Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVAST threats, HELP!


  • Please log in to reply
11 replies to this topic

#1 sdelanty93

sdelanty93

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 29 July 2012 - 10:16 AM

I keep getting Avast Malicious URL Blocked and Threat Detected. How do I fix the problem?

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:36 PM

Posted 29 July 2012 - 01:39 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 sdelanty93

sdelanty93
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 29 July 2012 - 03:10 PM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 sdelanty93

sdelanty93
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 29 July 2012 - 03:12 PM

Farbar Service Scanner Version: 26-07-2012
Ran by home (administrator) on 29-07-2012 at 15:11:55
Running from "C:\Users\home\Desktop\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of wscsvc. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of wscsvc. The value does not exist.
Unable to retrieve ServiceDll of wscsvc. The value does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#5 sdelanty93

sdelanty93
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 29 July 2012 - 03:15 PM

ToolBox by Farbar Version: 23-07-2012
Ran by home (administrator) on 29-07-2012 at 15:14:12
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : home-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 0C-60-76-3E-95-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 0C-60-76-3E-95-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25d1:75b8:f49f:9223%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 29, 2012 3:01:55 PM
Lease Expires . . . . . . . . . . : Monday, July 30, 2012 3:01:55 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 218914934
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-53-92-C7-00-25-64-62-99-98
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.ms.comcast.net.
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-25-64-62-99-98
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 2001:4860:800a::66
74.125.137.138
74.125.137.139
74.125.137.100
74.125.137.101
74.125.137.102
74.125.137.113


Pinging google.com [74.125.137.139] with 32 bytes of data:
Reply from 74.125.137.139: bytes=32 time=76ms TTL=44
Reply from 74.125.137.139: bytes=32 time=77ms TTL=44

Ping statistics for 74.125.137.139:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 76ms, Maximum = 77ms, Average = 76ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=87ms TTL=46
Reply from 209.191.122.70: bytes=32 time=83ms TTL=46

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 83ms, Maximum = 87ms, Average = 85ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...0c 60 76 3e 95 32 ......Microsoft Virtual WiFi Miniport Adapter
11...0c 60 76 3e 95 32 ......Dell Wireless 1397 WLAN Mini-Card
10...00 25 64 62 99 98 ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 281
192.168.1.64 255.255.255.255 On-link 192.168.1.64 281
192.168.1.255 255.255.255.255 On-link 192.168.1.64 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 281 fe80::/64 On-link
11 281 fe80::25d1:75b8:f49f:9223/128
On-link
1 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/29/2012 02:58:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0xc0000005
Fault offset: 0x000099e4
Faulting process id: 0x17b4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/29/2012 08:38:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418, time stamp: 0x4ff31b8b
Exception code: 0xc0000417
Fault offset: 0x0004d9fb
Faulting process id: 0x1164
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/29/2012 08:38:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418, time stamp: 0x4ff31b8b
Exception code: 0xc0000417
Fault offset: 0x0004d9fb
Faulting process id: 0x115c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/28/2012 01:31:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418, time stamp: 0x4ff31b8b
Exception code: 0xc0000417
Fault offset: 0x0004d9fb
Faulting process id: 0x1da0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/28/2012 01:31:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418, time stamp: 0x4ff31b8b
Exception code: 0xc0000417
Fault offset: 0x0004d9fb
Faulting process id: 0x10c0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/28/2012 01:31:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418, time stamp: 0x4ff31b8b
Exception code: 0xc0000417
Fault offset: 0x0004d9fb
Faulting process id: 0x810
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/28/2012 00:23:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7601.17514, time stamp: 0x4ce79912
Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418, time stamp: 0x4ff31b8b
Exception code: 0xc0000417
Fault offset: 0x0004d9fb
Faulting process id: 0x1108
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/28/2012 00:22:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: bcmwltry.exe, version: 5.30.21.0, time stamp: 0x4a53eb54
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007ff00318e98
Faulting process id: 0x568
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3

Error: (07/27/2012 00:23:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1575

Error: (07/27/2012 00:23:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1575


System errors:
=============
Error: (07/29/2012 03:10:57 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/29/2012 03:10:57 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/29/2012 03:09:57 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/29/2012 03:09:57 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/29/2012 03:04:06 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/29/2012 03:04:06 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/29/2012 03:03:22 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/29/2012 03:03:22 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/29/2012 03:02:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv

Error: (07/29/2012 03:02:28 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (07/29/2012 02:58:57 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912msvcrt.dll7.0.7601.177444eeaf722c0000005000099e417b401cd6d8f79d1c1ceC:\Program Files (x86)\internet explorer\iexplore.exeC:\Windows\syswow64\msvcrt.dlld448d8f6-d9b7-11e1-94ff-002564629998

Error: (07/29/2012 08:38:18 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912aswWebRepIE.dll7.0.1456.4184ff31b8bc00004170004d9fb116401cd6d8f618a98e2C:\Program Files (x86)\internet explorer\iexplore.exeC:\Program Files\Alwil Software\Avast5\aswWebRepIE.dlla7509961-d982-11e1-94ff-002564629998

Error: (07/29/2012 08:38:18 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912aswWebRepIE.dll7.0.1456.4184ff31b8bc00004170004d9fb115c01cd6d8f618a98e2C:\Program Files (x86)\internet explorer\iexplore.exeC:\Program Files\Alwil Software\Avast5\aswWebRepIE.dlla7507251-d982-11e1-94ff-002564629998

Error: (07/28/2012 01:31:39 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912aswWebRepIE.dll7.0.1456.4184ff31b8bc00004170004d9fb1da001cd6cef342a3744C:\Program Files (x86)\internet explorer\iexplore.exeC:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll77f3ffbc-d8e2-11e1-bf6b-002564629998

Error: (07/28/2012 01:31:15 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912aswWebRepIE.dll7.0.1456.4184ff31b8bc00004170004d9fb10c001cd6cef2052d1afC:\Program Files (x86)\internet explorer\iexplore.exeC:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll69c41c78-d8e2-11e1-bf6b-002564629998

Error: (07/28/2012 01:31:15 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912aswWebRepIE.dll7.0.1456.4184ff31b8bc00004170004d9fb81001cd6cef218031aaC:\Program Files (x86)\internet explorer\iexplore.exeC:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll69b2b717-d8e2-11e1-bf6b-002564629998

Error: (07/28/2012 00:23:55 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.7601.175144ce79912aswWebRepIE.dll7.0.1456.4184ff31b8bc00004170004d9fb110801cd6ce5ba4fe313C:\Program Files (x86)\internet explorer\iexplore.exeC:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll01da01f6-d8d9-11e1-9201-002564629998

Error: (07/28/2012 00:22:05 PM) (Source: Application Error)(User: )
Description: bcmwltry.exe5.30.21.04a53eb54unknown0.0.0.000000000c0000005000007ff00318e9856801cd6ce576337b58C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exeunknownc026f9d8-d8d8-11e1-9201-002564629998

Error: (07/27/2012 00:23:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1575

Error: (07/27/2012 00:23:38 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1575


=========================== Installed Programs ============================

3DMark06 (Version: 1.1.0)
3DVIA player 5.0 (Version: 5.0.0.12)
Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 10 Plugin (Version: 10.0.42.34)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Reader 9.1.2 (Version: 9.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Advanced Audio FX Engine (Version: 1.12.05)
AGEIA PhysX v7.09.13 (Version: 7.09.13)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 7.0.1456.0)
Bing Bar (Version: 7.0.850.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 2.35)
Choice Guard (Version: 1.2.87.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software (Version: 2.25)
Dell DataSafe Local Backup (Version: 9.4.51)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Touchpad (Version: 13.2.3.0)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0)
Dora's Big Birthday Adventure (Version: 32.0.0.0)
Free Download Manager 3.8
Futuremark SystemInfo (Version: 4.0.0.0)
Gimp 2.6.2 Debug
Google Chrome (Version: 20.0.1132.57)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.115)
GoToAssist 8.0.0.514
iCloud (Version: 1.1.0.40)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8050.1202)
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog My Pals Plugin (Version: 3.2.19.13664)
LeapFrog Tag Junior Plugin (Version: 3.2.19.13664)
LeapFrog Tag Plugin (Version: 3.2.19.13664)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
OpenOffice.org 3.2 (Version: 3.2.9483)
Play Pickle
PowerDVD DX (Version: 8.3.5424)
Quickset64 (Version: 9.6.6)
QuickTime (Version: 7.71.80.42)
Roxio Burn (Version: 1.0)
Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.57.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Upromise TurboSaver (remove only) (Version: 7.1.0.10004)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (Version: 3.2.19.13664)
vShare Plugin
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (Version: 11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Yahoo! Install Manager
Zoodles (Version: 2.0.4)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 4056.36 MB
Available physical RAM: 2607.96 MB
Total Pagefile: 8110.92 MB
Available Pagefile: 6476.65 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.24 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:278.92 GB) (Free:145.93 GB) NTFS
2 Drive d: (Talon 10) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\HOME-PC

Administrator Guest home


**** End of log ****

#6 sdelanty93

sdelanty93
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 29 July 2012 - 03:27 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
home :: HOME-PC [administrator]

7/29/2012 3:18:44 PM
mbam-log-2012-07-29 (15-18-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216183
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3232 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

#7 sdelanty93

sdelanty93
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 29 July 2012 - 03:51 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 15:36:13
-----------------------------
15:36:13.354 OS Version: Windows x64 6.1.7601 Service Pack 1
15:36:13.354 Number of processors: 2 586 0x170A
15:36:13.354 ComputerName: HOME-PC UserName: home
15:36:14.337 Initialize success
15:36:17.910 AVAST engine defs: 12072901
15:37:33.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:37:33.662 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
15:37:33.662 Device \Driver\iaStor -> MajorFunction fffffa80046cc5e8
15:37:33.662 Disk 0 MBR read successfully
15:37:33.678 Disk 0 MBR scan
15:37:33.678 Disk 0 Windows VISTA default MBR code
15:37:33.678 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 298 MB offset 63
15:37:33.693 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 19328 MB offset 612352
15:37:33.709 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 285617 MB offset 40196096
15:37:33.740 Disk 0 scanning C:\Windows\system32\drivers
15:37:45.346 Service scanning
15:38:09.355 Modules scanning
15:38:09.355 Disk 0 trace - called modules:
15:38:09.870 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80046cc5e8]<<
15:38:09.870 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004280060]
15:38:09.885 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040ba050]
15:38:09.885 \Driver\iaStor[0xfffffa80045f8710] -> IRP_MJ_CREATE -> 0xfffffa80046cc5e8
15:38:10.681 AVAST engine scan C:\Windows
15:38:13.926 AVAST engine scan C:\Windows\system32
15:41:14.711 AVAST engine scan C:\Windows\system32\drivers
15:41:37.382 AVAST engine scan C:\Users\home
15:46:02.616 File: C:\Users\home\AppData\Local\Temp\trzDE12.tmp **INFECTED** Win32:Reveton-BR [Trj]
15:49:47.079 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:49:47.079 The log file has been saved successfully to "C:\aswMBR.txt"

I think that is everything. Thanks a ton for your help!

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:36 PM

Posted 29 July 2012 - 04:05 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 sdelanty93

sdelanty93
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 30 July 2012 - 07:24 PM

thanks again for all the help

06:54:25.0815 1064 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
06:54:27.0827 1064 ============================================================
06:54:27.0827 1064 Current date / time: 2012/07/30 06:54:27.0827
06:54:27.0827 1064 SystemInfo:
06:54:27.0827 1064
06:54:27.0827 1064 OS Version: 6.1.7601 ServicePack: 1.0
06:54:27.0827 1064 Product type: Workstation
06:54:27.0827 1064 ComputerName: HOME-PC
06:54:27.0827 1064 UserName: home
06:54:27.0827 1064 Windows directory: C:\Windows
06:54:27.0827 1064 System windows directory: C:\Windows
06:54:27.0827 1064 Running under WOW64
06:54:27.0827 1064 Processor architecture: Intel x64
06:54:27.0827 1064 Number of processors: 2
06:54:27.0827 1064 Page size: 0x1000
06:54:27.0827 1064 Boot type: Normal boot
06:54:27.0827 1064 ============================================================
06:54:28.0249 1064 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:54:28.0264 1064 ============================================================
06:54:28.0264 1064 \Device\Harddisk0\DR0:
06:54:28.0264 1064 MBR partitions:
06:54:28.0264 1064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x95800, BlocksNum 0x25C0000
06:54:28.0264 1064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2655800, BlocksNum 0x22DD8AB0
06:54:28.0264 1064 ============================================================
06:54:28.0311 1064 C: <-> \Device\Harddisk0\DR0\Partition1
06:54:28.0311 1064 ============================================================
06:54:28.0311 1064 Initialize success
06:54:28.0311 1064 ============================================================
06:54:30.0760 2576 ============================================================
06:54:30.0760 2576 Scan started
06:54:30.0760 2576 Mode: Manual;
06:54:30.0760 2576 ============================================================
06:54:32.0585 2576 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
06:54:32.0617 2576 1394ohci - ok
06:54:32.0679 2576 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
06:54:32.0679 2576 ACPI - ok
06:54:32.0726 2576 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
06:54:32.0726 2576 AcpiPmi - ok
06:54:32.0913 2576 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:54:32.0913 2576 AdobeFlashPlayerUpdateSvc - ok
06:54:33.0007 2576 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
06:54:33.0053 2576 adp94xx - ok
06:54:33.0116 2576 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
06:54:33.0163 2576 adpahci - ok
06:54:33.0209 2576 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
06:54:33.0241 2576 adpu320 - ok
06:54:33.0272 2576 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
06:54:33.0287 2576 AeLookupSvc - ok
06:54:33.0350 2576 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
06:54:33.0397 2576 AFD - ok
06:54:33.0459 2576 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
06:54:33.0459 2576 agp440 - ok
06:54:33.0490 2576 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
06:54:33.0490 2576 ALG - ok
06:54:33.0537 2576 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
06:54:33.0537 2576 aliide - ok
06:54:33.0553 2576 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
06:54:33.0553 2576 amdide - ok
06:54:33.0615 2576 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
06:54:33.0615 2576 AmdK8 - ok
06:54:33.0631 2576 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
06:54:33.0631 2576 AmdPPM - ok
06:54:33.0693 2576 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
06:54:33.0693 2576 amdsata - ok
06:54:33.0771 2576 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
06:54:33.0787 2576 amdsbs - ok
06:54:33.0833 2576 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
06:54:33.0833 2576 amdxata - ok
06:54:33.0880 2576 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
06:54:33.0880 2576 AppID - ok
06:54:33.0927 2576 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
06:54:33.0927 2576 AppIDSvc - ok
06:54:33.0989 2576 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
06:54:33.0989 2576 Appinfo - ok
06:54:34.0223 2576 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:54:34.0239 2576 Apple Mobile Device - ok
06:54:34.0364 2576 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
06:54:34.0364 2576 arc - ok
06:54:34.0411 2576 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
06:54:34.0426 2576 arcsas - ok
06:54:34.0473 2576 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
06:54:34.0473 2576 aswFsBlk - ok
06:54:34.0520 2576 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
06:54:34.0520 2576 aswMonFlt - ok
06:54:34.0567 2576 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
06:54:34.0567 2576 aswRdr - ok
06:54:35.0035 2576 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
06:54:35.0050 2576 aswSnx - ok
06:54:35.0128 2576 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
06:54:35.0128 2576 aswSP - ok
06:54:35.0175 2576 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
06:54:35.0175 2576 aswTdi - ok
06:54:35.0222 2576 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:54:35.0222 2576 AsyncMac - ok
06:54:35.0269 2576 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
06:54:35.0269 2576 atapi - ok
06:54:35.0659 2576 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:54:35.0674 2576 AudioEndpointBuilder - ok
06:54:35.0690 2576 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:54:35.0690 2576 AudioSrv - ok
06:54:35.0908 2576 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
06:54:35.0908 2576 avast! Antivirus - ok
06:54:35.0955 2576 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
06:54:35.0955 2576 AxInstSV - ok
06:54:36.0033 2576 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
06:54:36.0064 2576 b06bdrv - ok
06:54:36.0127 2576 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:54:36.0142 2576 b57nd60a - ok
06:54:36.0329 2576 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
06:54:36.0329 2576 BBSvc - ok
06:54:36.0423 2576 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
06:54:36.0439 2576 BBUpdate - ok
06:54:36.0470 2576 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
06:54:36.0470 2576 BCM42RLY - ok
06:54:36.0907 2576 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
06:54:36.0938 2576 BCM43XX - ok
06:54:37.0063 2576 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
06:54:37.0063 2576 BDESVC - ok
06:54:37.0125 2576 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:54:37.0125 2576 Beep - ok
06:54:37.0156 2576 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
06:54:37.0156 2576 blbdrive - ok
06:54:37.0234 2576 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
06:54:37.0265 2576 Bonjour Service - ok
06:54:37.0297 2576 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
06:54:37.0297 2576 bowser - ok
06:54:37.0328 2576 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:54:37.0328 2576 BrFiltLo - ok
06:54:37.0359 2576 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:54:37.0359 2576 BrFiltUp - ok
06:54:37.0390 2576 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
06:54:37.0421 2576 Browser - ok
06:54:37.0453 2576 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:54:37.0468 2576 Brserid - ok
06:54:37.0499 2576 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:54:37.0499 2576 BrSerWdm - ok
06:54:37.0515 2576 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:54:37.0515 2576 BrUsbMdm - ok
06:54:37.0531 2576 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:54:37.0531 2576 BrUsbSer - ok
06:54:37.0546 2576 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
06:54:37.0546 2576 BTHMODEM - ok
06:54:37.0593 2576 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
06:54:37.0593 2576 bthserv - ok
06:54:37.0609 2576 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:54:37.0624 2576 cdfs - ok
06:54:37.0671 2576 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
06:54:37.0687 2576 cdrom - ok
06:54:37.0749 2576 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
06:54:37.0749 2576 CertPropSvc - ok
06:54:37.0780 2576 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
06:54:37.0780 2576 circlass - ok
06:54:37.0827 2576 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:54:37.0827 2576 CLFS - ok
06:54:37.0921 2576 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:54:37.0921 2576 clr_optimization_v2.0.50727_32 - ok
06:54:37.0983 2576 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:54:37.0983 2576 clr_optimization_v2.0.50727_64 - ok
06:54:38.0077 2576 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:54:38.0077 2576 clr_optimization_v4.0.30319_32 - ok
06:54:38.0123 2576 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:54:38.0139 2576 clr_optimization_v4.0.30319_64 - ok
06:54:38.0170 2576 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
06:54:38.0170 2576 CmBatt - ok
06:54:38.0217 2576 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
06:54:38.0217 2576 cmdide - ok
06:54:38.0279 2576 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
06:54:38.0279 2576 CNG - ok
06:54:38.0342 2576 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
06:54:38.0342 2576 Compbatt - ok
06:54:38.0389 2576 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
06:54:38.0389 2576 CompositeBus - ok
06:54:38.0404 2576 COMSysApp - ok
06:54:38.0420 2576 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
06:54:38.0420 2576 crcdisk - ok
06:54:38.0482 2576 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
06:54:38.0498 2576 CryptSvc - ok
06:54:38.0545 2576 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
06:54:38.0560 2576 CtClsFlt - ok
06:54:38.0654 2576 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
06:54:38.0654 2576 DcomLaunch - ok
06:54:38.0716 2576 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
06:54:38.0732 2576 defragsvc - ok
06:54:38.0763 2576 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
06:54:38.0779 2576 DfsC - ok
06:54:38.0841 2576 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
06:54:38.0872 2576 Dhcp - ok
06:54:38.0903 2576 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:54:38.0903 2576 discache - ok
06:54:38.0950 2576 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
06:54:38.0950 2576 Disk - ok
06:54:38.0981 2576 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
06:54:38.0997 2576 Dnscache - ok
06:54:39.0091 2576 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
06:54:39.0091 2576 DockLoginService - ok
06:54:39.0137 2576 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
06:54:39.0169 2576 dot3svc - ok
06:54:39.0231 2576 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
06:54:39.0247 2576 dot4 - ok
06:54:39.0293 2576 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
06:54:39.0309 2576 Dot4Print - ok
06:54:39.0340 2576 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
06:54:39.0340 2576 dot4usb - ok
06:54:39.0387 2576 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
06:54:39.0387 2576 DPS - ok
06:54:39.0418 2576 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:54:39.0434 2576 drmkaud - ok
06:54:39.0527 2576 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
06:54:39.0527 2576 DXGKrnl - ok
06:54:39.0590 2576 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
06:54:39.0590 2576 EapHost - ok
06:54:39.0824 2576 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
06:54:39.0933 2576 ebdrv - ok
06:54:40.0027 2576 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
06:54:40.0042 2576 EFS - ok
06:54:40.0136 2576 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
06:54:40.0151 2576 ehRecvr - ok
06:54:40.0183 2576 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
06:54:40.0198 2576 ehSched - ok
06:54:40.0307 2576 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
06:54:40.0323 2576 elxstor - ok
06:54:40.0370 2576 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
06:54:40.0370 2576 ErrDev - ok
06:54:40.0448 2576 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
06:54:40.0463 2576 EventSystem - ok
06:54:40.0526 2576 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:54:40.0526 2576 exfat - ok
06:54:40.0588 2576 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:54:40.0588 2576 fastfat - ok
06:54:40.0697 2576 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
06:54:40.0713 2576 Fax - ok
06:54:40.0729 2576 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
06:54:40.0729 2576 fdc - ok
06:54:40.0775 2576 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
06:54:40.0775 2576 fdPHost - ok
06:54:40.0791 2576 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
06:54:40.0791 2576 FDResPub - ok
06:54:40.0822 2576 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:54:40.0822 2576 FileInfo - ok
06:54:40.0853 2576 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:54:40.0853 2576 Filetrace - ok
06:54:40.0869 2576 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
06:54:40.0869 2576 flpydisk - ok
06:54:40.0931 2576 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
06:54:40.0931 2576 FltMgr - ok
06:54:40.0994 2576 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
06:54:40.0994 2576 FlyUsb - ok
06:54:41.0103 2576 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
06:54:41.0119 2576 FontCache - ok
06:54:41.0212 2576 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:54:41.0212 2576 FontCache3.0.0.0 - ok
06:54:41.0228 2576 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
06:54:41.0228 2576 FsDepends - ok
06:54:41.0275 2576 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
06:54:41.0275 2576 Fs_Rec - ok
06:54:41.0384 2576 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
06:54:41.0384 2576 Futuremark SystemInfo Service - ok
06:54:41.0431 2576 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
06:54:41.0431 2576 fvevol - ok
06:54:41.0493 2576 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:54:41.0493 2576 gagp30kx - ok
06:54:41.0540 2576 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:54:41.0540 2576 GEARAspiWDM - ok
06:54:41.0602 2576 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
06:54:41.0602 2576 GoToAssist - ok
06:54:41.0711 2576 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
06:54:41.0727 2576 gpsvc - ok
06:54:41.0836 2576 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:54:41.0852 2576 gupdate - ok
06:54:41.0883 2576 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:54:41.0883 2576 gupdatem - ok
06:54:41.0945 2576 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
06:54:41.0945 2576 gusvc - ok
06:54:41.0992 2576 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
06:54:41.0992 2576 hcw85cir - ok
06:54:42.0055 2576 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
06:54:42.0055 2576 HDAudBus - ok
06:54:42.0070 2576 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
06:54:42.0070 2576 HidBatt - ok
06:54:42.0086 2576 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
06:54:42.0086 2576 HidBth - ok
06:54:42.0117 2576 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
06:54:42.0117 2576 HidIr - ok
06:54:42.0148 2576 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
06:54:42.0148 2576 hidserv - ok
06:54:42.0195 2576 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
06:54:42.0195 2576 HidUsb - ok
06:54:42.0242 2576 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
06:54:42.0257 2576 hkmsvc - ok
06:54:42.0304 2576 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
06:54:42.0351 2576 HomeGroupListener - ok
06:54:42.0398 2576 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
06:54:42.0429 2576 HomeGroupProvider - ok
06:54:42.0491 2576 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
06:54:42.0491 2576 HpSAMD - ok
06:54:42.0585 2576 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
06:54:42.0601 2576 HTTP - ok
06:54:42.0647 2576 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
06:54:42.0647 2576 hwpolicy - ok
06:54:42.0694 2576 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
06:54:42.0694 2576 i8042prt - ok
06:54:42.0803 2576 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
06:54:42.0803 2576 IAANTMON - ok
06:54:42.0866 2576 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
06:54:42.0866 2576 iaStor - ok
06:54:42.0944 2576 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
06:54:42.0959 2576 iaStorV - ok
06:54:43.0115 2576 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:54:43.0131 2576 idsvc - ok
06:54:43.0661 2576 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
06:54:43.0833 2576 igfx - ok
06:54:43.0989 2576 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
06:54:43.0989 2576 iirsp - ok
06:54:44.0098 2576 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
06:54:44.0114 2576 IKEEXT - ok
06:54:44.0176 2576 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
06:54:44.0176 2576 intelide - ok
06:54:44.0223 2576 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
06:54:44.0223 2576 intelppm - ok
06:54:44.0254 2576 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
06:54:44.0270 2576 IPBusEnum - ok
06:54:44.0301 2576 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:54:44.0301 2576 IpFilterDriver - ok
06:54:44.0332 2576 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
06:54:44.0332 2576 IPMIDRV - ok
06:54:44.0363 2576 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
06:54:44.0379 2576 IPNAT - ok
06:54:44.0582 2576 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
06:54:44.0582 2576 iPod Service - ok
06:54:44.0613 2576 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
06:54:44.0613 2576 IRENUM - ok
06:54:44.0660 2576 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
06:54:44.0660 2576 isapnp - ok
06:54:44.0707 2576 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
06:54:44.0707 2576 iScsiPrt - ok
06:54:44.0753 2576 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
06:54:44.0753 2576 kbdclass - ok
06:54:44.0785 2576 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
06:54:44.0785 2576 kbdhid - ok
06:54:44.0816 2576 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:54:44.0816 2576 KeyIso - ok
06:54:44.0847 2576 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
06:54:44.0847 2576 KSecDD - ok
06:54:44.0909 2576 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
06:54:44.0909 2576 KSecPkg - ok
06:54:44.0925 2576 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
06:54:44.0941 2576 ksthunk - ok
06:54:44.0987 2576 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
06:54:45.0050 2576 KtmRm - ok
06:54:45.0128 2576 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
06:54:45.0159 2576 LanmanServer - ok
06:54:45.0190 2576 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
06:54:45.0206 2576 LanmanWorkstation - ok
06:54:45.0736 2576 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
06:54:45.0877 2576 LeapFrog Connect Device Service - ok
06:54:46.0064 2576 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
06:54:46.0064 2576 lltdio - ok
06:54:46.0111 2576 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
06:54:46.0142 2576 lltdsvc - ok
06:54:46.0173 2576 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
06:54:46.0173 2576 lmhosts - ok
06:54:46.0204 2576 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:54:46.0204 2576 LSI_FC - ok
06:54:46.0220 2576 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:54:46.0235 2576 LSI_SAS - ok
06:54:46.0251 2576 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:54:46.0267 2576 LSI_SAS2 - ok
06:54:46.0282 2576 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:54:46.0298 2576 LSI_SCSI - ok
06:54:46.0329 2576 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
06:54:46.0345 2576 luafv - ok
06:54:46.0407 2576 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
06:54:46.0407 2576 MBAMProtector - ok
06:54:46.0547 2576 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:54:46.0547 2576 MBAMService - ok
06:54:46.0594 2576 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
06:54:46.0594 2576 Mcx2Svc - ok
06:54:46.0610 2576 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
06:54:46.0625 2576 megasas - ok
06:54:46.0672 2576 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
06:54:46.0672 2576 MegaSR - ok
06:54:46.0781 2576 Microsoft SharePoint Workspace Audit Service - ok
06:54:46.0828 2576 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
06:54:46.0828 2576 MMCSS - ok
06:54:46.0859 2576 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
06:54:46.0859 2576 Modem - ok
06:54:46.0906 2576 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
06:54:46.0906 2576 monitor - ok
06:54:46.0953 2576 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
06:54:46.0953 2576 mouclass - ok
06:54:46.0969 2576 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
06:54:46.0984 2576 mouhid - ok
06:54:47.0015 2576 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
06:54:47.0015 2576 mountmgr - ok
06:54:47.0062 2576 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
06:54:47.0062 2576 mpio - ok
06:54:47.0093 2576 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
06:54:47.0109 2576 mpsdrv - ok
06:54:47.0140 2576 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
06:54:47.0156 2576 MRxDAV - ok
06:54:47.0234 2576 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:54:47.0249 2576 mrxsmb - ok
06:54:47.0296 2576 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:54:47.0312 2576 mrxsmb10 - ok
06:54:47.0343 2576 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:54:47.0343 2576 mrxsmb20 - ok
06:54:47.0374 2576 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
06:54:47.0374 2576 msahci - ok
06:54:47.0421 2576 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
06:54:47.0437 2576 msdsm - ok
06:54:47.0499 2576 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
06:54:47.0515 2576 MSDTC - ok
06:54:47.0561 2576 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
06:54:47.0577 2576 Msfs - ok
06:54:47.0577 2576 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
06:54:47.0593 2576 mshidkmdf - ok
06:54:47.0608 2576 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
06:54:47.0608 2576 msisadrv - ok
06:54:47.0655 2576 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
06:54:47.0671 2576 MSiSCSI - ok
06:54:47.0671 2576 msiserver - ok
06:54:47.0717 2576 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
06:54:47.0733 2576 MSKSSRV - ok
06:54:47.0780 2576 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
06:54:47.0795 2576 MSPCLOCK - ok
06:54:47.0811 2576 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
06:54:47.0811 2576 MSPQM - ok
06:54:47.0858 2576 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
06:54:47.0873 2576 MsRPC - ok
06:54:47.0920 2576 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
06:54:47.0920 2576 mssmbios - ok
06:54:47.0936 2576 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
06:54:47.0936 2576 MSTEE - ok
06:54:47.0967 2576 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
06:54:47.0967 2576 MTConfig - ok
06:54:47.0998 2576 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
06:54:47.0998 2576 Mup - ok
06:54:48.0061 2576 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
06:54:48.0076 2576 napagent - ok
06:54:48.0139 2576 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
06:54:48.0154 2576 NativeWifiP - ok
06:54:48.0279 2576 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
06:54:48.0295 2576 NDIS - ok
06:54:48.0341 2576 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
06:54:48.0341 2576 NdisCap - ok
06:54:48.0373 2576 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
06:54:48.0373 2576 NdisTapi - ok
06:54:48.0404 2576 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
06:54:48.0419 2576 Ndisuio - ok
06:54:48.0466 2576 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
06:54:48.0482 2576 NdisWan - ok
06:54:48.0513 2576 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
06:54:48.0513 2576 NDProxy - ok
06:54:48.0560 2576 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
06:54:48.0560 2576 NetBIOS - ok
06:54:48.0607 2576 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
06:54:48.0622 2576 NetBT - ok
06:54:48.0653 2576 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:54:48.0653 2576 Netlogon - ok
06:54:48.0716 2576 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
06:54:48.0747 2576 Netman - ok
06:54:48.0794 2576 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
06:54:48.0809 2576 netprofm - ok
06:54:48.0887 2576 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:54:48.0887 2576 NetTcpPortSharing - ok
06:54:48.0934 2576 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
06:54:48.0934 2576 nfrd960 - ok
06:54:48.0997 2576 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
06:54:49.0028 2576 NlaSvc - ok
06:54:49.0043 2576 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
06:54:49.0043 2576 Npfs - ok
06:54:49.0075 2576 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
06:54:49.0075 2576 nsi - ok
06:54:49.0121 2576 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
06:54:49.0121 2576 nsiproxy - ok
06:54:49.0262 2576 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
06:54:49.0293 2576 Ntfs - ok
06:54:49.0433 2576 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
06:54:49.0433 2576 Null - ok
06:54:49.0496 2576 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
06:54:49.0511 2576 nvraid - ok
06:54:49.0543 2576 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
06:54:49.0558 2576 nvstor - ok
06:54:49.0605 2576 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
06:54:49.0621 2576 nv_agp - ok
06:54:49.0683 2576 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
06:54:49.0699 2576 ohci1394 - ok
06:54:49.0792 2576 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:54:49.0792 2576 ose - ok
06:54:50.0291 2576 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:54:50.0385 2576 osppsvc - ok
06:54:50.0525 2576 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
06:54:50.0557 2576 p2pimsvc - ok
06:54:50.0635 2576 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
06:54:50.0650 2576 p2psvc - ok
06:54:50.0744 2576 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
06:54:50.0744 2576 Parport - ok
06:54:50.0791 2576 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
06:54:50.0791 2576 partmgr - ok
06:54:50.0822 2576 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
06:54:50.0853 2576 PcaSvc - ok
06:54:50.0900 2576 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
06:54:50.0900 2576 pci - ok
06:54:50.0931 2576 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
06:54:50.0931 2576 pciide - ok
06:54:50.0962 2576 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
06:54:50.0962 2576 pcmcia - ok
06:54:50.0993 2576 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
06:54:50.0993 2576 pcw - ok
06:54:51.0056 2576 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
06:54:51.0071 2576 PEAUTH - ok
06:54:51.0165 2576 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
06:54:51.0165 2576 PerfHost - ok
06:54:51.0321 2576 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
06:54:51.0368 2576 pla - ok
06:54:51.0477 2576 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
06:54:51.0508 2576 PlugPlay - ok
06:54:51.0571 2576 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
06:54:51.0571 2576 PNRPAutoReg - ok
06:54:51.0602 2576 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
06:54:51.0617 2576 PNRPsvc - ok
06:54:51.0695 2576 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
06:54:51.0727 2576 PolicyAgent - ok
06:54:51.0773 2576 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
06:54:51.0789 2576 Power - ok
06:54:51.0883 2576 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
06:54:51.0883 2576 PptpMiniport - ok
06:54:51.0914 2576 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
06:54:51.0914 2576 Processor - ok
06:54:51.0976 2576 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
06:54:52.0007 2576 ProfSvc - ok
06:54:52.0039 2576 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:54:52.0039 2576 ProtectedStorage - ok
06:54:52.0101 2576 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
06:54:52.0101 2576 Psched - ok
06:54:52.0148 2576 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
06:54:52.0148 2576 PxHlpa64 - ok
06:54:52.0335 2576 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
06:54:52.0366 2576 ql2300 - ok
06:54:52.0553 2576 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
06:54:52.0553 2576 ql40xx - ok
06:54:52.0600 2576 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
06:54:52.0616 2576 QWAVE - ok
06:54:52.0663 2576 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
06:54:52.0663 2576 QWAVEdrv - ok
06:54:52.0678 2576 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
06:54:52.0678 2576 RasAcd - ok
06:54:52.0725 2576 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:54:52.0725 2576 RasAgileVpn - ok
06:54:52.0756 2576 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
06:54:52.0772 2576 RasAuto - ok
06:54:52.0834 2576 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:54:52.0834 2576 Rasl2tp - ok
06:54:52.0897 2576 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
06:54:52.0928 2576 RasMan - ok
06:54:52.0975 2576 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
06:54:52.0975 2576 RasPppoe - ok
06:54:52.0990 2576 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
06:54:52.0990 2576 RasSstp - ok
06:54:53.0053 2576 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
06:54:53.0068 2576 rdbss - ok
06:54:53.0115 2576 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
06:54:53.0115 2576 rdpbus - ok
06:54:53.0131 2576 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:54:53.0131 2576 RDPCDD - ok
06:54:53.0162 2576 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
06:54:53.0162 2576 RDPENCDD - ok
06:54:53.0209 2576 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
06:54:53.0209 2576 RDPREFMP - ok
06:54:53.0271 2576 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
06:54:53.0287 2576 RDPWD - ok
06:54:53.0349 2576 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
06:54:53.0349 2576 rdyboost - ok
06:54:53.0380 2576 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
06:54:53.0411 2576 RemoteAccess - ok
06:54:53.0443 2576 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
06:54:53.0458 2576 RemoteRegistry - ok
06:54:53.0505 2576 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
06:54:53.0505 2576 RpcEptMapper - ok
06:54:53.0536 2576 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
06:54:53.0552 2576 RpcLocator - ok
06:54:53.0630 2576 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
06:54:53.0630 2576 RpcSs - ok
06:54:53.0692 2576 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
06:54:53.0692 2576 rspndr - ok
06:54:53.0739 2576 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
06:54:53.0755 2576 RSUSBSTOR - ok
06:54:53.0801 2576 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:54:53.0817 2576 SamSs - ok
06:54:53.0864 2576 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
06:54:53.0864 2576 sbp2port - ok
06:54:53.0911 2576 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
06:54:53.0926 2576 SCardSvr - ok
06:54:53.0973 2576 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
06:54:53.0973 2576 scfilter - ok
06:54:54.0098 2576 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
06:54:54.0176 2576 Schedule - ok
06:54:54.0238 2576 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
06:54:54.0254 2576 SCPolicySvc - ok
06:54:54.0316 2576 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
06:54:54.0332 2576 SDRSVC - ok
06:54:54.0410 2576 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:54:54.0410 2576 secdrv - ok
06:54:54.0441 2576 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
06:54:54.0441 2576 seclogon - ok
06:54:54.0472 2576 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
06:54:54.0472 2576 SENS - ok
06:54:54.0503 2576 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
06:54:54.0503 2576 SensrSvc - ok
06:54:54.0519 2576 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
06:54:54.0519 2576 Serenum - ok
06:54:54.0550 2576 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
06:54:54.0550 2576 Serial - ok
06:54:54.0597 2576 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
06:54:54.0597 2576 sermouse - ok
06:54:54.0675 2576 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
06:54:54.0691 2576 SessionEnv - ok
06:54:54.0722 2576 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
06:54:54.0722 2576 sffdisk - ok
06:54:54.0737 2576 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
06:54:54.0737 2576 sffp_mmc - ok
06:54:54.0753 2576 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
06:54:54.0753 2576 sffp_sd - ok
06:54:54.0784 2576 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
06:54:54.0784 2576 sfloppy - ok
06:54:54.0847 2576 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
06:54:54.0862 2576 ShellHWDetection - ok
06:54:54.0893 2576 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:54:54.0893 2576 SiSRaid2 - ok
06:54:54.0925 2576 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
06:54:54.0925 2576 SiSRaid4 - ok
06:54:54.0956 2576 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
06:54:54.0956 2576 Smb - ok
06:54:55.0003 2576 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
06:54:55.0003 2576 SNMPTRAP - ok
06:54:55.0034 2576 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
06:54:55.0034 2576 spldr - ok
06:54:55.0112 2576 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
06:54:55.0127 2576 Spooler - ok
06:54:55.0408 2576 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
06:54:55.0486 2576 sppsvc - ok
06:54:55.0627 2576 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
06:54:55.0642 2576 sppuinotify - ok
06:54:55.0751 2576 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
06:54:55.0767 2576 SQLWriter - ok
06:54:55.0861 2576 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
06:54:55.0876 2576 srv - ok
06:54:55.0939 2576 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
06:54:55.0954 2576 srv2 - ok
06:54:55.0985 2576 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
06:54:56.0001 2576 srvnet - ok
06:54:56.0048 2576 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
06:54:56.0048 2576 SSDPSRV - ok
06:54:56.0079 2576 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
06:54:56.0079 2576 SstpSvc - ok
06:54:56.0219 2576 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
06:54:56.0219 2576 STacSV - ok
06:54:56.0251 2576 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
06:54:56.0251 2576 stexstor - ok
06:54:56.0313 2576 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
06:54:56.0344 2576 STHDA - ok
06:54:56.0422 2576 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
06:54:56.0453 2576 stisvc - ok
06:54:56.0516 2576 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
06:54:56.0516 2576 swenum - ok
06:54:56.0578 2576 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
06:54:56.0594 2576 swprv - ok
06:54:56.0656 2576 SynTP (3178b56219e0e4fb5f95299e49b83b44) C:\Windows\system32\DRIVERS\SynTP.sys
06:54:56.0656 2576 SynTP - ok
06:54:56.0828 2576 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
06:54:56.0875 2576 SysMain - ok
06:54:57.0015 2576 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
06:54:57.0031 2576 TabletInputService - ok
06:54:57.0109 2576 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
06:54:57.0155 2576 TapiSrv - ok
06:54:57.0171 2576 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
06:54:57.0202 2576 TBS - ok
06:54:57.0405 2576 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
06:54:57.0436 2576 Tcpip - ok
06:54:57.0857 2576 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
06:54:57.0857 2576 TCPIP6 - ok
06:54:57.0967 2576 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
06:54:57.0967 2576 tcpipreg - ok
06:54:57.0998 2576 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
06:54:57.0998 2576 TDPIPE - ok
06:54:58.0045 2576 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
06:54:58.0045 2576 TDTCP - ok
06:54:58.0091 2576 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
06:54:58.0107 2576 tdx - ok
06:54:58.0138 2576 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
06:54:58.0138 2576 TermDD - ok
06:54:58.0232 2576 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
06:54:58.0247 2576 TermService - ok
06:54:58.0310 2576 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
06:54:58.0310 2576 Themes - ok
06:54:58.0341 2576 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
06:54:58.0357 2576 THREADORDER - ok
06:54:58.0388 2576 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
06:54:58.0403 2576 TrkWks - ok
06:54:58.0466 2576 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
06:54:58.0481 2576 TrustedInstaller - ok
06:54:58.0544 2576 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:54:58.0544 2576 tssecsrv - ok
06:54:58.0622 2576 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
06:54:58.0622 2576 TsUsbFlt - ok
06:54:58.0684 2576 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
06:54:58.0700 2576 tunnel - ok
06:54:58.0731 2576 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
06:54:58.0731 2576 uagp35 - ok
06:54:58.0793 2576 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
06:54:58.0809 2576 udfs - ok
06:54:58.0840 2576 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
06:54:58.0856 2576 UI0Detect - ok
06:54:58.0903 2576 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
06:54:58.0903 2576 uliagpkx - ok
06:54:58.0949 2576 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
06:54:58.0949 2576 umbus - ok
06:54:58.0981 2576 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
06:54:58.0981 2576 UmPass - ok
06:54:59.0012 2576 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
06:54:59.0027 2576 upnphost - ok
06:54:59.0059 2576 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
06:54:59.0074 2576 USBAAPL64 - ok
06:54:59.0105 2576 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
06:54:59.0105 2576 usbccgp - ok
06:54:59.0137 2576 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
06:54:59.0152 2576 usbcir - ok
06:54:59.0168 2576 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
06:54:59.0183 2576 usbehci - ok
06:54:59.0230 2576 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
06:54:59.0246 2576 usbhub - ok
06:54:59.0277 2576 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
06:54:59.0277 2576 usbohci - ok
06:54:59.0324 2576 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
06:54:59.0339 2576 usbprint - ok
06:54:59.0371 2576 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
06:54:59.0371 2576 usbscan - ok
06:54:59.0417 2576 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:54:59.0417 2576 USBSTOR - ok
06:54:59.0433 2576 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
06:54:59.0449 2576 usbuhci - ok
06:54:59.0511 2576 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
06:54:59.0527 2576 usbvideo - ok
06:54:59.0558 2576 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
06:54:59.0573 2576 UxSms - ok
06:54:59.0589 2576 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
06:54:59.0589 2576 VaultSvc - ok
06:54:59.0620 2576 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
06:54:59.0620 2576 vdrvroot - ok
06:54:59.0683 2576 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
06:54:59.0714 2576 vds - ok
06:54:59.0761 2576 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
06:54:59.0761 2576 vga - ok
06:54:59.0792 2576 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
06:54:59.0792 2576 VgaSave - ok
06:54:59.0854 2576 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
06:54:59.0854 2576 vhdmp - ok
06:54:59.0901 2576 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
06:54:59.0901 2576 viaide - ok
06:54:59.0932 2576 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
06:54:59.0932 2576 volmgr - ok
06:54:59.0979 2576 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
06:54:59.0995 2576 volmgrx - ok
06:55:00.0026 2576 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
06:55:00.0026 2576 volsnap - ok
06:55:00.0088 2576 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
06:55:00.0104 2576 vsmraid - ok
06:55:00.0291 2576 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
06:55:00.0338 2576 VSS - ok
06:55:00.0494 2576 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
06:55:00.0494 2576 vwifibus - ok
06:55:00.0525 2576 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
06:55:00.0525 2576 vwififlt - ok
06:55:00.0556 2576 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
06:55:00.0556 2576 vwifimp - ok
06:55:00.0603 2576 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
06:55:00.0650 2576 W32Time - ok
06:55:00.0681 2576 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
06:55:00.0681 2576 WacomPen - ok
06:55:00.0759 2576 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:55:00.0759 2576 WANARP - ok
06:55:00.0759 2576 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:55:00.0775 2576 Wanarpv6 - ok
06:55:00.0899 2576 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
06:55:00.0946 2576 WatAdminSvc - ok
06:55:01.0102 2576 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
06:55:01.0149 2576 wbengine - ok
06:55:01.0274 2576 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
06:55:01.0305 2576 WbioSrvc - ok
06:55:01.0383 2576 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
06:55:01.0414 2576 wcncsvc - ok
06:55:01.0461 2576 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
06:55:01.0461 2576 WcsPlugInService - ok
06:55:01.0555 2576 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
06:55:01.0555 2576 Wd - ok
06:55:01.0648 2576 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
06:55:01.0664 2576 Wdf01000 - ok
06:55:01.0679 2576 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
06:55:01.0695 2576 WdiServiceHost - ok
06:55:01.0695 2576 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
06:55:01.0711 2576 WdiSystemHost - ok
06:55:01.0757 2576 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
06:55:01.0773 2576 WebClient - ok
06:55:01.0804 2576 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
06:55:01.0820 2576 Wecsvc - ok
06:55:01.0835 2576 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
06:55:01.0867 2576 wercplsupport - ok
06:55:01.0898 2576 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
06:55:01.0913 2576 WerSvc - ok
06:55:01.0991 2576 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
06:55:01.0991 2576 WfpLwf - ok
06:55:02.0038 2576 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
06:55:02.0054 2576 WimFltr - ok
06:55:02.0069 2576 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
06:55:02.0085 2576 WIMMount - ok
06:55:02.0101 2576 WinHttpAutoProxySvc - ok
06:55:02.0179 2576 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
06:55:02.0179 2576 Winmgmt - ok
06:55:02.0366 2576 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
06:55:02.0413 2576 WinRM - ok
06:55:02.0600 2576 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
06:55:02.0600 2576 WinUsb - ok
06:55:02.0709 2576 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
06:55:02.0740 2576 Wlansvc - ok
06:55:03.0052 2576 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:55:03.0068 2576 wlidsvc - ok
06:55:03.0130 2576 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
06:55:03.0130 2576 wltrysvc - ok
06:55:03.0286 2576 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
06:55:03.0286 2576 WmiAcpi - ok
06:55:03.0380 2576 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
06:55:03.0380 2576 wmiApSrv - ok
06:55:03.0427 2576 WMPNetworkSvc - ok
06:55:03.0473 2576 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
06:55:03.0473 2576 WPCSvc - ok
06:55:03.0520 2576 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
06:55:03.0536 2576 WPDBusEnum - ok
06:55:03.0583 2576 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
06:55:03.0583 2576 ws2ifsl - ok
06:55:03.0598 2576 WSearch - ok
06:55:03.0676 2576 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
06:55:03.0692 2576 WudfPf - ok
06:55:03.0754 2576 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:55:03.0770 2576 WUDFRd - ok
06:55:03.0880 2576 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
06:55:03.0896 2576 wudfsvc - ok
06:55:03.0979 2576 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
06:55:03.0999 2576 WwanSvc - ok
06:55:04.0069 2576 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
06:55:04.0079 2576 yukonw7 - ok
06:55:04.0109 2576 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
06:55:04.0179 2576 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
06:55:04.0179 2576 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
06:55:04.0189 2576 Boot (0x1200) (9025f5f50a56850b1f101cd31fc80309) \Device\Harddisk0\DR0\Partition0
06:55:04.0189 2576 \Device\Harddisk0\DR0\Partition0 - ok
06:55:04.0209 2576 Boot (0x1200) (8f9a893b33e16e19a2c57b61f85520bb) \Device\Harddisk0\DR0\Partition1
06:55:04.0209 2576 \Device\Harddisk0\DR0\Partition1 - ok
06:55:04.0209 2576 ============================================================
06:55:04.0209 2576 Scan finished
06:55:04.0209 2576 ============================================================
06:55:04.0229 7008 Detected object count: 1
06:55:04.0229 7008 Actual detected object count: 1
06:55:16.0165 7008 \Device\Harddisk0\DR0\# - copied to quarantine
06:55:16.0165 7008 \Device\Harddisk0\DR0 - copied to quarantine
06:55:16.0212 7008 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
06:55:20.0818 7008 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
06:55:20.0828 7008 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
06:55:20.0917 7008 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
06:55:20.0971 7008 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
06:55:21.0050 7008 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
06:55:21.0110 7008 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
06:55:21.0112 7008 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
06:55:21.0115 7008 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
06:55:21.0120 7008 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
06:55:21.0382 7008 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
06:55:21.0482 7008 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
06:55:21.0485 7008 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
06:55:21.0488 7008 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
06:55:21.0544 7008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
06:55:21.0546 7008 \Device\Harddisk0\DR0 - ok
06:55:21.0551 7008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
06:56:46.0977 3296 Deinitialize success

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:36 PM

Posted 30 July 2012 - 07:38 PM

Very well.

Update MBAM, re-run it and post new log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 sdelanty93

sdelanty93
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 31 July 2012 - 06:14 PM

two t-horses keep showing up no matter how many times I run mbam

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
home :: HOME-PC [administrator]

7/31/2012 5:44:45 PM
mbam-log-2012-07-31 (17-44-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214173
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3428 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:36 PM

Posted 31 July 2012 - 07:22 PM

You'll need more advanced help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users