Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/ATRAPS.Gen2


  • Please log in to reply
14 replies to this topic

#1 tri21

tri21

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 July 2012 - 12:47 AM

I use avira and keep getting an alert about the TR/ATRAPS.Gen2 virus. I have tried quarantining and deleting and it keeps coming back. I also used malwarebytes, but it still keeps on coming back.
Any ideas?

Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:54 PM

Posted 18 July 2012 - 12:50 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 tri21

tri21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 July 2012 - 01:20 AM

TDDSkiller Log:

15:51:45.0988 0536	TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
15:51:46.0738 0536	============================================================
15:51:46.0738 0536	Current date / time: 2012/07/18 15:51:46.0738
15:51:46.0738 0536	SystemInfo:
15:51:46.0738 0536	
15:51:46.0738 0536	OS Version: 6.1.7600 ServicePack: 0.0
15:51:46.0738 0536	Product type: Workstation
15:51:46.0738 0536	ComputerName: NICK-NOTEBOOK
15:51:46.0739 0536	UserName: Nick
15:51:46.0739 0536	Windows directory: C:\Windows
15:51:46.0739 0536	System windows directory: C:\Windows
15:51:46.0739 0536	Running under WOW64
15:51:46.0739 0536	Processor architecture: Intel x64
15:51:46.0739 0536	Number of processors: 8
15:51:46.0739 0536	Page size: 0x1000
15:51:46.0739 0536	Boot type: Normal boot
15:51:46.0739 0536	============================================================
15:51:47.0321 0536	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:51:47.0325 0536	============================================================
15:51:47.0325 0536	\Device\Harddisk0\DR0:
15:51:47.0326 0536	MBR partitions:
15:51:47.0326 0536	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0x15D50510
15:51:47.0343 0536	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1884A800, BlocksNum 0x3ECFB000
15:51:47.0343 0536	============================================================
15:51:47.0397 0536	C: <-> \Device\Harddisk0\DR0\Partition0
15:51:47.0433 0536	D: <-> \Device\Harddisk0\DR0\Partition1
15:51:47.0433 0536	============================================================
15:51:47.0433 0536	Initialize success
15:51:47.0433 0536	============================================================
15:51:50.0256 0496	============================================================
15:51:50.0256 0496	Scan started
15:51:50.0256 0496	Mode: Manual; 
15:51:50.0256 0496	============================================================
15:51:53.0242 0496	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:51:53.0272 0496	1394ohci - ok
15:51:53.0342 0496	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:51:53.0345 0496	ACPI - ok
15:51:53.0397 0496	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:51:53.0400 0496	AcpiPmi - ok
15:51:53.0482 0496	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:51:53.0533 0496	adp94xx - ok
15:51:53.0626 0496	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:51:53.0667 0496	adpahci - ok
15:51:53.0705 0496	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:51:53.0735 0496	adpu320 - ok
15:51:53.0814 0496	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:51:53.0818 0496	AeLookupSvc - ok
15:51:53.0888 0496	AFBAgent        (079cba3c5c9ab11b2b4e6bd729a860f2) C:\Windows\system32\FBAgent.exe
15:51:53.0896 0496	AFBAgent - ok
15:51:54.0031 0496	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
15:51:54.0065 0496	AFD - ok
15:51:54.0122 0496	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:51:54.0127 0496	agp440 - ok
15:51:54.0163 0496	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:51:54.0164 0496	ALG - ok
15:51:54.0194 0496	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:51:54.0197 0496	aliide - ok
15:51:54.0205 0496	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:51:54.0208 0496	amdide - ok
15:51:54.0237 0496	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:51:54.0242 0496	AmdK8 - ok
15:51:54.0267 0496	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:51:54.0273 0496	AmdPPM - ok
15:51:54.0310 0496	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:51:54.0335 0496	amdsata - ok
15:51:54.0388 0496	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:51:54.0419 0496	amdsbs - ok
15:51:54.0482 0496	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:51:54.0485 0496	amdxata - ok
15:51:54.0622 0496	AntiVirMailService (312eba7b8fbdb2570c8d0c911c35ef2c) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
15:51:54.0624 0496	AntiVirMailService - ok
15:51:54.0691 0496	AntiVirSchedulerService (697010baa012bf4fc8ec64b35e446b1c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:51:54.0692 0496	AntiVirSchedulerService - ok
15:51:54.0734 0496	AntiVirService  (82101c790e8e488a4c0b2a6465942b6f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:51:54.0735 0496	AntiVirService - ok
15:51:54.0790 0496	AntiVirWebService (211659cc0826c43cade17754d51d7c6a) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:51:54.0792 0496	AntiVirWebService - ok
15:51:54.0868 0496	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:51:54.0873 0496	AppID - ok
15:51:54.0907 0496	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:51:54.0912 0496	AppIDSvc - ok
15:51:54.0933 0496	Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:51:54.0937 0496	Appinfo - ok
15:51:55.0046 0496	Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:51:55.0047 0496	Apple Mobile Device - ok
15:51:55.0097 0496	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:51:55.0102 0496	arc - ok
15:51:55.0118 0496	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:51:55.0123 0496	arcsas - ok
15:51:55.0189 0496	ASLDRService    (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
15:51:55.0190 0496	ASLDRService - ok
15:51:55.0206 0496	ASMMAP64        (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
15:51:55.0208 0496	ASMMAP64 - ok
15:51:55.0295 0496	aspnet_state - ok
15:51:55.0331 0496	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:51:55.0336 0496	AsyncMac - ok
15:51:55.0369 0496	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:51:55.0372 0496	atapi - ok
15:51:55.0399 0496	AthBTPort       (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
15:51:55.0402 0496	AthBTPort - ok
15:51:55.0467 0496	Atheros Bt&Wlan Coex Agent (a6307f356d778e18a76e7783ef98c6aa) C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
15:51:55.0468 0496	Atheros Bt&Wlan Coex Agent - ok
15:51:55.0506 0496	AtherosSvc      (749ff240dedafaff94288e0307104df3) C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe
15:51:55.0507 0496	AtherosSvc - ok
15:51:55.0754 0496	athr            (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys
15:51:55.0842 0496	athr - ok
15:51:55.0948 0496	ATKGFNEXSrv     (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
15:51:55.0949 0496	ATKGFNEXSrv - ok
15:51:55.0972 0496	ATKWMIACPIIO    (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
15:51:55.0975 0496	ATKWMIACPIIO - ok
15:51:56.0152 0496	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:51:56.0163 0496	AudioEndpointBuilder - ok
15:51:56.0168 0496	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:51:56.0171 0496	AudioSrv - ok
15:51:56.0246 0496	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:51:56.0250 0496	avgntflt - ok
15:51:56.0307 0496	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:51:56.0312 0496	avipbb - ok
15:51:56.0377 0496	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:51:56.0380 0496	avkmgr - ok
15:51:56.0423 0496	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:51:56.0429 0496	AxInstSV - ok
15:51:56.0541 0496	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:51:56.0608 0496	b06bdrv - ok
15:51:56.0751 0496	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:51:56.0778 0496	b57nd60a - ok
15:51:56.0849 0496	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:51:56.0854 0496	BDESVC - ok
15:51:56.0916 0496	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:51:56.0918 0496	Beep - ok
15:51:57.0033 0496	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
15:51:57.0042 0496	BITS - ok
15:51:57.0089 0496	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:51:57.0094 0496	blbdrive - ok
15:51:57.0201 0496	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:51:57.0203 0496	Bonjour Service - ok
15:51:57.0278 0496	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:51:57.0283 0496	bowser - ok
15:51:57.0319 0496	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:51:57.0322 0496	BrFiltLo - ok
15:51:57.0337 0496	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:51:57.0340 0496	BrFiltUp - ok
15:51:57.0409 0496	Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:51:57.0414 0496	Browser - ok
15:51:57.0502 0496	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:51:57.0527 0496	Brserid - ok
15:51:57.0602 0496	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:51:57.0606 0496	BrSerWdm - ok
15:51:57.0624 0496	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:51:57.0627 0496	BrUsbMdm - ok
15:51:57.0642 0496	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:51:57.0644 0496	BrUsbSer - ok
15:51:57.0702 0496	BTATH_A2DP      (227c8f308de4af4808e587465ceab838) C:\Windows\system32\drivers\btath_a2dp.sys
15:51:57.0707 0496	BTATH_A2DP - ok
15:51:57.0767 0496	BTATH_BUS       (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
15:51:57.0768 0496	BTATH_BUS - ok
15:51:57.0805 0496	BTATH_HCRP      (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
15:51:57.0809 0496	BTATH_HCRP - ok
15:51:57.0824 0496	BTATH_LWFLT     (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:51:57.0827 0496	BTATH_LWFLT - ok
15:51:57.0860 0496	BTATH_RCP       (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
15:51:57.0864 0496	BTATH_RCP - ok
15:51:57.0904 0496	BtFilter        (486720da2b3bb13d1080c83140c18b56) C:\Windows\system32\DRIVERS\btfilter.sys
15:51:57.0906 0496	BtFilter - ok
15:51:57.0955 0496	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:51:57.0959 0496	BthEnum - ok
15:51:58.0002 0496	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:51:58.0007 0496	BTHMODEM - ok
15:51:58.0036 0496	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:51:58.0037 0496	BthPan - ok
15:51:58.0098 0496	BTHPORT         (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
15:51:58.0123 0496	BTHPORT - ok
15:51:58.0178 0496	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:51:58.0182 0496	bthserv - ok
15:51:58.0203 0496	BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
15:51:58.0208 0496	BTHUSB - ok
15:51:58.0259 0496	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:51:58.0264 0496	cdfs - ok
15:51:58.0305 0496	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:51:58.0328 0496	cdrom - ok
15:51:58.0379 0496	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:51:58.0383 0496	CertPropSvc - ok
15:51:58.0407 0496	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:51:58.0412 0496	circlass - ok
15:51:58.0468 0496	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:51:58.0479 0496	CLFS - ok
15:51:58.0624 0496	CLKMSVC10_38F51D56 (fe1c81a049e5c5d67c4ab7c31c899f6f) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
15:51:58.0626 0496	CLKMSVC10_38F51D56 - ok
15:51:58.0717 0496	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:51:58.0717 0496	clr_optimization_v2.0.50727_32 - ok
15:51:58.0763 0496	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:51:58.0764 0496	clr_optimization_v2.0.50727_64 - ok
15:51:58.0847 0496	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:51:58.0848 0496	clr_optimization_v4.0.30319_32 - ok
15:51:58.0898 0496	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:51:58.0913 0496	clr_optimization_v4.0.30319_64 - ok
15:51:59.0060 0496	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:51:59.0063 0496	CmBatt - ok
15:51:59.0080 0496	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:51:59.0083 0496	cmdide - ok
15:51:59.0178 0496	CNG             (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
15:51:59.0190 0496	CNG - ok
15:51:59.0210 0496	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:51:59.0213 0496	Compbatt - ok
15:51:59.0244 0496	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:51:59.0248 0496	CompositeBus - ok
15:51:59.0255 0496	COMSysApp - ok
15:51:59.0274 0496	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:51:59.0279 0496	crcdisk - ok
15:51:59.0329 0496	CryptSvc        (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
15:51:59.0335 0496	CryptSvc - ok
15:51:59.0386 0496	dc3d            (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
15:51:59.0390 0496	dc3d - ok
15:51:59.0489 0496	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:51:59.0494 0496	DcomLaunch - ok
15:51:59.0551 0496	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:51:59.0574 0496	defragsvc - ok
15:51:59.0613 0496	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:51:59.0618 0496	DfsC - ok
15:51:59.0665 0496	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:51:59.0673 0496	Dhcp - ok
15:51:59.0696 0496	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:51:59.0700 0496	discache - ok
15:51:59.0731 0496	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:51:59.0736 0496	Disk - ok
15:51:59.0778 0496	Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
15:51:59.0785 0496	Dnscache - ok
15:51:59.0826 0496	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:51:59.0854 0496	dot3svc - ok
15:51:59.0887 0496	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:51:59.0888 0496	DPS - ok
15:51:59.0913 0496	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:51:59.0915 0496	drmkaud - ok
15:51:59.0977 0496	dtsoftbus01     (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:51:59.0979 0496	dtsoftbus01 - ok
15:52:00.0129 0496	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:52:00.0138 0496	DXGKrnl - ok
15:52:00.0161 0496	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:52:00.0162 0496	EapHost - ok
15:52:00.0422 0496	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:52:00.0547 0496	ebdrv - ok
15:52:00.0697 0496	EFS             (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
15:52:00.0698 0496	EFS - ok
15:52:00.0800 0496	ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
15:52:00.0806 0496	ehRecvr - ok
15:52:00.0834 0496	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:52:00.0835 0496	ehSched - ok
15:52:00.0972 0496	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:52:00.0999 0496	elxstor - ok
15:52:01.0015 0496	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:52:01.0018 0496	ErrDev - ok
15:52:01.0079 0496	ETD             (05b0dcda418e297a1b4cd8d7b8ade403) C:\Windows\system32\DRIVERS\ETD.sys
15:52:01.0100 0496	ETD - ok
15:52:01.0160 0496	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:52:01.0169 0496	EventSystem - ok
15:52:01.0217 0496	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:52:01.0246 0496	exfat - ok
15:52:01.0282 0496	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:52:01.0310 0496	fastfat - ok
15:52:01.0402 0496	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:52:01.0408 0496	Fax - ok
15:52:01.0437 0496	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:52:01.0441 0496	fdc - ok
15:52:01.0454 0496	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:52:01.0456 0496	fdPHost - ok
15:52:01.0471 0496	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:52:01.0474 0496	FDResPub - ok
15:52:01.0495 0496	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:52:01.0499 0496	FileInfo - ok
15:52:01.0516 0496	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:52:01.0520 0496	Filetrace - ok
15:52:01.0551 0496	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:52:01.0554 0496	flpydisk - ok
15:52:01.0600 0496	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:52:01.0610 0496	FltMgr - ok
15:52:01.0676 0496	FLxHCIc         (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys
15:52:01.0704 0496	FLxHCIc - ok
15:52:01.0745 0496	FLxHCIh         (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys
15:52:01.0750 0496	FLxHCIh - ok
15:52:01.0879 0496	FontCache       (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
15:52:01.0892 0496	FontCache - ok
15:52:01.0980 0496	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:52:01.0981 0496	FontCache3.0.0.0 - ok
15:52:02.0019 0496	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:52:02.0024 0496	FsDepends - ok
15:52:02.0078 0496	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:52:02.0083 0496	fssfltr - ok
15:52:02.0330 0496	fsssvc          (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:52:02.0343 0496	fsssvc - ok
15:52:02.0504 0496	Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
15:52:02.0507 0496	Fs_Rec - ok
15:52:02.0574 0496	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:52:02.0586 0496	fvevol - ok
15:52:02.0622 0496	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:52:02.0627 0496	gagp30kx - ok
15:52:02.0685 0496	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:52:02.0688 0496	GEARAspiWDM - ok
15:52:02.0769 0496	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:52:02.0781 0496	gpsvc - ok
15:52:02.0870 0496	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:52:02.0871 0496	gupdate - ok
15:52:02.0928 0496	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:52:02.0928 0496	gupdatem - ok
15:52:02.0962 0496	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:52:02.0963 0496	gusvc - ok
15:52:03.0003 0496	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
15:52:03.0006 0496	hamachi - ok
15:52:03.0260 0496	Hamachi2Svc     (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:52:03.0308 0496	Hamachi2Svc - ok
15:52:03.0479 0496	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:52:03.0483 0496	hcw85cir - ok
15:52:03.0550 0496	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:52:03.0580 0496	HdAudAddService - ok
15:52:03.0630 0496	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:52:03.0631 0496	HDAudBus - ok
15:52:03.0646 0496	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:52:03.0650 0496	HidBatt - ok
15:52:03.0677 0496	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:52:03.0682 0496	HidBth - ok
15:52:03.0716 0496	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:52:03.0721 0496	HidIr - ok
15:52:03.0755 0496	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:52:03.0759 0496	hidserv - ok
15:52:03.0770 0496	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:52:03.0774 0496	HidUsb - ok
15:52:03.0837 0496	HiPatchService  (7388756bc5f9fe857c400e340b878af2) D:\Tribes Ascend\HiPatchService.exe
15:52:03.0838 0496	HiPatchService - ok
15:52:03.0880 0496	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:52:03.0884 0496	hkmsvc - ok
15:52:03.0916 0496	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:52:03.0919 0496	HomeGroupListener - ok
15:52:03.0968 0496	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:52:03.0975 0496	HomeGroupProvider - ok
15:52:04.0071 0496	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:52:04.0076 0496	HpSAMD - ok
15:52:04.0163 0496	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:52:04.0170 0496	HTTP - ok
15:52:04.0217 0496	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:52:04.0219 0496	hwpolicy - ok
15:52:04.0256 0496	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:52:04.0262 0496	i8042prt - ok
15:52:04.0369 0496	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
15:52:04.0371 0496	iaStor - ok
15:52:04.0449 0496	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:52:04.0481 0496	iaStorV - ok
15:52:04.0641 0496	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:52:04.0648 0496	idsvc - ok
15:52:05.0339 0496	igfx            (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:52:05.0623 0496	igfx - ok
15:52:05.0788 0496	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:52:05.0792 0496	iirsp - ok
15:52:05.0908 0496	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:52:05.0921 0496	IKEEXT - ok
15:52:06.0161 0496	IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
15:52:06.0178 0496	IntcAzAudAddService - ok
15:52:06.0383 0496	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:52:06.0413 0496	IntcDAud - ok
15:52:06.0453 0496	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:52:06.0456 0496	intelide - ok
15:52:06.0495 0496	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:52:06.0496 0496	intelppm - ok
15:52:06.0552 0496	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:52:06.0559 0496	IPBusEnum - ok
15:52:06.0580 0496	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:52:06.0584 0496	IpFilterDriver - ok
15:52:06.0606 0496	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:52:06.0611 0496	IPMIDRV - ok
15:52:06.0655 0496	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:52:06.0679 0496	IPNAT - ok
15:52:06.0841 0496	iPod Service    (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
15:52:06.0846 0496	iPod Service - ok
15:52:06.0874 0496	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:52:06.0877 0496	IRENUM - ok
15:52:06.0908 0496	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:52:06.0912 0496	isapnp - ok
15:52:06.0953 0496	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:52:06.0981 0496	iScsiPrt - ok
15:52:07.0014 0496	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:52:07.0018 0496	kbdclass - ok
15:52:07.0030 0496	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:52:07.0034 0496	kbdhid - ok
15:52:07.0079 0496	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
15:52:07.0081 0496	kbfiltr - ok
15:52:07.0109 0496	KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:52:07.0110 0496	KeyIso - ok
15:52:07.0160 0496	KSecDD          (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
15:52:07.0165 0496	KSecDD - ok
15:52:07.0195 0496	KSecPkg         (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
15:52:07.0202 0496	KSecPkg - ok
15:52:07.0217 0496	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:52:07.0220 0496	ksthunk - ok
15:52:07.0288 0496	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:52:07.0317 0496	KtmRm - ok
15:52:07.0389 0496	LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
15:52:07.0396 0496	LanmanServer - ok
15:52:07.0421 0496	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:52:07.0423 0496	LanmanWorkstation - ok
15:52:07.0460 0496	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:52:07.0465 0496	lltdio - ok
15:52:07.0518 0496	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:52:07.0542 0496	lltdsvc - ok
15:52:07.0569 0496	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:52:07.0574 0496	lmhosts - ok
15:52:07.0709 0496	LMS             (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:52:07.0711 0496	LMS - ok
15:52:07.0774 0496	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:52:07.0798 0496	LSI_FC - ok
15:52:07.0822 0496	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:52:07.0828 0496	LSI_SAS - ok
15:52:07.0844 0496	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:52:07.0849 0496	LSI_SAS2 - ok
15:52:07.0883 0496	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:52:07.0907 0496	LSI_SCSI - ok
15:52:07.0946 0496	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:52:07.0952 0496	luafv - ok
15:52:07.0985 0496	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:52:07.0991 0496	Mcx2Svc - ok
15:52:08.0009 0496	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:52:08.0014 0496	megasas - ok
15:52:08.0054 0496	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:52:08.0081 0496	MegaSR - ok
15:52:08.0113 0496	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:52:08.0116 0496	MEIx64 - ok
15:52:08.0134 0496	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:52:08.0136 0496	MMCSS - ok
15:52:08.0150 0496	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:52:08.0154 0496	Modem - ok
15:52:08.0179 0496	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:52:08.0180 0496	monitor - ok
15:52:08.0219 0496	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:52:08.0223 0496	mouclass - ok
15:52:08.0254 0496	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:52:08.0258 0496	mouhid - ok
15:52:08.0296 0496	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:52:08.0302 0496	mountmgr - ok
15:52:08.0447 0496	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:52:08.0448 0496	MozillaMaintenance - ok
15:52:08.0474 0496	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:52:08.0499 0496	mpio - ok
15:52:08.0562 0496	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:52:08.0567 0496	mpsdrv - ok
15:52:08.0593 0496	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:52:08.0616 0496	MRxDAV - ok
15:52:08.0694 0496	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:52:08.0737 0496	mrxsmb - ok
15:52:08.0820 0496	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:52:08.0843 0496	mrxsmb10 - ok
15:52:08.0865 0496	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:52:08.0888 0496	mrxsmb20 - ok
15:52:08.0903 0496	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:52:08.0906 0496	msahci - ok
15:52:08.0937 0496	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:52:08.0960 0496	msdsm - ok
15:52:09.0002 0496	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:52:09.0004 0496	MSDTC - ok
15:52:09.0027 0496	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:52:09.0030 0496	Msfs - ok
15:52:09.0058 0496	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:52:09.0060 0496	mshidkmdf - ok
15:52:09.0076 0496	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:52:09.0078 0496	msisadrv - ok
15:52:09.0121 0496	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:52:09.0142 0496	MSiSCSI - ok
15:52:09.0144 0496	msiserver - ok
15:52:09.0162 0496	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:52:09.0165 0496	MSKSSRV - ok
15:52:09.0181 0496	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:52:09.0184 0496	MSPCLOCK - ok
15:52:09.0201 0496	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:52:09.0204 0496	MSPQM - ok
15:52:09.0253 0496	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:52:09.0262 0496	MsRPC - ok
15:52:09.0277 0496	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:52:09.0278 0496	mssmbios - ok
15:52:09.0294 0496	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:52:09.0297 0496	MSTEE - ok
15:52:09.0307 0496	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:52:09.0310 0496	MTConfig - ok
15:52:09.0336 0496	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:52:09.0340 0496	Mup - ok
15:52:09.0417 0496	napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:52:09.0426 0496	napagent - ok
15:52:09.0480 0496	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:52:09.0505 0496	NativeWifiP - ok
15:52:09.0623 0496	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:52:09.0630 0496	NDIS - ok
15:52:09.0654 0496	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:52:09.0658 0496	NdisCap - ok
15:52:09.0705 0496	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:52:09.0708 0496	NdisTapi - ok
15:52:09.0725 0496	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:52:09.0730 0496	Ndisuio - ok
15:52:09.0755 0496	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:52:09.0776 0496	NdisWan - ok
15:52:09.0810 0496	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:52:09.0814 0496	NDProxy - ok
15:52:09.0819 0496	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:52:09.0823 0496	NetBIOS - ok
15:52:09.0859 0496	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:52:09.0885 0496	NetBT - ok
15:52:09.0919 0496	Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:52:09.0920 0496	Netlogon - ok
15:52:09.0993 0496	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:52:09.0997 0496	Netman - ok
15:52:10.0123 0496	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:10.0124 0496	NetMsmqActivator - ok
15:52:10.0127 0496	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:10.0128 0496	NetPipeActivator - ok
15:52:10.0219 0496	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:52:10.0230 0496	netprofm - ok
15:52:10.0232 0496	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:10.0233 0496	NetTcpActivator - ok
15:52:10.0236 0496	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:52:10.0236 0496	NetTcpPortSharing - ok
15:52:10.0319 0496	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:52:10.0325 0496	nfrd960 - ok
15:52:10.0387 0496	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:52:10.0391 0496	NlaSvc - ok
15:52:10.0409 0496	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:52:10.0413 0496	Npfs - ok
15:52:10.0424 0496	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:52:10.0425 0496	nsi - ok
15:52:10.0443 0496	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:52:10.0447 0496	nsiproxy - ok
15:52:10.0667 0496	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:52:10.0707 0496	Ntfs - ok
15:52:10.0872 0496	NuidFltr        (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:52:10.0875 0496	NuidFltr - ok
15:52:10.0902 0496	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:52:10.0904 0496	Null - ok
15:52:11.0629 0496	nvlddmkm        (4fb60f36d13eabe95ce60a0d97d1a022) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:52:11.0693 0496	nvlddmkm - ok
15:52:11.0790 0496	nvpciflt        (8952d53483f690bcce3d51654afe0892) C:\Windows\system32\DRIVERS\nvpciflt.sys
15:52:11.0792 0496	nvpciflt - ok
15:52:11.0850 0496	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:52:11.0871 0496	nvraid - ok
15:52:11.0907 0496	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:52:11.0928 0496	nvstor - ok
15:52:12.0051 0496	NVSvc           (6eadb29447941304ceecc7270892f572) C:\Windows\system32\nvvsvc.exe
15:52:12.0057 0496	NVSvc - ok
15:52:12.0309 0496	nvUpdatusService (7e0780027dd61424655c1a44ddc94686) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:52:12.0354 0496	nvUpdatusService - ok
15:52:12.0501 0496	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:52:12.0507 0496	nv_agp - ok
15:52:12.0524 0496	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:52:12.0529 0496	ohci1394 - ok
15:52:12.0592 0496	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:52:12.0599 0496	p2pimsvc - ok
15:52:12.0645 0496	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:52:12.0678 0496	p2psvc - ok
15:52:12.0709 0496	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:52:12.0714 0496	Parport - ok
15:52:12.0753 0496	partmgr         (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
15:52:12.0758 0496	partmgr - ok
15:52:12.0790 0496	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:52:12.0797 0496	PcaSvc - ok
15:52:12.0824 0496	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:52:12.0831 0496	pci - ok
15:52:12.0854 0496	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:52:12.0856 0496	pciide - ok
15:52:12.0893 0496	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:52:12.0922 0496	pcmcia - ok
15:52:12.0944 0496	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:52:12.0947 0496	pcw - ok
15:52:13.0015 0496	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:52:13.0047 0496	PEAUTH - ok
15:52:13.0142 0496	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:52:13.0143 0496	PerfHost - ok
15:52:13.0317 0496	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:52:13.0385 0496	pla - ok
15:52:13.0462 0496	PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
15:52:13.0472 0496	PlugPlay - ok
15:52:13.0493 0496	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:52:13.0498 0496	PNRPAutoReg - ok
15:52:13.0547 0496	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:52:13.0549 0496	PNRPsvc - ok
15:52:13.0596 0496	Point64         (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:52:13.0599 0496	Point64 - ok
15:52:13.0680 0496	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:52:13.0714 0496	PolicyAgent - ok
15:52:13.0766 0496	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:52:13.0772 0496	Power - ok
15:52:13.0820 0496	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:52:13.0844 0496	PptpMiniport - ok
15:52:13.0864 0496	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:52:13.0869 0496	Processor - ok
15:52:13.0928 0496	ProfSvc         (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
15:52:13.0932 0496	ProfSvc - ok
15:52:13.0963 0496	ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:52:13.0964 0496	ProtectedStorage - ok
15:52:13.0993 0496	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:52:14.0000 0496	Psched - ok
15:52:14.0166 0496	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:52:14.0235 0496	ql2300 - ok
15:52:14.0403 0496	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:52:14.0404 0496	ql40xx - ok
15:52:14.0455 0496	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:52:14.0462 0496	QWAVE - ok
15:52:14.0481 0496	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:52:14.0485 0496	QWAVEdrv - ok
15:52:14.0502 0496	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:52:14.0505 0496	RasAcd - ok
15:52:14.0545 0496	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:52:14.0549 0496	RasAgileVpn - ok
15:52:14.0577 0496	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:52:14.0583 0496	RasAuto - ok
15:52:14.0610 0496	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:14.0633 0496	Rasl2tp - ok
15:52:14.0687 0496	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:52:14.0717 0496	RasMan - ok
15:52:14.0740 0496	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:14.0745 0496	RasPppoe - ok
15:52:14.0769 0496	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:52:14.0774 0496	RasSstp - ok
15:52:14.0820 0496	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:52:14.0842 0496	rdbss - ok
15:52:14.0860 0496	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:52:14.0864 0496	rdpbus - ok
15:52:14.0912 0496	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:14.0914 0496	RDPCDD - ok
15:52:14.0924 0496	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:52:14.0927 0496	RDPENCDD - ok
15:52:14.0944 0496	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:52:14.0944 0496	RDPREFMP - ok
15:52:14.0997 0496	RDPWD           (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
15:52:15.0026 0496	RDPWD - ok
15:52:15.0072 0496	rdyboost        (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
15:52:15.0079 0496	rdyboost - ok
15:52:15.0128 0496	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:52:15.0133 0496	RemoteAccess - ok
15:52:15.0173 0496	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:52:15.0195 0496	RemoteRegistry - ok
15:52:15.0228 0496	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:52:15.0249 0496	RFCOMM - ok
15:52:15.0377 0496	RichVideo       (616f6e52cae254727a886ba8eda1beea) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:52:15.0379 0496	RichVideo - ok
15:52:15.0394 0496	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:52:15.0399 0496	RpcEptMapper - ok
15:52:15.0431 0496	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:52:15.0432 0496	RpcLocator - ok
15:52:15.0517 0496	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:52:15.0521 0496	RpcSs - ok
15:52:15.0564 0496	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:52:15.0569 0496	rspndr - ok
15:52:15.0645 0496	RTL8167         (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:52:15.0650 0496	RTL8167 - ok
15:52:15.0674 0496	SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:52:15.0676 0496	SamSs - ok
15:52:15.0710 0496	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:52:15.0716 0496	sbp2port - ok
15:52:15.0770 0496	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:52:15.0801 0496	SCardSvr - ok
15:52:15.0816 0496	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:52:15.0821 0496	scfilter - ok
15:52:15.0923 0496	Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
15:52:15.0982 0496	Schedule - ok
15:52:16.0046 0496	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:52:16.0047 0496	SCPolicySvc - ok
15:52:16.0076 0496	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:52:16.0109 0496	SDRSVC - ok
15:52:16.0213 0496	SeaPort         (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:52:16.0215 0496	SeaPort - ok
15:52:16.0278 0496	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:52:16.0282 0496	secdrv - ok
15:52:16.0308 0496	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:52:16.0312 0496	seclogon - ok
15:52:16.0339 0496	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:52:16.0341 0496	SENS - ok
15:52:16.0361 0496	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:52:16.0366 0496	SensrSvc - ok
15:52:16.0390 0496	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:52:16.0394 0496	Serenum - ok
15:52:16.0426 0496	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:52:16.0431 0496	Serial - ok
15:52:16.0458 0496	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:52:16.0461 0496	sermouse - ok
15:52:16.0489 0496	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:52:16.0495 0496	SessionEnv - ok
15:52:16.0509 0496	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:52:16.0511 0496	sffdisk - ok
15:52:16.0527 0496	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:52:16.0530 0496	sffp_mmc - ok
15:52:16.0543 0496	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:52:16.0546 0496	sffp_sd - ok
15:52:16.0565 0496	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:52:16.0568 0496	sfloppy - ok
15:52:16.0622 0496	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:52:16.0629 0496	ShellHWDetection - ok
15:52:16.0653 0496	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
15:52:16.0657 0496	SiSGbeLH - ok
15:52:16.0697 0496	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:52:16.0702 0496	SiSRaid2 - ok
15:52:16.0725 0496	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:52:16.0731 0496	SiSRaid4 - ok
15:52:16.0764 0496	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:52:16.0769 0496	Smb - ok
15:52:16.0801 0496	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:52:16.0803 0496	SNMPTRAP - ok
15:52:16.0821 0496	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:52:16.0824 0496	spldr - ok
15:52:16.0887 0496	Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
15:52:16.0890 0496	Spooler - ok
15:52:17.0148 0496	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:52:17.0207 0496	sppsvc - ok
15:52:17.0336 0496	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:52:17.0341 0496	sppuinotify - ok
15:52:17.0426 0496	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:52:17.0457 0496	srv - ok
15:52:17.0509 0496	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:52:17.0538 0496	srv2 - ok
15:52:17.0568 0496	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:52:17.0589 0496	srvnet - ok
15:52:17.0652 0496	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:52:17.0659 0496	SSDPSRV - ok
15:52:17.0681 0496	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:52:17.0687 0496	SstpSvc - ok
15:52:17.0709 0496	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:52:17.0713 0496	stexstor - ok
15:52:17.0793 0496	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:52:17.0799 0496	stisvc - ok
15:52:17.0809 0496	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:52:17.0812 0496	swenum - ok
15:52:18.0047 0496	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:52:18.0050 0496	SwitchBoard - ok
15:52:18.0121 0496	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:52:18.0149 0496	swprv - ok
15:52:18.0350 0496	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:52:18.0367 0496	SysMain - ok
15:52:18.0532 0496	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:52:18.0539 0496	TabletInputService - ok
15:52:18.0599 0496	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:52:18.0650 0496	TapiSrv - ok
15:52:18.0675 0496	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:52:18.0679 0496	TBS - ok
15:52:18.0904 0496	Tcpip           (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
15:52:18.0969 0496	Tcpip - ok
15:52:19.0244 0496	TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
15:52:19.0252 0496	TCPIP6 - ok
15:52:19.0377 0496	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:52:19.0380 0496	tcpipreg - ok
15:52:19.0405 0496	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:52:19.0407 0496	TDPIPE - ok
15:52:19.0445 0496	TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
15:52:19.0448 0496	TDTCP - ok
15:52:19.0472 0496	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:52:19.0477 0496	tdx - ok
15:52:19.0512 0496	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:52:19.0515 0496	TermDD - ok
15:52:19.0609 0496	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:52:19.0621 0496	TermService - ok
15:52:19.0629 0496	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:52:19.0634 0496	Themes - ok
15:52:19.0667 0496	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:52:19.0668 0496	THREADORDER - ok
15:52:19.0695 0496	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:52:19.0701 0496	TrkWks - ok
15:52:19.0790 0496	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:52:19.0792 0496	TrustedInstaller - ok
15:52:19.0807 0496	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:19.0812 0496	tssecsrv - ok
15:52:19.0868 0496	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:52:19.0892 0496	tunnel - ok
15:52:19.0934 0496	TurboB          (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
15:52:19.0937 0496	TurboB - ok
15:52:19.0992 0496	TurboBoost      (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:52:19.0993 0496	TurboBoost - ok
15:52:20.0014 0496	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:52:20.0019 0496	uagp35 - ok
15:52:20.0065 0496	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:52:20.0112 0496	udfs - ok
15:52:20.0151 0496	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:52:20.0153 0496	UI0Detect - ok
15:52:20.0187 0496	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:52:20.0192 0496	uliagpkx - ok
15:52:20.0240 0496	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:52:20.0244 0496	umbus - ok
15:52:20.0266 0496	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:52:20.0269 0496	UmPass - ok
15:52:20.0566 0496	UNS             (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:52:20.0616 0496	UNS - ok
15:52:20.0800 0496	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:52:20.0804 0496	upnphost - ok
15:52:20.0926 0496	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:52:20.0930 0496	USBAAPL64 - ok
15:52:20.0977 0496	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:20.0982 0496	usbccgp - ok
15:52:21.0031 0496	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:52:21.0038 0496	usbcir - ok
15:52:21.0080 0496	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
15:52:21.0084 0496	usbehci - ok
15:52:21.0128 0496	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
15:52:21.0182 0496	usbhub - ok
15:52:21.0225 0496	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
15:52:21.0229 0496	usbohci - ok
15:52:21.0272 0496	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:52:21.0276 0496	usbprint - ok
15:52:21.0307 0496	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:52:21.0311 0496	usbscan - ok
15:52:21.0344 0496	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:21.0349 0496	USBSTOR - ok
15:52:21.0381 0496	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
15:52:21.0385 0496	usbuhci - ok
15:52:21.0436 0496	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
15:52:21.0467 0496	usbvideo - ok
15:52:21.0521 0496	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:52:21.0526 0496	UxSms - ok
15:52:21.0553 0496	VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:52:21.0554 0496	VaultSvc - ok
15:52:21.0579 0496	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:52:21.0583 0496	vdrvroot - ok
15:52:21.0645 0496	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:52:21.0650 0496	vds - ok
15:52:21.0690 0496	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:21.0694 0496	vga - ok
15:52:21.0715 0496	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:52:21.0719 0496	VgaSave - ok
15:52:21.0759 0496	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:52:21.0788 0496	vhdmp - ok
15:52:21.0832 0496	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:52:21.0835 0496	viaide - ok
15:52:21.0892 0496	VideAceWindowsService (0adf410187b71c9b855721c8d59cec7a) C:\ExpressGateUtil\VAWinService.exe
15:52:21.0893 0496	VideAceWindowsService - ok
15:52:21.0915 0496	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:52:21.0920 0496	volmgr - ok
15:52:21.0954 0496	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:52:21.0965 0496	volmgrx - ok
15:52:22.0023 0496	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:52:22.0032 0496	volsnap - ok
15:52:22.0095 0496	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:52:22.0149 0496	vsmraid - ok
15:52:22.0315 0496	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:52:22.0357 0496	VSS - ok
15:52:22.0563 0496	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:52:22.0567 0496	vwifibus - ok
15:52:22.0582 0496	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:52:22.0587 0496	vwififlt - ok
15:52:22.0641 0496	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:52:22.0649 0496	W32Time - ok
15:52:22.0697 0496	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:52:22.0700 0496	WacomPen - ok
15:52:22.0741 0496	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:22.0746 0496	WANARP - ok
15:52:22.0748 0496	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:22.0749 0496	Wanarpv6 - ok
15:52:22.0880 0496	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:52:22.0890 0496	WatAdminSvc - ok
15:52:23.0119 0496	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:52:23.0174 0496	wbengine - ok
15:52:23.0366 0496	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:52:23.0442 0496	WbioSrvc - ok
15:52:23.0505 0496	wcncsvc         (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
15:52:23.0528 0496	wcncsvc - ok
15:52:23.0546 0496	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:52:23.0551 0496	WcsPlugInService - ok
15:52:23.0586 0496	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:52:23.0591 0496	Wd - ok
15:52:23.0673 0496	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:52:23.0686 0496	Wdf01000 - ok
15:52:23.0763 0496	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:52:23.0769 0496	WdiServiceHost - ok
15:52:23.0770 0496	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:52:23.0772 0496	WdiSystemHost - ok
15:52:23.0852 0496	WebClient       (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
15:52:23.0911 0496	WebClient - ok
15:52:23.0993 0496	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:52:24.0019 0496	Wecsvc - ok
15:52:24.0070 0496	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:52:24.0072 0496	wercplsupport - ok
15:52:24.0106 0496	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:52:24.0111 0496	WerSvc - ok
15:52:24.0169 0496	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:52:24.0172 0496	WfpLwf - ok
15:52:24.0229 0496	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
15:52:24.0251 0496	WimFltr - ok
15:52:24.0312 0496	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:52:24.0316 0496	WIMMount - ok
15:52:24.0321 0496	WinHttpAutoProxySvc - ok
15:52:24.0405 0496	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:52:24.0413 0496	Winmgmt - ok
15:52:24.0633 0496	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:52:24.0691 0496	WinRM - ok
15:52:24.0910 0496	WinUsb          (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
15:52:24.0915 0496	WinUsb - ok
15:52:25.0043 0496	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:52:25.0055 0496	Wlansvc - ok
15:52:25.0170 0496	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:52:25.0171 0496	wlcrasvc - ok
15:52:25.0374 0496	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:52:25.0409 0496	wlidsvc - ok
15:52:25.0536 0496	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:52:25.0537 0496	WmiAcpi - ok
15:52:25.0611 0496	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:52:25.0613 0496	wmiApSrv - ok
15:52:25.0648 0496	WMPNetworkSvc - ok
15:52:25.0680 0496	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:52:25.0685 0496	WPCSvc - ok
15:52:25.0718 0496	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:52:25.0724 0496	WPDBusEnum - ok
15:52:25.0779 0496	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:52:25.0783 0496	ws2ifsl - ok
15:52:25.0785 0496	WSearch - ok
15:52:26.0028 0496	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:52:26.0083 0496	wuauserv - ok
15:52:26.0276 0496	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:52:26.0301 0496	WudfPf - ok
15:52:26.0373 0496	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:26.0402 0496	WUDFRd - ok
15:52:26.0489 0496	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:52:26.0491 0496	wudfsvc - ok
15:52:26.0531 0496	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:52:26.0590 0496	WwanSvc - ok
15:52:26.0884 0496	ytpUpdater      (88596ac939a4bcd347c5d360dfd0846e) C:\Program Files (x86)\updater\updater.exe
15:52:26.0892 0496	ytpUpdater - ok
15:52:26.0931 0496	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:52:27.0283 0496	\Device\Harddisk0\DR0 - ok
15:52:27.0285 0496	Boot (0x1200)   (0e40da09bd1b76594ed6e7ef3fa4d76e) \Device\Harddisk0\DR0\Partition0
15:52:27.0286 0496	\Device\Harddisk0\DR0\Partition0 - ok
15:52:27.0308 0496	Boot (0x1200)   (59f44e60677c265c083d95eeac04aed3) \Device\Harddisk0\DR0\Partition1
15:52:27.0310 0496	\Device\Harddisk0\DR0\Partition1 - ok
15:52:27.0310 0496	============================================================
15:52:27.0310 0496	Scan finished
15:52:27.0310 0496	============================================================
15:52:27.0318 6864	Detected object count: 0
15:52:27.0318 6864	Actual detected object count: 0

aswMBR log:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-18 15:56:24
-----------------------------
15:56:24.790    OS Version: Windows x64 6.1.7600 
15:56:24.790    Number of processors: 8 586 0x2A07
15:56:24.791    ComputerName: NICK-NOTEBOOK  UserName: Nick
15:56:26.682    Initialize success
15:57:46.606    AVAST engine defs: 12071701
15:57:58.475    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:57:58.477    Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
15:57:58.496    Disk 0 MBR read successfully
15:57:58.498    Disk 0 MBR scan
15:57:58.522    Disk 0 Windows 7 default MBR code
15:57:58.525    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    22003 MB offset 63
15:57:58.538    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       178848 MB offset 45062325
15:57:58.543    Disk 0 Partition - 00     0F Extended LBA            514551 MB offset 411344896
15:57:58.573    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       514550 MB offset 411346944
15:57:58.597    Disk 0 scanning C:\Windows\system32\drivers
15:58:10.186    Service scanning
15:58:38.576    Modules scanning
15:58:38.583    Disk 0 trace - called modules:
15:58:38.605    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
15:58:38.815    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800e2ae060]
15:58:38.819    3 CLASSPNP.SYS[fffff880013b743f] -> nt!IofCallDriver -> [0xfffffa800dbb9480]
15:58:38.823    5 ACPI.sys[fffff88000fb3781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800dbbe050]
15:58:40.654    AVAST engine scan C:\Windows
15:58:42.799    AVAST engine scan C:\Windows\system32
16:02:26.434    AVAST engine scan C:\Windows\system32\drivers
16:02:37.535    AVAST engine scan C:\Users\Nick
16:03:30.761    Disk 0 MBR has been saved successfully to "C:\Users\Nick\Downloads\MBR.dat"
16:03:30.761    The log file has been saved successfully to "C:\Users\Nick\Downloads\aswMBR.txt"

Last one is scanning atm

#4 tri21

tri21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 July 2012 - 02:48 AM

and here's the ESET scan results:

C:\Program Files (x86)\Ubisoft\Related Designs\ANNO 2070\solidcore32.dll	a variant of Win32/Kryptik.FM trojan	cleaned by deleting - quarantined
C:\Users\Nick\AppData\Local\Temp\VidSaver15_20120508.exe	Win32/Toolbar.CrossRider application	cleaned by deleting - quarantined
C:\Users\Nick\AppData\Local\Temp\ICReinstall\cnet2_FLVPlayerSetup_exe.exe	a variant of Win32/InstallCore.D application	cleaned by deleting - quarantined
C:\Users\Nick\Downloads\That_Mitchell_and_Webb_Look_Series_1_Complete.exe	Win32/Adware.1ClickDownload.C application	cleaned by deleting - quarantined
C:\Users\Nick\Downloads\Men.of.War.Assault.Squad.Update.v2.05.13-RELOADED\rld-mwas20513\Crack\mow_assault_squad.exe	probably a variant of Win32/Obfuscated.HRJTKTQ trojan	cleaned by deleting - quarantined
C:\Users\Nick\Downloads\Men.of.War.Assault.Squad.Update.v2.05.13-RELOADED\rld-mwas20513\Crack\mow_assault_squad_ed.exe	probably a variant of Win32/Obfuscated.HYASPMF trojan	cleaned by deleting - quarantined
C:\Users\Nick\Downloads\Men.of.War.Assault.Squad.Update.v2.05.13-RELOADED\rld-mwas20513\Crack\rld.dll	a variant of Win32/Packed.VMProtect.AAH trojan	cleaned by deleting - quarantined
C:\Users\Nick\Downloads\Men.of.War.Assault.Squad.Update.v2.05.13-RELOADED\rld-mwas20513\Update\mow-as-update-setup-en-2.05.13-full.exe	a variant of MSIL/Injector.AGK trojan	deleted - quarantined
C:\Windows\Installer\{52f71f4a-d2d4-e6c0-0b0a-03732b7a7a06}\U\00000008.@	Win64/Agent.BA trojan	cleaned by deleting - quarantined
C:\Windows\Installer\{52f71f4a-d2d4-e6c0-0b0a-03732b7a7a06}\U\80000000.@	Win64/Sirefef.AE trojan	cleaned by deleting - quarantined
C:\Windows\Installer\{52f71f4a-d2d4-e6c0-0b0a-03732b7a7a06}\U\80000032.@	a variant of Win32/Sirefef.FD trojan	cleaned by deleting - quarantined
D:\1C Company\Men of War. Assault Squad\mow_assault_squad.exe	probably a variant of Win32/Obfuscated.HRJTKTQ trojan	cleaned by deleting - quarantined
D:\1C Company\Men of War. Assault Squad\mow_assault_squad_ed.exe	probably a variant of Win32/Obfuscated.HYASPMF trojan	cleaned by deleting - quarantined
D:\1C Company\Men of War. Assault Squad\rld.dll	a variant of Win32/Packed.VMProtect.AAH trojan	cleaned by deleting - quarantined
Operating memory	a variant of Win32/Sirefef.EZ trojan	

Some of those threats might be cracks so are maybe false positives?

Edited by tri21, 18 July 2012 - 02:48 AM.


#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:54 PM

Posted 18 July 2012 - 03:04 AM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{52f71f4a-d2d4-e6c0-0b0a-03732b7a7a06}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

-Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#6 tri21

tri21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 July 2012 - 04:57 AM

Hi, thanks for your replies.

Systemlook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:06 on 18/07/2012 by Nick
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe	--a---- 329216 bytes	[23:19 13/07/2009]	[01:39 14/07/2009] (Unable to calculate MD5)
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe	--a---- 328704 bytes	[23:19 13/07/2009]	[01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{52f71f4a-d2d4-e6c0-0b0a-03732b7a7a06}"
C:\Windows\Installer\{52f71f4a-d2d4-e6c0-0b0a-03732b7a7a06}	d--hs--	[23:56 10/01/2012]

Malwarebytes log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.18.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Nick :: NICK-NOTEBOOK [administrator]

18/07/2012 6:11:52 PM
mbam-log-2012-07-18 (19-42-40).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 558904
Time elapsed: 1 hour(s), 28 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{52f71f4a-d2d4-e6c0-0b0a-03732b7a7a06}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

(end)

This virus popped up the other two times I tried malwarebytes before.

Mini Toolbox log:

MiniToolBox by Farbar  Version: 15-07-2012
Ran by Nick (administrator) on 18-07-2012 at 19:53:12
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9002WB-1NG Wireless Network Adapter = Wireless Network Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Nick-Notebook
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : BigPond

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : E0-B9-A5-6A-69-88
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F4-6D-04-27-27-77
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : BigPond
   Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter
   Physical Address. . . . . . . . . : E0-B9-A5-6A-32-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::409c:23df:1eb7:63c9%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.5(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, 18 July 2012 7:44:03 PM
   Lease Expires . . . . . . . . . . : Thursday, 19 July 2012 7:44:07 PM
   Default Gateway . . . . . . . . . : 10.0.0.138
   DHCP Server . . . . . . . . . . . : 10.0.0.138
   DHCPv6 IAID . . . . . . . . . . . : 249608613
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-4B-FE-15-E0-B9-A5-6A-32-46
   DNS Servers . . . . . . . . . . . : 10.0.0.138
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Hamachi Network Interface
   Physical Address. . . . . . . . . : 7A-79-05-87-F4-FA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2620:9b::587:f4fa(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::6c99:b483:b1f9:8368%16(Preferred) 
   IPv4 Address. . . . . . . . . . . : 5.135.244.250(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Lease Obtained. . . . . . . . . . : Wednesday, 18 July 2012 7:44:01 PM
   Lease Expires . . . . . . . . . . : Thursday, 18 July 2013 7:46:08 PM
   Default Gateway . . . . . . . . . : 5.0.0.1
   DHCP Server . . . . . . . . . . . : 5.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 444234211
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-4B-FE-15-E0-B9-A5-6A-32-46
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.BigPond:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B044B027-D8EC-41A8-8A3E-F3AA28AB7AAA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.237.2] with 32 bytes of data:
Reply from 74.125.237.2: bytes=32 time=26ms TTL=52
Reply from 74.125.237.2: bytes=32 time=26ms TTL=52

Ping statistics for 74.125.237.2:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 26ms, Average = 26ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=258ms TTL=46
Reply from 209.191.122.70: bytes=32 time=260ms TTL=46

Ping statistics for 209.191.122.70:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 258ms, Maximum = 260ms, Average = 259ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...e0 b9 a5 6a 69 88 ......Bluetooth Device (Personal Area Network)
 12...f4 6d 04 27 27 77 ......Realtek PCIe GBE Family Controller
 11...e0 b9 a5 6a 32 46 ......Atheros AR9002WB-1NG Wireless Network Adapter
 16...7a 79 05 87 f4 fa ......Hamachi Network Interface
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0          5.0.0.1    5.135.244.250   9256
          0.0.0.0          0.0.0.0       10.0.0.138         10.0.0.5     25
          5.0.0.0        255.0.0.0         On-link     5.135.244.250   9256
    5.135.244.250  255.255.255.255         On-link     5.135.244.250   9256
    5.255.255.255  255.255.255.255         On-link     5.135.244.250   9256
         10.0.0.0    255.255.255.0         On-link          10.0.0.5    281
         10.0.0.5  255.255.255.255         On-link          10.0.0.5    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.5    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     5.135.244.250   9256
        224.0.0.0        240.0.0.0         On-link          10.0.0.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     5.135.244.250   9256
  255.255.255.255  255.255.255.255         On-link          10.0.0.5    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0          5.0.0.1  Default 
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 16    276 2620:9b::/96             On-link
 16    276 2620:9b::587:f4fa/128    On-link
 16    276 fe80::/64                On-link
 11    281 fe80::/64                On-link
 11    281 fe80::409c:23df:1eb7:63c9/128
                                    On-link
 16    276 fe80::6c99:b483:b1f9:8368/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    276 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [261840] (Avira Operations GmbH & Co. KG)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)
x64-Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)
x64-Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)
x64-Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog9 12 mswsock.dll [File Not found] ()
x64-Catalog9 13 mswsock.dll [File Not found] ()
x64-Catalog9 14 mswsock.dll [File Not found] ()
x64-Catalog9 15 mswsock.dll [File Not found] ()
x64-Catalog9 16 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [234960] (Avira Operations GmbH & Co. KG)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/18/2012 07:53:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7502c9f1
Faulting process id: 0x19f8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/18/2012 07:52:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7502c9f1
Faulting process id: 0x1a34
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/18/2012 07:51:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7502c9f1
Faulting process id: 0x1b0c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/18/2012 07:50:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7502c9f1
Faulting process id: 0x1798
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/18/2012 07:49:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7502c9f1
Faulting process id: 0x11c4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/18/2012 07:43:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x749bc9f1
Faulting process id: 0x6a0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/18/2012 07:43:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x749bc9f1
Faulting process id: 0x8d4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/18/2012 07:42:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x749bc9f1
Faulting process id: 0xe70
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/18/2012 07:42:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x749bc9f1
Faulting process id: 0x9ec
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/18/2012 07:42:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x749bc9f1
Faulting process id: 0x1474
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (07/18/2012 07:48:25 PM) (Source: Service Control Manager) (User: )
Description: HomeGroup ProviderFunction Discovery Resource Publication%%-2147024891

Error: (07/18/2012 07:48:25 PM) (Source: Service Control Manager) (User: )
Description: Function Discovery Resource Publication%%-2147024891

Error: (07/18/2012 07:48:22 PM) (Source: Service Control Manager) (User: )
Description: iPod Service%%1053

Error: (07/18/2012 07:48:22 PM) (Source: Service Control Manager) (User: )
Description: 30000iPod Service

Error: (07/18/2012 07:48:22 PM) (Source: DCOM) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (07/18/2012 07:44:12 PM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (07/18/2012 07:44:12 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (07/18/2012 07:44:11 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (07/18/2012 07:44:08 PM) (Source: Service Control Manager) (User: )
Description: Function Discovery Resource Publication%%-2147024891

Error: (07/18/2012 03:36:07 PM) (Source: Service Control Manager) (User: )
Description: HomeGroup ProviderFunction Discovery Resource Publication%%-2147024891


Microsoft Office Sessions:
=========================
Error: (07/18/2012 07:53:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057502c9f119f801cd64cb27472e27C:\Windows\SysWOW64\svchost.exeunknown64f7994e-d0be-11e1-bb2e-e0b9a56a6988

Error: (07/18/2012 07:52:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057502c9f11a3401cd64cb0369942eC:\Windows\SysWOW64\svchost.exeunknown4117673c-d0be-11e1-bb2e-e0b9a56a6988

Error: (07/18/2012 07:51:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057502c9f11b0c01cd64cadf83f001C:\Windows\SysWOW64\svchost.exeunknown1d37b695-d0be-11e1-bb2e-e0b9a56a6988

Error: (07/18/2012 07:50:15 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057502c9f1179801cd64cabba3290eC:\Windows\SysWOW64\svchost.exeunknownf951232c-d0bd-11e1-bb2e-e0b9a56a6988

Error: (07/18/2012 07:49:10 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c00000057502c9f111c401cd64ca8f44e8deC:\Windows\SysWOW64\svchost.exeunknownd25e334d-d0bd-11e1-bb2e-e0b9a56a6988

Error: (07/18/2012 07:43:05 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005749bc9f16a001cd64c9bb34febaC:\Windows\SysWOW64\svchost.exeunknownf8e2d1c8-d0bc-11e1-ad9e-e0b9a56a6988

Error: (07/18/2012 07:43:05 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005749bc9f18d401cd64c9bb09a858C:\Windows\SysWOW64\svchost.exeunknownf8b83eb9-d0bc-11e1-ad9e-e0b9a56a6988

Error: (07/18/2012 07:42:56 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005749bc9f1e7001cd64c9b5acbeeeC:\Windows\SysWOW64\svchost.exeunknownf35a91fb-d0bc-11e1-ad9e-e0b9a56a6988

Error: (07/18/2012 07:42:05 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005749bc9f19ec01cd64c99760267dC:\Windows\SysWOW64\svchost.exeunknownd51091a5-d0bc-11e1-ad9e-e0b9a56a6988

Error: (07/18/2012 07:42:05 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005749bc9f1147401cd64c997378f45C:\Windows\SysWOW64\svchost.exeunknownd4e56253-d0bc-11e1-ad9e-e0b9a56a6988


=========================== Installed Programs ============================

??????? Windows Live Mesh ActiveX ??(????) (Version: 15.4.5722.2)
??????? Windows Live Mesh ActiveX ??? (Version: 15.4.5722.2)
1ClickDownloader (Version: 2.1 Build 26473)
7-Zip 9.20
Ace of Spades (Version: 0.70.017)
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.4.980)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 10 Plugin (Version: 10.3.181.14)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Reader 9.5.1 (Version: 9.5.1)
Alcor Micro USB Card Reader (Version: 1.8.17.26026)
ANNO 2070 (Version: 1.0.0.0)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ASUS AI Recovery (Version: 1.0.13)
ASUS FancyStart (Version: 1.1.0)
ASUS LifeFrame3 (Version: 3.0.21)
ASUS Live Update (Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.43)
ASUS SmartLogon (Version: 1.0.0010)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0031)
ASUS Video Magic (Version: 6.0.4710)
ASUS Virtual Camera (Version: 1.0.21)
ASUS WebStorage (Version: 2.0.46.1429)
ASUS_Screensaver
AsusVibe2.0 (Version: 2.0.3.585)
Atheros WLAN and Bluetooth Client Installation Program (Version: 9.0)
ATK Package (Version: 1.0.0007)
µTorrent (Version: 3.1.3)
Avira Antivirus Premium 2012 (Version: 12.0.0.1145)
Bing Bar (Version: 6.0.2282.0)
Bing Bar Platform (Version: 6.0.2282.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bluetooth Win7 Suite (64) (Version: 7.2.0.45)
Bonjour (Version: 3.0.0.10)
Bookworm Deluxe
BOSS (Version: 2.0.0)
Canon MG5200 series MP Drivers
CodeBlocks (Version: 10.05)
Complemento Messenger (Version: 15.4.3502.0922)
Complément Messenger (Version: 15.4.3502.0922)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (Version: 15.4.5722.2)
Cooking Dash
Counter-Strike 1.6
CyberLink LabelPrint (Version: 2.5.1908)
CyberLink MediaEspresso (Version: 6.0.1115_32476)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDirector (Version: 8.0.2609a)
CyberLink PowerDVD 10 (Version: 10.0.2025)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.1.0236)
Diablo II
ESET Online Scanner v3
ETDWare PS/2-x64 7.0.5.16_WHQL (Version: 7.0.5.16)
Evernote v. 4.5.2 (Version: 4.5.2.5904)
ExpressGate Cloud (Version: 2.1.76.380)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Fast Boot (Version: 1.0.8)
Fresco Logic USB3.0 Host Controller (Version: 3.0.110.12)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Game Park Console (Version: 6.2.1.1)
GameRanger
Google Chrome (Version: 20.0.1132.57)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.115)
Governor of Poker
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
Hotel Dash Suite Success
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Intel(R) Processor Graphics (Version: 8.15.10.2253)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.1.6.0)
Java(TM) 7 Update 3 (64-bit) (Version: 7.0.30)
Java(TM) 7 Update 4 (Version: 7.0.40)
Java(TM) SE Development Kit 7 Update 3 (64-bit) (Version: 1.7.0.30)
JavaFX 2.1.0 (Version: 2.1.0)
Jewel Quest 3
Junk Mail filter update (Version: 15.4.3502.0922)
LibreOffice 3.4 (Version: 3.4.402)
LogMeIn Hamachi (Version: 2.1.0.210)
Luxor 3
Magicka
Mahjongg dimensions
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mass Effect (Version: 1.00)
Mass Effect 2 (Version: 1.00)
Medieval II Total War (Version: 1.03.000)
Medieval II Total War : Kingdoms : Americas (Version: 1.03.000)
Medieval II Total War : Kingdoms : Britannia (Version: 1.03.000)
Medieval II Total War : Kingdoms : Crusades (Version: 1.03.000)
Medieval II Total War : Kingdoms : Teutonic (Version: 1.03.000)
Men of War: Assault Squad (Remove Only) (Version: 1.80.1.0)
Mesh Runtime (Version: 15.4.5722.2)
Messenger ???? (Version: 15.4.3502.0922)
Messenger ????? (Version: 15.4.3502.0922)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Minecraft Cracked
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Nexus Mod Manager (Version: 0.18.9)
Notepad++ (Version: 5.9.8)
Nuance PDF Reader (Version: 6.00.0041)
NVIDIA Control Panel 266.01 (Version: 266.01)
NVIDIA Graphics Driver 266.01 (Version: 266.01)
NVIDIA Install Application (Version: 2.265.33.0)
NVIDIA Optimus 1.0.11 (Version: 1.0.11)
NVIDIA PhysX (Version: 9.09.0814)
NVIDIA Update Components (Version: 1.0.11)
Origin (Version: 8.4.1.210)
PDF Settings CS5 (Version: 10.0)
Plants vs Zombies
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.21.531.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6257)
SonicMaster (Version: 1.00.0000)
SweetIM for Messenger 3.6 (Version: 3.6.0008)
SweetPacks Toolbar for Internet Explorer 4.6 (Version: 4.6.0002)
syncables desktop SE (Version: 5.5.746.11492)
Terraria 1.1.2 (Version: 1.1.2)
The Elder Scrolls V Skyrim version 1.5.26.0.5 (Version: 1.5.26.0.5)
The Sims™ 3 (Version: 1.33.2)
Titan Quest (Version: 1.00.0000)
TrackMania 2 (Version: RePack)
Tribes Ascend Open Beta (Version: 1.0.1016.7)
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update Manager for SweetPacks 1.0 (Version: 1.0.0005)
uTorrentBar Toolbar (Version: 6.8.2.0)
Vid-Saver (Version: 1.18.149.149)
VideoPad Video Editor
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinFlash (Version: 2.31.1)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Wireless Console 3 (Version: 3.0.19)
World of Goo
wxDownload Fast 0.6.0
YoutubePlus

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 16295.07 MB
Available physical RAM: 13209.53 MB
Total Pagefile: 32588.29 MB
Available Pagefile: 29217.31 MB
Total Virtual: 4095.88 MB
Available Virtual: 3951.09 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:174.66 GB) (Free:12.44 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:502.49 GB) (Free:392.28 GB) NTFS
3 Drive e: (TheYearMyVoiceBroke) (CDROM) (Total:7.84 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\NICK-NOTEBOOK

Administrator            ASPNET                   Guest                    
Nick                     UpdatusUser              


**** End of log ****

FSS log:

Farbar Service Scanner Version: 08-07-2012
Ran by Nick (administrator) on 18-07-2012 at 19:55:53
Running from "C:\Users\Nick\Downloads"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 17:49] - [2011-12-28 13:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 21:43] - [2012-03-30 21:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 10:09] - [2009-07-14 11:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 09:36] - [2009-07-14 11:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 13:59] - [2012-04-24 15:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:54 PM

Posted 18 July 2012 - 06:42 AM

C:\Windows\Installer\{52f71f4a-d2d4-e6c0-0b0a-03732b7a7a06}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.


Run MBAM again and remove the infection,restart the PC

Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Windows\Installer\{52f71f4a-d2d4-e6c0-0b0a-03732b7a7a06}

delete the folder,run system look again and post the log

Create a restore point before trying this

Download

MpsSvc
BFE
wscsvc
defender


Launch them ,click YES when you get UAC prompt

Restart the PC ,post the new FSS log

#8 tri21

tri21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 19 July 2012 - 01:38 AM

Hi,

I ran Malbytes again, then did the bat file thing but it won't let me delete the folder as it says another program is using it.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:54 PM

Posted 19 July 2012 - 06:52 AM

Restart the PC and delete it :thumbup2:

#10 tri21

tri21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 19 July 2012 - 03:51 PM

Hi,

Here's the new FSS log:

Farbar Service Scanner Version: 08-07-2012
Ran by Nick (administrator) on 20-07-2012 at 06:49:53
Running from "C:\Users\Nick\Downloads"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 17:49] - [2011-12-28 13:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 21:43] - [2012-03-30 21:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 10:09] - [2009-07-14 11:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 09:36] - [2009-07-14 11:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 13:59] - [2012-04-24 15:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:54 PM

Posted 19 July 2012 - 04:01 PM

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{52f71f4a-d2d4-e6c0-0b0a-03732b7a7a06}

Click on LOOK,post the generated log

#12 tri21

tri21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 20 July 2012 - 04:18 AM

Hi,

Avira isn't detecting the virus anymore so I assume that's good?

Here's the FSS log:

Farbar Service Scanner Version: 08-07-2012
Ran by Nick (administrator) on 20-07-2012 at 19:09:58
Running from "C:\Users\Nick\Downloads"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 17:49] - [2011-12-28 13:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 21:43] - [2012-03-30 21:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 10:09] - [2009-07-14 11:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 09:36] - [2009-07-14 11:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 13:59] - [2012-04-24 15:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Here's the systemlook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 19:11 on 20/07/2012 by Nick
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe	--a---- 328704 bytes	[23:19 13/07/2009]	[01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe	--a---- 328704 bytes	[23:19 13/07/2009]	[01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{52f71f4a-d2d4-e6c0-0b0a-03732b7a7a06}"
No folders found.

-= EOF =-


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:54 PM

Posted 20 July 2012 - 07:53 AM

Delete this file

C:\windows\system32\services.exe.old

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#14 tri21

tri21
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 20 July 2012 - 07:44 PM

Thanks a lot for everything (:

Really appreciated!

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:54 PM

Posted 20 July 2012 - 08:28 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users