Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Background Ads.


  • Please log in to reply
13 replies to this topic

#1 xHoang

xHoang

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United State
  • Local time:12:00 AM

Posted 18 July 2012 - 08:49 PM

Hello,

About two days ago, I started to get these ads(audio) when nothing was running. My avast blocked a lot of attack from SVChost, I try find

it manually but only one I seen was at system32 folder. Which made me ran a lot of virus scan. First, I download the Microsoft Safety

Scanner and ran it had about five Trojan. Two was remove, One was partly remove(I think) and two that could not be deleted. Which I use my

avast to run a boot-time scan, found two more trojan. Which my guess would be that it's hosting something and sending me trojan every

time. I tried everything but it's does not work.. Any help?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:00 PM

Posted 18 July 2012 - 09:04 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 xHoang

xHoang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United State
  • Local time:12:00 AM

Posted 19 July 2012 - 04:42 PM

Hello,



TDSSKiller Scan-----------------

15:36:46.0975 7788 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
15:36:47.0315 7788 ============================================================
15:36:47.0315 7788 Current date / time: 2012/07/19 15:36:47.0315
15:36:47.0315 7788 SystemInfo:
15:36:47.0315 7788
15:36:47.0315 7788 OS Version: 6.1.7601 ServicePack: 1.0
15:36:47.0315 7788 Product type: Workstation
15:36:47.0315 7788 ComputerName: USER-PC
15:36:47.0315 7788 UserName: user
15:36:47.0315 7788 Windows directory: C:\Windows
15:36:47.0315 7788 System windows directory: C:\Windows
15:36:47.0315 7788 Running under WOW64
15:36:47.0315 7788 Processor architecture: Intel x64
15:36:47.0315 7788 Number of processors: 4
15:36:47.0315 7788 Page size: 0x1000
15:36:47.0315 7788 Boot type: Normal boot
15:36:47.0315 7788 ============================================================
15:36:47.0985 7788 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:36:47.0985 7788 ============================================================
15:36:47.0985 7788 \Device\Harddisk0\DR0:
15:36:47.0985 7788 MBR partitions:
15:36:47.0985 7788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x543456F0
15:36:47.0985 7788 ============================================================
15:36:48.0015 7788 C: <-> \Device\Harddisk0\DR0\Partition0
15:36:48.0015 7788 ============================================================
15:36:48.0015 7788 Initialize success
15:36:48.0015 7788 ============================================================
15:37:29.0798 4772 ============================================================
15:37:29.0798 4772 Scan started
15:37:29.0798 4772 Mode: Manual; TDLFS;
15:37:29.0798 4772 ============================================================
15:37:32.0288 4772 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:37:32.0298 4772 1394ohci - ok
15:37:32.0368 4772 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:37:32.0368 4772 ACPI - ok
15:37:32.0388 4772 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:37:32.0398 4772 AcpiPmi - ok
15:37:32.0538 4772 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:37:32.0538 4772 AdobeARMservice - ok
15:37:32.0728 4772 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:37:32.0728 4772 AdobeFlashPlayerUpdateSvc - ok
15:37:32.0828 4772 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:37:32.0838 4772 adp94xx - ok
15:37:32.0908 4772 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:37:32.0918 4772 adpahci - ok
15:37:32.0938 4772 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:37:32.0948 4772 adpu320 - ok
15:37:32.0978 4772 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:37:32.0978 4772 AeLookupSvc - ok
15:37:33.0058 4772 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
15:37:33.0068 4772 AFBAgent - ok
15:37:33.0188 4772 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:37:33.0188 4772 AFD - ok
15:37:33.0238 4772 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:37:33.0248 4772 agp440 - ok
15:37:33.0298 4772 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:37:33.0308 4772 ALG - ok
15:37:33.0348 4772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:37:33.0358 4772 aliide - ok
15:37:33.0358 4772 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:37:33.0358 4772 amdide - ok
15:37:33.0388 4772 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:37:33.0388 4772 AmdK8 - ok
15:37:33.0398 4772 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:37:33.0398 4772 AmdPPM - ok
15:37:33.0448 4772 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:37:33.0458 4772 amdsata - ok
15:37:33.0478 4772 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:37:33.0488 4772 amdsbs - ok
15:37:33.0498 4772 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:37:33.0498 4772 amdxata - ok
15:37:33.0528 4772 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:37:33.0538 4772 AppID - ok
15:37:33.0558 4772 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:37:33.0568 4772 AppIDSvc - ok
15:37:33.0588 4772 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:37:33.0588 4772 Appinfo - ok
15:37:33.0618 4772 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:37:33.0628 4772 arc - ok
15:37:33.0638 4772 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:37:33.0648 4772 arcsas - ok
15:37:33.0728 4772 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
15:37:33.0728 4772 ASLDRService - ok
15:37:33.0738 4772 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
15:37:33.0738 4772 ASMMAP64 - ok
15:37:33.0848 4772 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:37:33.0868 4772 aspnet_state - ok
15:37:33.0938 4772 assd (a7e7ae771a2fcdbd5f28910a38d9a82c) C:\Windows\system32\drivers\assd.sys
15:37:33.0948 4772 assd - ok
15:37:33.0988 4772 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:37:33.0998 4772 AsyncMac - ok
15:37:34.0058 4772 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:37:34.0058 4772 atapi - ok
15:37:34.0138 4772 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
15:37:34.0158 4772 athr - ok
15:37:34.0218 4772 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
15:37:34.0218 4772 ATKGFNEXSrv - ok
15:37:34.0298 4772 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
15:37:34.0298 4772 ATKWMIACPIIO - ok
15:37:34.0428 4772 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:37:34.0438 4772 AudioEndpointBuilder - ok
15:37:34.0438 4772 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:37:34.0438 4772 AudioSrv - ok
15:37:34.0488 4772 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:37:34.0488 4772 AxInstSV - ok
15:37:34.0598 4772 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:37:34.0608 4772 b06bdrv - ok
15:37:34.0658 4772 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:37:34.0668 4772 b57nd60a - ok
15:37:34.0758 4772 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:37:34.0778 4772 BBSvc - ok
15:37:34.0818 4772 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:37:34.0818 4772 BDESVC - ok
15:37:34.0878 4772 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:37:34.0878 4772 Beep - ok
15:37:34.0958 4772 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:37:34.0958 4772 BFE - ok
15:37:35.0408 4772 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
15:37:35.0498 4772 BHDrvx64 - ok
15:37:35.0668 4772 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:37:35.0678 4772 BITS - ok
15:37:35.0778 4772 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:37:35.0778 4772 blbdrive - ok
15:37:35.0818 4772 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:37:35.0818 4772 bowser - ok
15:37:35.0868 4772 bpenum (56e4345f392f17d66683225e214840cb) C:\Windows\system32\DRIVERS\bpenum.sys
15:37:35.0868 4772 bpenum - ok
15:37:35.0918 4772 bpmp (d50b07c4d7afec4ca6ac8fcb72583c5b) C:\Windows\system32\DRIVERS\bpmp.sys
15:37:35.0918 4772 bpmp - ok
15:37:35.0948 4772 bpusb (a85ba55e4fe9cb2f342f281aaf7de810) C:\Windows\system32\Drivers\bpusb.sys
15:37:35.0948 4772 bpusb - ok
15:37:36.0008 4772 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:37:36.0018 4772 BrFiltLo - ok
15:37:36.0018 4772 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:37:36.0028 4772 BrFiltUp - ok
15:37:36.0078 4772 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:37:36.0088 4772 Browser - ok
15:37:36.0098 4772 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:37:36.0108 4772 Brserid - ok
15:37:36.0108 4772 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:37:36.0118 4772 BrSerWdm - ok
15:37:36.0118 4772 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:37:36.0128 4772 BrUsbMdm - ok
15:37:36.0128 4772 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:37:36.0128 4772 BrUsbSer - ok
15:37:36.0158 4772 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
15:37:36.0168 4772 BthEnum - ok
15:37:36.0188 4772 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:37:36.0198 4772 BTHMODEM - ok
15:37:36.0198 4772 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:37:36.0208 4772 BthPan - ok
15:37:36.0248 4772 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:37:36.0258 4772 BTHPORT - ok
15:37:36.0308 4772 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:37:36.0308 4772 bthserv - ok
15:37:36.0328 4772 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:37:36.0338 4772 BTHUSB - ok
15:37:36.0358 4772 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:37:36.0358 4772 cdfs - ok
15:37:36.0408 4772 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:37:36.0418 4772 cdrom - ok
15:37:36.0468 4772 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:37:36.0468 4772 CertPropSvc - ok
15:37:36.0508 4772 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:37:36.0518 4772 circlass - ok
15:37:36.0538 4772 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:37:36.0548 4772 CLFS - ok
15:37:36.0618 4772 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:37:36.0638 4772 clr_optimization_v2.0.50727_32 - ok
15:37:36.0668 4772 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:37:36.0678 4772 clr_optimization_v2.0.50727_64 - ok
15:37:36.0768 4772 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:37:36.0798 4772 clr_optimization_v4.0.30319_32 - ok
15:37:36.0868 4772 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:37:36.0878 4772 clr_optimization_v4.0.30319_64 - ok
15:37:36.0918 4772 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:37:36.0928 4772 CmBatt - ok
15:37:36.0928 4772 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:37:36.0938 4772 cmdide - ok
15:37:37.0028 4772 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:37:37.0038 4772 CNG - ok
15:37:37.0098 4772 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:37:37.0108 4772 Compbatt - ok
15:37:37.0148 4772 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:37:37.0148 4772 CompositeBus - ok
15:37:37.0168 4772 COMSysApp - ok
15:37:37.0198 4772 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:37:37.0198 4772 crcdisk - ok
15:37:37.0278 4772 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:37:37.0278 4772 CryptSvc - ok
15:37:37.0448 4772 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:37:37.0458 4772 cvhsvc - ok
15:37:37.0568 4772 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:37:37.0568 4772 DcomLaunch - ok
15:37:37.0638 4772 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:37:37.0638 4772 defragsvc - ok
15:37:37.0738 4772 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:37:37.0738 4772 DfsC - ok
15:37:37.0828 4772 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:37:37.0828 4772 Dhcp - ok
15:37:37.0878 4772 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:37:37.0878 4772 discache - ok
15:37:37.0928 4772 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:37:37.0928 4772 Disk - ok
15:37:38.0068 4772 DMAgent (e7b489fa5b15d2fec3e52066e015b788) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
15:37:38.0068 4772 DMAgent - ok
15:37:38.0108 4772 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:37:38.0118 4772 Dnscache - ok
15:37:38.0158 4772 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:37:38.0168 4772 dot3svc - ok
15:37:38.0188 4772 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:37:38.0188 4772 DPS - ok
15:37:38.0218 4772 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:37:38.0218 4772 drmkaud - ok
15:37:38.0278 4772 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:37:38.0288 4772 DXGKrnl - ok
15:37:38.0318 4772 EagleX64 - ok
15:37:38.0358 4772 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:37:38.0368 4772 EapHost - ok
15:37:38.0498 4772 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:37:38.0528 4772 ebdrv - ok
15:37:38.0618 4772 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:37:38.0618 4772 eeCtrl - ok
15:37:38.0738 4772 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:37:38.0738 4772 EFS - ok
15:37:38.0818 4772 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:37:38.0838 4772 ehRecvr - ok
15:37:38.0848 4772 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:37:38.0858 4772 ehSched - ok
15:37:38.0988 4772 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:37:38.0998 4772 elxstor - ok
15:37:39.0128 4772 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:37:39.0138 4772 EraserUtilRebootDrv - ok
15:37:39.0168 4772 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:37:39.0178 4772 ErrDev - ok
15:37:39.0288 4772 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
15:37:39.0288 4772 ETD - ok
15:37:39.0338 4772 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:37:39.0338 4772 EventSystem - ok
15:37:39.0508 4772 EvtEng (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:37:39.0518 4772 EvtEng - ok
15:37:39.0608 4772 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:37:39.0618 4772 exfat - ok
15:37:39.0638 4772 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:37:39.0648 4772 fastfat - ok
15:37:39.0718 4772 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:37:39.0728 4772 Fax - ok
15:37:39.0788 4772 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:37:39.0788 4772 fdc - ok
15:37:39.0798 4772 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:37:39.0808 4772 fdPHost - ok
15:37:39.0828 4772 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:37:39.0828 4772 FDResPub - ok
15:37:39.0868 4772 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:37:39.0868 4772 FileInfo - ok
15:37:39.0878 4772 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:37:39.0888 4772 Filetrace - ok
15:37:39.0938 4772 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:37:39.0948 4772 flpydisk - ok
15:37:39.0968 4772 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:37:39.0978 4772 FltMgr - ok
15:37:40.0038 4772 FLxHCIc (7de8a770487fc4b5e3a168ad97e1d370) C:\Windows\system32\DRIVERS\FLxHCIc.sys
15:37:40.0048 4772 FLxHCIc - ok
15:37:40.0058 4772 FLxHCIh (2d54a3319fc955029e4b371cdc088ff4) C:\Windows\system32\DRIVERS\FLxHCIh.sys
15:37:40.0058 4772 FLxHCIh - ok
15:37:40.0138 4772 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:37:40.0148 4772 FontCache - ok
15:37:40.0228 4772 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:37:40.0228 4772 FontCache3.0.0.0 - ok
15:37:40.0258 4772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:37:40.0268 4772 FsDepends - ok
15:37:40.0308 4772 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
15:37:40.0318 4772 fssfltr - ok
15:37:40.0438 4772 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:37:40.0488 4772 fsssvc - ok
15:37:40.0598 4772 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:37:40.0598 4772 Fs_Rec - ok
15:37:40.0658 4772 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:37:40.0668 4772 fvevol - ok
15:37:40.0718 4772 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:37:40.0718 4772 gagp30kx - ok
15:37:40.0808 4772 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:37:40.0818 4772 gpsvc - ok
15:37:40.0908 4772 Gun (721ce1551f8198714f3cabfe2147939b) C:\Game\SoftnyxGame\GunBoundIS\Gun64.sys
15:37:40.0918 4772 Gun - ok
15:37:40.0978 4772 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:37:40.0978 4772 hcw85cir - ok
15:37:41.0048 4772 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:37:41.0058 4772 HdAudAddService - ok
15:37:41.0098 4772 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:37:41.0098 4772 HDAudBus - ok
15:37:41.0128 4772 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:37:41.0138 4772 HidBatt - ok
15:37:41.0138 4772 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:37:41.0148 4772 HidBth - ok
15:37:41.0168 4772 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:37:41.0178 4772 HidIr - ok
15:37:41.0198 4772 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:37:41.0198 4772 hidserv - ok
15:37:41.0258 4772 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:37:41.0258 4772 HidUsb - ok
15:37:41.0288 4772 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:37:41.0298 4772 hkmsvc - ok
15:37:41.0328 4772 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:37:41.0338 4772 HomeGroupListener - ok
15:37:41.0388 4772 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:37:41.0388 4772 HomeGroupProvider - ok
15:37:41.0438 4772 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:37:41.0448 4772 HpSAMD - ok
15:37:41.0518 4772 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:37:41.0528 4772 HTTP - ok
15:37:41.0538 4772 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:37:41.0538 4772 hwpolicy - ok
15:37:41.0578 4772 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:37:41.0578 4772 i8042prt - ok
15:37:41.0648 4772 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
15:37:41.0648 4772 iaStor - ok
15:37:41.0708 4772 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:37:41.0718 4772 iaStorV - ok
15:37:41.0828 4772 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:37:41.0838 4772 idsvc - ok
15:37:42.0038 4772 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120718.001\IDSvia64.sys
15:37:42.0048 4772 IDSVia64 - ok
15:37:42.0608 4772 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:37:42.0778 4772 igfx - ok
15:37:42.0908 4772 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:37:42.0918 4772 iirsp - ok
15:37:42.0988 4772 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:37:42.0988 4772 IKEEXT - ok
15:37:43.0048 4772 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
15:37:43.0058 4772 intaud_WaveExtensible - ok
15:37:43.0268 4772 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:\Windows\system32\drivers\RTKVHD64.sys
15:37:43.0298 4772 IntcAzAudAddService - ok
15:37:43.0448 4772 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:37:43.0448 4772 IntcDAud - ok
15:37:43.0478 4772 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:37:43.0478 4772 intelide - ok
15:37:43.0528 4772 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:37:43.0528 4772 intelppm - ok
15:37:43.0558 4772 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:37:43.0558 4772 IPBusEnum - ok
15:37:43.0578 4772 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:37:43.0578 4772 IpFilterDriver - ok
15:37:43.0648 4772 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:37:43.0658 4772 iphlpsvc - ok
15:37:43.0658 4772 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:37:43.0668 4772 IPMIDRV - ok
15:37:43.0668 4772 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:37:43.0678 4772 IPNAT - ok
15:37:43.0728 4772 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:37:43.0728 4772 IRENUM - ok
15:37:43.0738 4772 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:37:43.0738 4772 isapnp - ok
15:37:43.0768 4772 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:37:43.0778 4772 iScsiPrt - ok
15:37:43.0828 4772 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
15:37:43.0828 4772 iwdbus - ok
15:37:43.0888 4772 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:37:43.0888 4772 kbdclass - ok
15:37:43.0928 4772 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:37:43.0928 4772 kbdhid - ok
15:37:43.0988 4772 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
15:37:43.0988 4772 kbfiltr - ok
15:37:44.0008 4772 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:37:44.0018 4772 KeyIso - ok
15:37:44.0048 4772 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:37:44.0048 4772 KSecDD - ok
15:37:44.0078 4772 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:37:44.0078 4772 KSecPkg - ok
15:37:44.0128 4772 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:37:44.0128 4772 ksthunk - ok
15:37:44.0168 4772 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:37:44.0178 4772 KtmRm - ok
15:37:44.0228 4772 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
15:37:44.0228 4772 L1C - ok
15:37:44.0288 4772 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:37:44.0298 4772 LanmanServer - ok
15:37:44.0328 4772 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:37:44.0328 4772 LanmanWorkstation - ok
15:37:44.0388 4772 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:37:44.0388 4772 lltdio - ok
15:37:44.0418 4772 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:37:44.0428 4772 lltdsvc - ok
15:37:44.0468 4772 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:37:44.0468 4772 lmhosts - ok
15:37:44.0528 4772 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:37:44.0538 4772 LSI_FC - ok
15:37:44.0548 4772 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:37:44.0558 4772 LSI_SAS - ok
15:37:44.0558 4772 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:37:44.0568 4772 LSI_SAS2 - ok
15:37:44.0568 4772 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:37:44.0578 4772 LSI_SCSI - ok
15:37:44.0588 4772 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:37:44.0588 4772 luafv - ok
15:37:44.0718 4772 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
15:37:44.0738 4772 McComponentHostService - ok
15:37:44.0768 4772 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:37:44.0778 4772 Mcx2Svc - ok
15:37:44.0788 4772 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:37:44.0798 4772 megasas - ok
15:37:44.0838 4772 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:37:44.0848 4772 MegaSR - ok
15:37:44.0908 4772 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
15:37:44.0908 4772 MEIx64 - ok
15:37:44.0968 4772 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:37:44.0968 4772 MMCSS - ok
15:37:44.0988 4772 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:37:44.0988 4772 Modem - ok
15:37:45.0038 4772 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:37:45.0048 4772 monitor - ok
15:37:45.0068 4772 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:37:45.0068 4772 mouclass - ok
15:37:45.0088 4772 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:37:45.0088 4772 mouhid - ok
15:37:45.0108 4772 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:37:45.0108 4772 mountmgr - ok
15:37:45.0218 4772 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:37:45.0228 4772 MozillaMaintenance - ok
15:37:45.0268 4772 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:37:45.0278 4772 mpio - ok
15:37:45.0308 4772 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:37:45.0308 4772 mpsdrv - ok
15:37:45.0398 4772 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:37:45.0398 4772 MpsSvc - ok
15:37:45.0438 4772 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:37:45.0438 4772 MRxDAV - ok
15:37:45.0458 4772 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:37:45.0458 4772 mrxsmb - ok
15:37:45.0498 4772 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:37:45.0498 4772 mrxsmb10 - ok
15:37:45.0518 4772 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:37:45.0518 4772 mrxsmb20 - ok
15:37:45.0518 4772 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:37:45.0528 4772 msahci - ok
15:37:45.0548 4772 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:37:45.0558 4772 msdsm - ok
15:37:45.0568 4772 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:37:45.0578 4772 MSDTC - ok
15:37:45.0608 4772 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:37:45.0608 4772 Msfs - ok
15:37:45.0648 4772 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:37:45.0658 4772 mshidkmdf - ok
15:37:45.0678 4772 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:37:45.0678 4772 msisadrv - ok
15:37:45.0698 4772 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:37:45.0708 4772 MSiSCSI - ok
15:37:45.0708 4772 msiserver - ok
15:37:45.0768 4772 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:37:45.0768 4772 MSKSSRV - ok
15:37:45.0778 4772 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:37:45.0778 4772 MSPCLOCK - ok
15:37:45.0788 4772 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:37:45.0788 4772 MSPQM - ok
15:37:45.0818 4772 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:37:45.0818 4772 MsRPC - ok
15:37:45.0838 4772 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:37:45.0838 4772 mssmbios - ok
15:37:45.0868 4772 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:37:45.0878 4772 MSTEE - ok
15:37:45.0888 4772 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:37:45.0888 4772 MTConfig - ok
15:37:45.0898 4772 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:37:45.0898 4772 Mup - ok
15:37:46.0018 4772 MyWiFiDHCPDNS (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:37:46.0028 4772 MyWiFiDHCPDNS - ok
15:37:46.0068 4772 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:37:46.0078 4772 napagent - ok
15:37:46.0148 4772 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:37:46.0148 4772 NativeWifiP - ok
15:37:46.0328 4772 NAV (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
15:37:46.0328 4772 NAV - ok
15:37:46.0508 4772 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120719.006\ENG64.SYS
15:37:46.0508 4772 NAVENG - ok
15:37:46.0628 4772 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120719.006\EX64.SYS
15:37:46.0638 4772 NAVEX15 - ok
15:37:46.0788 4772 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:37:46.0798 4772 NDIS - ok
15:37:46.0858 4772 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:37:46.0868 4772 NdisCap - ok
15:37:46.0898 4772 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:37:46.0898 4772 NdisTapi - ok
15:37:46.0918 4772 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:37:46.0918 4772 Ndisuio - ok
15:37:46.0938 4772 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:37:46.0948 4772 NdisWan - ok
15:37:46.0958 4772 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:37:46.0968 4772 NDProxy - ok
15:37:47.0008 4772 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:37:47.0008 4772 NetBIOS - ok
15:37:47.0048 4772 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:37:47.0048 4772 NetBT - ok
15:37:47.0078 4772 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:37:47.0078 4772 Netlogon - ok
15:37:47.0158 4772 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:37:47.0168 4772 Netman - ok
15:37:47.0288 4772 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:37:47.0308 4772 NetMsmqActivator - ok
15:37:47.0318 4772 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:37:47.0318 4772 NetPipeActivator - ok
15:37:47.0348 4772 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:37:47.0348 4772 netprofm - ok
15:37:47.0348 4772 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:37:47.0358 4772 NetTcpActivator - ok
15:37:47.0358 4772 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:37:47.0358 4772 NetTcpPortSharing - ok
15:37:47.0748 4772 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
15:37:47.0868 4772 NETwNs64 - ok
15:37:47.0988 4772 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:37:47.0998 4772 nfrd960 - ok
15:37:48.0058 4772 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:37:48.0058 4772 NlaSvc - ok
15:37:48.0068 4772 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:37:48.0078 4772 Npfs - ok
15:37:48.0088 4772 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:37:48.0088 4772 nsi - ok
15:37:48.0098 4772 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:37:48.0098 4772 nsiproxy - ok
15:37:48.0208 4772 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:37:48.0218 4772 Ntfs - ok
15:37:48.0308 4772 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:37:48.0308 4772 Null - ok
15:37:48.0348 4772 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:37:48.0358 4772 nvraid - ok
15:37:48.0358 4772 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:37:48.0368 4772 nvstor - ok
15:37:48.0378 4772 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:37:48.0378 4772 nv_agp - ok
15:37:48.0388 4772 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:37:48.0388 4772 ohci1394 - ok
15:37:48.0488 4772 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:37:48.0508 4772 ose - ok
15:37:48.0738 4772 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:37:48.0808 4772 osppsvc - ok
15:37:48.0898 4772 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:37:48.0898 4772 p2pimsvc - ok
15:37:48.0938 4772 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:37:48.0948 4772 p2psvc - ok
15:37:49.0008 4772 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:37:49.0018 4772 Parport - ok
15:37:49.0038 4772 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:37:49.0048 4772 partmgr - ok
15:37:49.0078 4772 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:37:49.0078 4772 PcaSvc - ok
15:37:49.0128 4772 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:37:49.0138 4772 pci - ok
15:37:49.0168 4772 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:37:49.0168 4772 pciide - ok
15:37:49.0208 4772 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:37:49.0218 4772 pcmcia - ok
15:37:49.0238 4772 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:37:49.0238 4772 pcw - ok
15:37:49.0318 4772 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:37:49.0328 4772 PEAUTH - ok
15:37:49.0398 4772 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:37:49.0418 4772 PerfHost - ok
15:37:49.0498 4772 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:37:49.0518 4772 pla - ok
15:37:49.0598 4772 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:37:49.0598 4772 PlugPlay - ok
15:37:49.0628 4772 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:37:49.0638 4772 PNRPAutoReg - ok
15:37:49.0668 4772 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:37:49.0668 4772 PNRPsvc - ok
15:37:49.0718 4772 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:37:49.0718 4772 PolicyAgent - ok
15:37:49.0748 4772 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:37:49.0748 4772 Power - ok
15:37:49.0838 4772 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:37:49.0838 4772 PptpMiniport - ok
15:37:49.0858 4772 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:37:49.0868 4772 Processor - ok
15:37:49.0908 4772 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:37:49.0918 4772 ProfSvc - ok
15:37:49.0938 4772 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:37:49.0938 4772 ProtectedStorage - ok
15:37:49.0988 4772 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:37:49.0988 4772 Psched - ok
15:37:50.0048 4772 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:37:50.0068 4772 ql2300 - ok
15:37:50.0208 4772 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:37:50.0218 4772 ql40xx - ok
15:37:50.0268 4772 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:37:50.0278 4772 QWAVE - ok
15:37:50.0298 4772 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:37:50.0308 4772 QWAVEdrv - ok
15:37:50.0308 4772 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:37:50.0308 4772 RasAcd - ok
15:37:50.0378 4772 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:37:50.0378 4772 RasAgileVpn - ok
15:37:50.0398 4772 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:37:50.0408 4772 RasAuto - ok
15:37:50.0428 4772 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:37:50.0428 4772 Rasl2tp - ok
15:37:50.0498 4772 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:37:50.0498 4772 RasMan - ok
15:37:50.0538 4772 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:37:50.0538 4772 RasPppoe - ok
15:37:50.0578 4772 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:37:50.0578 4772 RasSstp - ok
15:37:50.0608 4772 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:37:50.0618 4772 rdbss - ok
15:37:50.0628 4772 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:37:50.0628 4772 rdpbus - ok
15:37:50.0678 4772 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:37:50.0678 4772 RDPCDD - ok
15:37:50.0698 4772 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:37:50.0698 4772 RDPENCDD - ok
15:37:50.0718 4772 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:37:50.0718 4772 RDPREFMP - ok
15:37:50.0758 4772 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:37:50.0768 4772 RDPWD - ok
15:37:50.0788 4772 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:37:50.0798 4772 rdyboost - ok
15:37:50.0948 4772 RegSrvc (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:37:50.0948 4772 RegSrvc - ok
15:37:50.0978 4772 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:37:50.0978 4772 RemoteAccess - ok
15:37:51.0018 4772 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:37:51.0028 4772 RemoteRegistry - ok
15:37:51.0108 4772 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:37:51.0118 4772 RFCOMM - ok
15:37:51.0138 4772 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:37:51.0138 4772 RpcEptMapper - ok
15:37:51.0158 4772 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:37:51.0168 4772 RpcLocator - ok
15:37:51.0238 4772 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:37:51.0248 4772 RpcSs - ok
15:37:51.0278 4772 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:37:51.0278 4772 rspndr - ok
15:37:51.0298 4772 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:37:51.0298 4772 SamSs - ok
15:37:51.0328 4772 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:37:51.0338 4772 sbp2port - ok
15:37:51.0368 4772 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:37:51.0378 4772 SCardSvr - ok
15:37:51.0398 4772 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:37:51.0408 4772 scfilter - ok
15:37:51.0458 4772 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:37:51.0468 4772 Schedule - ok
15:37:51.0488 4772 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:37:51.0488 4772 SCPolicySvc - ok
15:37:51.0528 4772 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:37:51.0528 4772 SDRSVC - ok
15:37:51.0628 4772 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:37:51.0638 4772 SeaPort - ok
15:37:51.0708 4772 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:37:51.0708 4772 secdrv - ok
15:37:51.0728 4772 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:37:51.0728 4772 seclogon - ok
15:37:51.0768 4772 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:37:51.0768 4772 SENS - ok
15:37:51.0808 4772 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:37:51.0818 4772 SensrSvc - ok
15:37:51.0868 4772 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:37:51.0878 4772 Serenum - ok
15:37:51.0928 4772 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:37:51.0928 4772 Serial - ok
15:37:51.0938 4772 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:37:51.0938 4772 sermouse - ok
15:37:51.0978 4772 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:37:51.0988 4772 SessionEnv - ok
15:37:51.0988 4772 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:37:51.0998 4772 sffdisk - ok
15:37:51.0998 4772 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:37:51.0998 4772 sffp_mmc - ok
15:37:51.0998 4772 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:37:52.0008 4772 sffp_sd - ok
15:37:52.0028 4772 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:37:52.0038 4772 sfloppy - ok
15:37:52.0108 4772 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:37:52.0118 4772 Sftfs - ok
15:37:52.0178 4772 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:37:52.0188 4772 sftlist - ok
15:37:52.0218 4772 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:37:52.0218 4772 Sftplay - ok
15:37:52.0258 4772 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:37:52.0258 4772 Sftredir - ok
15:37:52.0268 4772 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:37:52.0268 4772 Sftvol - ok
15:37:52.0298 4772 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:37:52.0298 4772 sftvsa - ok
15:37:52.0338 4772 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:37:52.0348 4772 SharedAccess - ok
15:37:52.0378 4772 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:37:52.0388 4772 ShellHWDetection - ok
15:37:52.0448 4772 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
15:37:52.0458 4772 SiSGbeLH - ok
15:37:52.0488 4772 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:37:52.0498 4772 SiSRaid2 - ok
15:37:52.0498 4772 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:37:52.0508 4772 SiSRaid4 - ok
15:37:52.0518 4772 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:37:52.0518 4772 Smb - ok
15:37:52.0578 4772 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:37:52.0578 4772 SNMPTRAP - ok
15:37:52.0608 4772 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:37:52.0618 4772 spldr - ok
15:37:52.0648 4772 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:37:52.0648 4772 Spooler - ok
15:37:52.0788 4772 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:37:52.0808 4772 sppsvc - ok
15:37:52.0898 4772 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:37:52.0908 4772 sppuinotify - ok
15:37:53.0038 4772 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NAVx64\1207000.00D\SRTSP64.SYS
15:37:53.0048 4772 SRTSP - ok
15:37:53.0118 4772 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NAVx64\1207010.003\SRTSPX64.SYS
15:37:53.0118 4772 SRTSPX - ok
15:37:53.0168 4772 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:37:53.0168 4772 srv - ok
15:37:53.0198 4772 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:37:53.0208 4772 srv2 - ok
15:37:53.0238 4772 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:37:53.0238 4772 srvnet - ok
15:37:53.0308 4772 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:37:53.0308 4772 SSDPSRV - ok
15:37:53.0328 4772 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:37:53.0328 4772 SstpSvc - ok
15:37:53.0358 4772 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:37:53.0358 4772 stexstor - ok
15:37:53.0428 4772 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:37:53.0428 4772 stisvc - ok
15:37:53.0438 4772 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:37:53.0438 4772 swenum - ok
15:37:53.0498 4772 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:37:53.0508 4772 swprv - ok
15:37:53.0608 4772 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NAVx64\1207010.003\SYMDS64.SYS
15:37:53.0608 4772 SymDS - ok
15:37:53.0688 4772 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NAVx64\1207010.003\SYMEFA64.SYS
15:37:53.0688 4772 SymEFA - ok
15:37:53.0748 4772 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:37:53.0748 4772 SymEvent - ok
15:37:53.0788 4772 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NAVx64\1207010.003\Ironx64.SYS
15:37:53.0788 4772 SymIRON - ok
15:37:53.0878 4772 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NAVx64\1207000.00D\SYMNETS.SYS
15:37:53.0888 4772 SymNetS - ok
15:37:54.0018 4772 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:37:54.0048 4772 SysMain - ok
15:37:54.0148 4772 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:37:54.0158 4772 TabletInputService - ok
15:37:54.0188 4772 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:37:54.0188 4772 TapiSrv - ok
15:37:54.0208 4772 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:37:54.0208 4772 TBS - ok
15:37:54.0368 4772 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:37:54.0378 4772 Tcpip - ok
15:37:54.0578 4772 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:37:54.0588 4772 TCPIP6 - ok
15:37:54.0678 4772 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:37:54.0678 4772 tcpipreg - ok
15:37:54.0718 4772 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:37:54.0728 4772 TDPIPE - ok
15:37:54.0748 4772 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:37:54.0758 4772 TDTCP - ok
15:37:54.0808 4772 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:37:54.0808 4772 tdx - ok
15:37:54.0828 4772 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:37:54.0828 4772 TermDD - ok
15:37:54.0878 4772 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:37:54.0878 4772 TermService - ok
15:37:54.0898 4772 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:37:54.0898 4772 Themes - ok
15:37:54.0918 4772 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:37:54.0918 4772 THREADORDER - ok
15:37:54.0938 4772 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:37:54.0938 4772 TrkWks - ok
15:37:54.0978 4772 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:37:54.0978 4772 TrustedInstaller - ok
15:37:54.0998 4772 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:37:54.0998 4772 tssecsrv - ok
15:37:55.0058 4772 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:37:55.0068 4772 TsUsbFlt - ok
15:37:55.0068 4772 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:37:55.0078 4772 TsUsbGD - ok
15:37:55.0108 4772 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:37:55.0118 4772 tunnel - ok
15:37:55.0138 4772 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
15:37:55.0138 4772 TurboB - ok
15:37:55.0258 4772 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:37:55.0258 4772 TurboBoost - ok
15:37:55.0298 4772 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:37:55.0318 4772 uagp35 - ok
15:37:55.0358 4772 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:37:55.0378 4772 udfs - ok
15:37:55.0398 4772 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:37:55.0408 4772 UI0Detect - ok
15:37:55.0428 4772 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:37:55.0438 4772 uliagpkx - ok
15:37:55.0458 4772 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:37:55.0458 4772 umbus - ok
15:37:55.0478 4772 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:37:55.0498 4772 UmPass - ok
15:37:55.0528 4772 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:37:55.0538 4772 upnphost - ok
15:37:55.0568 4772 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:37:55.0568 4772 usbccgp - ok
15:37:55.0598 4772 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:37:55.0608 4772 usbcir - ok
15:37:55.0628 4772 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:37:55.0628 4772 usbehci - ok
15:37:55.0688 4772 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:37:55.0698 4772 usbhub - ok
15:37:55.0698 4772 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:37:55.0708 4772 usbohci - ok
15:37:55.0728 4772 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:37:55.0738 4772 usbprint - ok
15:37:55.0768 4772 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:37:55.0778 4772 USBSTOR - ok
15:37:55.0788 4772 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:37:55.0808 4772 usbuhci - ok
15:37:55.0858 4772 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:37:55.0868 4772 usbvideo - ok
15:37:55.0888 4772 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:37:55.0888 4772 UxSms - ok
15:37:55.0908 4772 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:37:55.0918 4772 VaultSvc - ok
15:37:55.0918 4772 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:37:55.0918 4772 vdrvroot - ok
15:37:55.0988 4772 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:37:56.0008 4772 vds - ok
15:37:56.0058 4772 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:37:56.0068 4772 vga - ok
15:37:56.0088 4772 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:37:56.0088 4772 VgaSave - ok
15:37:56.0108 4772 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:37:56.0118 4772 vhdmp - ok
15:37:56.0118 4772 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:37:56.0128 4772 viaide - ok
15:37:56.0138 4772 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:37:56.0138 4772 volmgr - ok
15:37:56.0158 4772 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:37:56.0168 4772 volmgrx - ok
15:37:56.0198 4772 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
15:37:56.0198 4772 volsnap - ok
15:37:56.0238 4772 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:37:56.0248 4772 vsmraid - ok
15:37:56.0348 4772 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:37:56.0368 4772 VSS - ok
15:37:56.0458 4772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:37:56.0458 4772 vwifibus - ok
15:37:56.0468 4772 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:37:56.0478 4772 vwififlt - ok
15:37:56.0518 4772 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:37:56.0518 4772 vwifimp - ok
15:37:56.0558 4772 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:37:56.0558 4772 W32Time - ok
15:37:56.0578 4772 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:37:56.0588 4772 WacomPen - ok
15:37:56.0648 4772 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:37:56.0648 4772 WANARP - ok
15:37:56.0648 4772 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:37:56.0648 4772 Wanarpv6 - ok
15:37:56.0768 4772 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:37:56.0778 4772 WatAdminSvc - ok
15:37:56.0858 4772 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:37:56.0878 4772 wbengine - ok
15:37:56.0978 4772 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:37:56.0988 4772 WbioSrvc - ok
15:37:57.0018 4772 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:37:57.0028 4772 wcncsvc - ok
15:37:57.0038 4772 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:37:57.0048 4772 WcsPlugInService - ok
15:37:57.0098 4772 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:37:57.0098 4772 Wd - ok
15:37:57.0138 4772 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:37:57.0148 4772 Wdf01000 - ok
15:37:57.0158 4772 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:37:57.0158 4772 WdiServiceHost - ok
15:37:57.0168 4772 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:37:57.0168 4772 WdiSystemHost - ok
15:37:57.0218 4772 wdkmd (63ce387483e74a0bd79ee4e5eba1fd2e) C:\Windows\system32\DRIVERS\WDKMD.sys
15:37:57.0218 4772 wdkmd - ok
15:37:57.0268 4772 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:37:57.0278 4772 WebClient - ok
15:37:57.0308 4772 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:37:57.0318 4772 Wecsvc - ok
15:37:57.0328 4772 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:37:57.0338 4772 wercplsupport - ok
15:37:57.0398 4772 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:37:57.0398 4772 WerSvc - ok
15:37:57.0418 4772 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:37:57.0418 4772 WfpLwf - ok
15:37:57.0548 4772 WiMAXAppSrv (245ea6a2cfae7b183ee9a14a4673b1f1) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
15:37:57.0548 4772 WiMAXAppSrv - ok
15:37:57.0628 4772 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
15:37:57.0628 4772 WimFltr - ok
15:37:57.0638 4772 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:37:57.0648 4772 WIMMount - ok
15:37:57.0668 4772 WinDefend - ok
15:37:57.0668 4772 WinHttpAutoProxySvc - ok
15:37:57.0738 4772 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:37:57.0738 4772 Winmgmt - ok
15:37:57.0848 4772 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:37:57.0868 4772 WinRM - ok
15:37:57.0998 4772 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:37:58.0008 4772 WinUsb - ok
15:37:58.0068 4772 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:37:58.0078 4772 Wlansvc - ok
15:37:58.0188 4772 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:37:58.0188 4772 wlcrasvc - ok
15:37:58.0378 4772 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:37:58.0398 4772 wlidsvc - ok
15:37:58.0528 4772 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:37:58.0528 4772 WmiAcpi - ok
15:37:58.0588 4772 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:37:58.0598 4772 wmiApSrv - ok
15:37:58.0628 4772 WMPNetworkSvc - ok
15:37:58.0728 4772 wolf (c662dc909e77f46feefd5c726add9a10) C:\Game\SoftnyxGame\WolfTeamIS\wolf64.sys
15:37:58.0748 4772 wolf - ok
15:37:58.0798 4772 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:37:58.0808 4772 WPCSvc - ok
15:37:58.0828 4772 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:37:58.0828 4772 WPDBusEnum - ok
15:37:58.0858 4772 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:37:58.0858 4772 ws2ifsl - ok
15:37:58.0878 4772 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:37:58.0878 4772 wscsvc - ok
15:37:58.0878 4772 WSearch - ok
15:37:59.0038 4772 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:37:59.0058 4772 wuauserv - ok
15:37:59.0148 4772 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:37:59.0148 4772 WudfPf - ok
15:37:59.0208 4772 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:37:59.0218 4772 WUDFRd - ok
15:37:59.0288 4772 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:37:59.0288 4772 wudfsvc - ok
15:37:59.0328 4772 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:37:59.0328 4772 WwanSvc - ok
15:37:59.0368 4772 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:37:59.0388 4772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:37:59.0388 4772 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:38:00.0128 4772 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:38:00.0128 4772 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:38:00.0158 4772 Boot (0x1200) (d9d5f2c87915b63a137eaaa7e1625541) \Device\Harddisk0\DR0\Partition0
15:38:00.0158 4772 \Device\Harddisk0\DR0\Partition0 - ok
15:38:00.0158 4772 ============================================================
15:38:00.0158 4772 Scan finished
15:38:00.0158 4772 ============================================================
15:38:00.0168 6996 Detected object count: 2
15:38:00.0168 6996 Actual detected object count: 2
15:38:23.0048 6996 \Device\Harddisk0\DR0\# - copied to quarantine
15:38:23.0058 6996 \Device\Harddisk0\DR0 - copied to quarantine
15:38:23.0088 6996 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:38:23.0098 6996 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:38:23.0098 6996 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:38:23.0108 6996 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:38:23.0118 6996 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:38:23.0128 6996 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:38:23.0128 6996 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:38:23.0128 6996 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:38:23.0128 6996 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:38:23.0128 6996 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:38:23.0148 6996 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:38:23.0148 6996 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:38:23.0148 6996 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:38:23.0158 6996 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:38:23.0168 6996 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:38:23.0228 6996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:38:23.0258 6996 \Device\Harddisk0\DR0 - ok
15:38:25.0018 6996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:38:25.0018 6996 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:38:25.0018 6996 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:38:37.0168 7044 Deinitialize success

----------------------------------------------------------------------------------------------------

aswMBR scan--------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-19 15:41:44
-----------------------------
15:41:44.297 OS Version: Windows x64 6.1.7601 Service Pack 1
15:41:44.297 Number of processors: 4 586 0x2A07
15:41:44.297 ComputerName: USER-PC UserName: user
15:41:47.090 Initialize success
15:44:37.612 AVAST engine defs: 12071901
15:45:04.226 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:45:04.226 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
15:45:04.242 Disk 0 MBR read successfully
15:45:04.257 Disk 0 MBR scan
15:45:04.257 Disk 0 Windows 7 default MBR code
15:45:04.273 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
15:45:04.288 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 689802 MB offset 52430848
15:45:04.304 Disk 0 scanning C:\Windows\system32\drivers
15:45:13.836 Service scanning
15:45:45.831 Modules scanning
15:45:45.831 Disk 0 trace - called modules:
15:45:45.847 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:45:45.847 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e01790]
15:45:46.362 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa800789d550]
15:45:46.362 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80078a0050]
15:45:47.797 AVAST engine scan C:\Windows
15:45:53.054 AVAST engine scan C:\Windows\system32
15:48:50.052 AVAST engine scan C:\Windows\system32\drivers
15:49:15.964 AVAST engine scan C:\Users\user
15:51:22.375 AVAST engine scan C:\ProgramData
15:52:48.550 Scan finished successfully
15:53:39.109 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
15:53:39.125 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

-------------------------------------------------------------------------------------------------------------------------------------

Eset Scan--------------------------------------------------------

C:\Qoobox\Quarantine\C\Windows\SysWOW64\config\systemprofile\0.7544344848258996.exe.vir a variant of Win32/TrojanProxy.Agent.NIS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_15.36.47\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_15.36.47\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_15.36.47\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_15.36.47\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_15.36.47\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_15.36.47\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.07.2012_15.36.47\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:00 PM

Posted 19 July 2012 - 07:33 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Create a restore point before trying this

Download

adware cleaner

Launch it click on Delete

post the generated log

#5 xHoang

xHoang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United State
  • Local time:12:00 AM

Posted 19 July 2012 - 09:37 PM

Hello,

miniToolbox--------

MiniToolBox by Farbar Version: 15-07-2012
Ran by user (administrator) on 19-07-2012 at 21:26:08
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 6150 = Wireless Network Connection (Connected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Intel® Centrino® WiMAX 6150 = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Wireless Network Connection 3" address=192.168.16.2 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : user-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.al.comcast.net.

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6150
Physical Address. . . . . . . . . : 64-D4-DA-64-FF-B7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 40-25-C2-86-EA-5D
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 40-25-C2-86-EA-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.al.comcast.net.
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-86-EA-5C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::512:e1cb:d134:f10e%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.120(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, July 19, 2012 8:48:22 PM
Lease Expires . . . . . . . . . . : Friday, July 20, 2012 8:48:26 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 306193858
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A3-2D-76-C8-60-00-10-04-E8
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.al.comcast.net.
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : C8-60-00-10-04-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.al.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.al.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{646E953E-C88A-4FF1-A41C-CB4F0BB99B97}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{08386800-36BF-4678-A8D8-460E13213502}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1e:2264:3f57:fe87(Preferred)
Link-local IPv6 Address . . . . . : fe80::1e:2264:3f57:fe87%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{AFE2E25D-4F9A-42E9-A965-B3DE249ED23D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2001:4860:800a::8b
74.125.139.138
74.125.139.102
74.125.139.113
74.125.139.101
74.125.139.139
74.125.139.100


Pinging google.com [74.125.137.101] with 32 bytes of data:
Reply from 74.125.137.101: bytes=32 time=40ms TTL=47
Reply from 74.125.137.101: bytes=32 time=37ms TTL=47

Ping statistics for 74.125.137.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 40ms, Average = 38ms
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 209.191.122.70
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=136ms TTL=47
Reply from 98.139.183.24: bytes=32 time=77ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 77ms, Maximum = 136ms, Average = 106ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 3ms, Average = 2ms
===========================================================================
Interface List
15...64 d4 da 64 ff b7 ......Intel® Centrino® WiMAX 6150
14...40 25 c2 86 ea 5d ......Microsoft Virtual WiFi Miniport Adapter #2
13...40 25 c2 86 ea 5d ......Microsoft Virtual WiFi Miniport Adapter
12...40 25 c2 86 ea 5c ......Intel® Centrino® Wireless-N 6150
11...c8 60 00 10 04 e8 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
35...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.120 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.120 281
192.168.1.120 255.255.255.255 On-link 192.168.1.120 281
192.168.1.255 255.255.255.255 On-link 192.168.1.120 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.120 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.120 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:1e:2264:3f57:fe87/128
On-link
12 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::1e:2264:3f57:fe87/128
On-link
12 281 fe80::512:e1cb:d134:f10e/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/19/2012 05:47:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2012 03:54:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2012 03:54:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2012 03:54:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2012 03:54:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/19/2012 08:49:16 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x0021d9dc
Faulting process id: 0x1aa8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/19/2012 07:27:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x0021d9dc
Faulting process id: 0x1568
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/18/2012 11:31:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: java.exe, version: 6.0.310.5, time stamp: 0x4f2c9e17
Faulting module name: iphlpapi.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b859
Exception code: 0xc0000005
Fault offset: 0x000083af
Faulting process id: 0x1108
Faulting application start time: 0xjava.exe0
Faulting application path: java.exe1
Faulting module path: java.exe2
Report Id: java.exe3

Error: (07/18/2012 11:57:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 13.0.1.4548, time stamp: 0x4fda5ff0
Faulting module name: coreclr.dll, version: 5.1.10411.0, time stamp: 0x4f8514cf
Exception code: 0x8013150a
Fault offset: 0x000475eb
Faulting process id: 0x1670
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (07/18/2012 11:57:21 AM) (Source: .NET Runtime) (User: )
Description: Application: plugin-container.exe
CoreCLR Version: 5.1.10411.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 6E3E75EB (6E3A0000) with exit code 8013150a.


System errors:
=============
Error: (07/18/2012 08:05:36 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (07/18/2012 08:04:37 AM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0xfffff800030697ef, 0x0000000000000000, 0x000007fffffa0000)C:\Windows\MEMORY.DMP071812-41480-01

Error: (07/18/2012 08:04:27 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:03:01 AM on ?7/?18/?2012 was unexpected.

Error: (07/18/2012 07:52:50 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.

Error: (07/18/2012 07:52:20 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.

Error: (07/17/2012 07:16:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/17/2012 07:16:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/17/2012 07:16:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/17/2012 07:16:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/17/2012 07:16:03 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/19/2012 05:47:41 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Desktop\New folder\esetsmartinstaller_enu.exe

Error: (07/19/2012 03:54:07 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Desktop\esetsmartinstaller_enu.exe

Error: (07/19/2012 03:54:04 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Desktop\esetsmartinstaller_enu.exe

Error: (07/19/2012 03:54:04 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Desktop\esetsmartinstaller_enu.exe

Error: (07/19/2012 03:54:02 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\user\Desktop\esetsmartinstaller_enu.exe

Error: (07/19/2012 08:49:16 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5MSHTML.dll9.0.8112.164474fc9d776c00000050021d9dc1aa801cd65aa05d0bf5a\\.\globalroot\systemroot\svchost.exeC:\Windows\system32\MSHTML.dll877954b8-d1a8-11e1-96d2-c860001004e8

Error: (07/19/2012 07:27:30 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5MSHTML.dll9.0.8112.164474fc9d776c00000050021d9dc156801cd65a2d94bbe74\\.\globalroot\systemroot\svchost.exeC:\Windows\system32\MSHTML.dll1b5e60bf-d19d-11e1-96d2-c860001004e8

Error: (07/18/2012 11:31:14 PM) (Source: Application Error)(User: )
Description: java.exe6.0.310.54f2c9e17iphlpapi.dll6.1.7601.175144ce7b859c0000005000083af110801cd65432dd8f913C:\Program Files (x86)\Java\jre6\bin\java.exeC:\Windows\system32\iphlpapi.dll929a80ab-d15a-11e1-b637-c860001004e8

Error: (07/18/2012 11:57:22 AM) (Source: Application Error)(User: )
Description: plugin-container.exe13.0.1.45484fda5ff0coreclr.dll5.1.10411.04f8514cf8013150a000475eb167001cd65064b9e9d91C:\Program Files (x86)\Mozilla Firefox\plugin-container.exec:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\coreclr.dlla3b9335c-d0f9-11e1-af69-c860001004e8

Error: (07/18/2012 11:57:21 AM) (Source: .NET Runtime)(User: )
Description: Application: plugin-container.exe
CoreCLR Version: 5.1.10411.0
Description: The process was terminated due to an internal error in the .NET Runtime at IP 6E3E75EB (6E3A0000) with exit code 8013150a.


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.0) MUI (Version: 10.1.0)
AIM for Windows
Alcor Micro USB Card Reader (Version: 1.7.17.25416)
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (Version: 1.2.0.20007)
ASUS AI Recovery (Version: 1.0.13)
ASUS FancyStart (Version: 1.0.8)
ASUS LifeFrame3 (Version: 3.0.21)
ASUS Live Update (Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.43)
ASUS Secure Delete (Version: 1.00.0006)
ASUS SmartLogon (Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0031)
ASUS U Series ScreenSaver (Version: 1.0.0002)
ASUS Virtual Camera (Version: 1.0.21)
AsusVibe2.0 (Version: 2.0.7.142)
ATK Package (Version: 1.0.0008)
Best Buy Connect (Version: 3.00.68)
Best Buy pc app (Version: 3.3.0.0)
Best Buy pc app (Version: 3.3.628.1)
Bing Bar (Version: 7.0.610.0)
Combat Arms
CyberLink LabelPrint (Version: 2.5.3624)
CyberLink Media Suite (Version: 8.0.2926)
CyberLink Power2Go (Version: 7.0.0.1126)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.5.0_WHQL (Version: 8.0.5.0)
Fast Boot (Version: 1.0.10)
Fresco Logic USB3.0 Host Controller (Version: 3.0.119.1)
Graboid Video 3.12 (Version: 3.12)
GunboundIS
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Processor Graphics (Version: 8.15.10.2291)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Turbo Boost Technology Monitor (Version: 1.0.400.4)
Intel® WiDi (Version: 2.1.35.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiMAX Software (Version: 6.05.0000)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee Security Scan Plus (Version: 3.0.207.4)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Nexon Game Manager
Norton AntiVirus (Version: 18.7.1.3)
Pando Media Booster (Version: 2.6.0.6)
Realtek High Definition Audio Driver (Version: 6.0.1.6392)
RuneScape Launcher 1.2 (Version: 1.2.0)
SceneSwitch (Version: 1.0.6)
Sonic Focus (Version: 1.0.0.4)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VLC media player 1.0.1 (Version: 1.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinFlash (Version: 2.31.1)
Wireless Console 3 (Version: 3.0.19)
WolfTeam International
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 8102.76 MB
Available physical RAM: 5842.11 MB
Total Pagefile: 16203.71 MB
Available Pagefile: 13946.92 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.86 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:673.64 GB) (Free:612.34 GB) NTFS
2 Drive e: (NORTON) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\user-PC

Administrator Guest user


**** End of log ****

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

FSS-------------------------

Farbar Service Scanner Version: 19-07-2012
Ran by user (administrator) on 19-07-2012 at 21:27:49
Running from "C:\Users\user\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
_________________________________________________________________________________________________________________________________________________________________

AdwCleaner------------------------------------------

# AdwCleaner v1.703 - Logfile created 07/19/2012 at 21:28:55
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : user - user-PC
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\user\AppData\LocalLow\AskToolbar
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\529rp5pb.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[S1].txt - [3960 octets] - [19/07/2012 21:28:55]

########## EOF - C:\AdwCleaner[S1].txt - [4088 octets] ##########


Thank you. :D

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:00 PM

Posted 19 July 2012 - 09:40 PM

Any current issues?

#7 xHoang

xHoang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United State
  • Local time:12:00 AM

Posted 19 July 2012 - 09:51 PM

Nope, not any yet :D Thanks a whole lot. Wasted two day on this trying to figure it out on my own.

Thank you.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:00 PM

Posted 19 July 2012 - 09:53 PM

Uninstall ask toolbar

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 xHoang

xHoang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United State
  • Local time:12:00 AM

Posted 20 July 2012 - 03:54 PM

Hey, I used TFC and click start, which it crash my computer with blue screen. Is that suppose happen?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:00 PM

Posted 20 July 2012 - 03:55 PM

This is common.Run TFC in safemode,it should work.Skip running it in normal mode.

#11 xHoang

xHoang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United State
  • Local time:12:00 AM

Posted 20 July 2012 - 04:01 PM

=D nvm, It work the second time, should I do another scan in safe mode?

Edited by xHoang, 20 July 2012 - 04:01 PM.


#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:00 PM

Posted 20 July 2012 - 04:27 PM

Not needed :thumbup2:

#13 xHoang

xHoang
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United State
  • Local time:12:00 AM

Posted 20 July 2012 - 04:36 PM

Kk Thanks.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:00 PM

Posted 20 July 2012 - 04:59 PM

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users