Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost eating up CPU


  • Please log in to reply
9 replies to this topic

#1 jaykbe

jaykbe

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 24 September 2012 - 04:42 PM

Hello,
my computer is coming to a halt because of svchost. It starts to use CPU up to 90%. Can you please help, i read forums and ran s&d, hijack and ccleaner but no avail. I cant figure it out..

Thanks everyone, anyone..

Edited by hamluis, 25 September 2012 - 09:38 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:12 AM

Posted 24 September 2012 - 08:52 PM

Were you infected?

Download

Process explorer

Extract and launch it

Right click on SVCHOST.EXE that has high cpu usage and click on services tab

Post the list of services here

Download

mini toolbox

Checkmark following boxes:

List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

#3 jaykbe

jaykbe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 25 September 2012 - 09:04 AM

Hy,
i dont know about infection..

I started process explorer and didnt find sugested "services" tab, but clicked on svchost, selected properties, threads and copied them below

dxgkrnl.sys!DxgkSqmGenericDword64+0x2c7
ntdll.dll!KiFastSystemCallRet
nvcuda.dll!cuD3D11CtxCreate+0xa5c39
nvcuda.dll!cuD3D11CtxCreate+0xa6281
nvcuda.dll!cuD3D11CtxCreate+0xa3393
nvcuda.dll!cuD3D11CtxCreate+0x30cc9
nvcuda.dll!cuD3D11CtxCreate+0xb5da
nvcuda.dll!cuD3D11CtxCreate+0xb633
nvcuda.dll!cuD3D11CtxCreate+0x335c7
nvcuda.dll!cuD3D11CtxCreate+0x33d57
nvcuda.dll!cuD3D11CtxCreate+0x208bb
nvcuda.dll!clGetPlatformInfo+0x5f71
nvcuda.dll!clGetExtensionFunctionAddress+0x21f6
nvcuda.dll!clGetPlatformInfo+0x5df6
OpenCL.dll!clFinish+0x1e
ntdll.dll!RtlAllocateHeap+0x211
ntdll.dll!RtlAllocateHeap+0xac
MSVCR90.dll!malloc+0x79
MSVCR90.dll!free+0xcd

Then i exported the services list from windows.

The miniToolbox results are also below..

Hope this is ok
Thank you..

Attached Files



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:12 AM

Posted 25 September 2012 - 09:14 AM

You should have services tab

Right click on SVCHOST.EXE and select Properties

Click on startmenu and type

snipping tool and press ENTER

Now take a screenshot of properties tab and upload the image to

http://tinypic.com/

Post the link here

Edited by narenxp, 25 September 2012 - 09:14 AM.


#5 jaykbe

jaykbe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 25 September 2012 - 09:32 AM

under this svchost there is not a services tab, apparently this is not a windows svchost (it is under java.exe)

Svchost

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:12 AM

Posted 25 September 2012 - 09:34 AM

You're infected

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#7 jaykbe

jaykbe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 25 September 2012 - 01:00 PM

TDSS log:

16:40:27.0777 1756 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:40:28.0110 1756 ============================================================
16:40:28.0110 1756 Current date / time: 2012/09/25 16:40:28.0110
16:40:28.0110 1756 SystemInfo:
16:40:28.0110 1756
16:40:28.0110 1756 OS Version: 6.1.7601 ServicePack: 1.0
16:40:28.0110 1756 Product type: Workstation
16:40:28.0111 1756 ComputerName: GMKUSELJ-HP
16:40:28.0111 1756 UserName: Gm Kuselj
16:40:28.0111 1756 Windows directory: C:\windows
16:40:28.0111 1756 System windows directory: C:\windows
16:40:28.0111 1756 Processor architecture: Intel x86
16:40:28.0111 1756 Number of processors: 4
16:40:28.0111 1756 Page size: 0x1000
16:40:28.0111 1756 Boot type: Normal boot
16:40:28.0111 1756 ============================================================
16:40:28.0535 1756 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:40:28.0538 1756 Drive \Device\Harddisk1\DR1 - Size: 0x78EB00000 (30.23 Gb), SectorSize: 0x200, Cylinders: 0xF6A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:40:28.0540 1756 ============================================================
16:40:28.0540 1756 \Device\Harddisk0\DR0:
16:40:28.0540 1756 MBR partitions:
16:40:28.0540 1756 \Device\Harddisk1\DR1:
16:40:28.0541 1756 MBR partitions:
16:40:28.0541 1756 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3C75800
16:40:28.0541 1756 ============================================================
16:40:28.0541 1756 Initialize success
16:40:28.0541 1756 ============================================================
16:41:16.0354 6228 ============================================================
16:41:16.0354 6228 Scan started
16:41:16.0354 6228 Mode: Manual; TDLFS;
16:41:16.0354 6228 ============================================================
16:41:16.0382 6228 ================ Scan system memory ========================
16:41:16.0382 6228 System memory - ok
16:41:16.0382 6228 ================ Scan services =============================
16:41:16.0413 6228 1394ohci - ok
16:41:16.0440 6228 ac.sharedstore - ok
16:41:16.0445 6228 Accelerometer - ok
16:41:16.0452 6228 ACPI - ok
16:41:16.0458 6228 AcpiPmi - ok
16:41:16.0465 6228 adp94xx - ok
16:41:16.0471 6228 adpahci - ok
16:41:16.0477 6228 adpu320 - ok
16:41:16.0482 6228 AeLookupSvc - ok
16:41:16.0492 6228 AESTFilters - ok
16:41:16.0508 6228 AFD - ok
16:41:16.0526 6228 AgereModemAudio - ok
16:41:16.0536 6228 AgereSoftModem - ok
16:41:16.0539 6228 agp440 - ok
16:41:16.0542 6228 aic78xx - ok
16:41:16.0557 6228 ALG - ok
16:41:16.0560 6228 aliide - ok
16:41:16.0563 6228 amdagp - ok
16:41:16.0566 6228 amdide - ok
16:41:16.0569 6228 AmdK8 - ok
16:41:16.0584 6228 AmdLLD - ok
16:41:16.0587 6228 AmdPPM - ok
16:41:16.0590 6228 amdsata - ok
16:41:16.0593 6228 amdsbs - ok
16:41:16.0596 6228 amdxata - ok
16:41:16.0600 6228 AppID - ok
16:41:16.0603 6228 AppIDSvc - ok
16:41:16.0606 6228 Appinfo - ok
16:41:16.0610 6228 AppMgmt - ok
16:41:16.0614 6228 arc - ok
16:41:16.0618 6228 arcsas - ok
16:41:16.0624 6228 aspnet_state - ok
16:41:16.0632 6228 AsyncMac - ok
16:41:16.0635 6228 atapi - ok
16:41:16.0638 6228 AudioEndpointBuilder - ok
16:41:16.0641 6228 Audiosrv - ok
16:41:16.0644 6228 AxInstSV - ok
16:41:16.0647 6228 b06bdrv - ok
16:41:16.0650 6228 b57nd60x - ok
16:41:16.0655 6228 BDESVC - ok
16:41:16.0658 6228 Beep - ok
16:41:16.0662 6228 BFE - ok
16:41:16.0665 6228 BITS - ok
16:41:16.0667 6228 blbdrive - ok
16:41:16.0670 6228 bowser - ok
16:41:16.0673 6228 BrFiltLo - ok
16:41:16.0676 6228 BrFiltUp - ok
16:41:16.0688 6228 Bridge - ok
16:41:16.0691 6228 BridgeMP - ok
16:41:16.0694 6228 Browser - ok
16:41:16.0696 6228 Brserid - ok
16:41:16.0700 6228 BrSerWdm - ok
16:41:16.0703 6228 BrUsbMdm - ok
16:41:16.0707 6228 BrUsbSer - ok
16:41:16.0727 6228 BthEnum - ok
16:41:16.0731 6228 BTHMODEM - ok
16:41:16.0752 6228 BthPan - ok
16:41:16.0755 6228 BTHPORT - ok
16:41:16.0758 6228 bthserv - ok
16:41:16.0762 6228 BTHUSB - ok
16:41:16.0767 6228 btusbflt - ok
16:41:16.0791 6228 btwampfl - ok
16:41:16.0797 6228 btwaudio - ok
16:41:16.0801 6228 btwavdt - ok
16:41:16.0804 6228 btwl2cap - ok
16:41:16.0807 6228 btwrchid - ok
16:41:16.0810 6228 cdfs - ok
16:41:16.0815 6228 cdrom - ok
16:41:16.0822 6228 CertPropSvc - ok
16:41:16.0825 6228 circlass - ok
16:41:16.0828 6228 CLFS - ok
16:41:16.0832 6228 clr_optimization_v2.0.50727_32 - ok
16:41:16.0836 6228 clr_optimization_v4.0.30319_32 - ok
16:41:16.0839 6228 CmBatt - ok
16:41:16.0842 6228 cmdAgent - ok
16:41:16.0846 6228 cmdGuard - ok
16:41:16.0850 6228 cmdHlp - ok
16:41:16.0853 6228 cmdide - ok
16:41:16.0856 6228 CNG - ok
16:41:16.0859 6228 Compbatt - ok
16:41:16.0863 6228 CompositeBus - ok
16:41:16.0866 6228 COMSysApp - ok
16:41:16.0871 6228 cpudrv - ok
16:41:16.0890 6228 cpuz135 - ok
16:41:16.0895 6228 crcdisk - ok
16:41:16.0900 6228 CryptSvc - ok
16:41:16.0903 6228 CSC - ok
16:41:16.0906 6228 CscService - ok
16:41:16.0910 6228 DcomLaunch - ok
16:41:16.0913 6228 defragsvc - ok
16:41:16.0916 6228 DfsC - ok
16:41:16.0935 6228 dgderdrv - ok
16:41:16.0940 6228 dg_ssudbus - ok
16:41:16.0944 6228 Dhcp - ok
16:41:16.0947 6228 discache - ok
16:41:16.0951 6228 Disk - ok
16:41:16.0955 6228 Dnscache - ok
16:41:16.0959 6228 dot3svc - ok
16:41:16.0963 6228 DPS - ok
16:41:16.0972 6228 drmkaud - ok
16:41:16.0975 6228 DXGKrnl - ok
16:41:16.0984 6228 e1kexpress - ok
16:41:17.0001 6228 EagleXNt - ok
16:41:17.0005 6228 EapHost - ok
16:41:17.0008 6228 ebdrv - ok
16:41:17.0011 6228 EFS - ok
16:41:17.0014 6228 ehRecvr - ok
16:41:17.0016 6228 ehSched - ok
16:41:17.0019 6228 elxstor - ok
16:41:17.0022 6228 epmntdrv - ok
16:41:17.0025 6228 ErrDev - ok
16:41:17.0035 6228 EuGdiDrv - ok
16:41:17.0041 6228 EventSystem - ok
16:41:17.0044 6228 exfat - ok
16:41:17.0047 6228 fastfat - ok
16:41:17.0051 6228 Fax - ok
16:41:17.0054 6228 fdc - ok
16:41:17.0058 6228 fdPHost - ok
16:41:17.0061 6228 FDResPub - ok
16:41:17.0064 6228 FileInfo - ok
16:41:17.0069 6228 Filetrace - ok
16:41:17.0072 6228 flpydisk - ok
16:41:17.0076 6228 FltMgr - ok
16:41:17.0079 6228 FontCache - ok
16:41:17.0085 6228 FontCache3.0.0.0 - ok
16:41:17.0089 6228 FsDepends - ok
16:41:17.0093 6228 Fs_Rec - ok
16:41:17.0098 6228 fvevol - ok
16:41:17.0102 6228 gagp30kx - ok
16:41:17.0113 6228 GemCCID - ok
16:41:17.0117 6228 gpsvc - ok
16:41:17.0138 6228 gupdate - ok
16:41:17.0143 6228 gupdatem - ok
16:41:17.0146 6228 gusvc - ok
16:41:17.0150 6228 hcw85cir - ok
16:41:17.0154 6228 HdAudAddService - ok
16:41:17.0158 6228 HDAudBus - ok
16:41:17.0163 6228 HECI - ok
16:41:17.0167 6228 HidBatt - ok
16:41:17.0170 6228 HidBth - ok
16:41:17.0174 6228 HidIr - ok
16:41:17.0178 6228 hidserv - ok
16:41:17.0186 6228 HidUsb - ok
16:41:17.0190 6228 hkmsvc - ok
16:41:17.0195 6228 HomeGroupListener - ok
16:41:17.0198 6228 HomeGroupProvider - ok
16:41:17.0203 6228 HP Support Assistant Service - ok
16:41:17.0223 6228 HP Wireless Assistant Service - ok
16:41:17.0226 6228 hpdskflt - ok
16:41:17.0242 6228 HpqKbFiltr - ok
16:41:17.0261 6228 hpqwmiex - ok
16:41:17.0265 6228 HpSAMD - ok
16:41:17.0269 6228 hpsrv - ok
16:41:17.0272 6228 HTTP - ok
16:41:17.0276 6228 hwpolicy - ok
16:41:17.0281 6228 i8042prt - ok
16:41:17.0285 6228 IAANTMON - ok
16:41:17.0290 6228 iaStor - ok
16:41:17.0293 6228 iaStorV - ok
16:41:17.0298 6228 idsvc - ok
16:41:17.0302 6228 igfx - ok
16:41:17.0307 6228 iirsp - ok
16:41:17.0311 6228 IKEEXT - ok
16:41:17.0315 6228 Impcd - ok
16:41:17.0327 6228 inspect - ok
16:41:17.0331 6228 intelide - ok
16:41:17.0337 6228 intelppm - ok
16:41:17.0346 6228 IPBusEnum - ok
16:41:17.0350 6228 IpFilterDriver - ok
16:41:17.0354 6228 iphlpsvc - ok
16:41:17.0358 6228 IPMIDRV - ok
16:41:17.0360 6228 IPNAT - ok
16:41:17.0364 6228 IRENUM - ok
16:41:17.0368 6228 isapnp - ok
16:41:17.0371 6228 iScsiPrt - ok
16:41:17.0376 6228 kbdclass - ok
16:41:17.0380 6228 kbdhid - ok
16:41:17.0384 6228 KeyIso - ok
16:41:17.0393 6228 KMService - ok
16:41:17.0403 6228 KMWDFILTERx86 - ok
16:41:17.0408 6228 KSecDD - ok
16:41:17.0414 6228 KSecPkg - ok
16:41:17.0418 6228 KtmRm - ok
16:41:17.0423 6228 LanmanServer - ok
16:41:17.0427 6228 LanmanWorkstation - ok
16:41:17.0445 6228 lltdio - ok
16:41:17.0449 6228 lltdsvc - ok
16:41:17.0453 6228 lmhosts - ok
16:41:17.0476 6228 LMS - ok
16:41:17.0486 6228 LSI_FC - ok
16:41:17.0491 6228 LSI_SAS - ok
16:41:17.0496 6228 LSI_SAS2 - ok
16:41:17.0501 6228 LSI_SCSI - ok
16:41:17.0506 6228 luafv - ok
16:41:17.0523 6228 MBAMSwissArmy - ok
16:41:17.0528 6228 Mcx2Svc - ok
16:41:17.0537 6228 MDM - ok
16:41:17.0542 6228 megasas - ok
16:41:17.0547 6228 MegaSR - ok
16:41:17.0556 6228 Microsoft SharePoint Workspace Audit Service - ok
16:41:17.0561 6228 MMCSS - ok
16:41:17.0566 6228 Modem - ok
16:41:17.0571 6228 monitor - ok
16:41:17.0576 6228 mouclass - ok
16:41:17.0579 6228 mouhid - ok
16:41:17.0583 6228 mountmgr - ok
16:41:17.0587 6228 mpio - ok
16:41:17.0592 6228 mpsdrv - ok
16:41:17.0595 6228 MpsSvc - ok
16:41:17.0599 6228 MRxDAV - ok
16:41:17.0604 6228 mrxsmb - ok
16:41:17.0609 6228 mrxsmb10 - ok
16:41:17.0612 6228 mrxsmb20 - ok
16:41:17.0616 6228 msahci - ok
16:41:17.0620 6228 msdsm - ok
16:41:17.0624 6228 MSDTC - ok
16:41:17.0644 6228 Msfs - ok
16:41:17.0653 6228 mshidkmdf - ok
16:41:17.0656 6228 msisadrv - ok
16:41:17.0660 6228 MSiSCSI - ok
16:41:17.0664 6228 msiserver - ok
16:41:17.0671 6228 MSKSSRV - ok
16:41:17.0676 6228 MSPCLOCK - ok
16:41:17.0680 6228 MSPQM - ok
16:41:17.0684 6228 MsRPC - ok
16:41:17.0690 6228 mssmbios - ok
16:41:17.0695 6228 MSTEE - ok
16:41:17.0699 6228 MTConfig - ok
16:41:17.0703 6228 Mup - ok
16:41:17.0707 6228 napagent - ok
16:41:17.0719 6228 NativeWifiP - ok
16:41:17.0724 6228 NDIS - ok
16:41:17.0728 6228 NdisCap - ok
16:41:17.0733 6228 NdisTapi - ok
16:41:17.0738 6228 Ndisuio - ok
16:41:17.0742 6228 NdisWan - ok
16:41:17.0747 6228 NDProxy - ok
16:41:17.0752 6228 NetBIOS - ok
16:41:17.0756 6228 NetBT - ok
16:41:17.0761 6228 Netlogon - ok
16:41:17.0775 6228 Netman - ok
16:41:17.0780 6228 NetMsmqActivator - ok
16:41:17.0784 6228 NetPipeActivator - ok
16:41:17.0789 6228 netprofm - ok
16:41:17.0793 6228 NetTcpActivator - ok
16:41:17.0798 6228 NetTcpPortSharing - ok
16:41:17.0809 6228 NETw5s32 - ok
16:41:17.0823 6228 NETwNs32 - ok
16:41:17.0828 6228 nfrd960 - ok
16:41:17.0832 6228 NlaSvc - ok
16:41:17.0837 6228 Npfs - ok
16:41:17.0850 6228 npggsvc - ok
16:41:17.0854 6228 nsi - ok
16:41:17.0859 6228 nsiproxy - ok
16:41:17.0872 6228 NSNDIS5 - ok
16:41:17.0880 6228 Ntfs - ok
16:41:17.0884 6228 Null - ok
16:41:17.0889 6228 nusb3hub - ok
16:41:17.0897 6228 nusb3xhc - ok
16:41:17.0902 6228 NVHDA - ok
16:41:17.0907 6228 nvlddmkm - ok
16:41:17.0912 6228 nvraid - ok
16:41:17.0916 6228 nvstor - ok
16:41:17.0920 6228 nvsvc - ok
16:41:17.0925 6228 nv_agp - ok
16:41:17.0930 6228 odserv - ok
16:41:17.0935 6228 ohci1394 - ok
16:41:17.0940 6228 ose - ok
16:41:17.0945 6228 osppsvc - ok
16:41:17.0953 6228 p2pimsvc - ok
16:41:17.0958 6228 p2psvc - ok
16:41:17.0962 6228 Parport - ok
16:41:17.0967 6228 partmgr - ok
16:41:17.0971 6228 Parvdm - ok
16:41:17.0975 6228 PcaSvc - ok
16:41:17.0986 6228 pccsmcfd - ok
16:41:17.0991 6228 pci - ok
16:41:17.0996 6228 pciide - ok
16:41:18.0000 6228 pcmcia - ok
16:41:18.0004 6228 pcw - ok
16:41:18.0009 6228 PEAUTH - ok
16:41:18.0014 6228 PeerDistSvc - ok
16:41:18.0037 6228 pla - ok
16:41:18.0051 6228 PlugPlay - ok
16:41:18.0063 6228 PnkBstrA - ok
16:41:18.0068 6228 PNRPAutoReg - ok
16:41:18.0072 6228 PNRPsvc - ok
16:41:18.0076 6228 PolicyAgent - ok
16:41:18.0084 6228 Power - ok
16:41:18.0088 6228 PptpMiniport - ok
16:41:18.0093 6228 Processor - ok
16:41:18.0097 6228 ProfSvc - ok
16:41:18.0102 6228 ProtectedStorage - ok
16:41:18.0106 6228 Psched - ok
16:41:18.0111 6228 qcfilterhp2k - ok
16:41:18.0123 6228 qcombushp - ok
16:41:18.0127 6228 qcusbnethp2k - ok
16:41:18.0132 6228 qcusbserhp2k - ok
16:41:18.0156 6228 QDLService2kHP - ok
16:41:18.0161 6228 ql2300 - ok
16:41:18.0166 6228 ql40xx - ok
16:41:18.0173 6228 QWAVE - ok
16:41:18.0177 6228 QWAVEdrv - ok
16:41:18.0182 6228 RasAcd - ok
16:41:18.0187 6228 RasAgileVpn - ok
16:41:18.0192 6228 RasAuto - ok
16:41:18.0197 6228 Rasl2tp - ok
16:41:18.0203 6228 RasMan - ok
16:41:18.0209 6228 RasPppoe - ok
16:41:18.0214 6228 RasSstp - ok
16:41:18.0219 6228 rdbss - ok
16:41:18.0223 6228 rdpbus - ok
16:41:18.0228 6228 RDPCDD - ok
16:41:18.0236 6228 RDPDR - ok
16:41:18.0240 6228 RDPENCDD - ok
16:41:18.0249 6228 RDPREFMP - ok
16:41:18.0254 6228 RDPWD - ok
16:41:18.0260 6228 rdyboost - ok
16:41:18.0265 6228 RemoteAccess - ok
16:41:18.0270 6228 RemoteRegistry - ok
16:41:18.0276 6228 RFCOMM - ok
16:41:18.0281 6228 rimmptsk - ok
16:41:18.0287 6228 rimspci - ok
16:41:18.0293 6228 rimsptsk - ok
16:41:18.0298 6228 risdpcie - ok
16:41:18.0305 6228 rismc32 - ok
16:41:18.0310 6228 rismxdp - ok
16:41:18.0315 6228 rixdpcie - ok
16:41:18.0320 6228 RpcEptMapper - ok
16:41:18.0326 6228 RpcLocator - ok
16:41:18.0331 6228 RpcSs - ok
16:41:18.0336 6228 rspndr - ok
16:41:18.0341 6228 s3cap - ok
16:41:18.0347 6228 SamSs - ok
16:41:18.0351 6228 sbp2port - ok
16:41:18.0370 6228 SBSDWSCService - ok
16:41:18.0377 6228 SCardSvr - ok
16:41:18.0391 6228 SCDEmu - ok
16:41:18.0397 6228 scfilter - ok
16:41:18.0402 6228 Schedule - ok
16:41:18.0407 6228 SCPolicySvc - ok
16:41:18.0413 6228 sdbus - ok
16:41:18.0418 6228 SDRSVC - ok
16:41:18.0430 6228 SeaPort - ok
16:41:18.0436 6228 secdrv - ok
16:41:18.0441 6228 seclogon - ok
16:41:18.0447 6228 SENS - ok
16:41:18.0453 6228 SensrSvc - ok
16:41:18.0458 6228 Serenum - ok
16:41:18.0463 6228 Serial - ok
16:41:18.0468 6228 sermouse - ok
16:41:18.0484 6228 SessionEnv - ok
16:41:18.0489 6228 sffdisk - ok
16:41:18.0495 6228 sffp_mmc - ok
16:41:18.0500 6228 sffp_sd - ok
16:41:18.0506 6228 sfloppy - ok
16:41:18.0511 6228 SharedAccess - ok
16:41:18.0517 6228 ShellHWDetection - ok
16:41:18.0523 6228 silabenm - ok
16:41:18.0529 6228 silabser - ok
16:41:18.0542 6228 sisagp - ok
16:41:18.0548 6228 SiSRaid2 - ok
16:41:18.0553 6228 SiSRaid4 - ok
16:41:18.0575 6228 SkypeUpdate - ok
16:41:18.0580 6228 Smb - ok
16:41:18.0587 6228 SMManager - ok
16:41:18.0599 6228 SNMPTRAP - ok
16:41:18.0606 6228 SNP2UVC - ok
16:41:18.0612 6228 spldr - ok
16:41:18.0618 6228 Spooler - ok
16:41:18.0623 6228 sppsvc - ok
16:41:18.0628 6228 sppuinotify - ok
16:41:18.0634 6228 sptd - ok
16:41:18.0639 6228 srv - ok
16:41:18.0644 6228 srv2 - ok
16:41:18.0649 6228 srvnet - ok
16:41:18.0657 6228 SSDPSRV - ok
16:41:18.0662 6228 SstpSvc - ok
16:41:18.0667 6228 ssudmdm - ok
16:41:18.0672 6228 ssudobex - ok
16:41:18.0681 6228 STacSV - ok
16:41:18.0696 6228 Steam Client Service - ok
16:41:18.0702 6228 stexstor - ok
16:41:18.0708 6228 STHDA - ok
16:41:18.0719 6228 StiSvc - ok
16:41:18.0728 6228 storflt - ok
16:41:18.0738 6228 StorSvc - ok
16:41:18.0748 6228 storvsc - ok
16:41:18.0753 6228 swenum - ok
16:41:18.0758 6228 swprv - ok
16:41:18.0764 6228 SynTP - ok
16:41:18.0770 6228 SysMain - ok
16:41:18.0776 6228 TabletInputService - ok
16:41:18.0782 6228 TapiSrv - ok
16:41:18.0788 6228 TBS - ok
16:41:18.0792 6228 Tcpip - ok
16:41:18.0799 6228 TCPIP6 - ok
16:41:18.0808 6228 tcpipreg - ok
16:41:18.0818 6228 TDPIPE - ok
16:41:18.0824 6228 TDTCP - ok
16:41:18.0830 6228 tdx - ok
16:41:18.0836 6228 TermDD - ok
16:41:18.0842 6228 TermService - ok
16:41:18.0848 6228 Themes - ok
16:41:18.0853 6228 THREADORDER - ok
16:41:18.0862 6228 TPM - ok
16:41:18.0868 6228 TrkWks - ok
16:41:18.0874 6228 TrustedInstaller - ok
16:41:18.0884 6228 tssecsrv - ok
16:41:18.0889 6228 TsUsbFlt - ok
16:41:18.0897 6228 tunnel - ok
16:41:18.0902 6228 UAExt - ok
16:41:18.0908 6228 uagp35 - ok
16:41:18.0914 6228 udfs - ok
16:41:18.0928 6228 UI0Detect - ok
16:41:18.0934 6228 uliagpkx - ok
16:41:18.0940 6228 umbus - ok
16:41:18.0946 6228 UmPass - ok
16:41:18.0952 6228 UmRdpService - ok
16:41:18.0965 6228 UnlockerDriver5 - ok
16:41:18.0979 6228 UNS - ok
16:41:18.0985 6228 upnphost - ok
16:41:18.0992 6228 usbaudio - ok
16:41:18.0997 6228 usbccgp - ok
16:41:19.0003 6228 usbcir - ok
16:41:19.0010 6228 usbehci - ok
16:41:19.0016 6228 usbhub - ok
16:41:19.0034 6228 USBMULCD - ok
16:41:19.0040 6228 usbohci - ok
16:41:19.0047 6228 usbprint - ok
16:41:19.0052 6228 usbscan - ok
16:41:19.0058 6228 USBSTOR - ok
16:41:19.0063 6228 usbuhci - ok
16:41:19.0069 6228 usbvideo - ok
16:41:19.0075 6228 usb_rndisx - ok
16:41:19.0081 6228 UxSms - ok
16:41:19.0087 6228 VaultSvc - ok
16:41:19.0092 6228 vdrvroot - ok
16:41:19.0098 6228 vds - ok
16:41:19.0103 6228 vga - ok
16:41:19.0109 6228 VgaSave - ok
16:41:19.0116 6228 vhdmp - ok
16:41:19.0121 6228 viaagp - ok
16:41:19.0126 6228 ViaC7 - ok
16:41:19.0132 6228 viaide - ok
16:41:19.0137 6228 vmbus - ok
16:41:19.0144 6228 VMBusHID - ok
16:41:19.0150 6228 volmgr - ok
16:41:19.0155 6228 volmgrx - ok
16:41:19.0161 6228 volsnap - ok
16:41:19.0167 6228 vsmraid - ok
16:41:19.0174 6228 VSS - ok
16:41:19.0180 6228 vwifibus - ok
16:41:19.0191 6228 vwififlt - ok
16:41:19.0197 6228 vwifimp - ok
16:41:19.0204 6228 W32Time - ok
16:41:19.0214 6228 WacomPen - ok
16:41:19.0221 6228 WANARP - ok
16:41:19.0227 6228 Wanarpv6 - ok
16:41:19.0233 6228 WatAdminSvc - ok
16:41:19.0239 6228 wbengine - ok
16:41:19.0245 6228 WbioSrvc - ok
16:41:19.0252 6228 wcncsvc - ok
16:41:19.0259 6228 WcsPlugInService - ok
16:41:19.0265 6228 Wd - ok
16:41:19.0270 6228 Wdf01000 - ok
16:41:19.0276 6228 WdiServiceHost - ok
16:41:19.0282 6228 WdiSystemHost - ok
16:41:19.0287 6228 WebClient - ok
16:41:19.0294 6228 Wecsvc - ok
16:41:19.0299 6228 wercplsupport - ok
16:41:19.0305 6228 WerSvc - ok
16:41:19.0310 6228 WfpLwf - ok
16:41:19.0317 6228 WIMMount - ok
16:41:19.0322 6228 WinDefend - ok
16:41:19.0339 6228 WinHttpAutoProxySvc - ok
16:41:19.0346 6228 Winmgmt - ok
16:41:19.0360 6228 WinRing0_1_2_0 - ok
16:41:19.0367 6228 WinRM - ok
16:41:19.0383 6228 WinUSB - ok
16:41:19.0388 6228 Wlansvc - ok
16:41:19.0405 6228 wlidsvc - ok
16:41:19.0413 6228 WmiAcpi - ok
16:41:19.0423 6228 wmiApSrv - ok
16:41:19.0440 6228 WMPNetworkSvc - ok
16:41:19.0445 6228 WPCSvc - ok
16:41:19.0451 6228 WPDBusEnum - ok
16:41:19.0457 6228 ws2ifsl - ok
16:41:19.0463 6228 wscsvc - ok
16:41:19.0470 6228 WSearch - ok
16:41:19.0480 6228 wuauserv - ok
16:41:19.0486 6228 WudfPf - ok
16:41:19.0502 6228 WUDFRd - ok
16:41:19.0508 6228 wudfsvc - ok
16:41:19.0515 6228 WwanSvc - ok
16:41:19.0553 6228 ================ Scan global ===============================
16:41:19.0555 6228 [Global] - ok
16:41:19.0556 6228 ================ Scan MBR ==================================
16:41:19.0565 6228 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:41:19.0875 6228 \Device\Harddisk0\DR0 - ok
16:41:19.0900 6228 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:41:20.0038 6228 \Device\Harddisk1\DR1 - ok
16:41:20.0038 6228 ================ Scan VBR ==================================
16:41:20.0046 6228 [ 15FF40AEFDD08A67437E5A1FB5796D38 ] \Device\Harddisk1\DR1\Partition1
16:41:20.0047 6228 \Device\Harddisk1\DR1\Partition1 - ok
16:41:20.0047 6228 ============================================================
16:41:20.0047 6228 Scan finished
16:41:20.0047 6228 ============================================================
16:41:20.0053 5240 Detected object count: 0
16:41:20.0053 5240 Actual detected object count: 0
16:41:46.0791 4228 ============================================================
16:41:46.0791 4228 Scan started
16:41:46.0791 4228 Mode: Manual; SigCheck; TDLFS;
16:41:46.0791 4228 ============================================================
16:41:46.0797 4228 ================ Scan system memory ========================
16:41:46.0797 4228 System memory - ok
16:41:46.0797 4228 ================ Scan services =============================
16:41:46.0807 4228 1394ohci - ok
16:41:46.0811 4228 ac.sharedstore - ok
16:41:46.0814 4228 Accelerometer - ok
16:41:46.0817 4228 ACPI - ok
16:41:46.0820 4228 AcpiPmi - ok
16:41:46.0823 4228 adp94xx - ok
16:41:46.0826 4228 adpahci - ok
16:41:46.0829 4228 adpu320 - ok
16:41:46.0833 4228 AeLookupSvc - ok
16:41:46.0836 4228 AESTFilters - ok
16:41:46.0839 4228 AFD - ok
16:41:46.0843 4228 AgereModemAudio - ok
16:41:46.0848 4228 AgereSoftModem - ok
16:41:46.0851 4228 agp440 - ok
16:41:46.0854 4228 aic78xx - ok
16:41:46.0857 4228 ALG - ok
16:41:46.0860 4228 aliide - ok
16:41:46.0863 4228 amdagp - ok
16:41:46.0866 4228 amdide - ok
16:41:46.0869 4228 AmdK8 - ok
16:41:46.0872 4228 AmdLLD - ok
16:41:46.0875 4228 AmdPPM - ok
16:41:46.0880 4228 amdsata - ok
16:41:46.0884 4228 amdsbs - ok
16:41:46.0887 4228 amdxata - ok
16:41:46.0891 4228 AppID - ok
16:41:46.0894 4228 AppIDSvc - ok
16:41:46.0897 4228 Appinfo - ok
16:41:46.0901 4228 AppMgmt - ok
16:41:46.0905 4228 arc - ok
16:41:46.0908 4228 arcsas - ok
16:41:46.0913 4228 aspnet_state - ok
16:41:46.0917 4228 AsyncMac - ok
16:41:46.0920 4228 atapi - ok
16:41:46.0923 4228 AudioEndpointBuilder - ok
16:41:46.0926 4228 Audiosrv - ok
16:41:46.0929 4228 AxInstSV - ok
16:41:46.0932 4228 b06bdrv - ok
16:41:46.0934 4228 b57nd60x - ok
16:41:46.0939 4228 BDESVC - ok
16:41:46.0942 4228 Beep - ok
16:41:46.0944 4228 BFE - ok
16:41:46.0947 4228 BITS - ok
16:41:46.0950 4228 blbdrive - ok
16:41:46.0953 4228 bowser - ok
16:41:46.0957 4228 BrFiltLo - ok
16:41:46.0960 4228 BrFiltUp - ok
16:41:46.0962 4228 Bridge - ok
16:41:46.0965 4228 BridgeMP - ok
16:41:46.0969 4228 Browser - ok
16:41:46.0973 4228 Brserid - ok
16:41:46.0976 4228 BrSerWdm - ok
16:41:46.0979 4228 BrUsbMdm - ok
16:41:46.0982 4228 BrUsbSer - ok
16:41:46.0985 4228 BthEnum - ok
16:41:46.0988 4228 BTHMODEM - ok
16:41:46.0991 4228 BthPan - ok
16:41:46.0994 4228 BTHPORT - ok
16:41:46.0997 4228 bthserv - ok
16:41:47.0000 4228 BTHUSB - ok
16:41:47.0003 4228 btusbflt - ok
16:41:47.0006 4228 btwampfl - ok
16:41:47.0009 4228 btwaudio - ok
16:41:47.0012 4228 btwavdt - ok
16:41:47.0015 4228 btwl2cap - ok
16:41:47.0018 4228 btwrchid - ok
16:41:47.0020 4228 cdfs - ok
16:41:47.0023 4228 cdrom - ok
16:41:47.0026 4228 CertPropSvc - ok
16:41:47.0029 4228 circlass - ok
16:41:47.0032 4228 CLFS - ok
16:41:47.0035 4228 clr_optimization_v2.0.50727_32 - ok
16:41:47.0039 4228 clr_optimization_v4.0.30319_32 - ok
16:41:47.0042 4228 CmBatt - ok
16:41:47.0045 4228 cmdAgent - ok
16:41:47.0050 4228 cmdGuard - ok
16:41:47.0054 4228 cmdHlp - ok
16:41:47.0056 4228 cmdide - ok
16:41:47.0059 4228 CNG - ok
16:41:47.0063 4228 Compbatt - ok
16:41:47.0067 4228 CompositeBus - ok
16:41:47.0071 4228 COMSysApp - ok
16:41:47.0074 4228 cpudrv - ok
16:41:47.0078 4228 cpuz135 - ok
16:41:47.0081 4228 crcdisk - ok
16:41:47.0086 4228 CryptSvc - ok
16:41:47.0090 4228 CSC - ok
16:41:47.0093 4228 CscService - ok
16:41:47.0098 4228 DcomLaunch - ok
16:41:47.0101 4228 defragsvc - ok
16:41:47.0104 4228 DfsC - ok
16:41:47.0107 4228 dgderdrv - ok
16:41:47.0111 4228 dg_ssudbus - ok
16:41:47.0114 4228 Dhcp - ok
16:41:47.0118 4228 discache - ok
16:41:47.0121 4228 Disk - ok
16:41:47.0124 4228 Dnscache - ok
16:41:47.0128 4228 dot3svc - ok
16:41:47.0131 4228 DPS - ok
16:41:47.0135 4228 drmkaud - ok
16:41:47.0138 4228 DXGKrnl - ok
16:41:47.0142 4228 e1kexpress - ok
16:41:47.0148 4228 EagleXNt - ok
16:41:47.0152 4228 EapHost - ok
16:41:47.0155 4228 ebdrv - ok
16:41:47.0159 4228 EFS - ok
16:41:47.0162 4228 ehRecvr - ok
16:41:47.0165 4228 ehSched - ok
16:41:47.0169 4228 elxstor - ok
16:41:47.0174 4228 epmntdrv - ok
16:41:47.0178 4228 ErrDev - ok
16:41:47.0184 4228 EuGdiDrv - ok
16:41:47.0189 4228 EventSystem - ok
16:41:47.0192 4228 exfat - ok
16:41:47.0196 4228 fastfat - ok
16:41:47.0199 4228 Fax - ok
16:41:47.0202 4228 fdc - ok
16:41:47.0206 4228 fdPHost - ok
16:41:47.0209 4228 FDResPub - ok
16:41:47.0212 4228 FileInfo - ok
16:41:47.0216 4228 Filetrace - ok
16:41:47.0219 4228 flpydisk - ok
16:41:47.0223 4228 FltMgr - ok
16:41:47.0226 4228 FontCache - ok
16:41:47.0230 4228 FontCache3.0.0.0 - ok
16:41:47.0233 4228 FsDepends - ok
16:41:47.0237 4228 Fs_Rec - ok
16:41:47.0240 4228 fvevol - ok
16:41:47.0243 4228 gagp30kx - ok
16:41:47.0247 4228 GemCCID - ok
16:41:47.0250 4228 gpsvc - ok
16:41:47.0254 4228 gupdate - ok
16:41:47.0258 4228 gupdatem - ok
16:41:47.0261 4228 gusvc - ok
16:41:47.0265 4228 hcw85cir - ok
16:41:47.0268 4228 HdAudAddService - ok
16:41:47.0272 4228 HDAudBus - ok
16:41:47.0275 4228 HECI - ok
16:41:47.0279 4228 HidBatt - ok
16:41:47.0283 4228 HidBth - ok
16:41:47.0288 4228 HidIr - ok
16:41:47.0291 4228 hidserv - ok
16:41:47.0295 4228 HidUsb - ok
16:41:47.0299 4228 hkmsvc - ok
16:41:47.0303 4228 HomeGroupListener - ok
16:41:47.0307 4228 HomeGroupProvider - ok
16:41:47.0311 4228 HP Support Assistant Service - ok
16:41:47.0315 4228 HP Wireless Assistant Service - ok
16:41:47.0319 4228 hpdskflt - ok
16:41:47.0323 4228 HpqKbFiltr - ok
16:41:47.0326 4228 hpqwmiex - ok
16:41:47.0331 4228 HpSAMD - ok
16:41:47.0335 4228 hpsrv - ok
16:41:47.0338 4228 HTTP - ok
16:41:47.0342 4228 hwpolicy - ok
16:41:47.0345 4228 i8042prt - ok
16:41:47.0349 4228 IAANTMON - ok
16:41:47.0353 4228 iaStor - ok
16:41:47.0357 4228 iaStorV - ok
16:41:47.0361 4228 idsvc - ok
16:41:47.0366 4228 igfx - ok
16:41:47.0369 4228 iirsp - ok
16:41:47.0373 4228 IKEEXT - ok
16:41:47.0377 4228 Impcd - ok
16:41:47.0382 4228 inspect - ok
16:41:47.0386 4228 intelide - ok
16:41:47.0391 4228 intelppm - ok
16:41:47.0395 4228 IPBusEnum - ok
16:41:47.0399 4228 IpFilterDriver - ok
16:41:47.0403 4228 iphlpsvc - ok
16:41:47.0406 4228 IPMIDRV - ok
16:41:47.0410 4228 IPNAT - ok
16:41:47.0414 4228 IRENUM - ok
16:41:47.0418 4228 isapnp - ok
16:41:47.0421 4228 iScsiPrt - ok
16:41:47.0425 4228 kbdclass - ok
16:41:47.0429 4228 kbdhid - ok
16:41:47.0433 4228 KeyIso - ok
16:41:47.0437 4228 KMService - ok
16:41:47.0440 4228 KMWDFILTERx86 - ok
16:41:47.0444 4228 KSecDD - ok
16:41:47.0448 4228 KSecPkg - ok
16:41:47.0452 4228 KtmRm - ok
16:41:47.0456 4228 LanmanServer - ok
16:41:47.0459 4228 LanmanWorkstation - ok
16:41:47.0466 4228 lltdio - ok
16:41:47.0470 4228 lltdsvc - ok
16:41:47.0474 4228 lmhosts - ok
16:41:47.0478 4228 LMS - ok
16:41:47.0485 4228 LSI_FC - ok
16:41:47.0488 4228 LSI_SAS - ok
16:41:47.0492 4228 LSI_SAS2 - ok
16:41:47.0497 4228 LSI_SCSI - ok
16:41:47.0502 4228 luafv - ok
16:41:47.0506 4228 MBAMSwissArmy - ok
16:41:47.0510 4228 Mcx2Svc - ok
16:41:47.0514 4228 MDM - ok
16:41:47.0518 4228 megasas - ok
16:41:47.0522 4228 MegaSR - ok
16:41:47.0526 4228 Microsoft SharePoint Workspace Audit Service - ok
16:41:47.0530 4228 MMCSS - ok
16:41:47.0535 4228 Modem - ok
16:41:47.0541 4228 monitor - ok
16:41:47.0545 4228 mouclass - ok
16:41:47.0549 4228 mouhid - ok
16:41:47.0553 4228 mountmgr - ok
16:41:47.0558 4228 mpio - ok
16:41:47.0562 4228 mpsdrv - ok
16:41:47.0567 4228 MpsSvc - ok
16:41:47.0571 4228 MRxDAV - ok
16:41:47.0574 4228 mrxsmb - ok
16:41:47.0579 4228 mrxsmb10 - ok
16:41:47.0583 4228 mrxsmb20 - ok
16:41:47.0587 4228 msahci - ok
16:41:47.0591 4228 msdsm - ok
16:41:47.0595 4228 MSDTC - ok
16:41:47.0602 4228 Msfs - ok
16:41:47.0607 4228 mshidkmdf - ok
16:41:47.0612 4228 msisadrv - ok
16:41:47.0616 4228 MSiSCSI - ok
16:41:47.0620 4228 msiserver - ok
16:41:47.0624 4228 MSKSSRV - ok
16:41:47.0628 4228 MSPCLOCK - ok
16:41:47.0632 4228 MSPQM - ok
16:41:47.0636 4228 MsRPC - ok
16:41:47.0643 4228 mssmbios - ok
16:41:47.0647 4228 MSTEE - ok
16:41:47.0651 4228 MTConfig - ok
16:41:47.0655 4228 Mup - ok
16:41:47.0659 4228 napagent - ok
16:41:47.0664 4228 NativeWifiP - ok
16:41:47.0668 4228 NDIS - ok
16:41:47.0672 4228 NdisCap - ok
16:41:47.0676 4228 NdisTapi - ok
16:41:47.0681 4228 Ndisuio - ok
16:41:47.0685 4228 NdisWan - ok
16:41:47.0689 4228 NDProxy - ok
16:41:47.0693 4228 NetBIOS - ok
16:41:47.0698 4228 NetBT - ok
16:41:47.0702 4228 Netlogon - ok
16:41:47.0707 4228 Netman - ok
16:41:47.0711 4228 NetMsmqActivator - ok
16:41:47.0716 4228 NetPipeActivator - ok
16:41:47.0721 4228 netprofm - ok
16:41:47.0725 4228 NetTcpActivator - ok
16:41:47.0729 4228 NetTcpPortSharing - ok
16:41:47.0734 4228 NETw5s32 - ok
16:41:47.0738 4228 NETwNs32 - ok
16:41:47.0743 4228 nfrd960 - ok
16:41:47.0747 4228 NlaSvc - ok
16:41:47.0751 4228 Npfs - ok
16:41:47.0755 4228 npggsvc - ok
16:41:47.0760 4228 nsi - ok
16:41:47.0764 4228 nsiproxy - ok
16:41:47.0768 4228 NSNDIS5 - ok
16:41:47.0775 4228 Ntfs - ok
16:41:47.0780 4228 Null - ok
16:41:47.0784 4228 nusb3hub - ok
16:41:47.0789 4228 nusb3xhc - ok
16:41:47.0792 4228 NVHDA - ok
16:41:47.0796 4228 nvlddmkm - ok
16:41:47.0801 4228 nvraid - ok
16:41:47.0805 4228 nvstor - ok
16:41:47.0810 4228 nvsvc - ok
16:41:47.0814 4228 nv_agp - ok
16:41:47.0818 4228 odserv - ok
16:41:47.0823 4228 ohci1394 - ok
16:41:47.0828 4228 ose - ok
16:41:47.0833 4228 osppsvc - ok
16:41:47.0842 4228 p2pimsvc - ok
16:41:47.0847 4228 p2psvc - ok
16:41:47.0852 4228 Parport - ok
16:41:47.0857 4228 partmgr - ok
16:41:47.0862 4228 Parvdm - ok
16:41:47.0867 4228 PcaSvc - ok
16:41:47.0871 4228 pccsmcfd - ok
16:41:47.0876 4228 pci - ok
16:41:47.0880 4228 pciide - ok
16:41:47.0885 4228 pcmcia - ok
16:41:47.0889 4228 pcw - ok
16:41:47.0893 4228 PEAUTH - ok
16:41:47.0898 4228 PeerDistSvc - ok
16:41:47.0916 4228 pla - ok
16:41:47.0920 4228 PlugPlay - ok
16:41:47.0924 4228 PnkBstrA - ok
16:41:47.0930 4228 PNRPAutoReg - ok
16:41:47.0934 4228 PNRPsvc - ok
16:41:47.0939 4228 PolicyAgent - ok
16:41:47.0947 4228 Power - ok
16:41:47.0951 4228 PptpMiniport - ok
16:41:47.0956 4228 Processor - ok
16:41:47.0961 4228 ProfSvc - ok
16:41:47.0966 4228 ProtectedStorage - ok
16:41:47.0970 4228 Psched - ok
16:41:47.0975 4228 qcfilterhp2k - ok
16:41:47.0980 4228 qcombushp - ok
16:41:47.0985 4228 qcusbnethp2k - ok
16:41:47.0990 4228 qcusbserhp2k - ok
16:41:47.0995 4228 QDLService2kHP - ok
16:41:48.0000 4228 ql2300 - ok
16:41:48.0005 4228 ql40xx - ok
16:41:48.0010 4228 QWAVE - ok
16:41:48.0015 4228 QWAVEdrv - ok
16:41:48.0020 4228 RasAcd - ok
16:41:48.0025 4228 RasAgileVpn - ok
16:41:48.0030 4228 RasAuto - ok
16:41:48.0034 4228 Rasl2tp - ok
16:41:48.0041 4228 RasMan - ok
16:41:48.0045 4228 RasPppoe - ok
16:41:48.0051 4228 RasSstp - ok
16:41:48.0055 4228 rdbss - ok
16:41:48.0060 4228 rdpbus - ok
16:41:48.0065 4228 RDPCDD - ok
16:41:48.0071 4228 RDPDR - ok
16:41:48.0076 4228 RDPENCDD - ok
16:41:48.0083 4228 RDPREFMP - ok
16:41:48.0087 4228 RDPWD - ok
16:41:48.0092 4228 rdyboost - ok
16:41:48.0097 4228 RemoteAccess - ok
16:41:48.0102 4228 RemoteRegistry - ok
16:41:48.0106 4228 RFCOMM - ok
16:41:48.0111 4228 rimmptsk - ok
16:41:48.0115 4228 rimspci - ok
16:41:48.0120 4228 rimsptsk - ok
16:41:48.0125 4228 risdpcie - ok
16:41:48.0129 4228 rismc32 - ok
16:41:48.0133 4228 rismxdp - ok
16:41:48.0138 4228 rixdpcie - ok
16:41:48.0143 4228 RpcEptMapper - ok
16:41:48.0148 4228 RpcLocator - ok
16:41:48.0154 4228 RpcSs - ok
16:41:48.0159 4228 rspndr - ok
16:41:48.0164 4228 s3cap - ok
16:41:48.0170 4228 SamSs - ok
16:41:48.0174 4228 sbp2port - ok
16:41:48.0179 4228 SBSDWSCService - ok
16:41:48.0184 4228 SCardSvr - ok
16:41:48.0189 4228 SCDEmu - ok
16:41:48.0193 4228 scfilter - ok
16:41:48.0199 4228 Schedule - ok
16:41:48.0205 4228 SCPolicySvc - ok
16:41:48.0210 4228 sdbus - ok
16:41:48.0215 4228 SDRSVC - ok
16:41:48.0221 4228 SeaPort - ok
16:41:48.0226 4228 secdrv - ok
16:41:48.0230 4228 seclogon - ok
16:41:48.0235 4228 SENS - ok
16:41:48.0240 4228 SensrSvc - ok
16:41:48.0244 4228 Serenum - ok
16:41:48.0249 4228 Serial - ok
16:41:48.0255 4228 sermouse - ok
16:41:48.0268 4228 SessionEnv - ok
16:41:48.0274 4228 sffdisk - ok
16:41:48.0278 4228 sffp_mmc - ok
16:41:48.0283 4228 sffp_sd - ok
16:41:48.0288 4228 sfloppy - ok
16:41:48.0293 4228 SharedAccess - ok
16:41:48.0298 4228 ShellHWDetection - ok
16:41:48.0303 4228 silabenm - ok
16:41:48.0307 4228 silabser - ok
16:41:48.0312 4228 sisagp - ok
16:41:48.0318 4228 SiSRaid2 - ok
16:41:48.0322 4228 SiSRaid4 - ok
16:41:48.0327 4228 SkypeUpdate - ok
16:41:48.0332 4228 Smb - ok
16:41:48.0337 4228 SMManager - ok
16:41:48.0348 4228 SNMPTRAP - ok
16:41:48.0353 4228 SNP2UVC - ok
16:41:48.0358 4228 spldr - ok
16:41:48.0364 4228 Spooler - ok
16:41:48.0369 4228 sppsvc - ok
16:41:48.0374 4228 sppuinotify - ok
16:41:48.0379 4228 sptd - ok
16:41:48.0384 4228 srv - ok
16:41:48.0389 4228 srv2 - ok
16:41:48.0395 4228 srvnet - ok
16:41:48.0400 4228 SSDPSRV - ok
16:41:48.0406 4228 SstpSvc - ok
16:41:48.0412 4228 ssudmdm - ok
16:41:48.0417 4228 ssudobex - ok
16:41:48.0422 4228 STacSV - ok
16:41:48.0428 4228 Steam Client Service - ok
16:41:48.0433 4228 stexstor - ok
16:41:48.0439 4228 STHDA - ok
16:41:48.0445 4228 StiSvc - ok
16:41:48.0451 4228 storflt - ok
16:41:48.0456 4228 StorSvc - ok
16:41:48.0460 4228 storvsc - ok
16:41:48.0467 4228 swenum - ok
16:41:48.0472 4228 swprv - ok
16:41:48.0478 4228 SynTP - ok
16:41:48.0483 4228 SysMain - ok
16:41:48.0488 4228 TabletInputService - ok
16:41:48.0493 4228 TapiSrv - ok
16:41:48.0499 4228 TBS - ok
16:41:48.0504 4228 Tcpip - ok
16:41:48.0509 4228 TCPIP6 - ok
16:41:48.0518 4228 tcpipreg - ok
16:41:48.0525 4228 TDPIPE - ok
16:41:48.0531 4228 TDTCP - ok
16:41:48.0537 4228 tdx - ok
16:41:48.0542 4228 TermDD - ok
16:41:48.0548 4228 TermService - ok
16:41:48.0553 4228 Themes - ok
16:41:48.0558 4228 THREADORDER - ok
16:41:48.0563 4228 TPM - ok
16:41:48.0569 4228 TrkWks - ok
16:41:48.0575 4228 TrustedInstaller - ok
16:41:48.0584 4228 tssecsrv - ok
16:41:48.0589 4228 TsUsbFlt - ok
16:41:48.0595 4228 tunnel - ok
16:41:48.0601 4228 UAExt - ok
16:41:48.0606 4228 uagp35 - ok
16:41:48.0612 4228 udfs - ok
16:41:48.0625 4228 UI0Detect - ok
16:41:48.0630 4228 uliagpkx - ok
16:41:48.0635 4228 umbus - ok
16:41:48.0640 4228 UmPass - ok
16:41:48.0645 4228 UmRdpService - ok
16:41:48.0650 4228 UnlockerDriver5 - ok
16:41:48.0656 4228 UNS - ok
16:41:48.0661 4228 upnphost - ok
16:41:48.0666 4228 usbaudio - ok
16:41:48.0672 4228 usbccgp - ok
16:41:48.0677 4228 usbcir - ok
16:41:48.0683 4228 usbehci - ok
16:41:48.0688 4228 usbhub - ok
16:41:48.0694 4228 USBMULCD - ok
16:41:48.0699 4228 usbohci - ok
16:41:48.0704 4228 usbprint - ok
16:41:48.0710 4228 usbscan - ok
16:41:48.0716 4228 USBSTOR - ok
16:41:48.0722 4228 usbuhci - ok
16:41:48.0728 4228 usbvideo - ok
16:41:48.0733 4228 usb_rndisx - ok
16:41:48.0738 4228 UxSms - ok
16:41:48.0744 4228 VaultSvc - ok
16:41:48.0749 4228 vdrvroot - ok
16:41:48.0755 4228 vds - ok
16:41:48.0761 4228 vga - ok
16:41:48.0768 4228 VgaSave - ok
16:41:48.0774 4228 vhdmp - ok
16:41:48.0781 4228 viaagp - ok
16:41:48.0787 4228 ViaC7 - ok
16:41:48.0793 4228 viaide - ok
16:41:48.0799 4228 vmbus - ok
16:41:48.0805 4228 VMBusHID - ok
16:41:48.0811 4228 volmgr - ok
16:41:48.0817 4228 volmgrx - ok
16:41:48.0823 4228 volsnap - ok
16:41:48.0830 4228 vsmraid - ok
16:41:48.0836 4228 VSS - ok
16:41:48.0841 4228 vwifibus - ok
16:41:48.0847 4228 vwififlt - ok
16:41:48.0853 4228 vwifimp - ok
16:41:48.0858 4228 W32Time - ok
16:41:48.0869 4228 WacomPen - ok
16:41:48.0875 4228 WANARP - ok
16:41:48.0881 4228 Wanarpv6 - ok
16:41:48.0886 4228 WatAdminSvc - ok
16:41:48.0893 4228 wbengine - ok
16:41:48.0900 4228 WbioSrvc - ok
16:41:48.0907 4228 wcncsvc - ok
16:41:48.0914 4228 WcsPlugInService - ok
16:41:48.0922 4228 Wd - ok
16:41:48.0929 4228 Wdf01000 - ok
16:41:48.0937 4228 WdiServiceHost - ok
16:41:48.0944 4228 WdiSystemHost - ok
16:41:48.0950 4228 WebClient - ok
16:41:48.0955 4228 Wecsvc - ok
16:41:48.0961 4228 wercplsupport - ok
16:41:48.0967 4228 WerSvc - ok
16:41:48.0973 4228 WfpLwf - ok
16:41:48.0978 4228 WIMMount - ok
16:41:48.0984 4228 WinDefend - ok
16:41:48.0998 4228 WinHttpAutoProxySvc - ok
16:41:49.0004 4228 Winmgmt - ok
16:41:49.0011 4228 WinRing0_1_2_0 - ok
16:41:49.0019 4228 WinRM - ok
16:41:49.0032 4228 WinUSB - ok
16:41:49.0039 4228 Wlansvc - ok
16:41:49.0045 4228 wlidsvc - ok
16:41:49.0052 4228 WmiAcpi - ok
16:41:49.0064 4228 wmiApSrv - ok
16:41:49.0069 4228 WMPNetworkSvc - ok
16:41:49.0074 4228 WPCSvc - ok
16:41:49.0080 4228 WPDBusEnum - ok
16:41:49.0085 4228 ws2ifsl - ok
16:41:49.0093 4228 wscsvc - ok
16:41:49.0098 4228 WSearch - ok
16:41:49.0107 4228 wuauserv - ok
16:41:49.0113 4228 WudfPf - ok
16:41:49.0119 4228 WUDFRd - ok
16:41:49.0125 4228 wudfsvc - ok
16:41:49.0132 4228 WwanSvc - ok
16:41:49.0162 4228 ================ Scan global ===============================
16:41:49.0164 4228 [Global] - ok
16:41:49.0165 4228 ================ Scan MBR ==================================
16:41:49.0167 4228 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:41:49.0336 4228 \Device\Harddisk0\DR0 - ok
16:41:49.0360 4228 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:41:49.0501 4228 \Device\Harddisk1\DR1 - ok
16:41:49.0501 4228 ================ Scan VBR ==================================
16:41:49.0508 4228 [ 15FF40AEFDD08A67437E5A1FB5796D38 ] \Device\Harddisk1\DR1\Partition1
16:41:49.0510 4228 \Device\Harddisk1\DR1\Partition1 - ok
16:41:49.0510 4228 ============================================================
16:41:49.0510 4228 Scan finished
16:41:49.0510 4228 ============================================================
16:41:49.0515 0948 Detected object count: 0
16:41:49.0515 0948 Actual detected object count: 0
16:41:58.0664 1404 ============================================================
16:41:58.0664 1404 Scan started
16:41:58.0664 1404 Mode: Manual; TDLFS;
16:41:58.0664 1404 ============================================================
16:41:58.0665 1404 ================ Scan system memory ========================
16:41:58.0665 1404 System memory - ok
16:41:58.0665 1404 ================ Scan services =============================
16:41:58.0675 1404 1394ohci - ok
16:41:58.0677 1404 ac.sharedstore - ok
16:41:58.0681 1404 Accelerometer - ok
16:41:58.0684 1404 ACPI - ok
16:41:58.0687 1404 AcpiPmi - ok
16:41:58.0690 1404 adp94xx - ok
16:41:58.0693 1404 adpahci - ok
16:41:58.0696 1404 adpu320 - ok
16:41:58.0700 1404 AeLookupSvc - ok
16:41:58.0704 1404 AESTFilters - ok
16:41:58.0706 1404 AFD - ok
16:41:58.0711 1404 AgereModemAudio - ok
16:41:58.0714 1404 AgereSoftModem - ok
16:41:58.0717 1404 agp440 - ok
16:41:58.0720 1404 aic78xx - ok
16:41:58.0723 1404 ALG - ok
16:41:58.0726 1404 aliide - ok
16:41:58.0729 1404 amdagp - ok
16:41:58.0732 1404 amdide - ok
16:41:58.0735 1404 AmdK8 - ok
16:41:58.0738 1404 AmdLLD - ok
16:41:58.0741 1404 AmdPPM - ok
16:41:58.0744 1404 amdsata - ok
16:41:58.0747 1404 amdsbs - ok
16:41:58.0750 1404 amdxata - ok
16:41:58.0753 1404 AppID - ok
16:41:58.0757 1404 AppIDSvc - ok
16:41:58.0760 1404 Appinfo - ok
16:41:58.0763 1404 AppMgmt - ok
16:41:58.0766 1404 arc - ok
16:41:58.0770 1404 arcsas - ok
16:41:58.0776 1404 aspnet_state - ok
16:41:58.0780 1404 AsyncMac - ok
16:41:58.0783 1404 atapi - ok
16:41:58.0786 1404 AudioEndpointBuilder - ok
16:41:58.0788 1404 Audiosrv - ok
16:41:58.0791 1404 AxInstSV - ok
16:41:58.0794 1404 b06bdrv - ok
16:41:58.0797 1404 b57nd60x - ok
16:41:58.0801 1404 BDESVC - ok
16:41:58.0804 1404 Beep - ok
16:41:58.0807 1404 BFE - ok
16:41:58.0810 1404 BITS - ok
16:41:58.0813 1404 blbdrive - ok
16:41:58.0817 1404 bowser - ok
16:41:58.0820 1404 BrFiltLo - ok
16:41:58.0823 1404 BrFiltUp - ok
16:41:58.0826 1404 Bridge - ok
16:41:58.0829 1404 BridgeMP - ok
16:41:58.0832 1404 Browser - ok
16:41:58.0835 1404 Brserid - ok
16:41:58.0838 1404 BrSerWdm - ok
16:41:58.0841 1404 BrUsbMdm - ok
16:41:58.0843 1404 BrUsbSer - ok
16:41:58.0846 1404 BthEnum - ok
16:41:58.0850 1404 BTHMODEM - ok
16:41:58.0852 1404 BthPan - ok
16:41:58.0855 1404 BTHPORT - ok
16:41:58.0858 1404 bthserv - ok
16:41:58.0861 1404 BTHUSB - ok
16:41:58.0864 1404 btusbflt - ok
16:41:58.0867 1404 btwampfl - ok
16:41:58.0870 1404 btwaudio - ok
16:41:58.0873 1404 btwavdt - ok
16:41:58.0876 1404 btwl2cap - ok
16:41:58.0879 1404 btwrchid - ok
16:41:58.0882 1404 cdfs - ok
16:41:58.0885 1404 cdrom - ok
16:41:58.0888 1404 CertPropSvc - ok
16:41:58.0891 1404 circlass - ok
16:41:58.0894 1404 CLFS - ok
16:41:58.0896 1404 clr_optimization_v2.0.50727_32 - ok
16:41:58.0900 1404 clr_optimization_v4.0.30319_32 - ok
16:41:58.0903 1404 CmBatt - ok
16:41:58.0906 1404 cmdAgent - ok
16:41:58.0909 1404 cmdGuard - ok
16:41:58.0912 1404 cmdHlp - ok
16:41:58.0916 1404 cmdide - ok
16:41:58.0919 1404 CNG - ok
16:41:58.0922 1404 Compbatt - ok
16:41:58.0926 1404 CompositeBus - ok
16:41:58.0930 1404 COMSysApp - ok
16:41:58.0935 1404 cpudrv - ok
16:41:58.0939 1404 cpuz135 - ok
16:41:58.0943 1404 crcdisk - ok
16:41:58.0949 1404 CryptSvc - ok
16:41:58.0953 1404 CSC - ok
16:41:58.0956 1404 CscService - ok
16:41:58.0962 1404 DcomLaunch - ok
16:41:58.0966 1404 defragsvc - ok
16:41:58.0970 1404 DfsC - ok
16:41:58.0973 1404 dgderdrv - ok
16:41:58.0977 1404 dg_ssudbus - ok
16:41:58.0981 1404 Dhcp - ok
16:41:58.0984 1404 discache - ok
16:41:58.0988 1404 Disk - ok
16:41:58.0991 1404 Dnscache - ok
16:41:58.0994 1404 dot3svc - ok
16:41:58.0998 1404 DPS - ok
16:41:59.0001 1404 drmkaud - ok
16:41:59.0004 1404 DXGKrnl - ok
16:41:59.0008 1404 e1kexpress - ok
16:41:59.0012 1404 EagleXNt - ok
16:41:59.0016 1404 EapHost - ok
16:41:59.0019 1404 ebdrv - ok
16:41:59.0023 1404 EFS - ok
16:41:59.0026 1404 ehRecvr - ok
16:41:59.0029 1404 ehSched - ok
16:41:59.0033 1404 elxstor - ok
16:41:59.0036 1404 epmntdrv - ok
16:41:59.0040 1404 ErrDev - ok
16:41:59.0044 1404 EuGdiDrv - ok
16:41:59.0050 1404 EventSystem - ok
16:41:59.0053 1404 exfat - ok
16:41:59.0057 1404 fastfat - ok
16:41:59.0061 1404 Fax - ok
16:41:59.0064 1404 fdc - ok
16:41:59.0068 1404 fdPHost - ok
16:41:59.0072 1404 FDResPub - ok
16:41:59.0075 1404 FileInfo - ok
16:41:59.0078 1404 Filetrace - ok
16:41:59.0082 1404 flpydisk - ok
16:41:59.0085 1404 FltMgr - ok
16:41:59.0089 1404 FontCache - ok
16:41:59.0092 1404 FontCache3.0.0.0 - ok
16:41:59.0096 1404 FsDepends - ok
16:41:59.0099 1404 Fs_Rec - ok
16:41:59.0103 1404 fvevol - ok
16:41:59.0106 1404 gagp30kx - ok
16:41:59.0110 1404 GemCCID - ok
16:41:59.0114 1404 gpsvc - ok
16:41:59.0118 1404 gupdate - ok
16:41:59.0121 1404 gupdatem - ok
16:41:59.0125 1404 gusvc - ok
16:41:59.0128 1404 hcw85cir - ok
16:41:59.0132 1404 HdAudAddService - ok
16:41:59.0135 1404 HDAudBus - ok
16:41:59.0139 1404 HECI - ok
16:41:59.0143 1404 HidBatt - ok
16:41:59.0147 1404 HidBth - ok
16:41:59.0151 1404 HidIr - ok
16:41:59.0155 1404 hidserv - ok
16:41:59.0160 1404 HidUsb - ok
16:41:59.0164 1404 hkmsvc - ok
16:41:59.0168 1404 HomeGroupListener - ok
16:41:59.0171 1404 HomeGroupProvider - ok
16:41:59.0175 1404 HP Support Assistant Service - ok
16:41:59.0179 1404 HP Wireless Assistant Service - ok
16:41:59.0182 1404 hpdskflt - ok
16:41:59.0186 1404 HpqKbFiltr - ok
16:41:59.0189 1404 hpqwmiex - ok
16:41:59.0193 1404 HpSAMD - ok
16:41:59.0197 1404 hpsrv - ok
16:41:59.0202 1404 HTTP - ok
16:41:59.0206 1404 hwpolicy - ok
16:41:59.0209 1404 i8042prt - ok
16:41:59.0213 1404 IAANTMON - ok
16:41:59.0217 1404 iaStor - ok
16:41:59.0220 1404 iaStorV - ok
16:41:59.0224 1404 idsvc - ok
16:41:59.0228 1404 igfx - ok
16:41:59.0232 1404 iirsp - ok
16:41:59.0236 1404 IKEEXT - ok
16:41:59.0240 1404 Impcd - ok
16:41:59.0246 1404 inspect - ok
16:41:59.0250 1404 intelide - ok
16:41:59.0255 1404 intelppm - ok
16:41:59.0260 1404 IPBusEnum - ok
16:41:59.0265 1404 IpFilterDriver - ok
16:41:59.0270 1404 iphlpsvc - ok
16:41:59.0274 1404 IPMIDRV - ok
16:41:59.0278 1404 IPNAT - ok
16:41:59.0283 1404 IRENUM - ok
16:41:59.0287 1404 isapnp - ok
16:41:59.0291 1404 iScsiPrt - ok
16:41:59.0295 1404 kbdclass - ok
16:41:59.0299 1404 kbdhid - ok
16:41:59.0303 1404 KeyIso - ok
16:41:59.0307 1404 KMService - ok
16:41:59.0311 1404 KMWDFILTERx86 - ok
16:41:59.0316 1404 KSecDD - ok
16:41:59.0320 1404 KSecPkg - ok
16:41:59.0324 1404 KtmRm - ok
16:41:59.0328 1404 LanmanServer - ok
16:41:59.0332 1404 LanmanWorkstation - ok
16:41:59.0338 1404 lltdio - ok
16:41:59.0342 1404 lltdsvc - ok
16:41:59.0346 1404 lmhosts - ok
16:41:59.0350 1404 LMS - ok
16:41:59.0356 1404 LSI_FC - ok
16:41:59.0361 1404 LSI_SAS - ok
16:41:59.0365 1404 LSI_SAS2 - ok
16:41:59.0370 1404 LSI_SCSI - ok
16:41:59.0374 1404 luafv - ok
16:41:59.0378 1404 MBAMSwissArmy - ok
16:41:59.0383 1404 Mcx2Svc - ok
16:41:59.0388 1404 MDM - ok
16:41:59.0393 1404 megasas - ok
16:41:59.0397 1404 MegaSR - ok
16:41:59.0401 1404 Microsoft SharePoint Workspace Audit Service - ok
16:41:59.0404 1404 MMCSS - ok
16:41:59.0409 1404 Modem - ok
16:41:59.0413 1404 monitor - ok
16:41:59.0417 1404 mouclass - ok
16:41:59.0421 1404 mouhid - ok
16:41:59.0425 1404 mountmgr - ok
16:41:59.0429 1404 mpio - ok
16:41:59.0434 1404 mpsdrv - ok
16:41:59.0438 1404 MpsSvc - ok
16:41:59.0442 1404 MRxDAV - ok
16:41:59.0446 1404 mrxsmb - ok
16:41:59.0450 1404 mrxsmb10 - ok
16:41:59.0455 1404 mrxsmb20 - ok
16:41:59.0459 1404 msahci - ok
16:41:59.0463 1404 msdsm - ok
16:41:59.0467 1404 MSDTC - ok
16:41:59.0475 1404 Msfs - ok
16:41:59.0479 1404 mshidkmdf - ok
16:41:59.0483 1404 msisadrv - ok
16:41:59.0487 1404 MSiSCSI - ok
16:41:59.0491 1404 msiserver - ok
16:41:59.0496 1404 MSKSSRV - ok
16:41:59.0500 1404 MSPCLOCK - ok
16:41:59.0504 1404 MSPQM - ok
16:41:59.0508 1404 MsRPC - ok
16:41:59.0515 1404 mssmbios - ok
16:41:59.0520 1404 MSTEE - ok
16:41:59.0524 1404 MTConfig - ok
16:41:59.0528 1404 Mup - ok
16:41:59.0532 1404 napagent - ok
16:41:59.0537 1404 NativeWifiP - ok
16:41:59.0541 1404 NDIS - ok
16:41:59.0545 1404 NdisCap - ok
16:41:59.0549 1404 NdisTapi - ok
16:41:59.0553 1404 Ndisuio - ok
16:41:59.0558 1404 NdisWan - ok
16:41:59.0563 1404 NDProxy - ok
16:41:59.0567 1404 NetBIOS - ok
16:41:59.0572 1404 NetBT - ok
16:41:59.0577 1404 Netlogon - ok
16:41:59.0581 1404 Netman - ok
16:41:59.0586 1404 NetMsmqActivator - ok
16:41:59.0590 1404 NetPipeActivator - ok
16:41:59.0594 1404 netprofm - ok
16:41:59.0599 1404 NetTcpActivator - ok
16:41:59.0604 1404 NetTcpPortSharing - ok
16:41:59.0609 1404 NETw5s32 - ok
16:41:59.0613 1404 NETwNs32 - ok
16:41:59.0617 1404 nfrd960 - ok
16:41:59.0622 1404 NlaSvc - ok
16:41:59.0627 1404 Npfs - ok
16:41:59.0631 1404 npggsvc - ok
16:41:59.0635 1404 nsi - ok
16:41:59.0640 1404 nsiproxy - ok
16:41:59.0645 1404 NSNDIS5 - ok
16:41:59.0652 1404 Ntfs - ok
16:41:59.0656 1404 Null - ok
16:41:59.0661 1404 nusb3hub - ok
16:41:59.0665 1404 nusb3xhc - ok
16:41:59.0670 1404 NVHDA - ok
16:41:59.0674 1404 nvlddmkm - ok
16:41:59.0679 1404 nvraid - ok
16:41:59.0684 1404 nvstor - ok
16:41:59.0689 1404 nvsvc - ok
16:41:59.0694 1404 nv_agp - ok
16:41:59.0699 1404 odserv - ok
16:41:59.0703 1404 ohci1394 - ok
16:41:59.0708 1404 ose - ok
16:41:59.0713 1404 osppsvc - ok
16:41:59.0720 1404 p2pimsvc - ok
16:41:59.0726 1404 p2psvc - ok
16:41:59.0730 1404 Parport - ok
16:41:59.0735 1404 partmgr - ok
16:41:59.0740 1404 Parvdm - ok
16:41:59.0745 1404 PcaSvc - ok
16:41:59.0749 1404 pccsmcfd - ok
16:41:59.0754 1404 pci - ok
16:41:59.0759 1404 pciide - ok
16:41:59.0763 1404 pcmcia - ok
16:41:59.0768 1404 pcw - ok
16:41:59.0773 1404 PEAUTH - ok
16:41:59.0777 1404 PeerDistSvc - ok
16:41:59.0796 1404 pla - ok
16:41:59.0802 1404 PlugPlay - ok
16:41:59.0806 1404 PnkBstrA - ok
16:41:59.0811 1404 PNRPAutoReg - ok
16:41:59.0816 1404 PNRPsvc - ok
16:41:59.0821 1404 PolicyAgent - ok
16:41:59.0829 1404 Power - ok
16:41:59.0834 1404 PptpMiniport - ok
16:41:59.0838 1404 Processor - ok
16:41:59.0843 1404 ProfSvc - ok
16:41:59.0848 1404 ProtectedStorage - ok
16:41:59.0852 1404 Psched - ok
16:41:59.0857 1404 qcfilterhp2k - ok
16:41:59.0862 1404 qcombushp - ok
16:41:59.0867 1404 qcusbnethp2k - ok
16:41:59.0871 1404 qcusbserhp2k - ok
16:41:59.0876 1404 QDLService2kHP - ok
16:41:59.0881 1404 ql2300 - ok
16:41:59.0886 1404 ql40xx - ok
16:41:59.0891 1404 QWAVE - ok
16:41:59.0896 1404 QWAVEdrv - ok
16:41:59.0900 1404 RasAcd - ok
16:41:59.0906 1404 RasAgileVpn - ok
16:41:59.0910 1404 RasAuto - ok
16:41:59.0915 1404 Rasl2tp - ok
16:41:59.0920 1404 RasMan - ok
16:41:59.0925 1404 RasPppoe - ok
16:41:59.0930 1404 RasSstp - ok
16:41:59.0936 1404 rdbss - ok
16:41:59.0941 1404 rdpbus - ok
16:41:59.0946 1404 RDPCDD - ok
16:41:59.0954 1404 RDPDR - ok
16:41:59.0959 1404 RDPENCDD - ok
16:41:59.0966 1404 RDPREFMP - ok
16:41:59.0971 1404 RDPWD - ok
16:41:59.0976 1404 rdyboost - ok
16:41:59.0981 1404 RemoteAccess - ok
16:41:59.0986 1404 RemoteRegistry - ok
16:41:59.0990 1404 RFCOMM - ok
16:41:59.0996 1404 rimmptsk - ok
16:42:00.0001 1404 rimspci - ok
16:42:00.0005 1404 rimsptsk - ok
16:42:00.0011 1404 risdpcie - ok
16:42:00.0016 1404 rismc32 - ok
16:42:00.0021 1404 rismxdp - ok
16:42:00.0026 1404 rixdpcie - ok
16:42:00.0031 1404 RpcEptMapper - ok
16:42:00.0036 1404 RpcLocator - ok
16:42:00.0041 1404 RpcSs - ok
16:42:00.0047 1404 rspndr - ok
16:42:00.0051 1404 s3cap - ok
16:42:00.0057 1404 SamSs - ok
16:42:00.0062 1404 sbp2port - ok
16:42:00.0067 1404 SBSDWSCService - ok
16:42:00.0073 1404 SCardSvr - ok
16:42:00.0079 1404 SCDEmu - ok
16:42:00.0084 1404 scfilter - ok
16:42:00.0089 1404 Schedule - ok
16:42:00.0095 1404 SCPolicySvc - ok
16:42:00.0099 1404 sdbus - ok
16:42:00.0105 1404 SDRSVC - ok
16:42:00.0110 1404 SeaPort - ok
16:42:00.0116 1404 secdrv - ok
16:42:00.0121 1404 seclogon - ok
16:42:00.0127 1404 SENS - ok
16:42:00.0131 1404 SensrSvc - ok
16:42:00.0137 1404 Serenum - ok
16:42:00.0142 1404 Serial - ok
16:42:00.0147 1404 sermouse - ok
16:42:00.0162 1404 SessionEnv - ok
16:42:00.0167 1404 sffdisk - ok
16:42:00.0173 1404 sffp_mmc - ok
16:42:00.0178 1404 sffp_sd - ok
16:42:00.0183 1404 sfloppy - ok
16:42:00.0188 1404 SharedAccess - ok
16:42:00.0194 1404 ShellHWDetection - ok
16:42:00.0199 1404 silabenm - ok
16:42:00.0205 1404 silabser - ok
16:42:00.0210 1404 sisagp - ok
16:42:00.0215 1404 SiSRaid2 - ok
16:42:00.0220 1404 SiSRaid4 - ok
16:42:00.0226 1404 SkypeUpdate - ok
16:42:00.0231 1404 Smb - ok
16:42:00.0237 1404 SMManager - ok
16:42:00.0251 1404 SNMPTRAP - ok
16:42:00.0256 1404 SNP2UVC - ok
16:42:00.0262 1404 spldr - ok
16:42:00.0267 1404 Spooler - ok
16:42:00.0272 1404 sppsvc - ok
16:42:00.0278 1404 sppuinotify - ok
16:42:00.0283 1404 sptd - ok
16:42:00.0289 1404 srv - ok
16:42:00.0294 1404 srv2 - ok
16:42:00.0300 1404 srvnet - ok
16:42:00.0306 1404 SSDPSRV - ok
16:42:00.0312 1404 SstpSvc - ok
16:42:00.0317 1404 ssudmdm - ok
16:42:00.0322 1404 ssudobex - ok
16:42:00.0327 1404 STacSV - ok
16:42:00.0332 1404 Steam Client Service - ok
16:42:00.0339 1404 stexstor - ok
16:42:00.0345 1404 STHDA - ok
16:42:00.0352 1404 StiSvc - ok
16:42:00.0358 1404 storflt - ok
16:42:00.0366 1404 StorSvc - ok
16:42:00.0373 1404 storvsc - ok
16:42:00.0378 1404 swenum - ok
16:42:00.0384 1404 swprv - ok
16:42:00.0389 1404 SynTP - ok
16:42:00.0395 1404 SysMain - ok
16:42:00.0401 1404 TabletInputService - ok
16:42:00.0407 1404 TapiSrv - ok
16:42:00.0413 1404 TBS - ok
16:42:00.0419 1404 Tcpip - ok
16:42:00.0424 1404 TCPIP6 - ok
16:42:00.0432 1404 tcpipreg - ok
16:42:00.0441 1404 TDPIPE - ok
16:42:00.0447 1404 TDTCP - ok
16:42:00.0453 1404 tdx - ok
16:42:00.0459 1404 TermDD - ok
16:42:00.0465 1404 TermService - ok
16:42:00.0472 1404 Themes - ok
16:42:00.0477 1404 THREADORDER - ok
16:42:00.0483 1404 TPM - ok
16:42:00.0489 1404 TrkWks - ok
16:42:00.0495 1404 TrustedInstaller - ok
16:42:00.0504 1404 tssecsrv - ok
16:42:00.0509 1404 TsUsbFlt - ok
16:42:00.0515 1404 tunnel - ok
16:42:00.0520 1404 UAExt - ok
16:42:00.0526 1404 uagp35 - ok
16:42:00.0532 1404 udfs - ok
16:42:00.0546 1404 UI0Detect - ok
16:42:00.0552 1404 uliagpkx - ok
16:42:00.0558 1404 umbus - ok
16:42:00.0563 1404 UmPass - ok
16:42:00.0568 1404 UmRdpService - ok
16:42:00.0574 1404 UnlockerDriver5 - ok
16:42:00.0580 1404 UNS - ok
16:42:00.0587 1404 upnphost - ok
16:42:00.0593 1404 usbaudio - ok
16:42:00.0598 1404 usbccgp - ok
16:42:00.0603 1404 usbcir - ok
16:42:00.0608 1404 usbehci - ok
16:42:00.0613 1404 usbhub - ok
16:42:00.0619 1404 USBMULCD - ok
16:42:00.0625 1404 usbohci - ok
16:42:00.0630 1404 usbprint - ok
16:42:00.0636 1404 usbscan - ok
16:42:00.0641 1404 USBSTOR - ok
16:42:00.0647 1404 usbuhci - ok
16:42:00.0654 1404 usbvideo - ok
16:42:00.0661 1404 usb_rndisx - ok
16:42:00.0666 1404 UxSms - ok
16:42:00.0671 1404 VaultSvc - ok
16:42:00.0678 1404 vdrvroot - ok
16:42:00.0683 1404 vds - ok
16:42:00.0689 1404 vga - ok
16:42:00.0695 1404 VgaSave - ok
16:42:00.0700 1404 vhdmp - ok
16:42:00.0706 1404 viaagp - ok
16:42:00.0711 1404 ViaC7 - ok
16:42:00.0717 1404 viaide - ok
16:42:00.0723 1404 vmbus - ok
16:42:00.0728 1404 VMBusHID - ok
16:42:00.0734 1404 volmgr - ok
16:42:00.0740 1404 volmgrx - ok
16:42:00.0746 1404 volsnap - ok
16:42:00.0751 1404 vsmraid - ok
16:42:00.0757 1404 VSS - ok
16:42:00.0763 1404 vwifibus - ok
16:42:00.0769 1404 vwififlt - ok
16:42:00.0775 1404 vwifimp - ok
16:42:00.0781 1404 W32Time - ok
16:42:00.0790 1404 WacomPen - ok
16:42:00.0796 1404 WANARP - ok
16:42:00.0801 1404 Wanarpv6 - ok
16:42:00.0807 1404 WatAdminSvc - ok
16:42:00.0813 1404 wbengine - ok
16:42:00.0818 1404 WbioSrvc - ok
16:42:00.0824 1404 wcncsvc - ok
16:42:00.0829 1404 WcsPlugInService - ok
16:42:00.0835 1404 Wd - ok
16:42:00.0841 1404 Wdf01000 - ok
16:42:00.0847 1404 WdiServiceHost - ok
16:42:00.0853 1404 WdiSystemHost - ok
16:42:00.0859 1404 WebClient - ok
16:42:00.0864 1404 Wecsvc - ok
16:42:00.0871 1404 wercplsupport - ok
16:42:00.0877 1404 WerSvc - ok
16:42:00.0884 1404 WfpLwf - ok
16:42:00.0890 1404 WIMMount - ok
16:42:00.0896 1404 WinDefend - ok
16:42:00.0910 1404 WinHttpAutoProxySvc - ok
16:42:00.0915 1404 Winmgmt - ok
16:42:00.0922 1404 WinRing0_1_2_0 - ok
16:42:00.0927 1404 WinRM - ok
16:42:00.0943 1404 WinUSB - ok
16:42:00.0950 1404 Wlansvc - ok
16:42:00.0955 1404 wlidsvc - ok
16:42:00.0962 1404 WmiAcpi - ok
16:42:00.0972 1404 wmiApSrv - ok
16:42:00.0978 1404 WMPNetworkSvc - ok
16:42:00.0985 1404 WPCSvc - ok
16:42:00.0991 1404 WPDBusEnum - ok
16:42:00.0998 1404 ws2ifsl - ok
16:42:01.0005 1404 wscsvc - ok
16:42:01.0011 1404 WSearch - ok
16:42:01.0021 1404 wuauserv - ok
16:42:01.0027 1404 WudfPf - ok
16:42:01.0033 1404 WUDFRd - ok
16:42:01.0039 1404 wudfsvc - ok
16:42:01.0045 1404 WwanSvc - ok
16:42:01.0076 1404 ================ Scan global ===============================
16:42:01.0077 1404 [Global] - ok
16:42:01.0079 1404 ================ Scan MBR ==================================
16:42:01.0082 1404 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:42:01.0203 1404 \Device\Harddisk0\DR0 - ok
16:42:01.0225 1404 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:42:01.0364 1404 \Device\Harddisk1\DR1 - ok
16:42:01.0365 1404 ================ Scan VBR ==================================
16:42:01.0372 1404 [ 15FF40AEFDD08A67437E5A1FB5796D38 ] \Device\Harddisk1\DR1\Partition1
16:42:01.0374 1404 \Device\Harddisk1\DR1\Partition1 - ok
16:42:01.0374 1404 ============================================================
16:42:01.0374 1404 Scan finished
16:42:01.0374 1404 ============================================================
16:42:01.0380 8160 Detected object count: 0
16:42:01.0380 8160 Actual detected object count: 0



ASWMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-25 16:43:29
-----------------------------
16:43:29.934 OS Version: Windows 6.1.7601 Service Pack 1
16:43:29.934 Number of processors: 4 586 0x2502
16:43:29.936 ComputerName: GMKUSELJ-HP UserName: Gm Kuselj
16:43:48.935 Initialize success
16:45:39.120 AVAST engine defs: 12092500
16:49:51.966 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:49:51.968 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
16:49:51.971 Disk 1 \Device\Harddisk1\DR1 -> \Device\000000d2
16:49:51.973 Disk 1 Vendor: RICOH 01 Size: 30955MB BusType: 0
16:49:51.986 Disk 0 MBR read successfully
16:49:51.989 Disk 0 MBR scan
16:49:52.034 Disk 0 Windows VISTA default MBR code
16:49:52.038 Disk 0 Partition 1 00 42 SFS 0 MB offset 63
16:49:52.063 Disk 0 Partition 2 80 (A) 42 SFS NTFS 300 MB offset 2048
16:49:52.075 Disk 0 Partition 3 00 42 SFS NTFS 187533 MB offset 616448
16:49:52.104 Disk 0 Partition 4 00 42 SFS NTFS 117410 MB offset 384684032
16:49:52.111 Disk 0 scanning sectors +625140400
16:49:52.133 Disk 0 scanning C:\windows\system32\drivers
16:49:52.138 Service scanning
16:50:10.459 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
16:50:16.768 Modules scanning
16:50:18.414 Disk 0 trace - called modules:
16:50:18.686 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys spfy.sys >>UNKNOWN [0x86953938]<<
16:50:18.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x882c67d0]
16:50:19.092 3 CLASSPNP.SYS[8c9bf59e] -> nt!IofCallDriver -> [0x882c51b8]
16:50:19.310 5 hpdskflt.sys[8d411f92] -> nt!IofCallDriver -> [0x877e9b18]
16:50:19.527 7 ACPI.sys[8c5bc3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x87759028]
16:50:20.749 AVAST engine scan C:\windows
16:50:20.823 AVAST engine scan C:\windows\system32
16:50:21.041 AVAST engine scan C:\windows\system32\drivers
16:50:21.258 AVAST engine scan C:\Users\Gm Kuselj
16:50:21.475 AVAST engine scan C:\ProgramData
16:50:21.698 Scan finished successfully
18:33:01.373 Disk 0 MBR has been saved successfully to "C:\Users\Gm Kuselj\Desktop\MBR.dat"
18:33:01.380 The log file has been saved successfully to "C:\Users\Gm Kuselj\Desktop\aswMBR.txt"


ESET log:

E:\Batman\Binaries\Win32\buddha.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
E:\MUZIKA\Amy Winehouse - Back To Black\106-amy_winehouse-love_is_a_losing_game-ukp.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
E:\MUZIKA\The Verve - Forth2008\06 - The Verve - I See Houses.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:12 AM

Posted 25 September 2012 - 01:07 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

#9 jaykbe

jaykbe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 26 September 2012 - 12:59 AM

After running all scans the svchost is gone.
Thank you..

Posting scan logs

MBAM:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.25.13

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Gm Kuselj :: GMKUSELJ-HP [administrator]

25.9.2012 22:23:32
mbam-log-2012-09-25 (22-23-32).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 496299
Time elapsed: 1 hour(s), 1 minute(s), 47 second(s)

Memory Processes Detected: 1
C:\Program Files\Java\Java.exe (Backdoor.Bifrose) -> 4952 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Java Update (Backdoor.Bifrose) -> Data: C:\Program Files\Java\Java.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\Java\Java.exe (Backdoor.Bifrose) -> Delete on reboot.

(end)




MiniToolBox:


MiniToolBox by Farbar Version: 23-07-2012
Ran by Gm Kuselj (administrator) on 25-09-2012 at 23:28:47
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



127.0.0.1 www.iobit.com
127.0.0.1 gosredirector.ea.com
127.0.0.1 blazeserver.blazeemu.org
127.0.0.1 gosgvaprod-qos01.ea.com
127.0.0.1 gosiadprod-qos01.ea.com
127.0.0.1 gossjcprod-qos01.ea.com
127.0.0.1 demangler.ea.com
127.0.0.1 vmp.tools.gos.ea.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com

There are 15274 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6200 AGN = Wireless Network Connection (Connected)
Intel® 82577LM Gigabit Network Connection = Local Area Connection (Media disconnected)
HP un2420 Mobile Broadband Module Network Device = Mobile Broadband Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.0.1 publish=Yes
set subinterface interface=?3 subinterface=ethernet_9 mtu=1477
set subinterface interface=?3 subinterface=ethernet_14 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : GmKuselj-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Mobile Broadband adapter Mobile Broadband Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP un2420 Mobile Broadband Module Network Device
Physical Address. . . . . . . . . : 00-A0-C6-00-00-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-23-14-80-A9-1D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
Physical Address. . . . . . . . . : 00-23-14-80-A9-1C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::615e:3830:acb7:825a%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 25. september 2012 15:34:30
Lease Expires . . . . . . . . . . : 26. september 2012 22:00:12
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 318776084
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-90-3D-8C-70-5A-B6-AD-1F-52
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
Physical Address. . . . . . . . . : 70-5A-B6-AD-1F-52
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:c44:292:d15b:fef9(Preferred)
Link-local IPv6 Address . . . . . : fe80::c44:292:d15b:fef9%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A0C4E862-BAB1-4376-9CC3-C2D738F12F2A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8FFB3C83-F1C2-4DC4-A6D9-3DEBB5B561FE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dsldevice.lan
Address: 192.168.1.254

Name: google.com
Addresses: 2a00:1450:4001:c01::8a
209.85.148.113
209.85.148.138
209.85.148.139
209.85.148.100
209.85.148.101
209.85.148.102


Pinging google.com [173.194.70.102] with 32 bytes of data:
Reply from 173.194.70.102: bytes=32 time=45ms TTL=52
Reply from 173.194.70.102: bytes=32 time=47ms TTL=52

Ping statistics for 173.194.70.102:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 45ms, Maximum = 47ms, Average = 46ms
Server: dsldevice.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=302ms TTL=42
Reply from 98.138.253.109: bytes=32 time=519ms TTL=40

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 302ms, Maximum = 519ms, Average = 410ms
Server: dsldevice.lan
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
18...00 a0 c6 00 00 00 ......HP un2420 Mobile Broadband Module Network Device
13...00 23 14 80 a9 1d ......Microsoft Virtual WiFi Miniport Adapter
12...00 23 14 80 a9 1c ......Intel® Centrino® Advanced-N 6200 AGN
10...70 5a b6 ad 1f 52 ......Intel® 82577LM Gigabit Network Connection
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
40...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.66 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.66 281
192.168.1.66 255.255.255.255 On-link 192.168.1.66 281
192.168.1.255 255.255.255.255 On-link 192.168.1.66 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.66 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.66 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:5ef5:79fd:c44:292:d15b:fef9/128
On-link
12 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::c44:292:d15b:fef9/128
On-link
12 281 fe80::615e:3830:acb7:825a/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/25/2012 10:21:20 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program procexp.exe because of this error.

Program: procexp.exe
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000020C
Disk type: 0

Error: (09/25/2012 10:21:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: procexp.exe, version: 0.0.0.0, time stamp: 0x4ff5cfa5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000006
Fault offset: 0x0001f7e4
Faulting process id: 0x1198
Faulting application start time: 0xprocexp.exe0
Faulting application path: procexp.exe1
Faulting module path: procexp.exe2
Report Id: procexp.exe3

Error: (09/25/2012 10:00:15 PM) (Source: ESENT) (User: )
Description: Windows (3604) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index indexDocID of table SystemIndex_Gthr is corrupted (0).

Error: (09/25/2012 10:00:01 PM) (Source: ESENT) (User: )
Description: Windows (3604) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index indexDocID of table SystemIndex_Gthr is corrupted (0).

Error: (09/25/2012 08:35:24 PM) (Source: ESENT) (User: )
Description: Windows (3604) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index indexDocID of table SystemIndex_Gthr is corrupted (0).

Error: (09/25/2012 08:35:08 PM) (Source: ESENT) (User: )
Description: Windows (3604) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index indexDocID of table SystemIndex_Gthr is corrupted (0).

Error: (09/25/2012 07:45:41 PM) (Source: ESENT) (User: )
Description: Windows (3604) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index indexDocID of table SystemIndex_Gthr is corrupted (0).

Error: (09/25/2012 04:36:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: SnippingTool.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc7b3
Faulting module name: MSONSEXT.DLL, version: 10.145.7329.0, time stamp: 0x4019138d
Exception code: 0xc0000005
Fault offset: 0x0004eee4
Faulting process id: 0x678
Faulting application start time: 0xSnippingTool.exe0
Faulting application path: SnippingTool.exe1
Faulting module path: SnippingTool.exe2
Report Id: SnippingTool.exe3

Error: (09/25/2012 03:41:08 PM) (Source: ESENT) (User: )
Description: Windows (3604) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index indexDocID of table SystemIndex_Gthr is corrupted (0).

Error: (09/25/2012 03:35:48 PM) (Source: ESENT) (User: )
Description: Windows (3604) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index indexDocID of table SystemIndex_Gthr is corrupted (0).


System errors:
=============
Error: (09/25/2012 07:45:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (09/25/2012 06:50:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.

Error: (09/25/2012 03:34:25 PM) (Source: Service Control Manager) (User: )
Description: The rixdpcie service failed to start due to the following error:
%%1058

Error: (09/25/2012 03:34:25 PM) (Source: Service Control Manager) (User: )
Description: The risdpcie service failed to start due to the following error:
%%1058

Error: (09/25/2012 03:34:25 PM) (Source: Service Control Manager) (User: )
Description: The rimspci service failed to start due to the following error:
%%1058

Error: (09/25/2012 03:33:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2744842).

Error: (09/25/2012 03:29:47 PM) (Source: Service Control Manager) (User: )
Description: The rixdpcie service failed to start due to the following error:
%%1058

Error: (09/25/2012 03:29:47 PM) (Source: Service Control Manager) (User: )
Description: The risdpcie service failed to start due to the following error:
%%1058

Error: (09/25/2012 03:29:47 PM) (Source: Service Control Manager) (User: )
Description: The rimspci service failed to start due to the following error:
%%1058

Error: (09/25/2012 03:28:41 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
AC3Filter 1.63b (Version: 1.63b)
ActivClient x86 (Version: 6.2)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
µTorrent (Version: 3.1.3)
Bing Bar (Version: 6.3.2322.0)
Black Mesa Source (Version: Black Mesa Source)
Black Mesa Source version SKIDROW (Version: SKIDROW)
CCleaner (Version: 3.18)
Cisco Connect (Version: 1.4.12100.0)
COMODO Internet Security (Version: 4.1.19277.920)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Cortona3D Viewer (Version: 6.0.180)
CPUID CPU-Z 1.58
Crystal Player Professional 1.98 (Version: Professional 1.98)
DeepBurner v1.9.0.228
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DigiFot 4.2
doPDF 7.2 printer
Dropbox (Version: 1.4.11)
Dual-Core Optimizer (Version: 1.1.4.0169)
EASEUS Partition Master 6.5.1 Home Edition
ffdshow v1.1.3562 [2010-09-07] (Version: 1.1.3562.0)
Google Update Helper (Version: 1.3.21.123)
Google Zemlja (Version: 6.1.0.5001)
GooPs (Version: 1.0.0)
Haali Media Splitter
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HiJackThis (Version: 1.0.0)
HP 3D DriveGuard (Version: 4.1.10.1)
HP Common Access Service Library (Version: 3.0.37.1)
HP Connection Manager (Version: 3.1.1)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP ESU for Microsoft Windows 7 (Version: 1.1.1.1)
HP Power Data (Version: 1.0.35.187)
HP Product Detection (Version: 10.7.9.0)
HP Quick Launch Buttons (Version: 6.50.17.1)
HP QuickLook (Version: 3.1.0.4)
HP Setup (Version: 1.2.3557.3169)
HP SoftPaq Download Manager (Version: 3.0.5.0)
HP Software Setup (Version: 7.0.1.5)
HP Support Assistant (Version: 6.1.12.1)
HP User Guides 0159 (Version: 1.01.0000)
HP Wallpaper (Version: 1.0.1.3)
HP Web Camera (Version: 1.0.0)
HP Webcam (Version: 1.0.26.3)
HP Webcam Driver (Version: 5.8.50009.6)
HP Wireless Assistant (Version: 4.0.10.0)
IDT Audio (Version: 1.0.6300.0)
ImagePrinter 2.1 (Version: 2.1)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Network Connections Drivers (Version: 15.2)
Intel® Turbo Boost Technology Driver (Version: 01.00.01.1002)
Intel® Matrix Storage Manager
IPCMonitor_en version 1.0.1.4 (Version: 1.0.1.4)
IrfanView (remove only) (Version: 4.32)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
LSI HDA Modem (Version: 2.2.96)
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Thunderbird 15.0.1 (x86 en-US) (Version: 15.0.1)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
NVIDIA 3D Vision Controller Driver 296.88 (Version: 296.88)
NVIDIA Control Panel 296.88 (Version: 296.88)
NVIDIA Graphics Driver 296.88 (Version: 296.88)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.3 (Version: 3.3.9567)
Opera 12.01 (Version: 12.01.1532)
OziExplorer 3.95
Paint.NET v3.5.10 (Version: 3.60.0)
Picasa 3 (Version: 3.8)
PowerISO (Version: 4.7)
PunkBuster Services (Version: 0.993)
PVSonyDll (Version: 1.00.0001)
QLBCASL (Version: 6.40.17.2)
QT Lite 4.0.0 (Version: 4.0.0)
Qualcomm Gobi 2000 Package for HP (Version: 1.1.240)
Real Alternative 2.0.2 Lite (Version: 2.0.2)
Remote Graphics Receiver (Version: 5.3.2)
Remote Graphics Sender (Version: 5.3.2)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
RICOH Media Driver (Version: 2.13.00.05)
Samsung Kies (Version: 2.0.0.11014_49)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.5.0)
SciTE Text Editor (Version: 2.12.0)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (Version: 6.5)
Skype Click to Call (Version: 5.6.8442)
Skype™ 5.10 (Version: 5.10.116)
SolidWorks eDrawings 2011 (Version: 11.4.113)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
System Requirements Lab
System Requirements Lab for Intel (Version: 4.4.24.0)
Tinker (Version: 1.0.0001.131)
Unity Web Player (Version: )
Unlocker 1.9.1 (Version: 1.9.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 1.1.7 (Version: 1.1.7)
Winamp (Version: 5.623 )
Windows 7 Default Setting (Version: 1.0.1.5)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 3057.24 MB
Available physical RAM: 935.46 MB
Total Pagefile: 6112.77 MB
Available Pagefile: 3566.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.49 MB

========================= Partitions: =====================================

1 Drive c: (System) (Fixed) (Total:183.14 GB) (Free:22.24 GB) NTFS
3 Drive e: (Arhiv Windows) (Fixed) (Total:97.66 GB) (Free:42.71 GB) NTFS
4 Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.88 GB) FAT32
6 Drive h: (CANON_DC) (Removable) (Total:30.22 GB) (Free:30.22 GB) FAT32
7 Drive y: (Offline) (Network) (Total:183.14 GB) (Free:22.24 GB) CSC-CACHE

========================= Users: ========================================

User accounts for \\GMKUSELJ-HP

Administrator Gm Kuselj Guest

========================= Restore Points ==================================


**** End of log ****



FSS:



Farbar Service Scanner Version: 19-09-2012
Ran by Gm Kuselj (administrator) on 25-09-2012 at 23:36:16
Running from "C:\Users\Gm Kuselj\Desktop\Security"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2012-09-12 19:19] - [2012-08-22 19:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit


**** End of log ****





ADWCleaner:




# AdwCleaner v2.003 - Logfile created 09/25/2012 at 23:38:19
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Gm Kuselj - GMKUSELJ-HP
# Boot Mode : Normal
# Running from : C:\Users\Gm Kuselj\AppData\Local\Opera\Opera\temporary_downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\GMKUSE~1\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Users\GMKUSE~1\AppData\Local\Temp\avg@toolbar

***** [Registry] *****

Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-1245897691-28978304-1637752541-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-1245897691-28978304-1637752541-501\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Opera v12.1.1532.0

File : C:\Users\Gm Kuselj\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2707 octets] - [25/09/2012 23:38:19]

########## EOF - C:\AdwCleaner[R1].txt - [2767 octets] ##########




Junk Removal Tool:



Junkware Removal Tool (JRT) by Thisisu
Version: 1.0.7 (09.24.2012)
OS: Windows 7 Professional x86
Ran by Gm Kuselj on sre 26.09.2012 at 7:47:42,10
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}



*** Files: 0 Detections



*** Folders: 0 Detections






*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on sre 26.09.2012 at 7:47:42,27
End of Report

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:12 AM

Posted 26 September 2012 - 06:48 AM

Please run malwarebytes scan once again and make sure its clean

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users