.0308 5240 Psched - ok
08:47:51.0308 5240 pwdrvio - ok
08:47:51.0324 5240 pwdspio - ok
08:47:51.0324 5240 ql2300 - ok
08:47:51.0339 5240 ql40xx - ok
08:47:51.0339 5240 QWAVE - ok
08:47:51.0355 5240 QWAVEdrv - ok
08:47:51.0355 5240 RapiMgr - ok
08:47:51.0371 5240 RasAcd - ok
08:47:51.0386 5240 RasAgileVpn - ok
08:47:51.0386 5240 RasAuto - ok
08:47:51.0402 5240 Rasl2tp - ok
08:47:51.0402 5240 RasMan - ok
08:47:51.0402 5240 RasPppoe - ok
08:47:51.0417 5240 RasSstp - ok
08:47:51.0417 5240 rdbss - ok
08:47:51.0433 5240 rdpbus - ok
08:47:51.0433 5240 RDPCDD - ok
08:47:51.0449 5240 RDPENCDD - ok
08:47:51.0464 5240 RDPREFMP - ok
08:47:51.0480 5240 RDPWD - ok
08:47:51.0480 5240 rdyboost - ok
08:47:51.0495 5240 RemoteAccess - ok
08:47:51.0495 5240 RemoteRegistry - ok
08:47:51.0511 5240 RFCOMM - ok
08:47:51.0511 5240 RichVideo - ok
08:47:51.0527 5240 RimUsb - ok
08:47:51.0527 5240 RMCAST - ok
08:47:51.0542 5240 RpcEptMapper - ok
08:47:51.0558 5240 RpcLocator - ok
08:47:51.0558 5240 RpcSs - ok
08:47:51.0573 5240 rspndr - ok
08:47:51.0573 5240 RSUSBSTOR - ok
08:47:51.0589 5240 RTL8167 - ok
08:47:51.0589 5240 RTL8187 - ok
08:47:51.0605 5240 RtVOsdService - ok
08:47:51.0605 5240 SafeBox - ok
08:47:51.0620 5240 SamSs - ok
08:47:51.0636 5240 sbp2port - ok
08:47:51.0636 5240 SCardSvr - ok
08:47:51.0651 5240 scfilter - ok
08:47:51.0651 5240 Schedule - ok
08:47:51.0667 5240 SCPolicySvc - ok
08:47:51.0683 5240 sdbus - ok
08:47:51.0683 5240 SDRSVC - ok
08:47:51.0698 5240 SeaPort - ok
08:47:51.0714 5240 secdrv - ok
08:47:51.0714 5240 seclogon - ok
08:47:51.0729 5240 SENS - ok
08:47:51.0729 5240 SensrSvc - ok
08:47:51.0745 5240 Serenum - ok
08:47:51.0745 5240 Serial - ok
08:47:51.0761 5240 sermouse - ok
08:47:51.0776 5240 ServiceLayer - ok
08:47:51.0792 5240 SessionEnv - ok
08:47:51.0807 5240 sffdisk - ok
08:47:51.0807 5240 sffp_mmc - ok
08:47:51.0823 5240 sffp_sd - ok
08:47:51.0823 5240 sfloppy - ok
08:47:51.0839 5240 SharedAccess - ok
08:47:51.0854 5240 ShellHWDetection - ok
08:47:51.0854 5240 simptcp - ok
08:47:51.0870 5240 sisagp - ok
08:47:51.0870 5240 SiSRaid2 - ok
08:47:51.0885 5240 SiSRaid4 - ok
08:47:51.0885 5240 Smb - ok
08:47:51.0901 5240 SNMP - ok
08:47:51.0917 5240 SNMPTRAP - ok
08:47:51.0917 5240 spldr - ok
08:47:51.0932 5240 Spooler - ok
08:47:51.0948 5240 sppsvc - ok
08:47:51.0948 5240 sppuinotify - ok
08:47:51.0963 5240 SQLBrowser - ok
08:47:51.0979 5240 srv - ok
08:47:51.0979 5240 srv2 - ok
08:47:51.0995 5240 SrvHsfHDA - ok
08:47:51.0995 5240 SrvHsfV92 - ok
08:47:52.0010 5240 SrvHsfWinac - ok
08:47:52.0010 5240 srvnet - ok
08:47:52.0026 5240 SSDPSRV - ok
08:47:52.0041 5240 SstpSvc - ok
08:47:52.0041 5240 stexstor - ok
08:47:52.0057 5240 StiSvc - ok
08:47:52.0057 5240 swenum - ok
08:47:52.0073 5240 swprv - ok
08:47:52.0073 5240 SynTP - ok
08:47:52.0088 5240 SysMain - ok
08:47:52.0104 5240 TabletInputService - ok
08:47:52.0119 5240 tap0901 - ok
08:47:52.0119 5240 TapiSrv - ok
08:47:52.0135 5240 TBS - ok
08:47:52.0135 5240 Tcpip - ok
08:47:52.0151 5240 TCPIP6 - ok
08:47:52.0166 5240 tcpipreg - ok
08:47:52.0182 5240 TDPIPE - ok
08:47:52.0182 5240 TDTCP - ok
08:47:52.0197 5240 tdx - ok
08:47:52.0213 5240 TermDD - ok
08:47:52.0213 5240 TermService - ok
08:47:52.0229 5240 Themes - ok
08:47:52.0229 5240 THREADORDER - ok
08:47:52.0291 5240 TlntSvr - ok
08:47:52.0307 5240 TrkWks - ok
08:47:52.0307 5240 TrustedInstaller - ok
08:47:52.0322 5240 tssecsrv - ok
08:47:52.0338 5240 TsUsbFlt - ok
08:47:52.0353 5240 tunnel - ok
08:47:52.0353 5240 uagp35 - ok
08:47:52.0369 5240 udfs - ok
08:47:52.0385 5240 UI0Detect - ok
08:47:52.0400 5240 uliagpkx - ok
08:47:52.0400 5240 umbus - ok
08:47:52.0416 5240 UmPass - ok
08:47:52.0416 5240 UNS - ok
08:47:52.0431 5240 Update Server - ok
08:47:52.0447 5240 upnphost - ok
08:47:52.0447 5240 upperdev - ok
08:47:52.0463 5240 usbaudio - ok
08:47:52.0463 5240 usbccgp - ok
08:47:52.0478 5240 usbcir - ok
08:47:52.0494 5240 usbehci - ok
08:47:52.0494 5240 usbhub - ok
08:47:52.0509 5240 usbohci - ok
08:47:52.0509 5240 usbprint - ok
08:47:52.0525 5240 usbser - ok
08:47:52.0541 5240 UsbserFilt - ok
08:47:52.0541 5240 USBSTOR - ok
08:47:52.0556 5240 usbuhci - ok
08:47:52.0556 5240 usbvideo - ok
08:47:52.0572 5240 UxSms - ok
08:47:52.0587 5240 VaultSvc - ok
08:47:52.0587 5240 vdrvroot - ok
08:47:52.0603 5240 vds - ok
08:47:52.0603 5240 vga - ok
08:47:52.0619 5240 VgaSave - ok
08:47:52.0634 5240 vhdmp - ok
08:47:52.0634 5240 viaagp - ok
08:47:52.0650 5240 ViaC7 - ok
08:47:52.0650 5240 viaide - ok
08:47:52.0665 5240 volmgr - ok
08:47:52.0665 5240 volmgrx - ok
08:47:52.0681 5240 volsnap - ok
08:47:52.0697 5240 vsmraid - ok
08:47:52.0697 5240 VSS - ok
08:47:52.0712 5240 vwifibus - ok
08:47:52.0728 5240 vwififlt - ok
08:47:52.0728 5240 vwifimp - ok
08:47:52.0743 5240 W32Time - ok
08:47:52.0759 5240 W3SVC - ok
08:47:52.0759 5240 WacomPen - ok
08:47:52.0775 5240 WANARP - ok
08:47:52.0790 5240 Wanarpv6 - ok
08:47:52.0790 5240 WAS - ok
08:47:52.0806 5240 WatAdminSvc - ok
08:47:52.0806 5240 wbengine - ok
08:47:52.0821 5240 WbioSrvc - ok
08:47:52.0821 5240 WcesComm - ok
08:47:52.0837 5240 wcncsvc - ok
08:47:52.0853 5240 WcsPlugInService - ok
08:47:52.0853 5240 Wd - ok
08:47:52.0868 5240 WDC_SAM - ok
08:47:52.0884 5240 Wdf01000 - ok
08:47:52.0884 5240 WdiServiceHost - ok
08:47:52.0899 5240 WdiSystemHost - ok
08:47:52.0899 5240 WebClient - ok
08:47:52.0915 5240 Wecsvc - ok
08:47:52.0931 5240 wercplsupport - ok
08:47:52.0931 5240 WerSvc - ok
08:47:52.0946 5240 WfpLwf - ok
08:47:52.0962 5240 WIMMount - ok
08:47:52.0962 5240 WinDefend - ok
08:47:52.0977 5240 WinHttpAutoProxySvc - ok
08:47:52.0993 5240 Winmgmt - ok
08:47:53.0024 5240 WinRing0_1_2_0 - ok
08:47:53.0040 5240 WinRM - ok
08:47:53.0071 5240 WinUsb - ok
08:47:53.0071 5240 Wlansvc - ok
08:47:53.0087 5240 wlcrasvc - ok
08:47:53.0087 5240 wlidsvc - ok
08:47:53.0118 5240 WmiAcpi - ok
08:47:53.0133 5240 wmiApSrv - ok
08:47:53.0133 5240 WMPNetworkSvc - ok
08:47:53.0149 5240 WMSVC - ok
08:47:53.0165 5240 WPCSvc - ok
08:47:53.0165 5240 WPDBusEnum - ok
08:47:53.0180 5240 ws2ifsl - ok
08:47:53.0180 5240 wscsvc - ok
08:47:53.0196 5240 WSearch - ok
08:47:53.0227 5240 wuauserv - ok
08:47:53.0243 5240 WudfPf - ok
08:47:53.0243 5240 wudfsvc - ok
08:47:53.0258 5240 WwanSvc - ok
08:47:53.0274 5240 yukonw7 - ok
08:47:53.0367 5240 MBR (0x1B8) (5e009639d5a8550ee62c282c28eaa2a3) \Device\Harddisk0\DR0
08:47:53.0601 5240 \Device\Harddisk0\DR0 - ok
08:47:53.0601 5240 ============================================================
08:47:53.0601 5240 Scan finished
08:47:53.0601 5240 ============================================================
08:47:53.0601 5456 Detected object count: 0
08:47:53.0601 5456 Actual detected object count: 0
08:48:00.0606 1232 ============================================================
08:48:00.0606 1232 Scan started
08:48:00.0606 1232 Mode: Manual;
08:48:00.0606 1232 ============================================================
08:48:00.0621 1232 1394ohci - ok
08:48:00.0637 1232 ACPI - ok
08:48:00.0637 1232 AcpiPmi - ok
08:48:00.0637 1232 AdobeFlashPlayerUpdateSvc - ok
08:48:00.0637 1232 adp94xx - ok
08:48:00.0653 1232 adpahci - ok
08:48:00.0653 1232 adpu320 - ok
08:48:00.0653 1232 AeLookupSvc - ok
08:48:00.0668 1232 AERTFilters - ok
08:48:00.0668 1232 AFD - ok
08:48:00.0668 1232 agp440 - ok
08:48:00.0668 1232 aic78xx - ok
08:48:00.0684 1232 ALG - ok
08:48:00.0684 1232 aliide - ok
08:48:00.0684 1232 AMD External Events Utility - ok
08:48:00.0699 1232 amdagp - ok
08:48:00.0699 1232 amdide - ok
08:48:00.0699 1232 AmdK8 - ok
08:48:00.0699 1232 amdkmdag - ok
08:48:00.0715 1232 amdkmdap - ok
08:48:00.0715 1232 AmdPPM - ok
08:48:00.0715 1232 amdsata - ok
08:48:00.0715 1232 amdsbs - ok
08:48:00.0731 1232 amdxata - ok
08:48:00.0731 1232 AppHostSvc - ok
08:48:00.0731 1232 AppID - ok
08:48:00.0731 1232 AppIDSvc - ok
08:48:00.0746 1232 Appinfo - ok
08:48:00.0746 1232 arc - ok
08:48:00.0746 1232 arcsas - ok
08:48:00.0762 1232 aspnet_state - ok
08:48:00.0762 1232 aswFsBlk - ok
08:48:00.0777 1232 aswMonFlt - ok
08:48:00.0777 1232 aswRdr - ok
08:48:00.0777 1232 aswSnx - ok
08:48:00.0793 1232 aswSP - ok
08:48:00.0793 1232 aswTdi - ok
08:48:00.0793 1232 AsyncMac - ok
08:48:00.0793 1232 atapi - ok
08:48:00.0809 1232 athr - ok
08:48:00.0809 1232 AtiHdmiService - ok
08:48:00.0809 1232 atikmdag - ok
08:48:00.0824 1232 AudioEndpointBuilder - ok
08:48:00.0824 1232 Audiosrv - ok
08:48:00.0824 1232 avast! Antivirus - ok
08:48:00.0824 1232 avchv - ok
08:48:00.0840 1232 AxInstSV - ok
08:48:00.0840 1232 b06bdrv - ok
08:48:00.0840 1232 b57nd60x - ok
08:48:00.0855 1232 BDESVC - ok
08:48:00.0855 1232 bdsandbox - ok
08:48:00.0855 1232 Beep - ok
08:48:00.0855 1232 BFE - ok
08:48:00.0871 1232 BITS - ok
08:48:00.0871 1232 blbdrive - ok
08:48:00.0887 1232 bowser - ok
08:48:00.0887 1232 BrFiltLo - ok
08:48:00.0887 1232 BrFiltUp - ok
08:48:00.0887 1232 BridgeMP - ok
08:48:00.0902 1232 Browser - ok
08:48:00.0902 1232 Brserid - ok
08:48:00.0902 1232 BrSerWdm - ok
08:48:00.0918 1232 BrUsbMdm - ok
08:48:00.0918 1232 BrUsbSer - ok
08:48:00.0918 1232 BthEnum - ok
08:48:00.0918 1232 BTHMODEM - ok
08:48:00.0933 1232 BthPan - ok
08:48:00.0933 1232 BTHPORT - ok
08:48:00.0933 1232 bthserv - ok
08:48:00.0949 1232 BTHUSB - ok
08:48:00.0949 1232 btwaudio - ok
08:48:00.0949 1232 btwavdt - ok
08:48:00.0965 1232 btwdins - ok
08:48:00.0965 1232 BTWDPAN - ok
08:48:00.0965 1232 btwl2cap - ok
08:48:00.0965 1232 btwrchid - ok
08:48:00.0980 1232 catchme - ok
08:48:00.0980 1232 cdfs - ok
08:48:00.0980 1232 cdrom - ok
08:48:00.0996 1232 CertPropSvc - ok
08:48:00.0996 1232 circlass - ok
08:48:00.0996 1232 CISVC - ok
08:48:01.0011 1232 CLFS - ok
08:48:01.0011 1232 clr_optimization_v2.0.50727_32 - ok
08:48:01.0011 1232 CmBatt - ok
08:48:01.0027 1232 cmdide - ok
08:48:01.0027 1232 CNG - ok
08:48:01.0027 1232 Com4QLBEx - ok
08:48:01.0043 1232 Compbatt - ok
08:48:01.0043 1232 CompositeBus - ok
08:48:01.0043 1232 COMSysApp - ok
08:48:01.0058 1232 CpqDfw - ok
08:48:01.0058 1232 crcdisk - ok
08:48:01.0074 1232 CronService - ok
08:48:01.0089 1232 CryptSvc - ok
08:48:01.0089 1232 DcomLaunch - ok
08:48:01.0105 1232 defragsvc - ok
08:48:01.0105 1232 DeskSaverService - ok
08:48:01.0105 1232 DfsC - ok
08:48:01.0121 1232 Dhcp - ok
08:48:01.0121 1232 discache - ok
08:48:01.0121 1232 Disk - ok
08:48:01.0136 1232 Dnscache - ok
08:48:01.0136 1232 dot3svc - ok
08:48:01.0136 1232 DPS - ok
08:48:01.0136 1232 drmkaud - ok
08:48:01.0152 1232 DXGKrnl - ok
08:48:01.0152 1232 EapHost - ok
08:48:01.0152 1232 ebdrv - ok
08:48:01.0167 1232 EFS - ok
08:48:01.0167 1232 ehRecvr - ok
08:48:01.0183 1232 ehSched - ok
08:48:01.0183 1232 elxstor - ok
08:48:01.0199 1232 ErrDev - ok
08:48:01.0230 1232 EventSystem - ok
08:48:01.0230 1232 ewusbnet - ok
08:48:01.0245 1232 exfat - ok
08:48:01.0245 1232 Fabs - ok
08:48:01.0261 1232 fastfat - ok
08:48:01.0261 1232 Fax - ok
08:48:01.0277 1232 fdc - ok
08:48:01.0277 1232 fdPHost - ok
08:48:01.0292 1232 FDResPub - ok
08:48:01.0292 1232 FileInfo - ok
08:48:01.0308 1232 Filetrace - ok
08:48:01.0308 1232 FileZilla Server - ok
08:48:01.0323 1232 FirebirdServerMAGIXInstance - ok
08:48:01.0323 1232 Firefox Service - ok
08:48:01.0339 1232 FLEXnet Licensing Service - ok
08:48:01.0339 1232 flpydisk - ok
08:48:01.0355 1232 FltMgr - ok
08:48:01.0355 1232 FontCache - ok
08:48:01.0370 1232 FontCache3.0.0.0 - ok
08:48:01.0370 1232 FsDepends - ok
08:48:01.0370 1232 fssfltr - ok
08:48:01.0386 1232 fsssvc - ok
08:48:01.0386 1232 Fs_Rec - ok
08:48:01.0401 1232 ftpsvc - ok
08:48:01.0401 1232 fvevol - ok
08:48:01.0401 1232 gagp30kx - ok
08:48:01.0401 1232 gpsvc - ok
08:48:01.0417 1232 gupdate - ok
08:48:01.0417 1232 gupdatem - ok
08:48:01.0433 1232 hcw85cir - ok
08:48:01.0433 1232 HdAudAddService - ok
08:48:01.0448 1232 HDAudBus - ok
08:48:01.0448 1232 HDDlife HDD Access service - ok
08:48:01.0448 1232 HECI - ok
08:48:01.0464 1232 HidBatt - ok
08:48:01.0464 1232 HidBth - ok
08:48:01.0464 1232 HidIr - ok
08:48:01.0479 1232 hidserv - ok
08:48:01.0479 1232 HidUsb - ok
08:48:01.0479 1232 hkmsvc - ok
08:48:01.0495 1232 HomeGroupListener - ok
08:48:01.0495 1232 HomeGroupProvider - ok
08:48:01.0511 1232 HP Health Check Service - ok
08:48:01.0511 1232 HP Support Assistant Service - ok
08:48:01.0511 1232 HpqKbFiltr - ok
08:48:01.0526 1232 hpqwmiex - ok
08:48:01.0526 1232 HpSAMD - ok
08:48:01.0526 1232 HTTP - ok
08:48:01.0542 1232 hwdatacard - ok
08:48:01.0542 1232 hwpolicy - ok
08:48:01.0557 1232 hwusbdev - ok
08:48:01.0573 1232 i8042prt - ok
08:48:01.0573 1232 iaStor - ok
08:48:01.0589 1232 iaStorV - ok
08:48:01.0589 1232 IDMWFP - ok
08:48:01.0589 1232 IDriverT - ok
08:48:01.0604 1232 idsvc - ok
08:48:01.0604 1232 igfx - ok
08:48:01.0604 1232 iirsp - ok
08:48:01.0620 1232 IISADMIN - ok
08:48:01.0620 1232 IKEEXT - ok
08:48:01.0635 1232 Impcd - ok
08:48:01.0651 1232 IntcAzAudAddService - ok
08:48:01.0651 1232 intelide - ok
08:48:01.0651 1232 intelppm - ok
08:48:01.0667 1232 IPBusEnum - ok
08:48:01.0667 1232 IpFilterDriver - ok
08:48:01.0682 1232 iphlpsvc - ok
08:48:01.0682 1232 IPMIDRV - ok
08:48:01.0682 1232 IPNAT - ok
08:48:01.0698 1232 IRENUM - ok
08:48:01.0713 1232 isapnp - ok
08:48:01.0713 1232 iScsiPrt - ok
08:48:01.0713 1232 kbdclass - ok
08:48:01.0729 1232 kbdhid - ok
08:48:01.0729 1232 KeyIso - ok
08:48:01.0745 1232 KMService - ok
08:48:01.0745 1232 KSecDD - ok
08:48:01.0745 1232 KSecPkg - ok
08:48:01.0760 1232 KtmRm - ok
08:48:01.0760 1232 LanmanServer - ok
08:48:01.0776 1232 LanmanWorkstation - ok
08:48:01.0776 1232 LightScribeService - ok
08:48:01.0791 1232 lltdio - ok
08:48:01.0791 1232 lltdsvc - ok
08:48:01.0807 1232 lmhosts - ok
08:48:01.0807 1232 LMS - ok
08:48:01.0807 1232 LPDSVC - ok
08:48:01.0823 1232 LSI_FC - ok
08:48:01.0838 1232 LSI_SAS - ok
08:48:01.0838 1232 LSI_SAS2 - ok
08:48:01.0854 1232 LSI_SCSI - ok
08:48:01.0854 1232 luafv - ok
08:48:01.0869 1232 MBAMProtector - ok
08:48:01.0869 1232 MBAMService - ok
08:48:01.0869 1232 MBAMSwissArmy - ok
08:48:01.0885 1232 Mcx2Svc - ok
08:48:01.0885 1232 megasas - ok
08:48:01.0901 1232 MegaSR - ok
08:48:01.0901 1232 Microsoft Office Groove Audit Service - ok
08:48:01.0901 1232 MMCSS - ok
08:48:01.0916 1232 Modem - ok
08:48:01.0916 1232 monitor - ok
08:48:01.0932 1232 mouclass - ok
08:48:01.0932 1232 mouhid - ok
08:48:01.0947 1232 mountmgr - ok
08:48:01.0947 1232 mpio - ok
08:48:01.0963 1232 MpKsl72f7d073 - ok
08:48:01.0963 1232 mpsdrv - ok
08:48:01.0979 1232 MpsSvc - ok
08:48:01.0979 1232 MQAC - ok
08:48:01.0979 1232 MRxDAV - ok
08:48:01.0994 1232 mrxsmb - ok
08:48:01.0994 1232 mrxsmb10 - ok
08:48:02.0010 1232 mrxsmb20 - ok
08:48:02.0010 1232 msahci - ok
08:48:02.0025 1232 msdsm - ok
08:48:02.0025 1232 MSDTC - ok
08:48:02.0041 1232 Msfs - ok
08:48:02.0041 1232 mshidkmdf - ok
08:48:02.0057 1232 msisadrv - ok
08:48:02.0057 1232 MSiSCSI - ok
08:48:02.0057 1232 msiserver - ok
08:48:02.0072 1232 MSKSSRV - ok
08:48:02.0072 1232 MSMQ - ok
08:48:02.0088 1232 MSMQTriggers - ok
08:48:02.0088 1232 MSPCLOCK - ok
08:48:02.0103 1232 MSPQM - ok
08:48:02.0103 1232 MsRPC - ok
08:48:02.0119 1232 mssmbios - ok
08:48:02.0119 1232 MSSQLServerADHelper - ok
08:48:02.0135 1232 MSTEE - ok
08:48:02.0135 1232 MTConfig - ok
08:48:02.0150 1232 Mup - ok
08:48:02.0150 1232 mysql - ok
08:48:02.0166 1232 napagent - ok
08:48:02.0166 1232 NativeWifiP - ok
08:48:02.0166 1232 NDIS - ok
08:48:02.0181 1232 NdisCap - ok
08:48:02.0181 1232 NdisTapi - ok
08:48:02.0197 1232 Ndisuio - ok
08:48:02.0197 1232 NdisWan - ok
08:48:02.0213 1232 NDProxy - ok
08:48:02.0213 1232 NetBIOS - ok
08:48:02.0228 1232 NetBT - ok
08:48:02.0244 1232 Netlogon - ok
08:48:02.0244 1232 Netman - ok
08:48:02.0259 1232 NetMsmqActivator - ok
08:48:02.0259 1232 NetPipeActivator - ok
08:48:02.0259 1232 netprofm - ok
08:48:02.0275 1232 NetTcpActivator - ok
08:48:02.0275 1232 NetTcpPortSharing - ok
08:48:02.0291 1232 netw5v32 - ok
08:48:02.0291 1232 nfrd960 - ok
08:48:02.0306 1232 NlaSvc - ok
08:48:02.0306 1232 nmwcd - ok
08:48:02.0322 1232 nmwcdc - ok
08:48:02.0322 1232 Npfs - ok
08:48:02.0337 1232 nsi - ok
08:48:02.0337 1232 nsiproxy - ok
08:48:02.0353 1232 Ntfs - ok
08:48:02.0369 1232 Null - ok
08:48:02.0369 1232 nvraid - ok
08:48:02.0384 1232 nvstor - ok
08:48:02.0384 1232 nv_agp - ok
08:48:02.0400 1232 odserv - ok
08:48:02.0400 1232 ohci1394 - ok
08:48:02.0415 1232 OracleJobSchedulerXE - ok
08:48:02.0415 1232 OracleMTSRecoveryService - ok
08:48:02.0431 1232 OracleServiceXE - ok
08:48:02.0431 1232 OracleXEClrAgent - ok
08:48:02.0431 1232 OracleXETNSListener - ok
08:48:02.0447 1232 ose - ok
08:48:02.0462 1232 p2pimsvc - ok
08:48:02.0462 1232 p2psvc - ok
08:48:02.0478 1232 Parport - ok
08:48:02.0478 1232 partmgr - ok
08:48:02.0493 1232 Parvdm - ok
08:48:02.0509 1232 PcaSvc - ok
08:48:02.0509 1232 pccsmcfd - ok
08:48:02.0525 1232 pci - ok
08:48:02.0525 1232 pciide - ok
08:48:02.0540 1232 pcmcia - ok
08:48:02.0540 1232 pcw - ok
08:48:02.0540 1232 PEAUTH - ok
08:48:02.0571 1232 pla - ok
08:48:02.0587 1232 PlugPlay - ok
08:48:02.0587 1232 PNRPAutoReg - ok
08:48:02.0603 1232 PNRPsvc - ok
08:48:02.0603 1232 PolicyAgent - ok
08:48:02.0618 1232 Power - ok
08:48:02.0634 1232 PptpMiniport - ok
08:48:02.0634 1232 Processor - ok
08:48:02.0649 1232 PRODIGY - ok
08:48:02.0649 1232 ProfSvc - ok
08:48:02.0665 1232 ProtectedStorage - ok
08:48:02.0665 1232 Psched - ok
08:48:02.0681 1232 pwdrvio - ok
08:48:02.0681 1232 pwdspio - ok
08:48:02.0696 1232 ql2300 - ok
08:48:02.0696 1232 ql40xx - ok
08:48:02.0712 1232 QWAVE - ok
08:48:02.0712 1232 QWAVEdrv - ok
08:48:02.0727 1232 RapiMgr - ok
08:48:02.0727 1232 RasAcd - ok
08:48:02.0743 1232 RasAgileVpn - ok
08:48:02.0743 1232 RasAuto - ok
08:48:02.0759 1232 Rasl2tp - ok
08:48:02.0759 1232 RasMan - ok
08:48:02.0774 1232 RasPppoe - ok
08:48:02.0774 1232 RasSstp - ok
08:48:02.0790 1232 rdbss - ok
08:48:02.0790 1232 rdpbus - ok
08:48:02.0805 1232 RDPCDD - ok
08:48:02.0821 1232 RDPENCDD - ok
08:48:02.0837 1232 RDPREFMP - ok
08:48:02.0837 1232 RDPWD - ok
08:48:02.0852 1232 rdyboost - ok
08:48:02.0852 1232 RemoteAccess - ok
08:48:02.0868 1232 RemoteRegistry - ok
08:48:02.0868 1232 RFCOMM - ok
08:48:02.0883 1232 RichVideo - ok
08:48:02.0883 1232 RimUsb - ok
08:48:02.0899 1232 RMCAST - ok
08:48:02.0899 1232 RpcEptMapper - ok
08:48:02.0915 1232 RpcLocator - ok
08:48:02.0915 1232 RpcSs - ok
08:48:02.0930 1232 rspndr - ok
08:48:02.0930 1232 RSUSBSTOR - ok
08:48:02.0946 1232 RTL8167 - ok
08:48:02.0946 1232 RTL8187 - ok
08:48:02.0961 1232 RtVOsdService - ok
08:48:02.0961 1232 SafeBox - ok
08:48:02.0977 1232 SamSs - ok
08:48:02.0993 1232 sbp2port - ok
08:48:02.0993 1232 SCardSvr - ok
08:48:03.0008 1232 scfilter - ok
08:48:03.0024 1232 Schedule - ok
08:48:03.0024 1232 SCPolicySvc - ok
08:48:03.0039 1232 sdbus - ok
08:48:03.0039 1232 SDRSVC - ok
08:48:03.0055 1232 SeaPort - ok
08:48:03.0055 1232 secdrv - ok
08:48:03.0071 1232 seclogon - ok
08:48:03.0071 1232 SENS - ok
08:48:03.0086 1232 SensrSvc - ok
08:48:03.0086 1232 Serenum - ok
08:48:03.0102 1232 Serial - ok
08:48:03.0102 1232 sermouse - ok
08:48:03.0117 1232 ServiceLayer - ok
08:48:03.0133 1232 SessionEnv - ok
08:48:03.0149 1232 sffdisk - ok
08:48:03.0164 1232 sffp_mmc - ok
08:48:03.0164 1232 sffp_sd - ok
08:48:03.0180 1232 sfloppy - ok
08:48:03.0180 1232 SharedAccess - ok
08:48:03.0195 1232 ShellHWDetection - ok
08:48:03.0195 1232 simptcp - ok
08:48:03.0211 1232 sisagp - ok
08:48:03.0211 1232 SiSRaid2 - ok
08:48:03.0227 1232 SiSRaid4 - ok
08:48:03.0242 1232 Smb - ok
08:48:03.0242 1232 SNMP - ok
08:48:03.0258 1232 SNMPTRAP - ok
08:48:03.0273 1232 spldr - ok
08:48:03.0273 1232 Spooler - ok
08:48:03.0289 1232 sppsvc - ok
08:48:03.0289 1232 sppuinotify - ok
08:48:03.0305 1232 SQLBrowser - ok
08:48:03.0320 1232 srv - ok
08:48:03.0320 1232 srv2 - ok
08:48:03.0336 1232 SrvHsfHDA - ok
08:48:03.0336 1232 SrvHsfV92 - ok
08:48:03.0351 1232 SrvHsfWinac - ok
08:48:03.0367 1232 srvnet - ok
08:48:03.0367 1232 SSDPSRV - ok
08:48:03.0383 1232 SstpSvc - ok
08:48:03.0383 1232 stexstor - ok
08:48:03.0398 1232 StiSvc - ok
08:48:03.0398 1232 swenum - ok
08:48:03.0414 1232 swprv - ok
08:48:03.0414 1232 SynTP - ok
08:48:03.0429 1232 SysMain - ok
08:48:03.0445 1232 TabletInputService - ok
08:48:03.0461 1232 tap0901 - ok
08:48:03.0461 1232 TapiSrv - ok
08:48:03.0476 1232 TBS - ok
08:48:03.0476 1232 Tcpip - ok
08:48:03.0492 1232 TCPIP6 - ok
08:48:03.0507 1232 tcpipreg - ok
08:48:03.0523 1232 TDPIPE - ok
08:48:03.0523 1232 TDTCP - ok
08:48:03.0539 1232 tdx - ok
08:48:03.0554 1232 TermDD - ok
08:48:03.0554 1232 TermService - ok
08:48:03.0570 1232 Themes - ok
08:48:03.0570 1232 THREADORDER - ok
08:48:03.0585 1232 TlntSvr - ok
08:48:03.0585 1232 TrkWks - ok
08:48:03.0601 1232 TrustedInstaller - ok
08:48:03.0617 1232 tssecsrv - ok
08:48:03.0632 1232 TsUsbFlt - ok
08:48:03.0632 1232 tunnel - ok
08:48:03.0648 1232 uagp35 - ok
08:48:03.0648 1232 udfs - ok
08:48:03.0679 1232 UI0Detect - ok
08:48:03.0679 1232 uliagpkx - ok
08:48:03.0695 1232 umbus - ok
08:48:03.0710 1232 UmPass - ok
08:48:03.0710 1232 UNS - ok
08:48:03.0726 1232 Update Server - ok
08:48:03.0726 1232 upnphost - ok
08:48:03.0741 1232 upperdev - ok
08:48:03.0741 1232 usbaudio - ok
08:48:03.0757 1232 usbccgp - ok
08:48:03.0757 1232 usbcir - ok
08:48:03.0773 1232 usbehci - ok
08:48:03.0788 1232 usbhub - ok
08:48:03.0788 1232 usbohci - ok
08:48:03.0804 1232 usbprint - ok
08:48:03.0804 1232 usbser - ok
08:48:03.0819 1232 UsbserFilt - ok
08:48:03.0835 1232 USBSTOR - ok
08:48:03.0835 1232 usbuhci - ok
08:48:03.0851 1232 usbvideo - ok
08:48:03.0866 1232 UxSms - ok
08:48:03.0866 1232 VaultSvc - ok
08:48:03.0882 1232 vdrvroot - ok
08:48:03.0882 1232 vds - ok
08:48:03.0897 1232 vga - ok
08:48:03.0897 1232 VgaSave - ok
08:48:03.0913 1232 vhdmp - ok
08:48:03.0929 1232 viaagp - ok
08:48:03.0929 1232 ViaC7 - ok
08:48:03.0944 1232 viaide - ok
08:48:03.0960 1232 volmgr - ok
08:48:03.0960 1232 volmgrx - ok
08:48:03.0975 1232 volsnap - ok
08:48:03.0975 1232 vsmraid - ok
08:48:03.0991 1232 VSS - ok
08:48:03.0991 1232 vwifibus - ok
08:48:04.0007 1232 vwififlt - ok
08:48:04.0007 1232 vwifimp - ok
08:48:04.0022 1232 W32Time - ok
08:48:04.0038 1232 W3SVC - ok
08:48:04.0038 1232 WacomPen - ok
08:48:04.0053 1232 WANARP - ok
08:48:04.0069 1232 Wanarpv6 - ok
08:48:04.0069 1232 WAS - ok
08:48:04.0085 1232 WatAdminSvc - ok
08:48:04.0085 1232 wbengine - ok
08:48:04.0100 1232 WbioSrvc - ok
08:48:04.0116 1232 WcesComm - ok
08:48:04.0116 1232 wcncsvc - ok
08:48:04.0131 1232 WcsPlugInService - ok
08:48:04.0147 1232 Wd - ok
08:48:04.0147 1232 WDC_SAM - ok
08:48:04.0163 1232 Wdf01000 - ok
08:48:04.0163 1232 WdiServiceHost - ok
08:48:04.0178 1232 WdiSystemHost - ok
08:48:04.0194 1232 WebClient - ok
08:48:04.0194 1232 Wecsvc - ok
08:48:04.0209 1232 wercplsupport - ok
08:48:04.0225 1232 WerSvc - ok
08:48:04.0225 1232 WfpLwf - ok
08:48:04.0241 1232 WIMMount - ok
08:48:04.0241 1232 WinDefend - ok
08:48:04.0256 1232 WinHttpAutoProxySvc - ok
08:48:04.0272 1232 Winmgmt - ok
08:48:04.0287 1232 WinRing0_1_2_0 - ok
08:48:04.0287 1232 WinRM - ok
08:48:04.0319 1232 WinUsb - ok
08:48:04.0334 1232 Wlansvc - ok
08:48:04.0334 1232 wlcrasvc - ok
08:48:04.0350 1232 wlidsvc - ok
08:48:04.0365 1232 WmiAcpi - ok
08:48:04.0381 1232 wmiApSrv - ok
08:48:04.0397 1232 WMPNetworkSvc - ok
08:48:04.0397 1232 WMSVC - ok
08:48:04.0412 1232 WPCSvc - ok
08:48:04.0428 1232 WPDBusEnum - ok
08:48:04.0428 1232 ws2ifsl - ok
08:48:04.0443 1232 wscsvc - ok
08:48:04.0459 1232 WSearch - ok
08:48:04.0475 1232 wuauserv - ok
08:48:04.0490 1232 WudfPf - ok
08:48:04.0506 1232 wudfsvc - ok
08:48:04.0506 1232 WwanSvc - ok
08:48:04.0521 1232 yukonw7 - ok
08:48:04.0599 1232 MBR (0x1B8) (5e009639d5a8550ee62c282c28eaa2a3) \Device\Harddisk0\DR0
08:48:04.0802 1232 \Device\Harddisk0\DR0 - ok
08:48:04.0802 1232 ============================================================
08:48:04.0802 1232 Scan finished
08:48:04.0802 1232 ============================================================
08:48:04.0818 3956 Detected object count: 0
08:48:04.0818 3956 Actual detected object count: 0

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:06 PM

Posted 13 June 2012 - 10:41 PM

Something is going on there but I can't detect it with tools allowed in this forum.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users