Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe trojan help


  • Please log in to reply
12 replies to this topic

#1 grullnor

grullnor

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 18 September 2012 - 09:18 PM

Hey I am having trouble removing some malware that has worked its way into my system as svchost and it does not want to go away. Please help

Edited by Orange Blossom, 18 September 2012 - 09:28 PM.
Moved from Windows 7 to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:09 PM

Posted 18 September 2012 - 09:26 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 grullnor

grullnor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 18 September 2012 - 09:48 PM

22:40:02.0401 5000 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:40:02.0650 5000 ============================================================
22:40:02.0650 5000 Current date / time: 2012/09/18 22:40:02.0650
22:40:02.0650 5000 SystemInfo:
22:40:02.0650 5000
22:40:02.0650 5000 OS Version: 6.1.7600 ServicePack: 0.0
22:40:02.0650 5000 Product type: Workstation
22:40:02.0650 5000 ComputerName: RAFFI-PC
22:40:02.0650 5000 UserName: Raffi
22:40:02.0650 5000 Windows directory: C:\Windows
22:40:02.0650 5000 System windows directory: C:\Windows
22:40:02.0650 5000 Running under WOW64
22:40:02.0650 5000 Processor architecture: Intel x64
22:40:02.0650 5000 Number of processors: 5
22:40:02.0650 5000 Page size: 0x1000
22:40:02.0650 5000 Boot type: Normal boot
22:40:02.0650 5000 ============================================================
22:40:03.0059 5000 Drive \Device\Harddisk0\DR0 - Size: 0xCCF89A000 (51.24 Gb), SectorSize: 0x200, Cylinders: 0x1A21, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:40:03.0072 5000 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:40:03.0097 5000 ============================================================
22:40:03.0097 5000 \Device\Harddisk0\DR0:
22:40:03.0097 5000 MBR partitions:
22:40:03.0097 5000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:40:03.0097 5000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6649000
22:40:03.0097 5000 \Device\Harddisk1\DR1:
22:40:03.0105 5000 MBR partitions:
22:40:03.0105 5000 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
22:40:03.0105 5000 ============================================================
22:40:03.0106 5000 C: <-> \Device\Harddisk0\DR0\Partition2
22:40:03.0121 5000 D: <-> \Device\Harddisk1\DR1\Partition1
22:40:03.0121 5000 ============================================================
22:40:03.0121 5000 Initialize success
22:40:03.0121 5000 ============================================================
22:40:24.0475 2732 ============================================================
22:40:24.0475 2732 Scan started
22:40:24.0475 2732 Mode: Manual; TDLFS;
22:40:24.0475 2732 ============================================================
22:40:24.0556 2732 ================ Scan system memory ========================
22:40:24.0556 2732 System memory - ok
22:40:24.0557 2732 ================ Scan services =============================
22:40:24.0598 2732 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:40:24.0599 2732 1394ohci - ok
22:40:24.0606 2732 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:40:24.0609 2732 ACPI - ok
22:40:24.0613 2732 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:40:24.0613 2732 AcpiPmi - ok
22:40:24.0621 2732 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:40:24.0627 2732 adp94xx - ok
22:40:24.0633 2732 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:40:24.0637 2732 adpahci - ok
22:40:24.0642 2732 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:40:24.0644 2732 adpu320 - ok
22:40:24.0650 2732 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:40:24.0651 2732 AeLookupSvc - ok
22:40:24.0658 2732 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
22:40:24.0663 2732 AFD - ok
22:40:24.0667 2732 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:40:24.0669 2732 agp440 - ok
22:40:24.0672 2732 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:40:24.0674 2732 ALG - ok
22:40:24.0677 2732 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:40:24.0678 2732 aliide - ok
22:40:24.0681 2732 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:40:24.0681 2732 amdide - ok
22:40:24.0685 2732 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:40:24.0686 2732 AmdK8 - ok
22:40:24.0689 2732 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:40:24.0690 2732 AmdPPM - ok
22:40:24.0694 2732 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
22:40:24.0696 2732 amdsata - ok
22:40:24.0701 2732 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:40:24.0703 2732 amdsbs - ok
22:40:24.0706 2732 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
22:40:24.0707 2732 amdxata - ok
22:40:24.0710 2732 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:40:24.0711 2732 AppID - ok
22:40:24.0714 2732 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:40:24.0715 2732 AppIDSvc - ok
22:40:24.0719 2732 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:40:24.0720 2732 Appinfo - ok
22:40:24.0726 2732 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:40:24.0727 2732 arc - ok
22:40:24.0732 2732 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:40:24.0733 2732 arcsas - ok
22:40:24.0737 2732 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:40:24.0737 2732 aswFsBlk - ok
22:40:24.0740 2732 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:40:24.0741 2732 aswMonFlt - ok
22:40:24.0744 2732 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
22:40:24.0745 2732 aswRdr - ok
22:40:24.0757 2732 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:40:24.0761 2732 aswSnx - ok
22:40:24.0768 2732 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:40:24.0770 2732 aswSP - ok
22:40:24.0773 2732 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:40:24.0774 2732 aswTdi - ok
22:40:24.0777 2732 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:24.0778 2732 AsyncMac - ok
22:40:24.0781 2732 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:40:24.0782 2732 atapi - ok
22:40:24.0791 2732 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:40:24.0798 2732 AudioEndpointBuilder - ok
22:40:24.0807 2732 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:40:24.0810 2732 AudioSrv - ok
22:40:24.0815 2732 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:40:24.0816 2732 avast! Antivirus - ok
22:40:24.0820 2732 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:40:24.0821 2732 AxInstSV - ok
22:40:24.0829 2732 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:40:24.0835 2732 b06bdrv - ok
22:40:24.0840 2732 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:40:24.0844 2732 b57nd60a - ok
22:40:24.0849 2732 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:40:24.0851 2732 BDESVC - ok
22:40:24.0854 2732 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:40:24.0854 2732 Beep - ok
22:40:24.0864 2732 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:40:24.0871 2732 BFE - ok
22:40:24.0882 2732 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
22:40:24.0892 2732 BITS - ok
22:40:24.0896 2732 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:40:24.0897 2732 blbdrive - ok
22:40:24.0901 2732 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:40:24.0902 2732 bowser - ok
22:40:24.0905 2732 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:40:24.0906 2732 BrFiltLo - ok
22:40:24.0909 2732 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:40:24.0910 2732 BrFiltUp - ok
22:40:24.0913 2732 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:40:24.0915 2732 BridgeMP - ok
22:40:24.0920 2732 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
22:40:24.0921 2732 Browser - ok
22:40:24.0927 2732 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:40:24.0930 2732 Brserid - ok
22:40:24.0934 2732 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:40:24.0935 2732 BrSerWdm - ok
22:40:24.0938 2732 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:40:24.0939 2732 BrUsbMdm - ok
22:40:24.0942 2732 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:40:24.0943 2732 BrUsbSer - ok
22:40:24.0946 2732 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:40:24.0948 2732 BTHMODEM - ok
22:40:24.0953 2732 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:40:24.0954 2732 bthserv - ok
22:40:24.0956 2732 catchme - ok
22:40:24.0961 2732 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:40:24.0962 2732 cdfs - ok
22:40:24.0967 2732 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:40:24.0969 2732 cdrom - ok
22:40:24.0973 2732 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:40:24.0974 2732 CertPropSvc - ok
22:40:24.0977 2732 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:40:24.0978 2732 circlass - ok
22:40:24.0985 2732 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:40:24.0988 2732 CLFS - ok
22:40:24.0995 2732 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:24.0998 2732 clr_optimization_v2.0.50727_32 - ok
22:40:25.0005 2732 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:40:25.0007 2732 clr_optimization_v2.0.50727_64 - ok
22:40:25.0012 2732 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:40:25.0013 2732 CmBatt - ok
22:40:25.0016 2732 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:40:25.0017 2732 cmdide - ok
22:40:25.0024 2732 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
22:40:25.0028 2732 CNG - ok
22:40:25.0032 2732 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:40:25.0033 2732 Compbatt - ok
22:40:25.0036 2732 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:40:25.0037 2732 CompositeBus - ok
22:40:25.0040 2732 COMSysApp - ok
22:40:25.0044 2732 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:40:25.0045 2732 crcdisk - ok
22:40:25.0051 2732 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:40:25.0053 2732 CryptSvc - ok
22:40:25.0062 2732 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:40:25.0069 2732 DcomLaunch - ok
22:40:25.0075 2732 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:40:25.0079 2732 defragsvc - ok
22:40:25.0083 2732 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:40:25.0085 2732 DfsC - ok
22:40:25.0091 2732 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:40:25.0094 2732 Dhcp - ok
22:40:25.0098 2732 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:40:25.0099 2732 discache - ok
22:40:25.0102 2732 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:40:25.0103 2732 Disk - ok
22:40:25.0108 2732 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:40:25.0111 2732 Dnscache - ok
22:40:25.0116 2732 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:40:25.0119 2732 dot3svc - ok
22:40:25.0124 2732 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:40:25.0127 2732 DPS - ok
22:40:25.0130 2732 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:40:25.0131 2732 drmkaud - ok
22:40:25.0143 2732 [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:40:25.0153 2732 DXGKrnl - ok
22:40:25.0157 2732 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:40:25.0159 2732 EapHost - ok
22:40:25.0195 2732 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:40:25.0227 2732 ebdrv - ok
22:40:25.0231 2732 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
22:40:25.0233 2732 EFS - ok
22:40:25.0243 2732 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:40:25.0250 2732 ehRecvr - ok
22:40:25.0254 2732 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:40:25.0256 2732 ehSched - ok
22:40:25.0265 2732 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:40:25.0270 2732 elxstor - ok
22:40:25.0274 2732 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:40:25.0275 2732 ErrDev - ok
22:40:25.0284 2732 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:40:25.0289 2732 EventSystem - ok
22:40:25.0294 2732 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:40:25.0296 2732 exfat - ok
22:40:25.0301 2732 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:40:25.0304 2732 fastfat - ok
22:40:25.0313 2732 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:40:25.0320 2732 Fax - ok
22:40:25.0324 2732 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:40:25.0325 2732 fdc - ok
22:40:25.0329 2732 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:40:25.0330 2732 fdPHost - ok
22:40:25.0333 2732 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:40:25.0334 2732 FDResPub - ok
22:40:25.0337 2732 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:40:25.0338 2732 FileInfo - ok
22:40:25.0342 2732 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:40:25.0343 2732 Filetrace - ok
22:40:25.0346 2732 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:40:25.0347 2732 flpydisk - ok
22:40:25.0353 2732 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:40:25.0355 2732 FltMgr - ok
22:40:25.0369 2732 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
22:40:25.0380 2732 FontCache - ok
22:40:25.0385 2732 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:40:25.0386 2732 FontCache3.0.0.0 - ok
22:40:25.0389 2732 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:40:25.0391 2732 FsDepends - ok
22:40:25.0394 2732 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:40:25.0394 2732 Fs_Rec - ok
22:40:25.0399 2732 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:40:25.0401 2732 fvevol - ok
22:40:25.0405 2732 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:40:25.0407 2732 gagp30kx - ok
22:40:25.0417 2732 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:40:25.0425 2732 gpsvc - ok
22:40:25.0428 2732 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:40:25.0430 2732 hcw85cir - ok
22:40:25.0436 2732 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:40:25.0440 2732 HdAudAddService - ok
22:40:25.0444 2732 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:40:25.0445 2732 HDAudBus - ok
22:40:25.0448 2732 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:40:25.0449 2732 HidBatt - ok
22:40:25.0453 2732 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:40:25.0455 2732 HidBth - ok
22:40:25.0458 2732 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:40:25.0459 2732 HidIr - ok
22:40:25.0463 2732 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:40:25.0464 2732 hidserv - ok
22:40:25.0467 2732 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:40:25.0468 2732 HidUsb - ok
22:40:25.0472 2732 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:40:25.0474 2732 hkmsvc - ok
22:40:25.0479 2732 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:40:25.0483 2732 HomeGroupListener - ok
22:40:25.0488 2732 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:40:25.0491 2732 HomeGroupProvider - ok
22:40:25.0495 2732 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:40:25.0496 2732 HpSAMD - ok
22:40:25.0507 2732 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:40:25.0514 2732 HTTP - ok
22:40:25.0518 2732 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:40:25.0518 2732 hwpolicy - ok
22:40:25.0522 2732 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:40:25.0524 2732 i8042prt - ok
22:40:25.0531 2732 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
22:40:25.0536 2732 iaStorV - ok
22:40:25.0540 2732 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:40:25.0543 2732 IDriverT - ok
22:40:25.0554 2732 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:40:25.0562 2732 idsvc - ok
22:40:25.0567 2732 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:40:25.0568 2732 iirsp - ok
22:40:25.0579 2732 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:40:25.0588 2732 IKEEXT - ok
22:40:25.0593 2732 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:40:25.0594 2732 intelide - ok
22:40:25.0597 2732 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:40:25.0599 2732 intelppm - ok
22:40:25.0603 2732 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:40:25.0605 2732 IPBusEnum - ok
22:40:25.0608 2732 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:25.0610 2732 IpFilterDriver - ok
22:40:25.0618 2732 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:40:25.0624 2732 iphlpsvc - ok
22:40:25.0628 2732 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:40:25.0630 2732 IPMIDRV - ok
22:40:25.0634 2732 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:40:25.0635 2732 IPNAT - ok
22:40:25.0639 2732 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:40:25.0639 2732 IRENUM - ok
22:40:25.0642 2732 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:40:25.0643 2732 isapnp - ok
22:40:25.0649 2732 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:40:25.0652 2732 iScsiPrt - ok
22:40:25.0655 2732 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:40:25.0656 2732 kbdclass - ok
22:40:25.0659 2732 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:40:25.0660 2732 kbdhid - ok
22:40:25.0663 2732 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
22:40:25.0664 2732 KeyIso - ok
22:40:25.0668 2732 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:40:25.0670 2732 KSecDD - ok
22:40:25.0674 2732 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:40:25.0676 2732 KSecPkg - ok
22:40:25.0679 2732 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:40:25.0680 2732 ksthunk - ok
22:40:25.0686 2732 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:40:25.0691 2732 KtmRm - ok
22:40:25.0696 2732 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:40:25.0700 2732 LanmanServer - ok
22:40:25.0705 2732 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:40:25.0708 2732 LanmanWorkstation - ok
22:40:25.0713 2732 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:40:25.0714 2732 lltdio - ok
22:40:25.0720 2732 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:40:25.0724 2732 lltdsvc - ok
22:40:25.0727 2732 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:40:25.0728 2732 lmhosts - ok
22:40:25.0734 2732 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:40:25.0735 2732 LSI_FC - ok
22:40:25.0739 2732 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:40:25.0741 2732 LSI_SAS - ok
22:40:25.0745 2732 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:40:25.0746 2732 LSI_SAS2 - ok
22:40:25.0750 2732 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:40:25.0752 2732 LSI_SCSI - ok
22:40:25.0756 2732 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:40:25.0757 2732 luafv - ok
22:40:25.0761 2732 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:40:25.0761 2732 MBAMProtector - ok
22:40:25.0768 2732 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:40:25.0772 2732 MBAMScheduler - ok
22:40:25.0781 2732 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:40:25.0786 2732 MBAMService - ok
22:40:25.0791 2732 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:40:25.0793 2732 Mcx2Svc - ok
22:40:25.0796 2732 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:40:25.0798 2732 megasas - ok
22:40:25.0803 2732 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:40:25.0807 2732 MegaSR - ok
22:40:25.0811 2732 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:40:25.0813 2732 MMCSS - ok
22:40:25.0816 2732 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:40:25.0817 2732 Modem - ok
22:40:25.0820 2732 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:40:25.0821 2732 monitor - ok
22:40:25.0824 2732 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:40:25.0824 2732 mouclass - ok
22:40:25.0827 2732 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:40:25.0828 2732 mouhid - ok
22:40:25.0832 2732 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:40:25.0833 2732 mountmgr - ok
22:40:25.0837 2732 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:40:25.0839 2732 mpio - ok
22:40:25.0843 2732 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:40:25.0845 2732 mpsdrv - ok
22:40:25.0855 2732 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:40:25.0864 2732 MpsSvc - ok
22:40:25.0869 2732 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:40:25.0871 2732 MRxDAV - ok
22:40:25.0875 2732 [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:40:25.0877 2732 mrxsmb - ok
22:40:25.0883 2732 [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:40:25.0886 2732 mrxsmb10 - ok
22:40:25.0890 2732 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:40:25.0892 2732 mrxsmb20 - ok
22:40:25.0895 2732 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:40:25.0897 2732 msahci - ok
22:40:25.0901 2732 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:40:25.0903 2732 msdsm - ok
22:40:25.0907 2732 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:40:25.0910 2732 MSDTC - ok
22:40:25.0915 2732 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:40:25.0916 2732 Msfs - ok
22:40:25.0918 2732 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:40:25.0919 2732 mshidkmdf - ok
22:40:25.0922 2732 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:40:25.0922 2732 msisadrv - ok
22:40:25.0927 2732 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:40:25.0930 2732 MSiSCSI - ok
22:40:25.0933 2732 msiserver - ok
22:40:25.0936 2732 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:40:25.0937 2732 MSKSSRV - ok
22:40:25.0940 2732 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:40:25.0941 2732 MSPCLOCK - ok
22:40:25.0944 2732 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:40:25.0944 2732 MSPQM - ok
22:40:25.0950 2732 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:40:25.0954 2732 MsRPC - ok
22:40:25.0959 2732 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:40:25.0959 2732 mssmbios - ok
22:40:25.0962 2732 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:40:25.0963 2732 MSTEE - ok
22:40:25.0966 2732 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:40:25.0967 2732 MTConfig - ok
22:40:25.0970 2732 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:40:25.0970 2732 MTsensor - ok
22:40:25.0973 2732 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:40:25.0974 2732 Mup - ok
22:40:25.0982 2732 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:40:25.0989 2732 napagent - ok
22:40:25.0995 2732 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:40:25.0999 2732 NativeWifiP - ok
22:40:26.0012 2732 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:40:26.0020 2732 NDIS - ok
22:40:26.0024 2732 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:40:26.0025 2732 NdisCap - ok
22:40:26.0028 2732 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:40:26.0029 2732 NdisTapi - ok
22:40:26.0032 2732 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:40:26.0033 2732 Ndisuio - ok
22:40:26.0037 2732 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:40:26.0040 2732 NdisWan - ok
22:40:26.0043 2732 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:40:26.0044 2732 NDProxy - ok
22:40:26.0047 2732 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:40:26.0048 2732 NetBIOS - ok
22:40:26.0054 2732 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:40:26.0057 2732 NetBT - ok
22:40:26.0060 2732 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
22:40:26.0062 2732 Netlogon - ok
22:40:26.0068 2732 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:40:26.0073 2732 Netman - ok
22:40:26.0080 2732 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:40:26.0086 2732 netprofm - ok
22:40:26.0090 2732 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:40:26.0092 2732 NetTcpPortSharing - ok
22:40:26.0095 2732 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:40:26.0097 2732 nfrd960 - ok
22:40:26.0103 2732 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:40:26.0107 2732 NlaSvc - ok
22:40:26.0110 2732 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:40:26.0112 2732 Npfs - ok
22:40:26.0115 2732 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:40:26.0117 2732 nsi - ok
22:40:26.0120 2732 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:40:26.0121 2732 nsiproxy - ok
22:40:26.0142 2732 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:40:26.0158 2732 Ntfs - ok
22:40:26.0162 2732 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:40:26.0163 2732 Null - ok
22:40:26.0168 2732 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:40:26.0169 2732 NVHDA - ok
22:40:26.0343 2732 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:40:26.0396 2732 nvlddmkm - ok
22:40:26.0404 2732 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
22:40:26.0406 2732 nvraid - ok
22:40:26.0411 2732 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
22:40:26.0413 2732 nvstor - ok
22:40:26.0425 2732 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
22:40:26.0434 2732 nvsvc - ok
22:40:26.0449 2732 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:40:26.0455 2732 nvUpdatusService - ok
22:40:26.0459 2732 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:40:26.0461 2732 nv_agp - ok
22:40:26.0464 2732 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:40:26.0466 2732 ohci1394 - ok
22:40:26.0472 2732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:40:26.0477 2732 p2pimsvc - ok
22:40:26.0485 2732 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:40:26.0491 2732 p2psvc - ok
22:40:26.0495 2732 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:40:26.0497 2732 Parport - ok
22:40:26.0501 2732 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:40:26.0502 2732 partmgr - ok
22:40:26.0507 2732 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:40:26.0510 2732 PcaSvc - ok
22:40:26.0515 2732 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:40:26.0517 2732 pci - ok
22:40:26.0520 2732 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:40:26.0521 2732 pciide - ok
22:40:26.0525 2732 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:40:26.0528 2732 pcmcia - ok
22:40:26.0531 2732 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:40:26.0532 2732 pcw - ok
22:40:26.0541 2732 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:40:26.0547 2732 PEAUTH - ok
22:40:26.0572 2732 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:40:26.0574 2732 PerfHost - ok
22:40:26.0594 2732 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:40:26.0609 2732 pla - ok
22:40:26.0617 2732 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:40:26.0623 2732 PlugPlay - ok
22:40:26.0626 2732 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:40:26.0629 2732 PNRPAutoReg - ok
22:40:26.0635 2732 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:40:26.0638 2732 PNRPsvc - ok
22:40:26.0646 2732 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:40:26.0652 2732 PolicyAgent - ok
22:40:26.0658 2732 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:40:26.0663 2732 Power - ok
22:40:26.0667 2732 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:40:26.0669 2732 PptpMiniport - ok
22:40:26.0672 2732 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:40:26.0674 2732 Processor - ok
22:40:26.0679 2732 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
22:40:26.0682 2732 ProfSvc - ok
22:40:26.0685 2732 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
22:40:26.0687 2732 ProtectedStorage - ok
22:40:26.0691 2732 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:40:26.0693 2732 Psched - ok
22:40:26.0711 2732 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:40:26.0726 2732 ql2300 - ok
22:40:26.0731 2732 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:40:26.0733 2732 ql40xx - ok
22:40:26.0738 2732 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:40:26.0742 2732 QWAVE - ok
22:40:26.0746 2732 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:40:26.0747 2732 QWAVEdrv - ok
22:40:26.0750 2732 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:40:26.0751 2732 RasAcd - ok
22:40:26.0754 2732 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:40:26.0755 2732 RasAgileVpn - ok
22:40:26.0759 2732 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:40:26.0762 2732 RasAuto - ok
22:40:26.0766 2732 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:26.0768 2732 Rasl2tp - ok
22:40:26.0775 2732 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:40:26.0780 2732 RasMan - ok
22:40:26.0784 2732 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:26.0785 2732 RasPppoe - ok
22:40:26.0789 2732 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:40:26.0790 2732 RasSstp - ok
22:40:26.0796 2732 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:40:26.0799 2732 rdbss - ok
22:40:26.0803 2732 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:40:26.0804 2732 rdpbus - ok
22:40:26.0806 2732 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:26.0807 2732 RDPCDD - ok
22:40:26.0811 2732 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:40:26.0812 2732 RDPENCDD - ok
22:40:26.0816 2732 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:40:26.0816 2732 RDPREFMP - ok
22:40:26.0821 2732 [ 074AC702D8B8B660B0E1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:40:26.0824 2732 RDPWD - ok
22:40:26.0829 2732 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:40:26.0831 2732 rdyboost - ok
22:40:26.0835 2732 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:40:26.0838 2732 RemoteAccess - ok
22:40:26.0842 2732 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:40:26.0846 2732 RemoteRegistry - ok
22:40:26.0850 2732 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:40:26.0852 2732 RpcEptMapper - ok
22:40:26.0856 2732 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:40:26.0858 2732 RpcLocator - ok
22:40:26.0866 2732 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:40:26.0870 2732 RpcSs - ok
22:40:26.0874 2732 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:40:26.0875 2732 rspndr - ok
22:40:26.0880 2732 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:40:26.0882 2732 RTL8167 - ok
22:40:26.0885 2732 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
22:40:26.0887 2732 SamSs - ok
22:40:26.0891 2732 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:40:26.0892 2732 sbp2port - ok
22:40:26.0897 2732 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:40:26.0901 2732 SCardSvr - ok
22:40:26.0904 2732 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:40:26.0905 2732 scfilter - ok
22:40:26.0919 2732 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
22:40:26.0931 2732 Schedule - ok
22:40:26.0935 2732 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:40:26.0936 2732 SCPolicySvc - ok
22:40:26.0940 2732 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:40:26.0944 2732 SDRSVC - ok
22:40:26.0947 2732 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:40:26.0948 2732 secdrv - ok
22:40:26.0951 2732 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:40:26.0954 2732 seclogon - ok
22:40:26.0957 2732 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:40:26.0960 2732 SENS - ok
22:40:26.0963 2732 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:40:26.0965 2732 SensrSvc - ok
22:40:26.0968 2732 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:40:26.0969 2732 Serenum - ok
22:40:26.0973 2732 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:40:26.0974 2732 Serial - ok
22:40:26.0978 2732 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:40:26.0979 2732 sermouse - ok
22:40:26.0987 2732 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:40:26.0990 2732 SessionEnv - ok
22:40:26.0993 2732 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:40:26.0994 2732 sffdisk - ok
22:40:26.0997 2732 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:40:26.0998 2732 sffp_mmc - ok
22:40:27.0001 2732 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:40:27.0002 2732 sffp_sd - ok
22:40:27.0005 2732 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:40:27.0006 2732 sfloppy - ok
22:40:27.0012 2732 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:40:27.0017 2732 SharedAccess - ok
22:40:27.0023 2732 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:40:27.0029 2732 ShellHWDetection - ok
22:40:27.0032 2732 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:40:27.0033 2732 SiSRaid2 - ok
22:40:27.0037 2732 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:40:27.0039 2732 SiSRaid4 - ok
22:40:27.0071 2732 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:40:27.0099 2732 Skype C2C Service - ok
22:40:27.0105 2732 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:40:27.0106 2732 SkypeUpdate - ok
22:40:27.0110 2732 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:40:27.0111 2732 Smb - ok
22:40:27.0116 2732 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:40:27.0118 2732 SNMPTRAP - ok
22:40:27.0121 2732 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:40:27.0122 2732 spldr - ok
22:40:27.0130 2732 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
22:40:27.0137 2732 Spooler - ok
22:40:27.0176 2732 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:40:27.0211 2732 sppsvc - ok
22:40:27.0216 2732 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:40:27.0219 2732 sppuinotify - ok
22:40:27.0227 2732 [ EC8F67289105BF270498095F14963464 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:40:27.0232 2732 srv - ok
22:40:27.0239 2732 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:40:27.0243 2732 srv2 - ok
22:40:27.0248 2732 [ 26E84D3649019C3244622E654DFCD75B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:40:27.0250 2732 srvnet - ok
22:40:27.0255 2732 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:40:27.0258 2732 SSDPSRV - ok
22:40:27.0262 2732 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:40:27.0265 2732 SstpSvc - ok
22:40:27.0272 2732 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:40:27.0274 2732 Stereo Service - ok
22:40:27.0278 2732 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:40:27.0279 2732 stexstor - ok
22:40:27.0287 2732 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:40:27.0295 2732 stisvc - ok
22:40:27.0298 2732 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:40:27.0299 2732 swenum - ok
22:40:27.0306 2732 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:40:27.0313 2732 swprv - ok
22:40:27.0334 2732 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:40:27.0352 2732 SysMain - ok
22:40:27.0357 2732 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:40:27.0360 2732 TabletInputService - ok
22:40:27.0366 2732 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:40:27.0371 2732 TapiSrv - ok
22:40:27.0374 2732 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:40:27.0377 2732 TBS - ok
22:40:27.0399 2732 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:40:27.0418 2732 Tcpip - ok
22:40:27.0440 2732 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:40:27.0448 2732 TCPIP6 - ok
22:40:27.0454 2732 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:40:27.0455 2732 tcpipreg - ok
22:40:27.0460 2732 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:40:27.0461 2732 TDPIPE - ok
22:40:27.0464 2732 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:40:27.0465 2732 TDTCP - ok
22:40:27.0468 2732 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:40:27.0470 2732 tdx - ok
22:40:27.0473 2732 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:40:27.0474 2732 TermDD - ok
22:40:27.0484 2732 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:40:27.0492 2732 TermService - ok
22:40:27.0496 2732 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:40:27.0499 2732 Themes - ok
22:40:27.0502 2732 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:40:27.0504 2732 THREADORDER - ok
22:40:27.0508 2732 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:40:27.0511 2732 TrkWks - ok
22:40:27.0516 2732 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:40:27.0518 2732 TrustedInstaller - ok
22:40:27.0523 2732 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:27.0524 2732 tssecsrv - ok
22:40:27.0528 2732 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:40:27.0530 2732 tunnel - ok
22:40:27.0533 2732 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:40:27.0535 2732 uagp35 - ok
22:40:27.0541 2732 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:40:27.0545 2732 udfs - ok
22:40:27.0551 2732 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:40:27.0554 2732 UI0Detect - ok
22:40:27.0558 2732 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:40:27.0559 2732 uliagpkx - ok
22:40:27.0562 2732 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:40:27.0564 2732 umbus - ok
22:40:27.0566 2732 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:40:27.0567 2732 UmPass - ok
22:40:27.0573 2732 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:40:27.0579 2732 upnphost - ok
22:40:27.0584 2732 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:40:27.0586 2732 usbaudio - ok
22:40:27.0590 2732 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:27.0591 2732 usbccgp - ok
22:40:27.0595 2732 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:40:27.0597 2732 usbcir - ok
22:40:27.0600 2732 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:40:27.0602 2732 usbehci - ok
22:40:27.0608 2732 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:40:27.0611 2732 usbhub - ok
22:40:27.0615 2732 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:40:27.0616 2732 usbohci - ok
22:40:27.0619 2732 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:40:27.0620 2732 usbprint - ok
22:40:27.0624 2732 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:27.0625 2732 USBSTOR - ok
22:40:27.0629 2732 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:40:27.0630 2732 usbuhci - ok
22:40:27.0636 2732 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:40:27.0638 2732 usbvideo - ok
22:40:27.0642 2732 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:40:27.0645 2732 UxSms - ok
22:40:27.0647 2732 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
22:40:27.0649 2732 VaultSvc - ok
22:40:27.0652 2732 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:40:27.0653 2732 vdrvroot - ok
22:40:27.0660 2732 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:40:27.0667 2732 vds - ok
22:40:27.0671 2732 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:27.0673 2732 vga - ok
22:40:27.0676 2732 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:40:27.0677 2732 VgaSave - ok
22:40:27.0682 2732 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:40:27.0685 2732 vhdmp - ok
22:40:27.0688 2732 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:40:27.0689 2732 viaide - ok
22:40:27.0693 2732 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:40:27.0694 2732 volmgr - ok
22:40:27.0700 2732 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:40:27.0704 2732 volmgrx - ok
22:40:27.0710 2732 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:40:27.0713 2732 volsnap - ok
22:40:27.0718 2732 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:40:27.0721 2732 vsmraid - ok
22:40:27.0740 2732 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:40:27.0758 2732 VSS - ok
22:40:27.0761 2732 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:40:27.0762 2732 vwifibus - ok
22:40:27.0769 2732 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:40:27.0775 2732 W32Time - ok
22:40:27.0781 2732 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:40:27.0782 2732 WacomPen - ok
22:40:27.0786 2732 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:40:27.0788 2732 WANARP - ok
22:40:27.0791 2732 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:40:27.0792 2732 Wanarpv6 - ok
22:40:27.0810 2732 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:40:27.0828 2732 wbengine - ok
22:40:27.0834 2732 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:40:27.0838 2732 WbioSrvc - ok
22:40:27.0845 2732 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:40:27.0851 2732 wcncsvc - ok
22:40:27.0855 2732 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:40:27.0859 2732 WcsPlugInService - ok
22:40:27.0863 2732 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:40:27.0864 2732 Wd - ok
22:40:27.0873 2732 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:40:27.0880 2732 Wdf01000 - ok
22:40:27.0884 2732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:40:27.0887 2732 WdiServiceHost - ok
22:40:27.0890 2732 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:40:27.0893 2732 WdiSystemHost - ok
22:40:27.0899 2732 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
22:40:27.0904 2732 WebClient - ok
22:40:27.0909 2732 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:40:27.0914 2732 Wecsvc - ok
22:40:27.0918 2732 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:40:27.0921 2732 wercplsupport - ok
22:40:27.0925 2732 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:40:27.0928 2732 WerSvc - ok
22:40:27.0931 2732 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:40:27.0932 2732 WfpLwf - ok
22:40:27.0935 2732 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:40:27.0936 2732 WIMMount - ok
22:40:27.0938 2732 WinDefend - ok
22:40:27.0944 2732 WinHttpAutoProxySvc - ok
22:40:27.0954 2732 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:40:27.0956 2732 Winmgmt - ok
22:40:27.0979 2732 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:40:28.0000 2732 WinRM - ok
22:40:28.0015 2732 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:40:28.0026 2732 Wlansvc - ok
22:40:28.0029 2732 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:40:28.0030 2732 WmiAcpi - ok
22:40:28.0036 2732 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:40:28.0039 2732 wmiApSrv - ok
22:40:28.0043 2732 WMPNetworkSvc - ok
22:40:28.0047 2732 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:40:28.0049 2732 WPCSvc - ok
22:40:28.0054 2732 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:40:28.0058 2732 WPDBusEnum - ok
22:40:28.0061 2732 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:40:28.0062 2732 ws2ifsl - ok
22:40:28.0066 2732 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:40:28.0069 2732 wscsvc - ok
22:40:28.0072 2732 WSearch - ok
22:40:28.0101 2732 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:40:28.0126 2732 wuauserv - ok
22:40:28.0131 2732 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:40:28.0133 2732 WudfPf - ok
22:40:28.0137 2732 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:28.0140 2732 WUDFRd - ok
22:40:28.0144 2732 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:40:28.0147 2732 wudfsvc - ok
22:40:28.0152 2732 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:40:28.0157 2732 WwanSvc - ok
22:40:28.0161 2732 ================ Scan global ===============================
22:40:28.0163 2732 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:40:28.0168 2732 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
22:40:28.0177 2732 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
22:40:28.0182 2732 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:40:28.0189 2732 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:40:28.0194 2732 [Global] - ok
22:40:28.0195 2732 ================ Scan MBR ==================================
22:40:28.0197 2732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:40:28.0202 2732 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:40:28.0203 2732 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:40:28.0203 2732 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:40:28.0224 2732 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:40:28.0224 2732 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:40:28.0227 2732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:40:29.0018 2732 \Device\Harddisk1\DR1 - ok
22:40:29.0019 2732 ================ Scan VBR ==================================
22:40:29.0026 2732 [ FE4F22AA0677E9FE24453D123BEAC0A5 ] \Device\Harddisk0\DR0\Partition1
22:40:29.0029 2732 \Device\Harddisk0\DR0\Partition1 - ok
22:40:29.0037 2732 [ 47E49DFF0BECA1B25C7EDAF12FDE5485 ] \Device\Harddisk0\DR0\Partition2
22:40:29.0039 2732 \Device\Harddisk0\DR0\Partition2 - ok
22:40:29.0048 2732 [ 40D03DAEAF925C47FFA384623F205362 ] \Device\Harddisk1\DR1\Partition1
22:40:29.0051 2732 \Device\Harddisk1\DR1\Partition1 - ok
22:40:29.0053 2732 ============================================================
22:40:29.0053 2732 Scan finished
22:40:29.0053 2732 ============================================================
22:40:29.0064 1784 Detected object count: 2
22:40:29.0064 1784 Actual detected object count: 2
22:40:48.0905 1784 \Device\Harddisk0\DR0\# - copied to quarantine
22:40:48.0906 1784 \Device\Harddisk0\DR0 - copied to quarantine
22:40:48.0937 1784 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:40:48.0943 1784 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:40:48.0948 1784 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:40:49.0904 1784 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:40:49.0938 1784 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:40:49.0956 1784 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:40:49.0968 1784 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:40:49.0969 1784 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:40:49.0970 1784 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:40:49.0972 1784 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:40:49.0985 1784 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:40:49.0996 1784 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:40:49.0997 1784 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:40:49.0999 1784 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:40:50.0007 1784 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:40:50.0012 1784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:40:50.0013 1784 \Device\Harddisk0\DR0 - ok
22:40:50.0563 1784 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:40:50.0564 1784 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:40:50.0564 1784 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:41:03.0850 2976 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-18 22:46:53
-----------------------------
22:46:53.138 OS Version: Windows x64 6.1.7600
22:46:53.139 Number of processors: 5 586 0xA00
22:46:53.139 ComputerName: RAFFI-PC UserName: Raffi
22:46:53.424 Initialize success
22:46:53.573 AVAST engine defs: 12091802
22:47:18.690 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:47:18.696 Disk 0 Vendor: OCZ-VERTEX2 1.28 Size: 52472MB BusType: 3
22:47:18.705 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-7
22:47:18.711 Disk 1 Vendor: Hitachi_HDS722020ALA330 JKAOA3MA Size: 1907729MB BusType: 3
22:47:18.720 Disk 0 MBR read successfully
22:47:18.723 Disk 0 MBR scan
22:47:18.728 Disk 0 Windows 7 default MBR code
22:47:18.733 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:47:18.738 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 52370 MB offset 206848
22:47:18.744 Disk 0 scanning C:\Windows\system32\drivers
22:47:19.773 Service scanning
22:47:22.593 Modules scanning
22:47:22.613 Disk 0 trace - called modules:
22:47:22.622 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:47:22.629 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007adf060]
22:47:22.636 3 CLASSPNP.SYS[fffff880018a543f] -> nt!IofCallDriver -> [0xfffffa8007829500]
22:47:22.643 5 ACPI.sys[fffff88000f1b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007818680]
22:47:22.772 AVAST engine scan C:\Windows
22:47:22.972 AVAST engine scan C:\Windows\system32
22:47:44.228 AVAST engine scan C:\Windows\system32\drivers
22:47:45.465 AVAST engine scan C:\Users\Raffi
22:47:47.807 AVAST engine scan C:\ProgramData
22:47:48.381 Scan finished successfully
22:48:25.235 Disk 0 MBR has been saved successfully to "C:\Users\Raffi\Documents\MBR.dat"
22:48:25.238 The log file has been saved successfully to "C:\Users\Raffi\Documents\aswMBR.txt"

#4 grullnor

grullnor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 18 September 2012 - 10:00 PM

C:\TDSSKiller_Quarantine\18.09.2012_22.40.02\mbr0000\tdlfs0000\trzD384.tmp Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.40.02\mbr0000\tdlfs0000\trzD73C.tmp Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.40.02\mbr0000\tdlfs0000\trzD75C.tmp a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.40.02\mbr0000\tdlfs0000\trzD76D.tmp Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.40.02\mbr0000\tdlfs0000\trzD77E.tmp Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.40.02\mbr0000\tdlfs0000\trzD78E.tmp Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.40.02\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.40.02\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.40.02\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.43.48\tdlfs0000\trz28E3.tmp Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.43.48\tdlfs0000\trz2C8C.tmp Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.43.48\tdlfs0000\trz2CBC.tmp a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.43.48\tdlfs0000\trz2CCD.tmp Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.43.48\tdlfs0000\trz2CDD.tmp Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.43.48\tdlfs0000\trz2CEE.tmp Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.43.48\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.43.48\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.09.2012_22.43.48\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined

#5 grullnor

grullnor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 18 September 2012 - 10:02 PM

There ya go

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:09 PM

Posted 19 September 2012 - 02:00 AM

22:40:50.0564 1784 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Launch TDSSkiller again and scan.Do not skip this one,select DELETE

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.



Download

adware cleaner

Launch it click on Delete

post the generated log

#7 grullnor

grullnor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 19 September 2012 - 02:14 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Raffi (administrator) on 19-09-2012 at 03:12:31
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Raffi-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 48-5B-39-AC-13-43
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a13b:dccc:5408:a460%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, September 18, 2012 10:41:53 PM
Lease Expires . . . . . . . . . . : Wednesday, September 19, 2012 10:41:53 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239622969
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-EA-76-C6-48-5B-39-AC-13-43
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{68C967D7-58EA-41B3-A47B-B5BF00A2A51C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:463:1925:e7c0:e610(Preferred)
Link-local IPv6 Address . . . . . : fe80::463:1925:e7c0:e610%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4006:802::1003
74.125.226.199
74.125.226.200
74.125.226.201
74.125.226.195
74.125.226.206
74.125.226.193
74.125.226.194
74.125.226.197
74.125.226.192
74.125.226.198
74.125.226.196


Pinging google.com [173.194.43.33] with 32 bytes of data:
Reply from 173.194.43.33: bytes=32 time=16ms TTL=55
Reply from 173.194.43.33: bytes=32 time=20ms TTL=55

Ping statistics for 173.194.43.33:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 20ms, Average = 18ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=108ms TTL=50
Reply from 98.139.183.24: bytes=32 time=54ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 108ms, Average = 81ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=5ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 5ms, Average = 3ms
===========================================================================
Interface List
11...48 5b 39 ac 13 43 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:953c:463:1925:e7c0:e610/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::463:1925:e7c0:e610/128
On-link
11 276 fe80::a13b:dccc:5408:a460/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/19/2012 03:12:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2012 03:12:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2012 03:11:39 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2012 03:03:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2012 03:03:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2012 03:03:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2012 03:02:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2012 02:52:27 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2012 02:52:07 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2012 02:51:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (09/18/2012 10:35:43 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:29:08 PM on ?9/?18/?2012 was unexpected.

Error: (09/18/2012 09:29:40 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/18/2012 09:29:08 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:30:04 PM on ?9/?18/?2012 was unexpected.

Error: (09/18/2012 00:29:37 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/18/2012 00:29:37 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/18/2012 00:29:34 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (09/18/2012 00:22:09 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (09/18/2012 00:21:23 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (09/18/2012 00:21:07 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/18/2012 00:19:59 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (09/19/2012 03:12:38 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\MFC80U.DLL

Error: (09/19/2012 03:12:38 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\MFC80U.DLL

Error: (09/19/2012 03:11:39 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\MFC80U.DLL

Error: (09/19/2012 03:03:38 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\MFC80U.DLL

Error: (09/19/2012 03:03:38 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\MFC80U.DLL

Error: (09/19/2012 03:03:38 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\MFC80U.DLL

Error: (09/19/2012 03:02:58 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\MFC80U.DLL

Error: (09/19/2012 02:52:27 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\MFC80U.DLL

Error: (09/19/2012 02:52:07 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\MFC80U.DLL

Error: (09/19/2012 02:51:56 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\GIGABYTE\GIGABYTE OC Guru\MFC80U.DLL


=========================== Installed Programs ============================

Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 7.0.1466.0)
ESET Online Scanner v3
GIGABYTE OC Guru (Version: 1.00.0000 B100323)
Google Chrome (Version: 21.0.1180.89)
League of Legends (Version: 1.3)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
NVIDIA 3D Vision Controller Driver 306.23 (Version: 306.23)
NVIDIA 3D Vision Driver 306.23 (Version: 306.23)
NVIDIA Control Panel 306.23 (Version: 306.23)
NVIDIA Display Control Panel (Version: 6.14.11.9775)
NVIDIA Graphics Driver 306.23 (Version: 306.23)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0623)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Pando Media Booster (Version: 2.6.0.8)
QuickTime (Version: 7.72.80.56)
Skype Click to Call (Version: 6.2.10687)
Skype™ 5.10 (Version: 5.10.116)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 8191.18 MB
Available physical RAM: 5230.34 MB
Total Pagefile: 16380.5 MB
Available Pagefile: 13220.32 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.87 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:51.14 GB) (Free:17.07 GB) NTFS
2 Drive d: () (Fixed) (Total:1863.01 GB) (Free:1860.54 GB) NTFS
3 Drive e: (GRMCHPXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\RAFFI-PC

Administrator Guest Raffi
UpdatusUser


**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by Raffi (administrator) on 19-09-2012 at 03:13:37
Running from "C:\Users\Raffi\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-07-13 19:25] - [2009-07-13 21:45] - 1898576 ____A (Microsoft Corporation) 912107716BAB424C7870E8E6AF5E07E1

C:\Windows\System32\dnsrslvr.dll
[2009-07-13 19:21] - [2009-07-13 21:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 grullnor

grullnor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 19 September 2012 - 02:17 AM

# AdwCleaner v2.002 - Logfile created 09/19/2012 at 03:15:03
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Raffi - RAFFI-PC
# Boot Mode : Normal
# Running from : C:\Users\Raffi\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-1115935739-3558320674-3695123956-1003\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Raffi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [769 octets] - [19/09/2012 03:14:30]
AdwCleaner[S1].txt - [1178 octets] - [19/09/2012 03:15:03]

########## EOF - C:\AdwCleaner[S1].txt - [1238 octets] ##########

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:09 PM

Posted 19 September 2012 - 03:10 AM

Malwarebytes log?

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#10 grullnor

grullnor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 19 September 2012 - 10:26 PM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/19/2012 11:26:33 PM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/19/2012 11:26:38 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

#11 grullnor

grullnor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 19 September 2012 - 10:28 PM

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "avast" "avast! Antivirus" "AVAST Software" "c:\program files\avast software\avast\avastui.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "GIGABYTE OC_GURU.lnk" "Graphics Card Smart Tuner." "GIGABYTE Technology Co.,Ltd." "c:\program files (x86)\gigabyte\gigabyte oc_guru\oc_guru.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "00avast" "avast! Shell Extension" "AVAST Software" "c:\program files\avast software\avast\ashsha64.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie64.dll"
+ "Skype add-on for Internet Explorer" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "avast! WebRep" "avast! WebRep Plugin" "AVAST Software" "c:\program files\avast software\avast\aswwebrepie.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "avast! Antivirus" "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler." "AVAST Software" "c:\program files\avast software\avast\avastsvc.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "nvUpdatusService" "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server." "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe"
+ "Skype C2C Service" "Skype Click to Call Update Service" "Skype Technologies S.A." "c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "aswFsBlk" "avast! mini-filter driver (aswFsBlk)" "AVAST Software" "c:\windows\system32\drivers\aswfsblk.sys"
+ "aswMonFlt" "avast! mini-filter driver (aswMonFlt)" "AVAST Software" "c:\windows\system32\drivers\aswmonflt.sys"
+ "aswRdr" "avast! WFP Redirect driver" "AVAST Software" "c:\windows\system32\drivers\aswrdr2.sys"
+ "aswSnx" "avast! virtualization driver (aswSnx)" "AVAST Software" "c:\windows\system32\drivers\aswsnx.sys"
+ "aswSP" "avast! Self Protection" "AVAST Software" "c:\windows\system32\drivers\aswsp.sys"
+ "aswTdi" "avast! Network Shield TDI driver" "AVAST Software" "c:\windows\system32\drivers\aswtdi.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MTsensor" "ATK0110 ACPI Utility" "" "c:\windows\system32\drivers\asacpi.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NVHDA" "NVIDIA HDMI Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvhda64v.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 306.23 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 64-bit Driver " "Realtek Corporation " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"C:\Users\Raffi\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Avast! antivirus monitor" "Avast! antivirus sidebar gadget." "AVAST Software" "C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget\Gadget.xml"

#12 grullnor

grullnor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:09 PM

Posted 19 September 2012 - 10:38 PM

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.19.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Raffi :: RAFFI-PC [administrator]

Protection: Enabled

9/19/2012 11:28:56 PM
mbam-log-2012-09-19 (23-28-56).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 303622
Time elapsed: 8 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:09 PM

Posted 20 September 2012 - 02:36 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users