Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

winrscmde svchost.exe Trojan Agent


  • Please log in to reply
20 replies to this topic

#1 Virgorival

Virgorival

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 18 November 2012 - 02:56 AM

I have been seeing alot of people having problem with this virus

and I've had this bugger for a while now
and it still won't go away

this will be the forth time I think I tryed dealing with this sucker
Is there really a sure fire way of getting rid of it and Not to catch it again?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:19 AM

Posted 18 November 2012 - 05:38 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Virgorival

Virgorival
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 18 November 2012 - 05:56 AM

04:55:00.0451 3360 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
04:55:00.0906 3360 ============================================================
04:55:00.0906 3360 Current date / time: 2012/11/18 04:55:00.0906
04:55:00.0906 3360 SystemInfo:
04:55:00.0906 3360
04:55:00.0907 3360 OS Version: 6.1.7601 ServicePack: 1.0
04:55:00.0907 3360 Product type: Workstation
04:55:00.0907 3360 ComputerName: PATCHOULI
04:55:00.0907 3360 UserName: Rival
04:55:00.0907 3360 Windows directory: C:\Windows
04:55:00.0907 3360 System windows directory: C:\Windows
04:55:00.0907 3360 Running under WOW64
04:55:00.0907 3360 Processor architecture: Intel x64
04:55:00.0907 3360 Number of processors: 6
04:55:00.0907 3360 Page size: 0x1000
04:55:00.0907 3360 Boot type: Normal boot
04:55:00.0907 3360 ============================================================
04:55:01.0095 3360 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:55:01.0108 3360 ============================================================
04:55:01.0108 3360 \Device\Harddisk0\DR0:
04:55:01.0108 3360 MBR partitions:
04:55:01.0108 3360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1394800, BlocksNum 0x73371800
04:55:01.0108 3360 ============================================================
04:55:01.0128 3360 C: <-> \Device\Harddisk0\DR0\Partition1
04:55:01.0128 3360 ============================================================
04:55:01.0129 3360 Initialize success
04:55:01.0129 3360 ============================================================
04:55:04.0782 1576 ============================================================
04:55:04.0782 1576 Scan started
04:55:04.0782 1576 Mode: Manual;
04:55:04.0782 1576 ============================================================
04:55:06.0528 1576 ================ Scan system memory ========================
04:55:06.0528 1576 System memory - ok
04:55:06.0529 1576 ================ Scan services =============================
04:55:06.0826 1576 [ F146E2BA475893DD77B2370DC1211FC6 ] 10262775 C:\Windows\system32\drivers\64789901.sys
04:55:06.0872 1576 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
04:55:06.0873 1576 1394ohci - ok
04:55:06.0907 1576 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
04:55:06.0909 1576 ACPI - ok
04:55:06.0946 1576 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
04:55:06.0947 1576 AcpiPmi - ok
04:55:07.0030 1576 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:55:07.0030 1576 AdobeARMservice - ok
04:55:07.0137 1576 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:55:07.0138 1576 AdobeFlashPlayerUpdateSvc - ok
04:55:07.0191 1576 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
04:55:07.0193 1576 adp94xx - ok
04:55:07.0224 1576 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
04:55:07.0226 1576 adpahci - ok
04:55:07.0242 1576 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
04:55:07.0243 1576 adpu320 - ok
04:55:07.0296 1576 [ 0D1875B197567FA5FC78E4913977B600 ] AE1000 C:\Windows\system32\DRIVERS\ae1000w7.sys
04:55:07.0303 1576 AE1000 - ok
04:55:07.0326 1576 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
04:55:07.0326 1576 AeLookupSvc - ok
04:55:07.0403 1576 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
04:55:07.0405 1576 AFD - ok
04:55:07.0419 1576 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
04:55:07.0420 1576 agp440 - ok
04:55:07.0459 1576 [ 4B4C16B50FDCD6B5CD21721EDA2ED54C ] ahcix64s C:\Windows\system32\DRIVERS\ahcix64s.sys
04:55:07.0460 1576 ahcix64s - ok
04:55:07.0479 1576 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
04:55:07.0479 1576 ALG - ok
04:55:07.0498 1576 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
04:55:07.0498 1576 aliide - ok
04:55:07.0545 1576 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
04:55:07.0546 1576 AMD External Events Utility - ok
04:55:07.0617 1576 AMD FUEL Service - ok
04:55:07.0632 1576 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
04:55:07.0632 1576 amdide - ok
04:55:07.0674 1576 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
04:55:07.0674 1576 amdiox64 - ok
04:55:07.0728 1576 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
04:55:07.0728 1576 AmdK8 - ok
04:55:07.0895 1576 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
04:55:07.0942 1576 amdkmdag - ok
04:55:07.0967 1576 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
04:55:07.0970 1576 amdkmdap - ok
04:55:07.0998 1576 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
04:55:07.0998 1576 AmdPPM - ok
04:55:08.0035 1576 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
04:55:08.0035 1576 amdsata - ok
04:55:08.0056 1576 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
04:55:08.0057 1576 amdsbs - ok
04:55:08.0065 1576 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
04:55:08.0066 1576 amdxata - ok
04:55:08.0109 1576 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
04:55:08.0109 1576 AODDriver4.2 - ok
04:55:08.0153 1576 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
04:55:08.0154 1576 AppID - ok
04:55:08.0219 1576 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
04:55:08.0219 1576 AppIDSvc - ok
04:55:08.0265 1576 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
04:55:08.0265 1576 Appinfo - ok
04:55:08.0289 1576 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
04:55:08.0290 1576 arc - ok
04:55:08.0329 1576 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
04:55:08.0330 1576 arcsas - ok
04:55:08.0364 1576 [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys
04:55:08.0364 1576 ASInsHelp - ok
04:55:08.0375 1576 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
04:55:08.0375 1576 AsIO - ok
04:55:08.0381 1576 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
04:55:08.0381 1576 AsUpIO - ok
04:55:08.0395 1576 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
04:55:08.0395 1576 AsyncMac - ok
04:55:08.0407 1576 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
04:55:08.0408 1576 atapi - ok
04:55:08.0454 1576 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
04:55:08.0454 1576 AtiHDAudioService - ok
04:55:08.0469 1576 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
04:55:08.0470 1576 AtiHdmiService - ok
04:55:08.0612 1576 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
04:55:08.0658 1576 atikmdag - ok
04:55:08.0672 1576 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
04:55:08.0672 1576 AtiPcie - ok
04:55:08.0707 1576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:55:08.0710 1576 AudioEndpointBuilder - ok
04:55:08.0721 1576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
04:55:08.0725 1576 AudioSrv - ok
04:55:08.0755 1576 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
04:55:08.0755 1576 AxInstSV - ok
04:55:08.0779 1576 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
04:55:08.0782 1576 b06bdrv - ok
04:55:08.0795 1576 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
04:55:08.0796 1576 b57nd60a - ok
04:55:08.0822 1576 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
04:55:08.0823 1576 BDESVC - ok
04:55:08.0829 1576 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
04:55:08.0829 1576 Beep - ok
04:55:08.0888 1576 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
04:55:08.0892 1576 BFE - ok
04:55:08.0948 1576 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
04:55:08.0953 1576 BITS - ok
04:55:08.0969 1576 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
04:55:08.0970 1576 blbdrive - ok
04:55:08.0995 1576 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
04:55:08.0995 1576 bowser - ok
04:55:09.0010 1576 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:55:09.0010 1576 BrFiltLo - ok
04:55:09.0019 1576 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:55:09.0020 1576 BrFiltUp - ok
04:55:09.0032 1576 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
04:55:09.0033 1576 BridgeMP - ok
04:55:09.0083 1576 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
04:55:09.0084 1576 Browser - ok
04:55:09.0093 1576 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
04:55:09.0095 1576 Brserid - ok
04:55:09.0128 1576 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
04:55:09.0128 1576 BrSerWdm - ok
04:55:09.0144 1576 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
04:55:09.0145 1576 BrUsbMdm - ok
04:55:09.0155 1576 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
04:55:09.0155 1576 BrUsbSer - ok
04:55:09.0185 1576 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
04:55:09.0185 1576 BTHMODEM - ok
04:55:09.0211 1576 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
04:55:09.0212 1576 bthserv - ok
04:55:09.0231 1576 catchme - ok
04:55:09.0262 1576 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
04:55:09.0263 1576 cdfs - ok
04:55:09.0310 1576 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
04:55:09.0311 1576 cdrom - ok
04:55:09.0342 1576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
04:55:09.0343 1576 CertPropSvc - ok
04:55:09.0355 1576 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
04:55:09.0355 1576 circlass - ok
04:55:09.0372 1576 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
04:55:09.0374 1576 CLFS - ok
04:55:09.0404 1576 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:55:09.0404 1576 clr_optimization_v2.0.50727_32 - ok
04:55:09.0477 1576 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:55:09.0478 1576 clr_optimization_v2.0.50727_64 - ok
04:55:09.0536 1576 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:55:09.0537 1576 clr_optimization_v4.0.30319_32 - ok
04:55:09.0554 1576 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:55:09.0555 1576 clr_optimization_v4.0.30319_64 - ok
04:55:09.0561 1576 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
04:55:09.0561 1576 CmBatt - ok
04:55:09.0573 1576 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
04:55:09.0573 1576 cmdide - ok
04:55:09.0611 1576 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
04:55:09.0613 1576 CNG - ok
04:55:09.0629 1576 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
04:55:09.0630 1576 Compbatt - ok
04:55:09.0659 1576 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
04:55:09.0659 1576 CompositeBus - ok
04:55:09.0664 1576 COMSysApp - ok
04:55:09.0740 1576 cpuz135 - ok
04:55:09.0760 1576 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
04:55:09.0761 1576 crcdisk - ok
04:55:09.0808 1576 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
04:55:09.0809 1576 CryptSvc - ok
04:55:09.0859 1576 [ 958EF96991ABCCFDAC0953C4A24081DC ] DAZContentManagementService C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
04:55:09.0859 1576 DAZContentManagementService - ok
04:55:09.0908 1576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
04:55:09.0911 1576 DcomLaunch - ok
04:55:09.0931 1576 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
04:55:09.0932 1576 defragsvc - ok
04:55:09.0956 1576 [ 0A403702CB00432AC818523CD416BF67 ] Device Handle Service C:\Windows\SysWOW64\AsHookDevice.exe
04:55:09.0957 1576 Device Handle Service - ok
04:55:09.0990 1576 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
04:55:09.0990 1576 DfsC - ok
04:55:10.0026 1576 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
04:55:10.0028 1576 Dhcp - ok
04:55:10.0043 1576 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
04:55:10.0044 1576 discache - ok
04:55:10.0071 1576 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
04:55:10.0072 1576 Disk - ok
04:55:10.0092 1576 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
04:55:10.0093 1576 Dnscache - ok
04:55:10.0129 1576 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
04:55:10.0130 1576 dot3svc - ok
04:55:10.0161 1576 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
04:55:10.0162 1576 DPS - ok
04:55:10.0196 1576 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
04:55:10.0197 1576 drmkaud - ok
04:55:10.0218 1576 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
04:55:10.0222 1576 DXGKrnl - ok
04:55:10.0241 1576 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
04:55:10.0242 1576 EapHost - ok
04:55:10.0295 1576 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
04:55:10.0310 1576 ebdrv - ok
04:55:10.0353 1576 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
04:55:10.0354 1576 EFS - ok
04:55:10.0394 1576 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
04:55:10.0397 1576 ehRecvr - ok
04:55:10.0421 1576 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
04:55:10.0421 1576 ehSched - ok
04:55:10.0442 1576 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
04:55:10.0444 1576 elxstor - ok
04:55:10.0479 1576 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
04:55:10.0479 1576 ErrDev - ok
04:55:10.0530 1576 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
04:55:10.0532 1576 EventSystem - ok
04:55:10.0551 1576 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
04:55:10.0552 1576 exfat - ok
04:55:10.0567 1576 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
04:55:10.0569 1576 fastfat - ok
04:55:10.0617 1576 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
04:55:10.0620 1576 Fax - ok
04:55:10.0652 1576 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
04:55:10.0652 1576 fdc - ok
04:55:10.0685 1576 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
04:55:10.0685 1576 fdPHost - ok
04:55:10.0700 1576 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
04:55:10.0701 1576 FDResPub - ok
04:55:10.0711 1576 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
04:55:10.0711 1576 FileInfo - ok
04:55:10.0717 1576 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
04:55:10.0717 1576 Filetrace - ok
04:55:10.0723 1576 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
04:55:10.0723 1576 flpydisk - ok
04:55:10.0735 1576 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
04:55:10.0737 1576 FltMgr - ok
04:55:10.0789 1576 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
04:55:10.0794 1576 FontCache - ok
04:55:10.0844 1576 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:55:10.0844 1576 FontCache3.0.0.0 - ok
04:55:10.0850 1576 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
04:55:10.0851 1576 FsDepends - ok
04:55:10.0885 1576 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
04:55:10.0885 1576 fssfltr - ok
04:55:10.0966 1576 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
04:55:10.0973 1576 fsssvc - ok
04:55:10.0999 1576 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
04:55:11.0000 1576 Fs_Rec - ok
04:55:11.0076 1576 [ C5A4A998EEA6297A235169CCD1F2D93F ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
04:55:11.0077 1576 Futuremark SystemInfo Service - ok
04:55:11.0091 1576 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
04:55:11.0092 1576 fvevol - ok
04:55:11.0134 1576 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
04:55:11.0134 1576 gagp30kx - ok
04:55:11.0174 1576 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
04:55:11.0178 1576 gpsvc - ok
04:55:11.0231 1576 GPU-Z - ok
04:55:11.0316 1576 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:55:11.0317 1576 gupdate - ok
04:55:11.0338 1576 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:55:11.0338 1576 gupdatem - ok
04:55:11.0382 1576 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:55:11.0383 1576 gusvc - ok
04:55:11.0389 1576 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
04:55:11.0390 1576 hcw85cir - ok
04:55:11.0434 1576 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:55:11.0435 1576 HdAudAddService - ok
04:55:11.0449 1576 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
04:55:11.0449 1576 HDAudBus - ok
04:55:11.0468 1576 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
04:55:11.0468 1576 HidBatt - ok
04:55:11.0480 1576 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
04:55:11.0480 1576 HidBth - ok
04:55:11.0499 1576 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
04:55:11.0499 1576 HidIr - ok
04:55:11.0520 1576 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
04:55:11.0521 1576 hidserv - ok
04:55:11.0557 1576 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
04:55:11.0557 1576 HidUsb - ok
04:55:11.0612 1576 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
04:55:11.0613 1576 hkmsvc - ok
04:55:11.0650 1576 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:55:11.0652 1576 HomeGroupListener - ok
04:55:11.0668 1576 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:55:11.0670 1576 HomeGroupProvider - ok
04:55:11.0690 1576 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
04:55:11.0690 1576 HpSAMD - ok
04:55:11.0779 1576 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
04:55:11.0782 1576 HTTP - ok
04:55:11.0805 1576 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
04:55:11.0805 1576 hwpolicy - ok
04:55:11.0862 1576 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
04:55:11.0863 1576 i8042prt - ok
04:55:11.0984 1576 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
04:55:11.0986 1576 iaStorV - ok
04:55:12.0025 1576 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:55:12.0029 1576 idsvc - ok
04:55:12.0131 1576 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
04:55:12.0157 1576 igfx - ok
04:55:12.0177 1576 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
04:55:12.0177 1576 iirsp - ok
04:55:12.0201 1576 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
04:55:12.0205 1576 IKEEXT - ok
04:55:12.0223 1576 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
04:55:12.0223 1576 intelide - ok
04:55:12.0251 1576 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
04:55:12.0251 1576 intelppm - ok
04:55:12.0270 1576 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
04:55:12.0271 1576 IPBusEnum - ok
04:55:12.0285 1576 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:55:12.0285 1576 IpFilterDriver - ok
04:55:12.0348 1576 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
04:55:12.0351 1576 iphlpsvc - ok
04:55:12.0366 1576 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
04:55:12.0367 1576 IPMIDRV - ok
04:55:12.0379 1576 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
04:55:12.0380 1576 IPNAT - ok
04:55:12.0405 1576 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
04:55:12.0405 1576 IRENUM - ok
04:55:12.0419 1576 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
04:55:12.0419 1576 isapnp - ok
04:55:12.0455 1576 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
04:55:12.0456 1576 iScsiPrt - ok
04:55:12.0472 1576 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
04:55:12.0473 1576 kbdclass - ok
04:55:12.0484 1576 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
04:55:12.0484 1576 kbdhid - ok
04:55:12.0492 1576 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
04:55:12.0493 1576 KeyIso - ok
04:55:12.0533 1576 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
04:55:12.0534 1576 KSecDD - ok
04:55:12.0549 1576 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
04:55:12.0549 1576 KSecPkg - ok
04:55:12.0560 1576 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
04:55:12.0561 1576 ksthunk - ok
04:55:12.0595 1576 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
04:55:12.0597 1576 KtmRm - ok
04:55:12.0612 1576 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
04:55:12.0614 1576 LanmanServer - ok
04:55:12.0648 1576 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:55:12.0650 1576 LanmanWorkstation - ok
04:55:12.0674 1576 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
04:55:12.0675 1576 lltdio - ok
04:55:12.0701 1576 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
04:55:12.0703 1576 lltdsvc - ok
04:55:12.0720 1576 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
04:55:12.0721 1576 lmhosts - ok
04:55:12.0756 1576 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
04:55:12.0756 1576 LSI_FC - ok
04:55:12.0772 1576 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
04:55:12.0773 1576 LSI_SAS - ok
04:55:12.0786 1576 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:55:12.0787 1576 LSI_SAS2 - ok
04:55:12.0800 1576 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:55:12.0800 1576 LSI_SCSI - ok
04:55:12.0837 1576 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
04:55:12.0838 1576 luafv - ok
04:55:12.0911 1576 [ B3B7C5F26F3F8C7992350B7EDE64F5C9 ] MagicTune C:\Windows\system32\drivers\MTiCtwl.sys
04:55:12.0912 1576 MagicTune - ok
04:55:12.0935 1576 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
04:55:12.0935 1576 MBAMProtector - ok
04:55:13.0012 1576 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
04:55:13.0014 1576 MBAMScheduler - ok
04:55:13.0042 1576 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
04:55:13.0045 1576 MBAMService - ok
04:55:13.0076 1576 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
04:55:13.0077 1576 Mcx2Svc - ok
04:55:13.0089 1576 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
04:55:13.0089 1576 megasas - ok
04:55:13.0106 1576 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
04:55:13.0107 1576 MegaSR - ok
04:55:13.0124 1576 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
04:55:13.0125 1576 MMCSS - ok
04:55:13.0137 1576 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
04:55:13.0137 1576 Modem - ok
04:55:13.0155 1576 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
04:55:13.0156 1576 monitor - ok
04:55:13.0165 1576 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
04:55:13.0165 1576 mouclass - ok
04:55:13.0190 1576 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
04:55:13.0190 1576 mouhid - ok
04:55:13.0226 1576 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
04:55:13.0227 1576 mountmgr - ok
04:55:13.0320 1576 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
04:55:13.0321 1576 MozillaMaintenance - ok
04:55:13.0358 1576 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
04:55:13.0359 1576 mpio - ok
04:55:13.0387 1576 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
04:55:13.0388 1576 mpsdrv - ok
04:55:13.0454 1576 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
04:55:13.0458 1576 MpsSvc - ok
04:55:13.0486 1576 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
04:55:13.0487 1576 MRxDAV - ok
04:55:13.0504 1576 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
04:55:13.0505 1576 mrxsmb - ok
04:55:13.0519 1576 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:55:13.0521 1576 mrxsmb10 - ok
04:55:13.0543 1576 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:55:13.0544 1576 mrxsmb20 - ok
04:55:13.0571 1576 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
04:55:13.0572 1576 msahci - ok
04:55:13.0604 1576 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
04:55:13.0605 1576 msdsm - ok
04:55:13.0622 1576 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
04:55:13.0624 1576 MSDTC - ok
04:55:13.0645 1576 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
04:55:13.0645 1576 Msfs - ok
04:55:13.0674 1576 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
04:55:13.0675 1576 mshidkmdf - ok
04:55:13.0685 1576 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
04:55:13.0685 1576 msisadrv - ok
04:55:13.0707 1576 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
04:55:13.0708 1576 MSiSCSI - ok
04:55:13.0713 1576 msiserver - ok
04:55:13.0751 1576 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
04:55:13.0751 1576 MSKSSRV - ok
04:55:13.0765 1576 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
04:55:13.0766 1576 MSPCLOCK - ok
04:55:13.0777 1576 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
04:55:13.0777 1576 MSPQM - ok
04:55:13.0817 1576 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
04:55:13.0818 1576 MsRPC - ok
04:55:13.0831 1576 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
04:55:13.0832 1576 mssmbios - ok
04:55:13.0845 1576 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
04:55:13.0845 1576 MSTEE - ok
04:55:13.0857 1576 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
04:55:13.0857 1576 MTConfig - ok
04:55:13.0895 1576 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
04:55:13.0895 1576 MTsensor - ok
04:55:13.0909 1576 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
04:55:13.0910 1576 Mup - ok
04:55:13.0979 1576 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
04:55:13.0982 1576 napagent - ok
04:55:14.0014 1576 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
04:55:14.0016 1576 NativeWifiP - ok
04:55:14.0083 1576 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
04:55:14.0087 1576 NDIS - ok
04:55:14.0096 1576 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
04:55:14.0096 1576 NdisCap - ok
04:55:14.0106 1576 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
04:55:14.0106 1576 NdisTapi - ok
04:55:14.0145 1576 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
04:55:14.0146 1576 Ndisuio - ok
04:55:14.0178 1576 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
04:55:14.0179 1576 NdisWan - ok
04:55:14.0217 1576 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
04:55:14.0217 1576 NDProxy - ok
04:55:14.0253 1576 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
04:55:14.0254 1576 Net Driver HPZ12 - ok
04:55:14.0269 1576 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
04:55:14.0269 1576 NetBIOS - ok
04:55:14.0303 1576 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
04:55:14.0304 1576 NetBT - ok
04:55:14.0324 1576 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
04:55:14.0324 1576 Netlogon - ok
04:55:14.0359 1576 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
04:55:14.0361 1576 Netman - ok
04:55:14.0381 1576 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
04:55:14.0384 1576 netprofm - ok
04:55:14.0448 1576 [ 44D4BD55191624C82A2745296BA42814 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
04:55:14.0452 1576 netr28x - ok
04:55:14.0479 1576 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:55:14.0480 1576 NetTcpPortSharing - ok
04:55:14.0509 1576 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
04:55:14.0509 1576 nfrd960 - ok
04:55:14.0545 1576 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
04:55:14.0547 1576 NlaSvc - ok
04:55:14.0567 1576 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
04:55:14.0568 1576 Npfs - ok
04:55:14.0588 1576 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
04:55:14.0589 1576 nsi - ok
04:55:14.0595 1576 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
04:55:14.0595 1576 nsiproxy - ok
04:55:14.0651 1576 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
04:55:14.0659 1576 Ntfs - ok
04:55:14.0666 1576 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
04:55:14.0667 1576 Null - ok
04:55:14.0694 1576 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
04:55:14.0695 1576 nvraid - ok
04:55:14.0707 1576 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
04:55:14.0707 1576 nvstor - ok
04:55:14.0723 1576 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
04:55:14.0724 1576 nv_agp - ok
04:55:14.0751 1576 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
04:55:14.0751 1576 ohci1394 - ok
04:55:14.0772 1576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
04:55:14.0775 1576 p2pimsvc - ok
04:55:14.0796 1576 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
04:55:14.0798 1576 p2psvc - ok
04:55:14.0819 1576 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
04:55:14.0820 1576 Parport - ok
04:55:14.0848 1576 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
04:55:14.0848 1576 partmgr - ok
04:55:14.0859 1576 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
04:55:14.0861 1576 PcaSvc - ok
04:55:14.0874 1576 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
04:55:14.0875 1576 pci - ok
04:55:14.0883 1576 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
04:55:14.0884 1576 pciide - ok
04:55:14.0898 1576 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
04:55:14.0899 1576 pcmcia - ok
04:55:14.0915 1576 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
04:55:14.0916 1576 pcw - ok
04:55:14.0933 1576 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
04:55:14.0937 1576 PEAUTH - ok
04:55:15.0002 1576 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
04:55:15.0003 1576 PerfHost - ok
04:55:15.0076 1576 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
04:55:15.0083 1576 pla - ok
04:55:15.0109 1576 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
04:55:15.0112 1576 PlugPlay - ok
04:55:15.0146 1576 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
04:55:15.0147 1576 Pml Driver HPZ12 - ok
04:55:15.0163 1576 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
04:55:15.0165 1576 PNRPAutoReg - ok
04:55:15.0180 1576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
04:55:15.0182 1576 PNRPsvc - ok
04:55:15.0200 1576 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
04:55:15.0202 1576 PolicyAgent - ok
04:55:15.0218 1576 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
04:55:15.0220 1576 Power - ok
04:55:15.0287 1576 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
04:55:15.0288 1576 PptpMiniport - ok
04:55:15.0304 1576 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
04:55:15.0305 1576 Processor - ok
04:55:15.0339 1576 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
04:55:15.0341 1576 ProfSvc - ok
04:55:15.0356 1576 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
04:55:15.0357 1576 ProtectedStorage - ok
04:55:15.0396 1576 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
04:55:15.0397 1576 Psched - ok
04:55:15.0432 1576 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
04:55:15.0439 1576 ql2300 - ok
04:55:15.0465 1576 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
04:55:15.0465 1576 ql40xx - ok
04:55:15.0488 1576 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
04:55:15.0490 1576 QWAVE - ok
04:55:15.0506 1576 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
04:55:15.0506 1576 QWAVEdrv - ok
04:55:15.0519 1576 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
04:55:15.0520 1576 RasAcd - ok
04:55:15.0538 1576 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
04:55:15.0538 1576 RasAgileVpn - ok
04:55:15.0547 1576 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
04:55:15.0548 1576 RasAuto - ok
04:55:15.0583 1576 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
04:55:15.0584 1576 Rasl2tp - ok
04:55:15.0599 1576 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
04:55:15.0601 1576 RasMan - ok
04:55:15.0617 1576 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
04:55:15.0617 1576 RasPppoe - ok
04:55:15.0625 1576 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
04:55:15.0626 1576 RasSstp - ok
04:55:15.0659 1576 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
04:55:15.0660 1576 rdbss - ok
04:55:15.0673 1576 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
04:55:15.0673 1576 rdpbus - ok
04:55:15.0718 1576 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
04:55:15.0719 1576 RDPCDD - ok
04:55:15.0757 1576 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
04:55:15.0758 1576 RDPENCDD - ok
04:55:15.0767 1576 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
04:55:15.0767 1576 RDPREFMP - ok
04:55:15.0802 1576 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
04:55:15.0803 1576 RDPWD - ok
04:55:15.0831 1576 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
04:55:15.0832 1576 rdyboost - ok
04:55:15.0870 1576 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
04:55:15.0872 1576 RemoteAccess - ok
04:55:15.0887 1576 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
04:55:15.0889 1576 RemoteRegistry - ok
04:55:15.0899 1576 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
04:55:15.0900 1576 RpcEptMapper - ok
04:55:15.0908 1576 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
04:55:15.0909 1576 RpcLocator - ok
04:55:15.0944 1576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
04:55:15.0947 1576 RpcSs - ok
04:55:15.0953 1576 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
04:55:15.0954 1576 rspndr - ok
04:55:16.0006 1576 [ 2777226EE8BF50B059D7A7C90177E99C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
04:55:16.0008 1576 RTL8167 - ok
04:55:16.0023 1576 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
04:55:16.0024 1576 SamSs - ok
04:55:16.0053 1576 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
04:55:16.0054 1576 sbp2port - ok
04:55:16.0069 1576 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
04:55:16.0071 1576 SCardSvr - ok
04:55:16.0106 1576 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
04:55:16.0106 1576 scfilter - ok
04:55:16.0164 1576 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
04:55:16.0170 1576 Schedule - ok
04:55:16.0202 1576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
04:55:16.0203 1576 SCPolicySvc - ok
04:55:16.0220 1576 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
04:55:16.0221 1576 SDRSVC - ok
04:55:16.0248 1576 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
04:55:16.0249 1576 secdrv - ok
04:55:16.0268 1576 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
04:55:16.0270 1576 seclogon - ok
04:55:16.0292 1576 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
04:55:16.0294 1576 SENS - ok
04:55:16.0306 1576 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
04:55:16.0307 1576 SensrSvc - ok
04:55:16.0342 1576 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
04:55:16.0342 1576 Serenum - ok
04:55:16.0352 1576 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
04:55:16.0353 1576 Serial - ok
04:55:16.0388 1576 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
04:55:16.0389 1576 sermouse - ok
04:55:16.0432 1576 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
04:55:16.0434 1576 SessionEnv - ok
04:55:16.0449 1576 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
04:55:16.0450 1576 sffdisk - ok
04:55:16.0473 1576 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
04:55:16.0474 1576 sffp_mmc - ok
04:55:16.0481 1576 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
04:55:16.0481 1576 sffp_sd - ok
04:55:16.0487 1576 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
04:55:16.0487 1576 sfloppy - ok
04:55:16.0530 1576 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
04:55:16.0532 1576 SharedAccess - ok
04:55:16.0570 1576 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:55:16.0572 1576 ShellHWDetection - ok
04:55:16.0601 1576 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:55:16.0601 1576 SiSRaid2 - ok
04:55:16.0618 1576 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
04:55:16.0618 1576 SiSRaid4 - ok
04:55:16.0734 1576 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
04:55:16.0747 1576 Skype C2C Service - ok
04:55:16.0796 1576 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
04:55:16.0797 1576 SkypeUpdate - ok
04:55:16.0827 1576 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
04:55:16.0827 1576 Smb - ok
04:55:16.0866 1576 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
04:55:16.0867 1576 SNMPTRAP - ok
04:55:16.0877 1576 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
04:55:16.0877 1576 spldr - ok
04:55:16.0916 1576 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
04:55:16.0919 1576 Spooler - ok
04:55:16.0989 1576 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
04:55:17.0005 1576 sppsvc - ok
04:55:17.0075 1576 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
04:55:17.0076 1576 sppuinotify - ok
04:55:17.0096 1576 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
04:55:17.0098 1576 srv - ok
04:55:17.0116 1576 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
04:55:17.0118 1576 srv2 - ok
04:55:17.0138 1576 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
04:55:17.0139 1576 srvnet - ok
04:55:17.0175 1576 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
04:55:17.0177 1576 SSDPSRV - ok
04:55:17.0190 1576 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
04:55:17.0192 1576 SstpSvc - ok
04:55:17.0210 1576 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
04:55:17.0211 1576 stexstor - ok
04:55:17.0259 1576 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
04:55:17.0263 1576 stisvc - ok
04:55:17.0295 1576 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
04:55:17.0295 1576 swenum - ok
04:55:17.0361 1576 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04:55:17.0364 1576 SwitchBoard - ok
04:55:17.0380 1576 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
04:55:17.0383 1576 swprv - ok
04:55:17.0435 1576 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
04:55:17.0443 1576 SysMain - ok
04:55:17.0456 1576 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:55:17.0458 1576 TabletInputService - ok
04:55:17.0594 1576 [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
04:55:17.0623 1576 TabletServicePen - ok
04:55:17.0637 1576 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
04:55:17.0639 1576 TapiSrv - ok
04:55:17.0653 1576 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
04:55:17.0654 1576 TBS - ok
04:55:17.0700 1576 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
04:55:17.0709 1576 Tcpip - ok
04:55:17.0759 1576 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
04:55:17.0767 1576 TCPIP6 - ok
04:55:17.0785 1576 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
04:55:17.0786 1576 tcpipreg - ok
04:55:17.0809 1576 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
04:55:17.0809 1576 TDPIPE - ok
04:55:17.0842 1576 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
04:55:17.0842 1576 TDTCP - ok
04:55:17.0877 1576 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
04:55:17.0878 1576 tdx - ok
04:55:17.0914 1576 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
04:55:17.0914 1576 TermDD - ok
04:55:17.0938 1576 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
04:55:17.0942 1576 TermService - ok
04:55:17.0953 1576 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
04:55:17.0955 1576 Themes - ok
04:55:17.0970 1576 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
04:55:17.0971 1576 THREADORDER - ok
04:55:18.0048 1576 [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
04:55:18.0051 1576 TouchServicePen - ok
04:55:18.0064 1576 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
04:55:18.0066 1576 TrkWks - ok
04:55:18.0110 1576 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:55:18.0111 1576 TrustedInstaller - ok
04:55:18.0146 1576 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
04:55:18.0147 1576 tssecsrv - ok
04:55:18.0205 1576 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
04:55:18.0205 1576 TsUsbFlt - ok
04:55:18.0227 1576 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
04:55:18.0228 1576 tunnel - ok
04:55:18.0248 1576 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
04:55:18.0248 1576 uagp35 - ok
04:55:18.0278 1576 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
04:55:18.0279 1576 udfs - ok
04:55:18.0299 1576 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
04:55:18.0300 1576 UI0Detect - ok
04:55:18.0315 1576 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
04:55:18.0316 1576 uliagpkx - ok
04:55:18.0331 1576 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
04:55:18.0332 1576 umbus - ok
04:55:18.0368 1576 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
04:55:18.0369 1576 UmPass - ok
04:55:18.0410 1576 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
04:55:18.0412 1576 upnphost - ok
04:55:18.0423 1576 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
04:55:18.0423 1576 usbccgp - ok
04:55:18.0455 1576 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
04:55:18.0455 1576 usbcir - ok
04:55:18.0471 1576 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
04:55:18.0471 1576 usbehci - ok
04:55:18.0490 1576 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
04:55:18.0490 1576 usbfilter - ok
04:55:18.0507 1576 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
04:55:18.0508 1576 usbhub - ok
04:55:18.0529 1576 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
04:55:18.0530 1576 usbohci - ok
04:55:18.0548 1576 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
04:55:18.0548 1576 usbprint - ok
04:55:18.0568 1576 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:55:18.0569 1576 USBSTOR - ok
04:55:18.0620 1576 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
04:55:18.0620 1576 usbuhci - ok
04:55:18.0634 1576 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
04:55:18.0635 1576 UxSms - ok
04:55:18.0645 1576 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
04:55:18.0646 1576 VaultSvc - ok
04:55:18.0660 1576 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
04:55:18.0660 1576 vdrvroot - ok
04:55:18.0700 1576 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
04:55:18.0703 1576 vds - ok
04:55:18.0722 1576 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
04:55:18.0722 1576 vga - ok
04:55:18.0727 1576 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
04:55:18.0728 1576 VgaSave - ok
04:55:18.0748 1576 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
04:55:18.0749 1576 vhdmp - ok
04:55:18.0804 1576 [ D4944DBF92E07F1F641CB512065966E6 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
04:55:18.0810 1576 VIAHdAudAddService - ok
04:55:18.0834 1576 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
04:55:18.0835 1576 viaide - ok
04:55:18.0844 1576 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
04:55:18.0844 1576 volmgr - ok
04:55:18.0862 1576 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
04:55:18.0864 1576 volmgrx - ok
04:55:18.0884 1576 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
04:55:18.0885 1576 volsnap - ok
04:55:18.0915 1576 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
04:55:18.0916 1576 vsmraid - ok
04:55:18.0967 1576 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
04:55:18.0975 1576 VSS - ok
04:55:18.0985 1576 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
04:55:18.0985 1576 vwifibus - ok
04:55:19.0017 1576 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
04:55:19.0017 1576 vwififlt - ok
04:55:19.0046 1576 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
04:55:19.0049 1576 W32Time - ok
04:55:19.0097 1576 [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
04:55:19.0097 1576 wacmoumonitor - ok
04:55:19.0136 1576 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
04:55:19.0137 1576 wacommousefilter - ok
04:55:19.0147 1576 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
04:55:19.0148 1576 WacomPen - ok
04:55:19.0190 1576 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
04:55:19.0190 1576 wacomvhid - ok
04:55:19.0231 1576 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
04:55:19.0231 1576 WajamUpdater - ok
04:55:19.0273 1576 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
04:55:19.0274 1576 WANARP - ok
04:55:19.0279 1576 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
04:55:19.0280 1576 Wanarpv6 - ok
04:55:19.0347 1576 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
04:55:19.0353 1576 WatAdminSvc - ok
04:55:19.0390 1576 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
04:55:19.0397 1576 wbengine - ok
04:55:19.0420 1576 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
04:55:19.0422 1576 WbioSrvc - ok
04:55:19.0467 1576 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
04:55:19.0469 1576 wcncsvc - ok
04:55:19.0480 1576 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:55:19.0481 1576 WcsPlugInService - ok
04:55:19.0504 1576 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
04:55:19.0504 1576 Wd - ok
04:55:19.0541 1576 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
04:55:19.0544 1576 Wdf01000 - ok
04:55:19.0570 1576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
04:55:19.0572 1576 WdiServiceHost - ok
04:55:19.0578 1576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
04:55:19.0579 1576 WdiSystemHost - ok
04:55:19.0623 1576 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
04:55:19.0625 1576 WebClient - ok
04:55:19.0641 1576 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
04:55:19.0643 1576 Wecsvc - ok
04:55:19.0656 1576 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
04:55:19.0657 1576 wercplsupport - ok
04:55:19.0693 1576 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
04:55:19.0695 1576 WerSvc - ok
04:55:19.0732 1576 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
04:55:19.0732 1576 WfpLwf - ok
04:55:19.0746 1576 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
04:55:19.0746 1576 WIMMount - ok
04:55:19.0792 1576 WinDefend - ok
04:55:19.0799 1576 WinHttpAutoProxySvc - ok
04:55:19.0841 1576 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
04:55:19.0843 1576 Winmgmt - ok
04:55:19.0881 1576 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
04:55:19.0891 1576 WinRM - ok
04:55:19.0970 1576 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
04:55:19.0971 1576 WinUsb - ok
04:55:20.0010 1576 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
04:55:20.0015 1576 Wlansvc - ok
04:55:20.0068 1576 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
04:55:20.0069 1576 wlcrasvc - ok
04:55:20.0152 1576 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:55:20.0162 1576 wlidsvc - ok
04:55:20.0177 1576 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
04:55:20.0177 1576 WmiAcpi - ok
04:55:20.0195 1576 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
04:55:20.0196 1576 wmiApSrv - ok
04:55:20.0214 1576 WMPNetworkSvc - ok
04:55:20.0222 1576 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
04:55:20.0224 1576 WPCSvc - ok
04:55:20.0262 1576 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
04:55:20.0263 1576 WPDBusEnum - ok
04:55:20.0284 1576 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
04:55:20.0284 1576 ws2ifsl - ok
04:55:20.0316 1576 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
04:55:20.0318 1576 wscsvc - ok
04:55:20.0323 1576 WSearch - ok
04:55:20.0426 1576 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
04:55:20.0438 1576 wuauserv - ok
04:55:20.0471 1576 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
04:55:20.0472 1576 WudfPf - ok
04:55:20.0490 1576 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
04:55:20.0491 1576 WUDFRd - ok
04:55:20.0509 1576 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
04:55:20.0510 1576 wudfsvc - ok
04:55:20.0541 1576 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
04:55:20.0543 1576 WwanSvc - ok
04:55:20.0588 1576 ================ Scan global ===============================
04:55:20.0620 1576 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
04:55:20.0653 1576 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
04:55:20.0659 1576 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
04:55:20.0673 1576 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
04:55:20.0710 1576 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
04:55:20.0712 1576 [Global] - ok
04:55:20.0713 1576 ================ Scan MBR ==================================
04:55:20.0725 1576 [ 4976D4A7A40B83FC7F06EE4BDD84EB9B ] \Device\Harddisk0\DR0
04:55:20.0726 1576 Suspicious mbr (Forged): \Device\Harddisk0\DR0
04:55:20.0778 1576 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
04:55:20.0778 1576 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
04:55:20.0779 1576 ================ Scan VBR ==================================
04:55:20.0783 1576 [ 04879EF0D98B65F9854D49C3FE7D1003 ] \Device\Harddisk0\DR0\Partition1
04:55:20.0784 1576 \Device\Harddisk0\DR0\Partition1 - ok
04:55:20.0785 1576 ============================================================
04:55:20.0785 1576 Scan finished
04:55:20.0785 1576 ============================================================
04:55:20.0804 8212 Detected object count: 1
04:55:20.0804 8212 Actual detected object count: 1
04:55:28.0775 8212 \Device\Harddisk0\DR0\# - copied to quarantine
04:55:28.0777 8212 \Device\Harddisk0\DR0 - copied to quarantine
04:55:28.0812 8212 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
04:55:28.0813 8212 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
04:55:28.0828 8212 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
04:55:28.0835 8212 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
04:55:28.0835 8212 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
04:55:28.0836 8212 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
04:55:28.0838 8212 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
04:55:28.0839 8212 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
04:55:28.0841 8212 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
04:55:28.0841 8212 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
04:55:28.0842 8212 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
04:55:28.0843 8212 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
04:55:28.0846 8212 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
04:55:28.0847 8212 \Device\Harddisk0\DR0 - ok
04:55:28.0860 8212 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

#4 Virgorival

Virgorival
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 18 November 2012 - 06:05 AM

reboot after TDSS scan and rescan came up clean btw

#5 Virgorival

Virgorival
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 18 November 2012 - 06:15 AM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-18 05:04:02
-----------------------------
05:04:02.066 OS Version: Windows x64 6.1.7601 Service Pack 1
05:04:02.066 Number of processors: 6 586 0xA00
05:04:02.066 ComputerName: PATCHOULI UserName: Rival
05:04:05.368 Initialize success
05:07:20.467 AVAST engine defs: 12111800
05:07:40.806 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
05:07:40.806 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
05:07:40.837 Disk 0 MBR read successfully
05:07:40.853 Disk 0 MBR scan
05:07:40.853 Disk 0 unknown MBR code
05:07:40.884 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 10024 MB offset 2048
05:07:40.915 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 943843 MB offset 20531200
05:07:40.962 Disk 0 scanning C:\Windows\system32\drivers
05:08:00.122 Service scanning
05:08:20.058 Modules scanning
05:08:20.058 Disk 0 trace - called modules:
05:08:20.090 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys
05:08:20.090 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b16790]
05:08:20.105 3 CLASSPNP.SYS[fffff8800194f43f] -> nt!IofCallDriver -> [0xfffffa80079709b0]
05:08:20.105 5 ACPI.sys[fffff88000f7e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a54060]
05:08:22.492 AVAST engine scan C:\Windows
05:08:29.496 AVAST engine scan C:\Windows\system32
05:09:49.683 File: C:\Windows\system32\services.exe.old **INFECTED** Win32:Patched-AKC [Trj]
05:11:12.613 AVAST engine scan C:\Windows\system32\drivers
05:11:24.079 AVAST engine scan C:\Users\Rival
05:15:30.668 Disk 0 MBR has been saved successfully to "C:\Users\Rival\Desktop\MBR.dat"
05:15:30.683 The log file has been saved successfully to "C:\Users\Rival\Desktop\aswMBR.txt"

#6 Virgorival

Virgorival
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 18 November 2012 - 08:32 AM

C:\Qoobox\Quarantine\C\Users\Rival\AppData\Local\AIM\Adobe\xotfibv.dll.vir Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Rival\AppData\Local\Deployment\AOL\kefzorofx.dll.vir Win32/TrojanDownloader.Tracur.W.Gen trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Rival\AppData\Roaming\System\svchost.exe.vir Win32/TrojanDownloader.Small.PNV trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{b22b0583-4748-ebf7-64a1-21f70e4d6814}\U\00000001.@.vir Win64/Conedex.D trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{b22b0583-4748-ebf7-64a1-21f70e4d6814}\U\00000004.@.vir Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{b22b0583-4748-ebf7-64a1-21f70e4d6814}\U\80000064.@.vir a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.11.2012_03.00.30\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.11.2012_03.00.30\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.11.2012_03.00.30\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.PR trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.11.2012_03.00.30\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.11.2012_03.00.30\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.11.2012_03.00.30\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.08.2012_02.46.09\zasubsys0000\zafs0000\tsk0005.dta Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\15.08.2012_02.46.09\zasubsys0000\zafs0000\tsk0010.dta a variant of Win64/Sirefef.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_04.53.36\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_04.53.36\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_04.53.36\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_04.53.36\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_04.53.36\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_04.55.00\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_04.55.00\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_04.55.00\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_04.55.00\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.11.2012_04.55.00\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.08.2012_15.47.27\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.08.2012_15.47.27\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.08.2012_15.47.27\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.08.2012_15.47.27\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.08.2012_15.47.27\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.LA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.08.2012_15.47.27\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.08.2012_15.47.27\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.08.2012_15.47.27\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Rival\AppData\Local\AIM\Adobe\xotfibv.dll Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Rival\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdbdagdgggcdhdjgcddgcdedhdadi\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Rival\AppData\Local\Temp\NODE7E7.tmp Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting (after the next restart) - quarantined
Operating memory a variant of Win32/TrojanDownloader.Tracur.V trojan

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:19 AM

Posted 18 November 2012 - 08:45 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#8 Virgorival

Virgorival
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 19 November 2012 - 12:12 AM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rival :: PATCHOULI [administrator]

11/18/2012 4:21:43 PM
mbam-log-2012-11-18 (16-21-43).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 898985
Time elapsed: 1 hour(s), 46 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\TDSSKiller_Quarantine\18.11.2012_04.53.36\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\18.11.2012_04.55.00\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#9 Virgorival

Virgorival
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 19 November 2012 - 12:18 AM

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Rival (administrator) on 18-11-2012 at 23:16:02
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Linksys AE1000 = Wireless Network Connection 2 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Patchouli
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hot.rr.com

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . : hot.rr.com
Description . . . . . . . . . . . : Linksys AE1000 #2
Physical Address. . . . . . . . . : 68-7F-74-7C-2D-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7131:23f1:2663:62e%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.109(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, November 18, 2012 3:50:44 PM
Lease Expires . . . . . . . . . . : Monday, November 19, 2012 5:23:14 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 359169908
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-2F-FD-D6-F4-6D-04-9E-56-17
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F4-6D-04-9E-56-17
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hot.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hot.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3cfe:2329:3f57:fe92(Preferred)
Link-local IPv6 Address . . . . . : fe80::3cfe:2329:3f57:fe92%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{6E24409E-A34A-4D00-AC4C-39F45C50C0E2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2001:4860:4002:801::1007
74.125.227.69
74.125.227.70
74.125.227.71
74.125.227.72
74.125.227.73
74.125.227.78
74.125.227.64
74.125.227.65
74.125.227.66
74.125.227.67
74.125.227.68


Pinging google.com [74.125.227.70] with 32 bytes of data:
Reply from 74.125.227.70: bytes=32 time=54ms TTL=48
Reply from 74.125.227.70: bytes=32 time=55ms TTL=48

Ping statistics for 74.125.227.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 55ms, Average = 54ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=111ms TTL=49
Reply from 98.139.183.24: bytes=32 time=88ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 88ms, Maximum = 111ms, Average = 99ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...68 7f 74 7c 2d 32 ......Linksys AE1000 #2
10...f4 6d 04 9e 56 17 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.109 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.109 286
192.168.1.109 255.255.255.255 On-link 192.168.1.109 286
192.168.1.255 255.255.255.255 On-link 192.168.1.109 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.109 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.109 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:9d38:953c:3cfe:2329:3f57:fe92/128
On-link
16 286 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::3cfe:2329:3f57:fe92/128
On-link
16 286 fe80::7131:23f1:2663:62e/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
16 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/18/2012 06:31:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/18/2012 06:29:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/18/2012 04:09:28 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/18/2012 05:16:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/18/2012 05:16:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/18/2012 04:53:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/18/2012 04:41:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16450, time stamp: 0x50372c8a
Exception code: 0xc0000005
Fault offset: 0x001d9ad6
Faulting process id: 0x1fd0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (11/18/2012 04:31:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16450, time stamp: 0x50372c8a
Exception code: 0xc0000005
Fault offset: 0x001d9ad6
Faulting process id: 0x84c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (11/18/2012 04:26:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x73d9c9f1
Faulting process id: 0x1e1c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (11/18/2012 04:08:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16450, time stamp: 0x50372c8a
Exception code: 0xc0000005
Fault offset: 0x001d9ad6
Faulting process id: 0x27cc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (11/18/2012 04:57:01 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/18/2012 01:32:54 AM) (Source: BugCheck) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff80002ecf39b, 0xfffff880031849b8, 0xfffff88003184210)C:\Windows\MEMORY.DMP111812-23166-01

Error: (11/17/2012 04:01:21 PM) (Source: BugCheck) (User: )
Description: 0x0000001e (0xffffffffc0000005, 0xfffff80002ec166b, 0x0000000000000000, 0x000000007efa0000)C:\Windows\MEMORY.DMP111712-20982-01

Error: (11/17/2012 04:01:17 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:00:00 PM on ?11/?17/?2012 was unexpected.

Error: (11/17/2012 03:49:20 PM) (Source: BugCheck) (User: )
Description: 0x00000096 (0xfffffa8006c71010, 0xfffff800030202d8, 0xfffff80003020280, 0xfffffa8008425f04)C:\Windows\MEMORY.DMP111712-44382-01

Error: (11/17/2012 03:20:32 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/17/2012 03:20:18 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/17/2012 03:20:18 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/17/2012 03:20:18 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/17/2012 03:20:18 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (11/18/2012 06:31:00 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (11/18/2012 06:29:27 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (11/18/2012 04:09:28 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (11/18/2012 05:16:20 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Rival\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N161PLLC\esetsmartinstaller_enu.exe

Error: (11/18/2012 05:16:18 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Rival\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N161PLLC\esetsmartinstaller_enu.exe

Error: (11/18/2012 04:53:25 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Rival\Downloads\esetsmartinstaller_enu.exe

Error: (11/18/2012 04:41:21 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5MSHTML.dll9.0.8112.1645050372c8ac0000005001d9ad61fd001cdc577ea584983\\.\globalroot\systemroot\svchost.exeC:\Windows\system32\MSHTML.dll7d71acd6-316c-11e2-8562-f46d049e5617

Error: (11/18/2012 04:31:34 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5MSHTML.dll9.0.8112.1645050372c8ac0000005001d9ad684c01cdc577561eeca2\\.\globalroot\systemroot\svchost.exeC:\Windows\system32\MSHTML.dll1f52cfb3-316b-11e2-8562-f46d049e5617

Error: (11/18/2012 04:26:07 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000000573d9c9f11e1c01cdc574cb8c60f4\\.\globalroot\systemroot\svchost.exeunknown5cacea36-316a-11e2-8562-f46d049e5617

Error: (11/18/2012 04:08:45 AM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5MSHTML.dll9.0.8112.1645050372c8ac0000005001d9ad627cc01cdc56f73b6bed7\\.\globalroot\systemroot\svchost.exeC:\Windows\system32\MSHTML.dllef9eace2-3167-11e2-8562-f46d049e5617


CodeIntegrity Errors:
===================================
Date: 2012-11-17 00:05:18.904
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-17 00:05:18.802
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-17 00:05:18.700
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-17 00:05:18.596
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-04 19:18:53.156
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-04 19:18:53.063
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-04 19:18:52.985
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-04 19:18:52.891
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-08-13 14:57:39.201
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-08-13 14:57:39.138
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

3D Bridge DS4 (64bit) (Version: 1.0.11.47)
3DMark 11 (Version: 1.0.3)
64 Bit HP CIO Components Installer (Version: 1.2.0)
Adobe AIR (Version: 3.3.0.3670)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
AI Manager (Version: 1.08.10)
AIM 7
AMD Accelerated Video Transcoding (Version: 12.5.100.20928)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Install Manager (Version: 8.0.891.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2012.0928.1532.26058)
AMD Media Foundation Decoders (Version: 1.0.70928.1539)
AMD Steady Video Plug-In (Version: 2.04.0000)
AMD USB Filter Driver (Version: 1.0.15.94)
AMD VISION Engine Control Center (Version: 2012.0928.1532.26058)
ASUS Backup Wizard (Version: 1.00.10)
ASUSUpdate (Version: 7.18.03)
AsusVibe2.0 (Version: 2.0.2.562)
ATI AVIVO64 Codecs (Version: 11.6.0.10627)
Bamboo (Version: 5.2.5-5)
Bamboo Dock (Version: 4.0)
Bamboo Dock (Version: 4.0.0)
Best Buy pc app (Version: 3.2.2.1)
Best MP4 To MP3 Converter 1.00 (Version: 1.00)
BitTornado 0.3.18 (Version: 0.3.18)
BVHTG NippleCaps I 2.0 (Version: 2.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058)
Catalyst Control Center InstallProxy (Version: 2010.0210.2206.39615)
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (Version: 2012.0928.1532.26058)
ccc-utility64 (Version: 2012.0928.1532.26058)
CCC Help Chinese Standard (Version: 2012.0928.1531.26058)
CCC Help Chinese Traditional (Version: 2012.0928.1531.26058)
CCC Help Czech (Version: 2012.0928.1531.26058)
CCC Help Danish (Version: 2012.0928.1531.26058)
CCC Help Dutch (Version: 2012.0928.1531.26058)
CCC Help English (Version: 2012.0928.1531.26058)
CCC Help Finnish (Version: 2012.0928.1531.26058)
CCC Help French (Version: 2012.0928.1531.26058)
CCC Help German (Version: 2012.0928.1531.26058)
CCC Help Greek (Version: 2012.0928.1531.26058)
CCC Help Hungarian (Version: 2012.0928.1531.26058)
CCC Help Italian (Version: 2012.0928.1531.26058)
CCC Help Japanese (Version: 2012.0928.1531.26058)
CCC Help Korean (Version: 2012.0928.1531.26058)
CCC Help Norwegian (Version: 2012.0928.1531.26058)
CCC Help Polish (Version: 2012.0928.1531.26058)
CCC Help Portuguese (Version: 2012.0928.1531.26058)
CCC Help Russian (Version: 2012.0928.1531.26058)
CCC Help Spanish (Version: 2012.0928.1531.26058)
CCC Help Swedish (Version: 2012.0928.1531.26058)
CCC Help Thai (Version: 2012.0928.1531.26058)
CCC Help Turkish (Version: 2012.0928.1531.26058)
CCleaner (Version: 3.19)
Chipamp (Version: 1.0)
Complément Messenger (Version: 15.4.3502.0922)
Contrôle ActiveX Windows Live Mesh pour connexions ŕ distance (Version: 15.4.5722.2)
Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)
D3DX10 (Version: 15.4.2368.0902)
DAZ Content Management Service (Version: 4.8.1.7)
DAZ Studio 4.5 (64bit) (Version: 4.5.1.6)
DriveImage XML (Private Edition) (Version: 2.30)
EPU-4 Engine (Version: 1.01.02)
ESET Online Scanner v3
Futuremark SystemInfo (Version: 4.12.0)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 23.0.1271.64)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
GoZ DS4 (64bit) (Version: 1.0.3.47)
Heaven DX11 Benchmark version 3.0 (Version: 3.0)
Hexagon 2 (Version: 2.5.1.79)
HydraVision (Version: 4.2.208.0)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 29 (64-bit) (Version: 6.0.290)
Java™ 6 Update 29 (Version: 6.0.290)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
LuxRender 1.1 x64 OpenCL (Version: 1.1)
MagicTunePremium (Version: 4.0.14)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MultiScreen (Version: 1.00.0000)
NVIDIA PhysX (Version: 9.10.0513)
PDF Settings CS5 (Version: 10.0)
Platform (Version: 1.34)
Ralink RT2860 Wireless LAN Card (Version: 1.2.0.1)
Reality 2.5 (Version: 2.5)
Realtek Ethernet Controller Driver (Version: 7.31.1025.2010)
Samsung_MonSetup (Version: 1.00.0000)
Skype Click to Call (Version: 6.3.11079)
Skype™ 5.10 (Version: 5.10.116)
TechPowerUp GPU-Z
Tweaking.com - Windows Repair (All in One) (Version: 1.8.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VIA Platform Device Manager (Version: 1.34)
Victoria 4.2 Base (Version: ps_pe069_Victoria4)
VLC media player 2.0.3 (Version: 2.0.3)
Wajam (Version: 1.47)
WebTablet FB Plugin (Version: 2.0.0.1)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
Winamp (Version: 5.621 )
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (Version: 15.4.5722.2)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (32-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 8191.18 MB
Available physical RAM: 5496.38 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 13564.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3953.59 MB

========================= Partitions: =====================================

1 Drive c: (WIN7) (Fixed) (Total:921.72 GB) (Free:794.78 GB) NTFS
4 Drive f: (FuelUP&Win) (CDROM) (Total:0.12 GB) (Free:0 GB) CDFS
5 Drive g: () (Removable) (Total:0.84 GB) (Free:0.08 GB) FAT

========================= Users: ========================================

User accounts for \\PATCHOULI

Administrator Guest Rival

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

13-11-2012 09:00:13 Windows Update
15-11-2012 09:00:16 Windows Update
18-11-2012 07:41:58 Windows Update
18-11-2012 09:00:15 Windows Update

**** End of log ****

#10 Virgorival

Virgorival
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 19 November 2012 - 12:19 AM

Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-11-18 01:44] - [2012-10-03 11:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#11 Virgorival

Virgorival
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 19 November 2012 - 12:26 AM

# AdwCleaner v2.008 - Logfile created 11/18/2012 at 23:20:58
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Rival - PATCHOULI
# Boot Mode : Normal
# Running from : C:\Users\Rival\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JD3LZCSO\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Users\Rival\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\Rival\AppData\Local\Wajam
Folder Deleted : C:\Users\Rival\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Rival\AppData\Roaming\Mozilla\Firefox\Profiles\dc1pzkbt.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Rival\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3296 octets] - [15/08/2012 15:03:20]
AdwCleaner[S1].txt - [2931 octets] - [15/08/2012 15:03:43]
AdwCleaner[S3].txt - [2963 octets] - [18/11/2012 23:20:58]

########## EOF - C:\AdwCleaner[S3].txt - [3023 octets] ##########

#12 Virgorival

Virgorival
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 19 November 2012 - 12:35 AM

Junkware removal tool doesn't seem to be doing anything, it closes it self so fast I can't see what its saying and its not generating a log

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:19 AM

Posted 19 November 2012 - 08:24 AM

Junkware removal tool doesn't seem to be doing anything, it closes it self so fast I can't see what its saying and its not generating a log


Download the tool and scan again.The author has fixed it :)

Please run malwarebytes again and post the clean log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

Edited by narenxp, 19 November 2012 - 08:41 PM.


#14 Virgorival

Virgorival
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 19 November 2012 - 09:23 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rival :: PATCHOULI [administrator]

11/19/2012 4:20:50 PM
mbam-log-2012-11-19 (16-20-50).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 903179
Time elapsed: 1 hour(s), 57 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 Virgorival

Virgorival
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 19 November 2012 - 09:32 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.3.4 (11.19.2012)
OS: Windows 7 Home Premium x64
Ran by Rival on Mon 11/19/2012 at 20:26:23.99
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Rival\appdata\local\best buy pc app"



~~~ FireFox

Successfully deleted: [Tracur] C:\Users\Rival\AppData\Roaming\Mozilla\Firefox\Profiles\dc1pzkbt.default\extensions\gzwhxcgcrc@gzwhxcgcrc.org.xpi



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Rival\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/19/2012 at 20:31:53.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users