Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe *32 description: winrscmde


  • Please log in to reply
11 replies to this topic

#1 Stinkoman K 20X6

Stinkoman K 20X6

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 August 2012 - 09:41 PM

I have this strange svchost.exe with a *32 mark on it in my task manager with the description "winrscmde", and the properties says it's original file name is winrscmde.exe. the process is extremely resource intensive at times, using up to 10%-40% CPU and 200 megs of ram, maybe even more at times, and at other times, very little. The file is in C:\Windows. Each time I try to delete the file, whether with MBAM or manually, the comes back and starts again in seconds, same with closing the process in task manager. The file is detected as trojan.agent, Other: 1652 by MBAM. I am running windows 7 ultimate 64 bit.

Thanks for taking the time to help a stranger,
Jovan.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:23 PM

Posted 09 August 2012 - 10:32 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Stinkoman K 20X6

Stinkoman K 20X6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 09 August 2012 - 11:54 PM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 33
Java version out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

-------------------------------------------------------------------------------

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

-----------------------------------------------------------------------

MiniToolBox by Farbar Version: 23-07-2012
Ran by Jovan Stubbs (administrator) on 09-08-2012 at 20:44:38
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
ASUS PCE-N15 11n Wireless LAN PCI-E Card = Wireless Network Connection 2 (Hardware not present)
Hamachi Network Interface = Hamachi (Hardware not present)
TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Media disconnected)
TAP-Win32 Adapter V9 (Tunngle) = Local Area Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0

nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled

weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled

currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Compy
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : rnxn4ps

Ethernet adapter Tunngle:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
Physical Address. . . . . . . . . : 00-FF-2D-62-05-E6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle) #2
Physical Address. . . . . . . . . : 00-FF-24-02-E5-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : rnxn4ps
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-24-1D-20-E3-F1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::458:ef70:de50:8751%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.110(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 09, 2012 4:54:44 PM
Lease Expires . . . . . . . . . . : Sunday, August 07, 2022 4:54:44 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234890269
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-0B-DD-27-00-24-1D-20-E3-F1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Primary WINS Server . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{2D6205E6-F843-4162-B028-AD270CA2CE1D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2433:2d72:b38c:9553(Preferred)
Link-local IPv6 Address . . . . . : fe80::2433:2d72:b38c:9553%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.rnxn4ps:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : rnxn4ps
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2402E539-9C5D-4A06-858D-789153D767DD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: rnxn4ps.rnxn4ps
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:400a:801::1008
173.194.33.7
173.194.33.14
173.194.33.8
173.194.33.1
173.194.33.9
173.194.33.0
173.194.33.4
173.194.33.6
173.194.33.2
173.194.33.5
173.194.33.3


Pinging google.com [173.194.33.3] with 32 bytes of data:
Reply from 173.194.33.3: bytes=32 time=14ms TTL=55
Reply from 173.194.33.3: bytes=32 time=14ms TTL=55

Ping statistics for 173.194.33.3:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 14ms, Average = 14ms
Server: rnxn4ps.rnxn4ps
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=65ms TTL=50
Reply from 209.191.122.70: bytes=32 time=64ms TTL=50

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 65ms, Average = 64ms
Server: rnxn4ps.rnxn4ps
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
22...00 ff 2d 62 05 e6 ......TAP-Win32 Adapter V9 (Tunngle)
23...00 ff 24 02 e5 39 ......TAP-Win32 Adapter V9 (Tunngle) #2
10...00 24 1d 20 e3 f1 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.110 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.110 276
192.168.0.110 255.255.255.255 On-link 192.168.0.110 276
192.168.0.255 255.255.255.255 On-link 192.168.0.110 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.110 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.110 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:2433:2d72:b38c:9553/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
10 276 fe80::458:ef70:de50:8751/128
On-link
11 306 fe80::2433:2d72:b38c:9553/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/09/2012 05:08:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: mshtml.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x0021d9dc
Faulting process id: 0xaf4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/08/2012 02:52:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: mshtml.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x0021d9dc
Faulting process id: 0x17f4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/08/2012 01:52:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: mshtml.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x0021d9dc
Faulting process id: 0xfe8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/08/2012 01:30:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: mshtml.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x00301fb1
Faulting process id: 0x1ad0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/07/2012 11:49:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x0002e3be
Faulting process id: 0x1244
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/07/2012 07:44:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x0021d9dc
Faulting process id: 0xd20
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/07/2012 02:40:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: jvm.dll, version: 20.6.0.1, time stamp: 0x4f2cd3a4
Exception code: 0xc0000005
Fault offset: 0x0005e4e2
Faulting process id: 0x1398
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/07/2012 02:09:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xe5f16da5
Faulting process id: 0xe70
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/07/2012 01:12:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: mshtml.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x0021d9dc
Faulting process id: 0xa38
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/06/2012 11:47:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: mshtml.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x0021d9dc
Faulting process id: 0x11ac
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (08/09/2012 05:11:48 PM) (Source: Service Control Manager) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has

done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/09/2012 05:11:48 PM) (Source: Service Control Manager) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/09/2012 05:11:48 PM) (Source: Service Control Manager) (User: )
Description: The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time

(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/09/2012 05:11:48 PM) (Source: Service Control Manager) (User: )
Description: The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s).

The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/09/2012 05:11:48 PM) (Source: Service Control Manager) (User: )
Description: The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/09/2012 05:11:48 PM) (Source: Service Control Manager) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1

time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/09/2012 05:11:48 PM) (Source: Service Control Manager) (User: )
Description: The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 100 milliseconds: Restart the service.

Error: (08/09/2012 05:11:48 PM) (Source: Service Control Manager) (User: )
Description: The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/09/2012 05:11:48 PM) (Source: Service Control Manager) (User: )
Description: The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/09/2012 01:35:38 AM) (Source: Service Control Manager) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has

done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (08/09/2012 05:08:23 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5mshtml.dll9.0.8112.164474fc9d776c00000050021d9dcaf401cd7684d8c43f2c

\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\mshtml.dll7f4abf0e-e27f-11e1-a63b-00241d20e3f1

Error: (08/08/2012 02:52:03 AM) (Source: Application Error)(User: )
Description:

svchost.exe6.1.7600.163854a5bc3c5mshtml.dll9.0.8112.164474fc9d776c00000050021d9dc17f401cd75433a2bf8de\\.

\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\mshtml.dllb3db9800-e13e-11e1-94e1-00241d20e3f1

Error: (08/08/2012 01:52:48 AM) (Source: Application Error)(User: )
Description:

svchost.exe6.1.7600.163854a5bc3c5mshtml.dll9.0.8112.164474fc9d776c00000050021d9dcfe801cd75413d9d6203\\.

\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\mshtml.dll6d6ce1b8-e136-11e1-94e1-00241d20e3f1

Error: (08/08/2012 01:30:12 AM) (Source: Application Error)(User: )
Description:

svchost.exe6.1.7600.163854a5bc3c5mshtml.dll9.0.8112.164474fc9d776c000000500301fb11ad001cd7533012c6f6f\\.

\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\mshtml.dll4540bf24-e133-11e1-94e1-00241d20e3f1

Error: (08/07/2012 11:49:51 PM) (Source: Application Error)(User: )
Description:

svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.177254ec49b8fc00000050002e3be124401cd751f030d6603\\.

\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dll3fed438a-e125-11e1-94e1-00241d20e3f1

Error: (08/07/2012 07:44:00 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5MSHTML.dll9.0.8112.164474fc9d776c00000050021d9dcd2001cd7502f12181dc

\\.\globalroot\systemroot\svchost.exeC:\Windows\system32\MSHTML.dlle81bb3a0-e102-11e1-94e1-00241d20e3f1

Error: (08/07/2012 02:40:50 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5jvm.dll20.6.0.14f2cd3a4c00000050005e4e2139801cd747cb3b0ae43\\.

\globalroot\systemroot\svchost.exeC:\PROGRA~2\Java\jre6\bin\client\jvm.dllf8442514-e073-11e1-9acc-00241d20e3f1

Error: (08/07/2012 02:09:30 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c0000005e5f16da5e7001cd7474a89d4ed9\\.

\globalroot\systemroot\svchost.exeunknown97eec618-e06f-11e1-9acc-00241d20e3f1

Error: (08/07/2012 01:12:54 AM) (Source: Application Error)(User: )
Description:

svchost.exe6.1.7600.163854a5bc3c5mshtml.dll9.0.8112.164474fc9d776c00000050021d9dca3801cd7468ecdd6605\\.

\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\mshtml.dllb02a2cc2-e067-11e1-9acc-00241d20e3f1

Error: (08/06/2012 11:47:05 PM) (Source: Application Error)(User: )
Description:

svchost.exe6.1.7600.163854a5bc3c5mshtml.dll9.0.8112.164474fc9d776c00000050021d9dc11ac01cd74463b51dbb3\\.

\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\mshtml.dllb29f8fba-e05b-11e1-9acc-00241d20e3f1


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Flash Player 11 Plugin (Version: 11.3.300.270)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Alien Swarm
Aliens versus Predator Classic 2000
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.938.1)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70524.1716)
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Application Profiles (Version: 2.0.4331.36041)
Arx Fatalis (Version: 1.0.0)
Arx Libertatis (Version: 1.0.2)
Aspell English Dictionary-0.50-2
Auslogics Disk Defrag (Version: version 3.3)
Baldur's Gate II
Baldur's Gate Tutu
Battle for Wesnoth 1.10.0 (Version: 1.10.0)
BioShock
Bitcoin (Version: 0.6.3)
BlackBerry Device Manager 7.0 (Version: 7.0.0.40)
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0524.1614.27160)
Catalyst Control Center Graphics Previews Common (Version: 2012.0524.1614.27160)
Catalyst Control Center Localization All (Version: 2012.0524.1614.27160)
ccc-utility64 (Version: 2012.0524.1614.27160)
CCC Help Chinese Standard (Version: 2012.0524.1613.27160)
CCC Help Chinese Traditional (Version: 2012.0524.1613.27160)
CCC Help Czech (Version: 2012.0524.1613.27160)
CCC Help Danish (Version: 2012.0524.1613.27160)
CCC Help Dutch (Version: 2012.0524.1613.27160)
CCC Help English (Version: 2012.0524.1613.27160)
CCC Help Finnish (Version: 2012.0524.1613.27160)
CCC Help French (Version: 2012.0524.1613.27160)
CCC Help German (Version: 2012.0524.1613.27160)
CCC Help Greek (Version: 2012.0524.1613.27160)
CCC Help Hungarian (Version: 2012.0524.1613.27160)
CCC Help Italian (Version: 2012.0524.1613.27160)
CCC Help Japanese (Version: 2012.0524.1613.27160)
CCC Help Korean (Version: 2012.0524.1613.27160)
CCC Help Norwegian (Version: 2012.0524.1613.27160)
CCC Help Polish (Version: 2012.0524.1613.27160)
CCC Help Portuguese (Version: 2012.0524.1613.27160)
CCC Help Russian (Version: 2012.0524.1613.27160)
CCC Help Spanish (Version: 2012.0524.1613.27160)
CCC Help Swedish (Version: 2012.0524.1613.27160)
CCC Help Thai (Version: 2012.0524.1613.27160)
CCC Help Turkish (Version: 2012.0524.1613.27160)
CCleaner (Version: 3.21)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CPUID CPU-Z 1.59
Creation Kit
Crysis Wars®
Crysis Wars® (Version: 1.0)
Crysis Wars® Patch
Crysis Wars® Patch (Version: 1.0.5.0)
DDPB (Version: 1.0.9)
Dear Esther
DiscJuggler (Version: 6.0.0.1400)
Dota 2
Dragon NaturallySpeaking 11 (Version: 11.50.100)
Fallout Mod Manager 0.13.21
Fallout: New Vegas
Garry's Mod
Glary Utilities 2.47.0.1539 (Version: 2.47.0.1539)
GNU Aspell 0.50-3
GOG.com Downloader version 3.0.25 (Version: 3.0.25)
Google Chrome (Version: 21.0.1180.75)
ImgBurn (Version: 2.5.6.0)
Inkscape 0.48.3.1 (Version: 0.48.3.1)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ 7 Update 4 (64-bit) (Version: 7.0.40)
LDraw All-In-One-Installer 2011-01 (Version: 2011-01)
LDraw Parts Library 2011-02
Legend of Grimrock
LibreOffice 3.5 (Version: 3.5.2.202)
LogMeIn Hamachi (Version: 2.1.0.166)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Moon Breakers
Morrowind
Mount and Blade Warband - Demo
Mount&Blade Warband
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
Mp3tag v2.49a (Version: v2.49a)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nexus Mod Manager (Version: 0.19.0)
Notepad++ (Version: 5.9.8)
Oblivion (Version: 1.00.0000)
OpenAL
Opera 12.01 (Version: 12.01.1532)
Paint.NET v3.5.10 (Version: 3.60.0)
PCSX2 - Playstation 2 Emulator
Pirates, Vikings, & Knights II
PunkBuster Services (Version: 0.986)
Python 2.7.2 (Version: 2.7.2150)
QuickTime (Version: 7.72.80.56)
Rayman 2: The Great Escape GOG Edition
Realtek Ethernet Controller Driver (Version: 7.46.531.2011)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.6409)
Realtek High Definition Audio Driver (Version: 6.0.1.6449)
REALTEK Wireless LAN Driver (Version: 1.00.0180)
Recover My Files (Version: 4.9.4.1343)
RPTools CharTool
SEGA Genesis Classic Collection: Gold Edition
Skype™ 5.9 (Version: 5.9.115)
Source SDK Base 2007
SpeedFan (remove only)
SR 3D Builder v 0.6.0.9 (Version: v 0.6.0.9)
Steam (Version: 1.0.0.0)
SumatraPDF (Version: 1.9)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (64-bit) (Version: 4.4.24.0)
System Requirements Lab for Intel (Version: 4.4.24.0)
Team Fortress 2
TES Construction Set
The Elder Scrolls V: Skyrim
theHunter (remove only)
Tunngle beta
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 11.0.0)
VLC media player 2.0.2 (Version: 2.0.2)
War2Combat 3.05 (Version: 3.05)
WinCDEmu (Version: 3.6)

========================= Devices: ================================

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device

wizard. Follow the instructions.

Name: ASUS PCE-N15 11n Wireless LAN PCI-E Card
Description: ASUS PCE-N15 11n Wireless LAN PCI-E Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK Computer Inc.
Service: RTL8192Ce
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device

wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 68%
Total physical RAM: 2046.49 MB
Available physical RAM: 645.52 MB
Total Pagefile: 4092.98 MB
Available Pagefile: 1864.22 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.23 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:465.76 GB) (Free:137.67 GB) NTFS

========================= Users: ========================================

User accounts for \\COMPY

Administrator Guest Jovan Stubbs


**** End of log ****

----------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jovan Stubbs :: COMPY [administrator]

8/9/2012 8:49:50 PM
mbam-log-201okmkmiokmi0-53-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP |

PUM
Scan options disabled: P2P
Objects scanned: 190769
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5048 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

----------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 21:05:51
-----------------------------
21:05:51.714 OS Version: Windows x64 6.1.7601 Service Pack 1
21:05:51.714 Number of processors: 2 586 0x1706
21:05:51.714 ComputerName: COMPY UserName:
21:05:52.697 Initialize success
21:06:30.766 AVAST engine defs: 12080901
21:06:51.892 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
21:06:51.892 Disk 0 Vendor: ST3500418AS CC38 Size: 476938MB BusType: 3
21:06:51.892 Device \Driver\atapi -> MajorFunction fffffa8002d7a5e8
21:06:51.907 Disk 0 MBR read successfully
21:06:51.907 Disk 0 MBR scan
21:06:51.970 Disk 0 Windows 7 default MBR code
21:06:51.970 Disk 0 MBR hidden
21:06:51.985 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476936 MB offset 2048
21:06:52.032 Disk 0 scanning C:\Windows\system32\drivers
21:07:06.290 Service scanning
21:07:34.085 Modules scanning
21:07:34.090 Disk 0 trace - called modules:
21:07:34.094 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8002d7a5e8]<<
21:07:34.459 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027dd060]
21:07:34.463 3 CLASSPNP.SYS[fffff8800197d43f] -> nt!IofCallDriver -> [0xfffffa80023bc520]
21:07:34.468 5 ACPI.sys[fffff88000f9c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3

[0xfffffa80025d2060]
21:07:34.472 \Driver\atapi[0xfffffa8002cb3e70] -> IRP_MJ_CREATE -> 0xfffffa8002d7a5e8
21:07:35.400 AVAST engine scan C:\Windows
21:07:37.709 AVAST engine scan C:\Windows\system32
21:11:42.611 AVAST engine scan C:\Windows\system32\drivers
21:11:57.508 AVAST engine scan C:\Users\Jovan Stubbs
21:29:45.220 AVAST engine scan C:\ProgramData
21:30:44.026 Scan finished successfully
21:53:16.048 Disk 0 MBR has been saved successfully to "C:\Users\Jovan Stubbs\Desktop\MBR.dat"
21:53:16.090 The log file has been saved successfully to "C:\Users\Jovan Stubbs\Desktop\aswMBR.txt"


--------------------------------------------------------------------------------------------------------------

Thank you so much.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:23 PM

Posted 09 August 2012 - 11:58 PM

Please disable "word wrap" in Notepad as some of your logs are hard to read.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Stinkoman K 20X6

Stinkoman K 20X6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 10 August 2012 - 12:09 AM

22:00:48.0740 1444 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:00:49.0272 1444 ============================================================
22:00:49.0272 1444 Current date / time: 2012/08/09 22:00:49.0272
22:00:49.0272 1444 SystemInfo:
22:00:49.0272 1444
22:00:49.0272 1444 OS Version: 6.1.7601 ServicePack: 1.0
22:00:49.0272 1444 Product type: Workstation
22:00:49.0272 1444 ComputerName: COMPY
22:00:49.0272 1444 UserName: Jovan Stubbs
22:00:49.0272 1444 Windows directory: C:\Windows
22:00:49.0272 1444 System windows directory: C:\Windows
22:00:49.0272 1444 Running under WOW64
22:00:49.0272 1444 Processor architecture: Intel x64
22:00:49.0272 1444 Number of processors: 2
22:00:49.0272 1444 Page size: 0x1000
22:00:49.0272 1444 Boot type: Normal boot
22:00:49.0272 1444 ============================================================
22:00:50.0655 1444 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:00:50.0697 1444 ============================================================
22:00:50.0697 1444 \Device\Harddisk0\DR0:
22:00:50.0698 1444 MBR partitions:
22:00:50.0698 1444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000
22:00:50.0698 1444 ============================================================
22:00:50.0726 1444 C: <-> \Device\Harddisk0\DR0\Partition0
22:00:50.0726 1444 ============================================================
22:00:50.0726 1444 Initialize success
22:00:50.0726 1444 ============================================================
22:01:23.0314 3108 ============================================================
22:01:23.0314 3108 Scan started
22:01:23.0314 3108 Mode: Manual;
22:01:23.0314 3108 ============================================================
22:01:25.0801 3108 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:01:25.0804 3108 1394ohci - ok
22:01:25.0856 3108 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:01:25.0860 3108 ACPI - ok
22:01:25.0898 3108 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:01:25.0899 3108 AcpiPmi - ok
22:01:25.0999 3108 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:01:26.0002 3108 AdobeFlashPlayerUpdateSvc - ok
22:01:26.0038 3108 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:01:26.0044 3108 adp94xx - ok
22:01:26.0074 3108 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:01:26.0078 3108 adpahci - ok
22:01:26.0092 3108 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:01:26.0094 3108 adpu320 - ok
22:01:26.0116 3108 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:01:26.0118 3108 AeLookupSvc - ok
22:01:26.0188 3108 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:01:26.0194 3108 AFD - ok
22:01:26.0230 3108 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:01:26.0231 3108 agp440 - ok
22:01:26.0240 3108 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:01:26.0243 3108 ALG - ok
22:01:26.0266 3108 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:01:26.0267 3108 aliide - ok
22:01:26.0306 3108 AMD External Events Utility (7b756db25aba47511ef6ed5cae09f7d0) C:\Windows\system32\atiesrxx.exe
22:01:26.0309 3108 AMD External Events Utility - ok
22:01:26.0320 3108 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:01:26.0321 3108 amdide - ok
22:01:26.0343 3108 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:01:26.0345 3108 AmdK8 - ok
22:01:26.0593 3108 amdkmdag (9a1293261c4aa27a301e7f6b7f6dbf38) C:\Windows\system32\DRIVERS\atikmdag.sys
22:01:26.0745 3108 amdkmdag - ok
22:01:26.0797 3108 amdkmdap (838d981916625d007ad1096604bba04b) C:\Windows\system32\DRIVERS\atikmpag.sys
22:01:26.0801 3108 amdkmdap - ok
22:01:26.0816 3108 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:01:26.0818 3108 AmdPPM - ok
22:01:26.0868 3108 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:01:26.0869 3108 amdsata - ok
22:01:26.0888 3108 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:01:26.0891 3108 amdsbs - ok
22:01:26.0901 3108 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:01:26.0902 3108 amdxata - ok
22:01:27.0042 3108 appdrv01 (ac3bf7251a58d5f1e68c85604303b4e7) C:\Windows\system32\Drivers\appdrv01.sys
22:01:27.0098 3108 appdrv01 - ok
22:01:27.0157 3108 appdrvrem01 - ok
22:01:27.0219 3108 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:01:27.0220 3108 AppID - ok
22:01:27.0235 3108 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:01:27.0236 3108 AppIDSvc - ok
22:01:27.0279 3108 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:01:27.0280 3108 Appinfo - ok
22:01:27.0316 3108 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:01:27.0321 3108 AppMgmt - ok
22:01:27.0348 3108 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:01:27.0350 3108 arc - ok
22:01:27.0360 3108 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:01:27.0362 3108 arcsas - ok
22:01:27.0469 3108 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:01:27.0472 3108 aspnet_state - ok
22:01:27.0502 3108 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:01:27.0503 3108 AsyncMac - ok
22:01:27.0544 3108 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:01:27.0544 3108 atapi - ok
22:01:27.0816 3108 atikmdag (9a1293261c4aa27a301e7f6b7f6dbf38) C:\Windows\system32\drivers\atikmdag.sys
22:01:27.0876 3108 atikmdag - ok
22:01:27.0967 3108 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:01:27.0974 3108 AudioEndpointBuilder - ok
22:01:27.0981 3108 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:01:27.0985 3108 AudioSrv - ok
22:01:28.0033 3108 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:01:28.0035 3108 AxInstSV - ok
22:01:28.0084 3108 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:01:28.0090 3108 b06bdrv - ok
22:01:28.0114 3108 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:01:28.0118 3108 b57nd60a - ok
22:01:28.0167 3108 BazisVirtualCDBus (326e77ea6e9bf27c7cd2837d65db96c7) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
22:01:28.0170 3108 BazisVirtualCDBus - ok
22:01:28.0201 3108 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:01:28.0203 3108 BDESVC - ok
22:01:28.0214 3108 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:01:28.0215 3108 Beep - ok
22:01:28.0274 3108 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:01:28.0280 3108 BFE - ok
22:01:28.0341 3108 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:01:28.0350 3108 BITS - ok
22:01:28.0381 3108 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:01:28.0382 3108 blbdrive - ok
22:01:28.0422 3108 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:01:28.0423 3108 bowser - ok
22:01:28.0438 3108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:01:28.0439 3108 BrFiltLo - ok
22:01:28.0451 3108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:01:28.0453 3108 BrFiltUp - ok
22:01:28.0492 3108 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:01:28.0493 3108 Browser - ok
22:01:28.0507 3108 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:01:28.0512 3108 Brserid - ok
22:01:28.0523 3108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:01:28.0525 3108 BrSerWdm - ok
22:01:28.0539 3108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:01:28.0540 3108 BrUsbMdm - ok
22:01:28.0548 3108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:01:28.0549 3108 BrUsbSer - ok
22:01:28.0570 3108 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:01:28.0572 3108 BTHMODEM - ok
22:01:28.0606 3108 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:01:28.0608 3108 bthserv - ok
22:01:28.0627 3108 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:01:28.0629 3108 cdfs - ok
22:01:28.0681 3108 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:01:28.0684 3108 cdrom - ok
22:01:28.0725 3108 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:01:28.0727 3108 CertPropSvc - ok
22:01:28.0743 3108 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:01:28.0745 3108 circlass - ok
22:01:28.0766 3108 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:01:28.0770 3108 CLFS - ok
22:01:28.0815 3108 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:01:28.0818 3108 clr_optimization_v2.0.50727_32 - ok
22:01:28.0861 3108 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:01:28.0863 3108 clr_optimization_v2.0.50727_64 - ok
22:01:28.0945 3108 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:01:28.0986 3108 clr_optimization_v4.0.30319_32 - ok
22:01:29.0017 3108 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:01:29.0020 3108 clr_optimization_v4.0.30319_64 - ok
22:01:29.0046 3108 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:01:29.0048 3108 CmBatt - ok
22:01:29.0076 3108 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:01:29.0077 3108 cmdide - ok
22:01:29.0125 3108 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
22:01:29.0129 3108 CNG - ok
22:01:29.0143 3108 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:01:29.0146 3108 Compbatt - ok
22:01:29.0183 3108 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:01:29.0185 3108 CompositeBus - ok
22:01:29.0200 3108 COMSysApp - ok
22:01:29.0267 3108 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
22:01:29.0267 3108 cpudrv64 - ok
22:01:29.0331 3108 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys
22:01:29.0332 3108 cpuz135 - ok
22:01:29.0349 3108 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:01:29.0351 3108 crcdisk - ok
22:01:29.0408 3108 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
22:01:29.0410 3108 CryptSvc - ok
22:01:29.0456 3108 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:01:29.0461 3108 CSC - ok
22:01:29.0484 3108 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:01:29.0491 3108 CscService - ok
22:01:29.0542 3108 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
22:01:29.0543 3108 dc3d - ok
22:01:29.0579 3108 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:01:29.0585 3108 DcomLaunch - ok
22:01:29.0639 3108 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:01:29.0643 3108 defragsvc - ok
22:01:29.0681 3108 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:01:29.0683 3108 DfsC - ok
22:01:29.0701 3108 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:01:29.0705 3108 Dhcp - ok
22:01:29.0723 3108 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:01:29.0725 3108 discache - ok
22:01:29.0747 3108 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:01:29.0748 3108 Disk - ok
22:01:29.0792 3108 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:01:29.0795 3108 Dnscache - ok
22:01:29.0850 3108 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:01:29.0853 3108 dot3svc - ok
22:01:29.0864 3108 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:01:29.0867 3108 DPS - ok
22:01:29.0936 3108 DragonSvc (f7bda38afbda04f0a89deba767eeda79) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
22:01:29.0939 3108 DragonSvc - ok
22:01:29.0960 3108 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:01:29.0963 3108 drmkaud - ok
22:01:30.0024 3108 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:01:30.0034 3108 DXGKrnl - ok
22:01:30.0075 3108 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:01:30.0078 3108 EapHost - ok
22:01:30.0167 3108 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:01:30.0212 3108 ebdrv - ok
22:01:30.0283 3108 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:01:30.0285 3108 EFS - ok
22:01:30.0354 3108 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:01:30.0362 3108 ehRecvr - ok
22:01:30.0409 3108 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:01:30.0411 3108 ehSched - ok
22:01:30.0491 3108 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:01:30.0496 3108 elxstor - ok
22:01:30.0531 3108 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:01:30.0532 3108 ErrDev - ok
22:01:30.0572 3108 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:01:30.0578 3108 EventSystem - ok
22:01:30.0599 3108 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:01:30.0602 3108 exfat - ok
22:01:30.0619 3108 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:01:30.0623 3108 fastfat - ok
22:01:30.0680 3108 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:01:30.0687 3108 Fax - ok
22:01:30.0696 3108 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:01:30.0698 3108 fdc - ok
22:01:30.0716 3108 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:01:30.0718 3108 fdPHost - ok
22:01:30.0724 3108 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:01:30.0725 3108 FDResPub - ok
22:01:30.0751 3108 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:01:30.0752 3108 FileInfo - ok
22:01:30.0765 3108 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:01:30.0767 3108 Filetrace - ok
22:01:30.0777 3108 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:01:30.0780 3108 flpydisk - ok
22:01:30.0848 3108 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:01:30.0851 3108 FltMgr - ok
22:01:30.0909 3108 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:01:30.0926 3108 FontCache - ok
22:01:30.0991 3108 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:01:30.0993 3108 FontCache3.0.0.0 - ok
22:01:31.0024 3108 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:01:31.0026 3108 FsDepends - ok
22:01:31.0060 3108 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:01:31.0062 3108 Fs_Rec - ok
22:01:31.0110 3108 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:01:31.0113 3108 fvevol - ok
22:01:31.0124 3108 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:01:31.0126 3108 gagp30kx - ok
22:01:31.0177 3108 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:01:31.0185 3108 gpsvc - ok
22:01:31.0234 3108 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
22:01:31.0236 3108 hamachi - ok
22:01:31.0375 3108 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
22:01:31.0414 3108 Hamachi2Svc - ok
22:01:31.0507 3108 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:01:31.0508 3108 hcw85cir - ok
22:01:31.0569 3108 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:01:31.0573 3108 HdAudAddService - ok
22:01:31.0643 3108 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:01:31.0645 3108 HDAudBus - ok
22:01:31.0661 3108 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:01:31.0662 3108 HidBatt - ok
22:01:31.0672 3108 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:01:31.0674 3108 HidBth - ok
22:01:31.0690 3108 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:01:31.0691 3108 HidIr - ok
22:01:31.0710 3108 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:01:31.0713 3108 hidserv - ok
22:01:31.0756 3108 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:01:31.0758 3108 HidUsb - ok
22:01:31.0798 3108 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:01:31.0801 3108 hkmsvc - ok
22:01:31.0838 3108 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:01:31.0842 3108 HomeGroupListener - ok
22:01:31.0888 3108 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:01:31.0891 3108 HomeGroupProvider - ok
22:01:31.0939 3108 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:01:31.0940 3108 HpSAMD - ok
22:01:31.0993 3108 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:01:32.0001 3108 HTTP - ok
22:01:32.0012 3108 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:01:32.0012 3108 hwpolicy - ok
22:01:32.0062 3108 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:01:32.0064 3108 i8042prt - ok
22:01:32.0117 3108 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:01:32.0122 3108 iaStorV - ok
22:01:32.0198 3108 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:01:32.0207 3108 idsvc - ok
22:01:32.0241 3108 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:01:32.0242 3108 iirsp - ok
22:01:32.0298 3108 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:01:32.0308 3108 IKEEXT - ok
22:01:32.0420 3108 IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys
22:01:32.0463 3108 IntcAzAudAddService - ok
22:01:32.0531 3108 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:01:32.0532 3108 intelide - ok
22:01:32.0551 3108 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:01:32.0554 3108 intelppm - ok
22:01:32.0572 3108 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:01:32.0575 3108 IPBusEnum - ok
22:01:32.0616 3108 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:01:32.0618 3108 IpFilterDriver - ok
22:01:32.0641 3108 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:01:32.0647 3108 iphlpsvc - ok
22:01:32.0691 3108 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:01:32.0692 3108 IPMIDRV - ok
22:01:32.0712 3108 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:01:32.0714 3108 IPNAT - ok
22:01:32.0729 3108 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:01:32.0730 3108 IRENUM - ok
22:01:32.0744 3108 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:01:32.0746 3108 isapnp - ok
22:01:32.0784 3108 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:01:32.0787 3108 iScsiPrt - ok
22:01:32.0812 3108 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:01:32.0814 3108 kbdclass - ok
22:01:32.0827 3108 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:01:32.0828 3108 kbdhid - ok
22:01:32.0864 3108 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:01:32.0865 3108 KeyIso - ok
22:01:32.0905 3108 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
22:01:32.0906 3108 KSecDD - ok
22:01:32.0916 3108 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
22:01:32.0918 3108 KSecPkg - ok
22:01:32.0942 3108 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:01:32.0943 3108 ksthunk - ok
22:01:32.0976 3108 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:01:32.0981 3108 KtmRm - ok
22:01:33.0034 3108 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:01:33.0038 3108 LanmanServer - ok
22:01:33.0076 3108 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:01:33.0079 3108 LanmanWorkstation - ok
22:01:33.0107 3108 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:01:33.0108 3108 lltdio - ok
22:01:33.0135 3108 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:01:33.0139 3108 lltdsvc - ok
22:01:33.0157 3108 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:01:33.0159 3108 lmhosts - ok
22:01:33.0189 3108 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:01:33.0191 3108 LSI_FC - ok
22:01:33.0204 3108 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:01:33.0206 3108 LSI_SAS - ok
22:01:33.0221 3108 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:01:33.0223 3108 LSI_SAS2 - ok
22:01:33.0233 3108 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:01:33.0235 3108 LSI_SCSI - ok
22:01:33.0261 3108 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:01:33.0262 3108 luafv - ok
22:01:33.0295 3108 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:01:33.0298 3108 Mcx2Svc - ok
22:01:33.0310 3108 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:01:33.0311 3108 megasas - ok
22:01:33.0335 3108 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:01:33.0338 3108 MegaSR - ok
22:01:33.0368 3108 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:01:33.0372 3108 MMCSS - ok
22:01:33.0395 3108 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:01:33.0397 3108 Modem - ok
22:01:33.0420 3108 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:01:33.0422 3108 monitor - ok
22:01:33.0467 3108 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:01:33.0468 3108 mouclass - ok
22:01:33.0488 3108 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:01:33.0490 3108 mouhid - ok
22:01:33.0532 3108 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:01:33.0534 3108 mountmgr - ok
22:01:33.0588 3108 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
22:01:33.0591 3108 MpFilter - ok
22:01:33.0637 3108 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:01:33.0639 3108 mpio - ok
22:01:33.0673 3108 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:01:33.0674 3108 mpsdrv - ok
22:01:33.0733 3108 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:01:33.0742 3108 MpsSvc - ok
22:01:33.0783 3108 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:01:33.0785 3108 MRxDAV - ok
22:01:33.0826 3108 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:01:33.0828 3108 mrxsmb - ok
22:01:33.0844 3108 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:01:33.0847 3108 mrxsmb10 - ok
22:01:33.0864 3108 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:01:33.0865 3108 mrxsmb20 - ok
22:01:33.0920 3108 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:01:33.0922 3108 msahci - ok
22:01:33.0935 3108 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:01:33.0937 3108 msdsm - ok
22:01:33.0957 3108 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:01:33.0960 3108 MSDTC - ok
22:01:33.0985 3108 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:01:33.0986 3108 Msfs - ok
22:01:33.0999 3108 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:01:34.0000 3108 mshidkmdf - ok
22:01:34.0030 3108 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:01:34.0030 3108 msisadrv - ok
22:01:34.0064 3108 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:01:34.0066 3108 MSiSCSI - ok
22:01:34.0070 3108 msiserver - ok
22:01:34.0094 3108 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:01:34.0095 3108 MSKSSRV - ok
22:01:34.0161 3108 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:01:34.0162 3108 MsMpSvc - ok
22:01:34.0175 3108 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:01:34.0176 3108 MSPCLOCK - ok
22:01:34.0192 3108 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:01:34.0193 3108 MSPQM - ok
22:01:34.0240 3108 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:01:34.0243 3108 MsRPC - ok
22:01:34.0280 3108 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:01:34.0281 3108 mssmbios - ok
22:01:34.0295 3108 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:01:34.0296 3108 MSTEE - ok
22:01:34.0303 3108 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:01:34.0304 3108 MTConfig - ok
22:01:34.0326 3108 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:01:34.0328 3108 Mup - ok
22:01:34.0374 3108 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:01:34.0380 3108 napagent - ok
22:01:34.0541 3108 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:01:34.0544 3108 NativeWifiP - ok
22:01:34.0607 3108 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:01:34.0616 3108 NDIS - ok
22:01:34.0626 3108 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:01:34.0628 3108 NdisCap - ok
22:01:34.0648 3108 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:01:34.0649 3108 NdisTapi - ok
22:01:34.0692 3108 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:01:34.0694 3108 Ndisuio - ok
22:01:34.0738 3108 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:01:34.0741 3108 NdisWan - ok
22:01:34.0772 3108 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:01:34.0774 3108 NDProxy - ok
22:01:34.0781 3108 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:01:34.0782 3108 NetBIOS - ok
22:01:34.0820 3108 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:01:34.0823 3108 NetBT - ok
22:01:34.0853 3108 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:01:34.0855 3108 Netlogon - ok
22:01:34.0881 3108 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:01:34.0886 3108 Netman - ok
22:01:34.0987 3108 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:01:35.0006 3108 NetMsmqActivator - ok
22:01:35.0012 3108 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:01:35.0013 3108 NetPipeActivator - ok
22:01:35.0044 3108 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:01:35.0050 3108 netprofm - ok
22:01:35.0054 3108 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:01:35.0055 3108 NetTcpActivator - ok
22:01:35.0063 3108 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:01:35.0064 3108 NetTcpPortSharing - ok
22:01:35.0114 3108 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:01:35.0116 3108 nfrd960 - ok
22:01:35.0154 3108 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:01:35.0156 3108 NisDrv - ok
22:01:35.0235 3108 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:01:35.0239 3108 NisSrv - ok
22:01:35.0300 3108 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:01:35.0304 3108 NlaSvc - ok
22:01:35.0324 3108 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:01:35.0326 3108 Npfs - ok
22:01:35.0354 3108 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:01:35.0356 3108 nsi - ok
22:01:35.0371 3108 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:01:35.0372 3108 nsiproxy - ok
22:01:35.0482 3108 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:01:35.0511 3108 Ntfs - ok
22:01:35.0625 3108 NuidFltr (77eb11da191d12d12e28d7bd8905c42c) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:01:35.0626 3108 NuidFltr - ok
22:01:35.0643 3108 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:01:35.0644 3108 Null - ok
22:01:35.0694 3108 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:01:35.0696 3108 nvraid - ok
22:01:35.0712 3108 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:01:35.0715 3108 nvstor - ok
22:01:35.0725 3108 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:01:35.0727 3108 nv_agp - ok
22:01:35.0738 3108 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:01:35.0740 3108 ohci1394 - ok
22:01:35.0766 3108 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:01:35.0771 3108 p2pimsvc - ok
22:01:35.0798 3108 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:01:35.0804 3108 p2psvc - ok
22:01:35.0840 3108 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:01:35.0842 3108 Parport - ok
22:01:35.0868 3108 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:01:35.0869 3108 partmgr - ok
22:01:35.0902 3108 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:01:35.0905 3108 PcaSvc - ok
22:01:35.0944 3108 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:01:35.0946 3108 pci - ok
22:01:35.0961 3108 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:01:35.0962 3108 pciide - ok
22:01:35.0976 3108 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:01:35.0978 3108 pcmcia - ok
22:01:35.0987 3108 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:01:35.0988 3108 pcw - ok
22:01:36.0016 3108 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:01:36.0022 3108 PEAUTH - ok
22:01:36.0067 3108 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:01:36.0090 3108 PeerDistSvc - ok
22:01:36.0144 3108 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:01:36.0147 3108 PerfHost - ok
22:01:36.0234 3108 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:01:36.0257 3108 pla - ok
22:01:36.0317 3108 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:01:36.0323 3108 PlugPlay - ok
22:01:36.0351 3108 PnkBstrA - ok
22:01:36.0374 3108 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:01:36.0376 3108 PNRPAutoReg - ok
22:01:36.0397 3108 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:01:36.0400 3108 PNRPsvc - ok
22:01:36.0454 3108 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
22:01:36.0455 3108 Point64 - ok
22:01:36.0501 3108 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:01:36.0507 3108 PolicyAgent - ok
22:01:36.0531 3108 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:01:36.0534 3108 Power - ok
22:01:36.0553 3108 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:01:36.0555 3108 PptpMiniport - ok
22:01:36.0579 3108 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:01:36.0581 3108 Processor - ok
22:01:36.0626 3108 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
22:01:36.0630 3108 ProfSvc - ok
22:01:36.0668 3108 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:01:36.0670 3108 ProtectedStorage - ok
22:01:36.0716 3108 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:01:36.0719 3108 Psched - ok
22:01:36.0770 3108 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:01:36.0791 3108 ql2300 - ok
22:01:36.0855 3108 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:01:36.0857 3108 ql40xx - ok
22:01:36.0884 3108 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:01:36.0888 3108 QWAVE - ok
22:01:36.0904 3108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:01:36.0905 3108 QWAVEdrv - ok
22:01:36.0919 3108 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:01:36.0920 3108 RasAcd - ok
22:01:36.0949 3108 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:01:36.0950 3108 RasAgileVpn - ok
22:01:36.0970 3108 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:01:36.0973 3108 RasAuto - ok
22:01:37.0007 3108 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:01:37.0009 3108 Rasl2tp - ok
22:01:37.0055 3108 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:01:37.0060 3108 RasMan - ok
22:01:37.0071 3108 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:01:37.0073 3108 RasPppoe - ok
22:01:37.0100 3108 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:01:37.0101 3108 RasSstp - ok
22:01:37.0114 3108 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:01:37.0117 3108 rdbss - ok
22:01:37.0159 3108 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:01:37.0161 3108 rdpbus - ok
22:01:37.0171 3108 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:01:37.0172 3108 RDPCDD - ok
22:01:37.0217 3108 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:01:37.0219 3108 RDPDR - ok
22:01:37.0240 3108 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:01:37.0241 3108 RDPENCDD - ok
22:01:37.0255 3108 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:01:37.0256 3108 RDPREFMP - ok
22:01:37.0352 3108 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:01:37.0353 3108 RdpVideoMiniport - ok
22:01:37.0409 3108 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
22:01:37.0413 3108 RDPWD - ok
22:01:37.0464 3108 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:01:37.0466 3108 rdyboost - ok
22:01:37.0485 3108 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:01:37.0488 3108 RemoteAccess - ok
22:01:37.0513 3108 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:01:37.0516 3108 RemoteRegistry - ok
22:01:37.0561 3108 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
22:01:37.0563 3108 RimUsb - ok
22:01:37.0588 3108 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
22:01:37.0589 3108 RimVSerPort - ok
22:01:37.0607 3108 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
22:01:37.0608 3108 ROOTMODEM - ok
22:01:37.0640 3108 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:01:37.0644 3108 RpcEptMapper - ok
22:01:37.0658 3108 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:01:37.0659 3108 RpcLocator - ok
22:01:37.0706 3108 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:01:37.0711 3108 RpcSs - ok
22:01:37.0729 3108 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:01:37.0730 3108 rspndr - ok
22:01:37.0761 3108 RT2500USB (5bff00b29f7cc14af67760c0e868109f) C:\Windows\system32\DRIVERS\rt2500usb.sys
22:01:37.0764 3108 RT2500USB - ok
22:01:37.0816 3108 RTHDMIAzAudService (2e7d1ca91d62501713c9d6e6704395c6) C:\Windows\system32\drivers\RtHDMIVX.sys
22:01:37.0821 3108 RTHDMIAzAudService - ok
22:01:37.0880 3108 RTL8167 (0039de6a0a1293889a3f21ecc473263d) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:01:37.0886 3108 RTL8167 - ok
22:01:37.0953 3108 RTL8192Ce (fd66ffce55d6f5d78fd9939f10e81569) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
22:01:37.0963 3108 RTL8192Ce - ok
22:01:38.0001 3108 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:01:38.0003 3108 s3cap - ok
22:01:38.0042 3108 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:01:38.0043 3108 SamSs - ok
22:01:38.0061 3108 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:01:38.0063 3108 sbp2port - ok
22:01:38.0087 3108 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:01:38.0091 3108 SCardSvr - ok
22:01:38.0130 3108 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:01:38.0131 3108 scfilter - ok
22:01:38.0199 3108 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:01:38.0215 3108 Schedule - ok
22:01:38.0257 3108 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:01:38.0258 3108 SCPolicySvc - ok
22:01:38.0269 3108 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:01:38.0272 3108 SDRSVC - ok
22:01:38.0318 3108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:01:38.0319 3108 secdrv - ok
22:01:38.0357 3108 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:01:38.0358 3108 seclogon - ok
22:01:38.0385 3108 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:01:38.0388 3108 SENS - ok
22:01:38.0397 3108 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:01:38.0400 3108 SensrSvc - ok
22:01:38.0425 3108 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:01:38.0426 3108 Serenum - ok
22:01:38.0436 3108 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:01:38.0438 3108 Serial - ok
22:01:38.0475 3108 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:01:38.0476 3108 sermouse - ok
22:01:38.0517 3108 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:01:38.0520 3108 SessionEnv - ok
22:01:38.0527 3108 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:01:38.0529 3108 sffdisk - ok
22:01:38.0534 3108 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:01:38.0535 3108 sffp_mmc - ok
22:01:38.0539 3108 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:01:38.0540 3108 sffp_sd - ok
22:01:38.0550 3108 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:01:38.0551 3108 sfloppy - ok
22:01:38.0582 3108 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:01:38.0587 3108 SharedAccess - ok
22:01:38.0632 3108 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:01:38.0638 3108 ShellHWDetection - ok
22:01:38.0653 3108 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:01:38.0654 3108 SiSRaid2 - ok
22:01:38.0673 3108 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:01:38.0675 3108 SiSRaid4 - ok
22:01:38.0741 3108 SkypeUpdate (9bac4f095b1e802268b33e4c8ba57256) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:01:38.0744 3108 SkypeUpdate - ok
22:01:38.0764 3108 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:01:38.0766 3108 Smb - ok
22:01:38.0797 3108 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:01:38.0800 3108 SNMPTRAP - ok
22:01:38.0884 3108 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
22:01:38.0886 3108 speedfan - ok
22:01:38.0907 3108 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:01:38.0908 3108 spldr - ok
22:01:38.0949 3108 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:01:38.0956 3108 Spooler - ok
22:01:39.0063 3108 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:01:39.0120 3108 sppsvc - ok
22:01:39.0169 3108 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:01:39.0171 3108 sppuinotify - ok
22:01:39.0237 3108 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:01:39.0242 3108 srv - ok
22:01:39.0262 3108 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:01:39.0267 3108 srv2 - ok
22:01:39.0294 3108 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:01:39.0296 3108 srvnet - ok
22:01:39.0335 3108 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:01:39.0339 3108 SSDPSRV - ok
22:01:39.0350 3108 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:01:39.0353 3108 SstpSvc - ok
22:01:39.0434 3108 Steam Client Service - ok
22:01:39.0463 3108 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:01:39.0464 3108 stexstor - ok
22:01:39.0513 3108 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:01:39.0520 3108 stisvc - ok
22:01:39.0571 3108 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:01:39.0572 3108 storflt - ok
22:01:39.0587 3108 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:01:39.0588 3108 storvsc - ok
22:01:39.0597 3108 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:01:39.0598 3108 swenum - ok
22:01:39.0621 3108 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:01:39.0627 3108 swprv - ok
22:01:39.0642 3108 Synth3dVsc - ok
22:01:39.0714 3108 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:01:39.0750 3108 SysMain - ok
22:01:39.0825 3108 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:01:39.0827 3108 TabletInputService - ok
22:01:39.0884 3108 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
22:01:39.0885 3108 tap0901t - ok
22:01:39.0921 3108 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:01:39.0926 3108 TapiSrv - ok
22:01:39.0955 3108 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:01:39.0958 3108 TBS - ok
22:01:40.0039 3108 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:01:40.0075 3108 Tcpip - ok
22:01:40.0206 3108 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:01:40.0217 3108 TCPIP6 - ok
22:01:40.0304 3108 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:01:40.0305 3108 tcpipreg - ok
22:01:40.0329 3108 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:01:40.0331 3108 TDPIPE - ok
22:01:40.0364 3108 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:01:40.0365 3108 TDTCP - ok
22:01:40.0412 3108 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:01:40.0414 3108 tdx - ok
22:01:40.0450 3108 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:01:40.0451 3108 TermDD - ok
22:01:40.0478 3108 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:01:40.0486 3108 TermService - ok
22:01:40.0504 3108 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:01:40.0507 3108 Themes - ok
22:01:40.0527 3108 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:01:40.0528 3108 THREADORDER - ok
22:01:40.0554 3108 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:01:40.0557 3108 TrkWks - ok
22:01:40.0609 3108 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:01:40.0613 3108 TrustedInstaller - ok
22:01:40.0654 3108 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:01:40.0655 3108 tssecsrv - ok
22:01:40.0690 3108 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:01:40.0691 3108 TsUsbFlt - ok
22:01:40.0696 3108 tsusbhub - ok
22:01:40.0746 3108 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:01:40.0748 3108 tunnel - ok
22:01:40.0862 3108 TunngleService (3db1ce045a552161ef7252988752c65f) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
22:01:41.0555 3108 TunngleService - ok
22:01:41.0581 3108 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:01:41.0583 3108 uagp35 - ok
22:01:41.0628 3108 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:01:41.0633 3108 udfs - ok
22:01:41.0652 3108 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:01:41.0654 3108 UI0Detect - ok
22:01:41.0691 3108 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:01:41.0693 3108 uliagpkx - ok
22:01:41.0711 3108 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:01:41.0713 3108 umbus - ok
22:01:41.0728 3108 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:01:41.0729 3108 UmPass - ok
22:01:41.0773 3108 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:01:41.0776 3108 UmRdpService - ok
22:01:41.0794 3108 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:01:41.0799 3108 upnphost - ok
22:01:41.0864 3108 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:01:41.0866 3108 usbaudio - ok
22:01:41.0899 3108 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:01:41.0901 3108 usbccgp - ok
22:01:41.0949 3108 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:01:41.0952 3108 usbcir - ok
22:01:41.0969 3108 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:01:41.0971 3108 usbehci - ok
22:01:42.0000 3108 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:01:42.0005 3108 usbhub - ok
22:01:42.0019 3108 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:01:42.0022 3108 usbohci - ok
22:01:42.0037 3108 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:01:42.0038 3108 usbprint - ok
22:01:42.0051 3108 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:01:42.0052 3108 USBSTOR - ok
22:01:42.0066 3108 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
22:01:42.0068 3108 usbuhci - ok
22:01:42.0117 3108 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:01:42.0120 3108 usbvideo - ok
22:01:42.0174 3108 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
22:01:42.0175 3108 usb_rndisx - ok
22:01:42.0197 3108 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:01:42.0200 3108 UxSms - ok
22:01:42.0212 3108 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:01:42.0213 3108 VaultSvc - ok
22:01:42.0254 3108 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:01:42.0255 3108 vdrvroot - ok
22:01:42.0303 3108 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:01:42.0310 3108 vds - ok
22:01:42.0331 3108 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:01:42.0332 3108 vga - ok
22:01:42.0353 3108 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:01:42.0354 3108 VgaSave - ok
22:01:42.0357 3108 VGPU - ok
22:01:42.0381 3108 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:01:42.0384 3108 vhdmp - ok
22:01:42.0396 3108 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:01:42.0397 3108 viaide - ok
22:01:42.0416 3108 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:01:42.0418 3108 vmbus - ok
22:01:42.0434 3108 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:01:42.0435 3108 VMBusHID - ok
22:01:42.0450 3108 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:01:42.0452 3108 volmgr - ok
22:01:42.0502 3108 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:01:42.0506 3108 volmgrx - ok
22:01:42.0534 3108 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:01:42.0538 3108 volsnap - ok
22:01:42.0566 3108 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:01:42.0569 3108 vsmraid - ok
22:01:42.0642 3108 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:01:42.0667 3108 VSS - ok
22:01:42.0715 3108 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:01:42.0717 3108 vwifibus - ok
22:01:42.0725 3108 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:01:42.0726 3108 VWiFiFlt - ok
22:01:42.0741 3108 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:01:42.0744 3108 vwifimp - ok
22:01:42.0771 3108 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:01:42.0777 3108 W32Time - ok
22:01:42.0802 3108 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:01:42.0804 3108 WacomPen - ok
22:01:42.0857 3108 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:01:42.0858 3108 WANARP - ok
22:01:42.0862 3108 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:01:42.0863 3108 Wanarpv6 - ok
22:01:42.0936 3108 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:01:42.0960 3108 WatAdminSvc - ok
22:01:43.0029 3108 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:01:43.0053 3108 wbengine - ok
22:01:43.0112 3108 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:01:43.0119 3108 WbioSrvc - ok
22:01:43.0170 3108 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:01:43.0175 3108 wcncsvc - ok
22:01:43.0184 3108 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:01:43.0188 3108 WcsPlugInService - ok
22:01:43.0209 3108 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:01:43.0210 3108 Wd - ok
22:01:43.0237 3108 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:01:43.0243 3108 Wdf01000 - ok
22:01:43.0269 3108 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:01:43.0272 3108 WdiServiceHost - ok
22:01:43.0277 3108 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:01:43.0280 3108 WdiSystemHost - ok
22:01:43.0318 3108 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:01:43.0323 3108 WebClient - ok
22:01:43.0344 3108 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:01:43.0348 3108 Wecsvc - ok
22:01:43.0359 3108 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:01:43.0363 3108 wercplsupport - ok
22:01:43.0682 3108 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:01:43.0685 3108 WerSvc - ok
22:01:43.0728 3108 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:01:43.0729 3108 WfpLwf - ok
22:01:43.0744 3108 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:01:43.0748 3108 WIMMount - ok
22:01:43.0762 3108 WinDefend - ok
22:01:43.0772 3108 WinHttpAutoProxySvc - ok
22:01:43.0826 3108 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:01:43.0830 3108 Winmgmt - ok
22:01:43.0909 3108 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:01:43.0943 3108 WinRM - ok
22:01:44.0048 3108 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:01:44.0049 3108 WinUsb - ok
22:01:44.0090 3108 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:01:44.0101 3108 Wlansvc - ok
22:01:44.0117 3108 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:01:44.0119 3108 WmiAcpi - ok
22:01:44.0150 3108 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:01:44.0153 3108 wmiApSrv - ok
22:01:44.0173 3108 WMPNetworkSvc - ok
22:01:44.0193 3108 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:01:44.0196 3108 WPCSvc - ok
22:01:44.0231 3108 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:01:44.0235 3108 WPDBusEnum - ok
22:01:44.0252 3108 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:01:44.0254 3108 ws2ifsl - ok
22:01:44.0270 3108 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:01:44.0273 3108 wscsvc - ok
22:01:44.0283 3108 WSearch - ok
22:01:44.0417 3108 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:01:44.0464 3108 wuauserv - ok
22:01:44.0541 3108 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:01:44.0543 3108 WudfPf - ok
22:01:44.0579 3108 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:01:44.0582 3108 WUDFRd - ok
22:01:44.0617 3108 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:01:44.0623 3108 wudfsvc - ok
22:01:44.0649 3108 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:01:44.0653 3108 WwanSvc - ok
22:01:44.0708 3108 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
22:01:44.0709 3108 xusb21 - ok
22:01:44.0773 3108 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:01:44.0821 3108 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:01:44.0821 3108 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:01:44.0829 3108 Boot (0x1200) (8413072c37858b7748ebaaa04b7dbb72) \Device\Harddisk0\DR0\Partition0
22:01:44.0831 3108 \Device\Harddisk0\DR0\Partition0 - ok
22:01:44.0834 3108 ============================================================
22:01:44.0834 3108 Scan finished
22:01:44.0834 3108 ============================================================
22:01:44.0848 3864 Detected object count: 1
22:01:44.0848 3864 Actual detected object count: 1
22:02:27.0193 3864 \Device\Harddisk0\DR0\# - copied to quarantine
22:02:27.0345 3864 \Device\Harddisk0\DR0 - copied to quarantine
22:02:28.0602 3864 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:02:28.0643 3864 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:02:28.0683 3864 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:02:28.0706 3864 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:02:28.0733 3864 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:02:29.0769 3864 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:02:29.0849 3864 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:02:29.0852 3864 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:02:29.0876 3864 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:02:29.0982 3864 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:02:30.0063 3864 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:02:30.0087 3864 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:02:30.0091 3864 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:02:30.0132 3864 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:02:30.0258 3864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:02:30.0259 3864 \Device\Harddisk0\DR0 - ok
22:02:40.0871 3864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:03:43.0230 3648 Deinitialize success
-------------------------------------------------------------------------------------------------------------------

Yet again, thank you.

#6 Stinkoman K 20X6

Stinkoman K 20X6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 10 August 2012 - 02:08 AM

I believe you have solved my problem! The file is gone, it hasn't come back, my computer is running much better, and I have a wealth of tools! Thanks a lot, I appreciate your help greatly. I will donate as soon as i can!

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:23 PM

Posted 10 August 2012 - 09:55 AM

Good news :)

Please re-run MBAM and post new log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 Stinkoman K 20X6

Stinkoman K 20X6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 14 August 2012 - 01:53 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jovan Stubbs :: COMPY [administrator]

8/14/2012 11:42:41 AM
mbam-log-2012-08-14 (11-42-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190702
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
------------------------------------------------------------------------------------

Sorry I haven't posted, iv'e been rather busy. Yet again, thank you.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:23 PM

Posted 14 August 2012 - 01:59 PM

Looks good :)

Couple more checks...

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 Stinkoman K 20X6

Stinkoman K 20X6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 14 August 2012 - 10:12 PM

C:\TDSSKiller_Quarantine\09.08.2012_22.00.49\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.08.2012_22.00.49\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.08.2012_22.00.49\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.08.2012_22.00.49\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined

------------------------------------------------------------------------------------------

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:23 PM

Posted 14 August 2012 - 10:19 PM

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

Edited by Broni, 14 August 2012 - 11:22 PM.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 Stinkoman K 20X6

Stinkoman K 20X6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 14 August 2012 - 10:47 PM

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jovan Stubbs
->Temp folder emptied: 68346 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 24303532 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2336 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jovan Stubbs
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jovan Stubbs
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.57.0 log created on 08142012_203050

Files\Folders moved on Reboot...
C:\Users\Jovan Stubbs\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Jovan Stubbs\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users